1 /* -*- c-basic-offset: 8 -*-
2 rdesktop: A Remote Desktop Protocol client.
3 RDP licensing negotiation
4 Copyright (C) Matthew Chapman <matthewc.unsw.edu.au> 1999-2008
5 Copyright (C) Thomas Uhle <thomas.uhle@mailbox.tu-dresden.de> 2011
6 Copyright (C) Henrik Andersson <henrik.andersson@cendio.com> 2014
9 This program is free software: you can redistribute it and/or modify
10 it under the terms of the GNU General Public License as published by
11 the Free Software Foundation, either version 3 of the License, or
12 (at your option) any later version.
14 This program is distributed in the hope that it will be useful,
15 but WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 GNU General Public License for more details.
19 You should have received a copy of the GNU General Public License
20 along with this program. If not, see <http://www.gnu.org/licenses/>.
26 rdssl_rc4_info_create(void);
28 rdssl_rc4_info_delete(void * rc4_info
);
30 rdssl_rc4_set_key(void * rc4_info
, char * key
, int len
);
32 rdssl_rc4_crypt(void * rc4_info
, char * in_data
, char * out_data
, int len
);
34 rdssl_mod_exp(char* out
, int out_len
, char* in
, int in_len
,
35 char* mod
, int mod_len
, char* exp
, int exp_len
);
37 extern char g_username
[256];
38 extern char g_hostname
[256];
39 extern RDP_VERSION g_rdp_version
;
41 static uint8 g_licence_key
[16];
42 static uint8 g_licence_sign_key
[16];
44 RD_BOOL g_licence_issued
= False
;
45 RD_BOOL g_licence_error_result
= False
;
47 /* Generate a session key and RC4 keys, given client and server randoms */
49 licence_generate_keys(uint8
* client_random
, uint8
* server_random
, uint8
* pre_master_secret
)
51 uint8 master_secret
[48];
54 /* Generate master secret and then key material */
55 sec_hash_48(master_secret
, pre_master_secret
, client_random
, server_random
, 'A');
56 sec_hash_48(key_block
, master_secret
, server_random
, client_random
, 'A');
58 /* Store first 16 bytes of session key as MAC secret */
59 memcpy(g_licence_sign_key
, key_block
, 16);
61 /* Generate RC4 key from next 16 bytes */
62 sec_hash_16(g_licence_key
, &key_block
[16], client_random
, server_random
);
66 licence_generate_hwid(uint8
* hwid
)
68 buf_out_uint32(hwid
, 2);
69 strncpy((char *) (hwid
+ 4), g_hostname
, LICENCE_HWID_SIZE
- 4);
72 /* Send a lincece info packet to server */
74 licence_info(uint8
* client_random
, uint8
* rsa_data
,
75 uint8
* licence_data
, int licence_size
, uint8
* hwid
, uint8
* signature
)
77 uint32 sec_flags
= SEC_LICENSE_PKT
;
79 24 + SEC_RANDOM_SIZE
+ SEC_MODULUS_SIZE
+ SEC_PADDING_SIZE
+
80 licence_size
+ LICENCE_HWID_SIZE
+ LICENCE_SIGNATURE_SIZE
;
83 s
= sec_init(sec_flags
, length
+ 2);
85 out_uint8(s
, LICENCE_TAG_LICENCE_INFO
);
86 out_uint8(s
, ((g_rdp_version
>= RDP_V5
) ? 3 : 2)); /* version */
87 out_uint16_le(s
, length
);
91 out_uint16_le(s
, 0x0201);
93 out_uint8p(s
, client_random
, SEC_RANDOM_SIZE
);
95 out_uint16_le(s
, (SEC_MODULUS_SIZE
+ SEC_PADDING_SIZE
));
96 out_uint8p(s
, rsa_data
, SEC_MODULUS_SIZE
);
97 out_uint8s(s
, SEC_PADDING_SIZE
);
100 out_uint16_le(s
, licence_size
);
101 out_uint8p(s
, licence_data
, licence_size
);
104 out_uint16_le(s
, LICENCE_HWID_SIZE
);
105 out_uint8p(s
, hwid
, LICENCE_HWID_SIZE
);
107 out_uint8p(s
, signature
, LICENCE_SIGNATURE_SIZE
);
110 sec_send(s
, sec_flags
);
113 /* Send a new licence request packet */
115 licence_send_new_licence_request(uint8
* client_random
, uint8
* rsa_data
, char *user
, char *host
)
117 uint32 sec_flags
= SEC_LICENSE_PKT
;
118 uint16 userlen
= strlen(user
) + 1;
119 uint16 hostlen
= strlen(host
) + 1;
121 24 + SEC_RANDOM_SIZE
+ SEC_MODULUS_SIZE
+ SEC_PADDING_SIZE
+ userlen
+ hostlen
;
124 s
= sec_init(sec_flags
, length
+ 2);
126 out_uint8(s
, LICENCE_TAG_NEW_LICENCE_REQUEST
);
127 out_uint8(s
, ((g_rdp_version
>= RDP_V5
) ? 3 : 2)); /* version */
128 out_uint16_le(s
, length
);
130 out_uint32_le(s
, 1); // KEY_EXCHANGE_ALG_RSA
132 out_uint16_le(s
, 0xff01);
134 out_uint8p(s
, client_random
, SEC_RANDOM_SIZE
);
136 out_uint16_le(s
, (SEC_MODULUS_SIZE
+ SEC_PADDING_SIZE
));
137 out_uint8p(s
, rsa_data
, SEC_MODULUS_SIZE
);
138 out_uint8s(s
, SEC_PADDING_SIZE
);
140 /* Username LICENSE_BINARY_BLOB */
141 out_uint16_le(s
, BB_CLIENT_USER_NAME_BLOB
);
142 out_uint16_le(s
, userlen
);
143 out_uint8p(s
, user
, userlen
);
145 /* Machinename LICENSE_BINARY_BLOB */
146 out_uint16_le(s
, BB_CLIENT_MACHINE_NAME_BLOB
);
147 out_uint16_le(s
, hostlen
);
148 out_uint8p(s
, host
, hostlen
);
151 sec_send(s
, sec_flags
);
154 /* Process a licence request packet */
156 licence_process_request(STREAM s
)
158 uint8 null_data
[SEC_MODULUS_SIZE
];
159 uint8
*server_random
;
160 uint8 signature
[LICENCE_SIGNATURE_SIZE
];
161 uint8 hwid
[LICENCE_HWID_SIZE
];
166 /* Retrieve the server random from the incoming packet */
167 in_uint8p(s
, server_random
, SEC_RANDOM_SIZE
);
169 /* We currently use null client keys. This is a bit naughty but, hey,
170 the security of licence negotiation isn't exactly paramount. */
171 memset(null_data
, 0, sizeof(null_data
));
172 licence_generate_keys(null_data
, server_random
, null_data
);
174 licence_size
= load_licence(&licence_data
);
175 if (licence_size
> 0)
177 /* Generate a signature for the HWID buffer */
178 licence_generate_hwid(hwid
);
179 sec_sign(signature
, 16, g_licence_sign_key
, 16, hwid
, sizeof(hwid
));
181 /* Now encrypt the HWID */
182 crypt_key
= rdssl_rc4_info_create();
183 rdssl_rc4_set_key(crypt_key
, (char *)g_licence_key
, 16);
184 rdssl_rc4_crypt(crypt_key
, (char *)hwid
, (char *)hwid
, sizeof(hwid
));
185 rdssl_rc4_info_delete(crypt_key
);
188 DEBUG(("Sending licensing PDU (message type 0x%02x)\n", LICENCE_TAG_LICENCE_INFO
));
190 licence_info(null_data
, null_data
, licence_data
, licence_size
, hwid
, signature
);
197 DEBUG(("Sending licensing PDU (message type 0x%02x)\n", LICENCE_TAG_NEW_LICENCE_REQUEST
));
199 licence_send_new_licence_request(null_data
, null_data
, g_username
, g_hostname
);
202 /* Send a platform challenge response packet */
204 licence_send_platform_challenge_response(uint8
* token
, uint8
* crypt_hwid
, uint8
* signature
)
206 uint32 sec_flags
= SEC_LICENSE_PKT
;
210 s
= sec_init(sec_flags
, length
+ 2);
212 out_uint8(s
, LICENCE_TAG_PLATFORM_CHALLANGE_RESPONSE
);
213 out_uint8(s
, ((g_rdp_version
>= RDP_V5
) ? 3 : 2)); /* version */
214 out_uint16_le(s
, length
);
217 out_uint16_le(s
, LICENCE_TOKEN_SIZE
);
218 out_uint8p(s
, token
, LICENCE_TOKEN_SIZE
);
221 out_uint16_le(s
, LICENCE_HWID_SIZE
);
222 out_uint8p(s
, crypt_hwid
, LICENCE_HWID_SIZE
);
224 out_uint8p(s
, signature
, LICENCE_SIGNATURE_SIZE
);
227 sec_send(s
, sec_flags
);
230 /* Parse a platform challenge request packet */
232 licence_parse_platform_challenge(STREAM s
, uint8
** token
, uint8
** signature
)
236 in_uint8s(s
, 6); /* unknown: f8 3d 15 00 04 f6 */
238 in_uint16_le(s
, tokenlen
);
239 if (tokenlen
!= LICENCE_TOKEN_SIZE
)
241 error("token len %d\n", tokenlen
);
245 in_uint8p(s
, *token
, tokenlen
);
246 in_uint8p(s
, *signature
, LICENCE_SIGNATURE_SIZE
);
248 return s_check_end(s
);
251 /* Process a platform challenge packet */
253 licence_process_platform_challenge(STREAM s
)
255 uint8
*in_token
= NULL
, *in_sig
;
256 uint8 out_token
[LICENCE_TOKEN_SIZE
], decrypt_token
[LICENCE_TOKEN_SIZE
];
257 uint8 hwid
[LICENCE_HWID_SIZE
], crypt_hwid
[LICENCE_HWID_SIZE
];
258 uint8 sealed_buffer
[LICENCE_TOKEN_SIZE
+ LICENCE_HWID_SIZE
];
259 uint8 out_sig
[LICENCE_SIGNATURE_SIZE
];
262 /* Parse incoming packet and save the encrypted token */
263 licence_parse_platform_challenge(s
, &in_token
, &in_sig
);
264 memcpy(out_token
, in_token
, LICENCE_TOKEN_SIZE
);
266 /* Decrypt the token. It should read TEST in Unicode. */
267 crypt_key
= rdssl_rc4_info_create();
268 rdssl_rc4_set_key(crypt_key
, (char *)g_licence_key
, 16);
269 rdssl_rc4_crypt(crypt_key
, (char *)in_token
, (char *)decrypt_token
, LICENCE_TOKEN_SIZE
);
270 rdssl_rc4_info_delete(crypt_key
);
272 /* Generate a signature for a buffer of token and HWID */
273 licence_generate_hwid(hwid
);
274 memcpy(sealed_buffer
, decrypt_token
, LICENCE_TOKEN_SIZE
);
275 memcpy(sealed_buffer
+ LICENCE_TOKEN_SIZE
, hwid
, LICENCE_HWID_SIZE
);
276 sec_sign(out_sig
, 16, g_licence_sign_key
, 16, sealed_buffer
, sizeof(sealed_buffer
));
278 /* Now encrypt the HWID */
279 crypt_key
= rdssl_rc4_info_create();
280 rdssl_rc4_set_key(crypt_key
, (char *)g_licence_key
, 16);
281 rdssl_rc4_crypt(crypt_key
, (char *)hwid
, (char *)crypt_hwid
, LICENCE_HWID_SIZE
);
283 licence_send_platform_challenge_response(out_token
, crypt_hwid
, out_sig
);
286 /* Process a new licence packet */
288 licence_process_new_license(STREAM s
)
294 in_uint8s(s
, 2); // Skip license binary blob type
295 in_uint16_le(s
, length
);
296 if (!s_check_rem(s
, length
))
299 crypt_key
= rdssl_rc4_info_create();
300 rdssl_rc4_set_key(crypt_key
, (char *)g_licence_key
, 16);
301 rdssl_rc4_crypt(crypt_key
, (char *)s
->p
, (char *)s
->p
, length
);
302 rdssl_rc4_info_delete(crypt_key
);
304 /* Parse NEW_LICENSE_INFO block */
305 in_uint8s(s
, 4); // skip dwVersion
307 /* Skip strings, Scope, CompanyName and ProductId to get
308 to the LicenseInfo which we store in license blob. */
310 for (i
= 0; i
< 4; i
++)
312 in_uint8s(s
, length
);
313 in_uint32_le(s
, length
);
314 if (!s_check_rem(s
, length
))
318 g_licence_issued
= True
;
319 save_licence(s
->p
, length
);
322 /* process a licence error alert packet */
324 licence_process_error_alert(STREAM s
)
327 uint32 state_transition
;
329 in_uint32(s
, error_code
);
330 in_uint32(s
, state_transition
);
331 in_uint32(s
, error_info
);
333 /* There is a special case in the error alert handling, when licensing is all good
334 and the server is not sending a license to client, a "Server License Error PDU -
335 Valid Client" packet is sent which means, every thing is ok.
337 Therefor we should flag that everything is ok with license here.
339 if (error_code
== 0x07)
341 g_licence_issued
= True
;
345 /* handle error codes, for now, just report them */
348 case 0x6: // ERR_NO_LICENSE_SERVER
349 warning("License error alert from server: No license server\n");
352 case 0x8: // ERR_INVALID_CLIENT
353 warning("License error alert from server: Invalid client\n");
356 case 0x4: // ERR_INVALID_SCOPE
357 case 0xb: // ERR_INVALID_PRODUCTID
358 case 0xc: // ERR_INVALID_MESSAGE_LENGTH
360 warning("License error alert from server: code %u, state transition %u\n",
361 error_code
, state_transition
);
365 /* handle error codes, for now, just report them */
372 g_licence_error_result
= True
;
376 /* Process a licence packet */
378 licence_process(STREAM s
)
383 in_uint8s(s
, 3); /* version, length */
386 DEBUG(("Received licensing PDU (message type 0x%02x)\n", tag
));
391 case LICENCE_TAG_REQUEST
:
392 licence_process_request(s
);
395 case LICENCE_TAG_PLATFORM_CHALLANGE
:
396 licence_process_platform_challenge(s
);
399 case LICENCE_TAG_NEW_LICENCE
:
400 case LICENCE_TAG_UPGRADE_LICENCE
:
401 /* we can handle new and upgrades of licences the same way. */
402 licence_process_new_license(s
);
405 case LICENCE_TAG_ERROR_ALERT
:
406 licence_process_error_alert(s
);
410 unimpl("licence tag 0x%02x\n", tag
);