/src/FreeRDP/libfreerdp/core/license.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | * FreeRDP: A Remote Desktop Protocol Implementation |
3 | | * RDP Licensing |
4 | | * |
5 | | * Copyright 2011-2013 Marc-Andre Moreau <marcandre.moreau@gmail.com> |
6 | | * Copyright 2014 Norbert Federa <norbert.federa@thincast.com> |
7 | | * Copyright 2018 David Fort <contact@hardening-consulting.com> |
8 | | * Copyright 2022,2023 Armin Novak <armin.novak@thincast.com> |
9 | | * Copyright 2022,2023 Thincast Technologies GmbH |
10 | | * |
11 | | * Licensed under the Apache License, Version 2.0 (the "License"); |
12 | | * you may not use this file except in compliance with the License. |
13 | | * You may obtain a copy of the License at |
14 | | * |
15 | | * http://www.apache.org/licenses/LICENSE-2.0 |
16 | | * |
17 | | * Unless required by applicable law or agreed to in writing, software |
18 | | * distributed under the License is distributed on an "AS IS" BASIS, |
19 | | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
20 | | * See the License for the specific language governing permissions and |
21 | | * limitations under the License. |
22 | | */ |
23 | | |
24 | | #include <freerdp/config.h> |
25 | | |
26 | | #include "settings.h" |
27 | | |
28 | | #include <freerdp/license.h> |
29 | | |
30 | | #include <winpr/crt.h> |
31 | | #include <winpr/assert.h> |
32 | | #include <winpr/crypto.h> |
33 | | #include <winpr/shell.h> |
34 | | #include <winpr/path.h> |
35 | | #include <winpr/file.h> |
36 | | |
37 | | #include <freerdp/log.h> |
38 | | |
39 | | #include <freerdp/crypto/certificate.h> |
40 | | |
41 | | #include "license.h" |
42 | | |
43 | | #include "../crypto/crypto.h" |
44 | | #include "../crypto/certificate.h" |
45 | | |
46 | 0 | #define LICENSE_TAG FREERDP_TAG("core.license") |
47 | | |
48 | | // #define LICENSE_NULL_CLIENT_RANDOM 1 |
49 | | // #define LICENSE_NULL_PREMASTER_SECRET 1 |
50 | | |
51 | | // #define WITH_LICENSE_DECRYPT_CHALLENGE_RESPONSE |
52 | | |
53 | | #define PLATFORM_CHALLENGE_RESPONSE_VERSION 0x0100 |
54 | | |
55 | | /** @brief Licensing Packet Types */ |
56 | | enum LicenseRequestType |
57 | | { |
58 | | LICENSE_REQUEST = 0x01, |
59 | | PLATFORM_CHALLENGE = 0x02, |
60 | | NEW_LICENSE = 0x03, |
61 | | UPGRADE_LICENSE = 0x04, |
62 | | LICENSE_INFO = 0x12, |
63 | | NEW_LICENSE_REQUEST = 0x13, |
64 | | PLATFORM_CHALLENGE_RESPONSE = 0x15, |
65 | | ERROR_ALERT = 0xFF |
66 | | }; |
67 | | |
68 | | /* |
69 | | #define LICENSE_PKT_CS_MASK \ |
70 | | (LICENSE_INFO | NEW_LICENSE_REQUEST | PLATFORM_CHALLENGE_RESPONSE | ERROR_ALERT) |
71 | | #define LICENSE_PKT_SC_MASK \ |
72 | | (LICENSE_REQUEST | PLATFORM_CHALLENGE | NEW_LICENSE | UPGRADE_LICENSE | ERROR_ALERT) |
73 | | #define LICENSE_PKT_MASK (LICENSE_PKT_CS_MASK | LICENSE_PKT_SC_MASK) |
74 | | */ |
75 | | #define LICENSE_PREAMBLE_LENGTH 4 |
76 | | |
77 | | /* Cryptographic Lengths */ |
78 | | |
79 | | #define SERVER_RANDOM_LENGTH 32 |
80 | | #define MASTER_SECRET_LENGTH 48 |
81 | | #define PREMASTER_SECRET_LENGTH 48 |
82 | | #define SESSION_KEY_BLOB_LENGTH 48 |
83 | | #define MAC_SALT_KEY_LENGTH 16 |
84 | | #define LICENSING_ENCRYPTION_KEY_LENGTH 16 |
85 | 0 | #define HWID_PLATFORM_ID_LENGTH 4 |
86 | | // #define HWID_UNIQUE_DATA_LENGTH 16 |
87 | | #define HWID_LENGTH 20 |
88 | | // #define LICENSING_PADDING_SIZE 8 |
89 | | |
90 | | /* Preamble Flags */ |
91 | | |
92 | | // #define PREAMBLE_VERSION_2_0 0x02 |
93 | 0 | #define PREAMBLE_VERSION_3_0 0x03 |
94 | | // #define LicenseProtocolVersionMask 0x0F |
95 | 0 | #define EXTENDED_ERROR_MSG_SUPPORTED 0x80 |
96 | | |
97 | | /** @brief binary Blob Types */ |
98 | | enum |
99 | | { |
100 | | BB_ANY_BLOB = 0x0000, |
101 | | BB_DATA_BLOB = 0x0001, |
102 | | BB_RANDOM_BLOB = 0x0002, |
103 | | BB_CERTIFICATE_BLOB = 0x0003, |
104 | | BB_ERROR_BLOB = 0x0004, |
105 | | BB_ENCRYPTED_DATA_BLOB = 0x0009, |
106 | | BB_KEY_EXCHG_ALG_BLOB = 0x000D, |
107 | | BB_SCOPE_BLOB = 0x000E, |
108 | | BB_CLIENT_USER_NAME_BLOB = 0x000F, |
109 | | BB_CLIENT_MACHINE_NAME_BLOB = 0x0010 |
110 | | }; |
111 | | |
112 | | /* License Key Exchange Algorithms */ |
113 | | |
114 | 0 | #define KEY_EXCHANGE_ALG_RSA 0x00000001 |
115 | | |
116 | | /** @brief license Error Codes |
117 | | */ |
118 | | enum |
119 | | { |
120 | | ERR_INVALID_SERVER_CERTIFICATE = 0x00000001, |
121 | | ERR_NO_LICENSE = 0x00000002, |
122 | | ERR_INVALID_MAC = 0x00000003, |
123 | | ERR_INVALID_SCOPE = 0x00000004, |
124 | | ERR_NO_LICENSE_SERVER = 0x00000006, |
125 | | STATUS_VALID_CLIENT = 0x00000007, |
126 | | ERR_INVALID_CLIENT = 0x00000008, |
127 | | ERR_INVALID_PRODUCT_ID = 0x0000000B, |
128 | | ERR_INVALID_MESSAGE_LENGTH = 0x0000000C |
129 | | }; |
130 | | |
131 | | /** @brief state Transition Codes |
132 | | */ |
133 | | enum |
134 | | { |
135 | | ST_TOTAL_ABORT = 0x00000001, |
136 | | ST_NO_TRANSITION = 0x00000002, |
137 | | ST_RESET_PHASE_TO_START = 0x00000003, |
138 | | ST_RESEND_LAST_MESSAGE = 0x00000004 |
139 | | }; |
140 | | |
141 | | /** @brief Platform Challenge Types |
142 | | */ |
143 | | enum |
144 | | { |
145 | | WIN32_PLATFORM_CHALLENGE_TYPE = 0x0100, |
146 | | WIN16_PLATFORM_CHALLENGE_TYPE = 0x0200, |
147 | | WINCE_PLATFORM_CHALLENGE_TYPE = 0x0300, |
148 | | OTHER_PLATFORM_CHALLENGE_TYPE = 0xFF00 |
149 | | }; |
150 | | |
151 | | /** @brief License Detail Levels |
152 | | */ |
153 | | enum |
154 | | { |
155 | | LICENSE_DETAIL_SIMPLE = 0x0001, |
156 | | LICENSE_DETAIL_MODERATE = 0x0002, |
157 | | LICENSE_DETAIL_DETAIL = 0x0003 |
158 | | }; |
159 | | |
160 | | /* |
161 | | * PlatformId: |
162 | | * |
163 | | * The most significant byte of the PlatformId field contains the operating system version of the |
164 | | * client. The second most significant byte of the PlatformId field identifies the ISV that provided |
165 | | * the client image. The remaining two bytes in the PlatformId field are used by the ISV to identify |
166 | | * the build number of the operating system. |
167 | | * |
168 | | * 0x04010000: |
169 | | * |
170 | | * CLIENT_OS_ID_WINNT_POST_52 (0x04000000) |
171 | | * CLIENT_IMAGE_ID_MICROSOFT (0x00010000) |
172 | | */ |
173 | | enum |
174 | | { |
175 | | CLIENT_OS_ID_WINNT_351 = 0x01000000, |
176 | | CLIENT_OS_ID_WINNT_40 = 0x02000000, |
177 | | CLIENT_OS_ID_WINNT_50 = 0x03000000, |
178 | | CLIENT_OS_ID_WINNT_POST_52 = 0x04000000, |
179 | | |
180 | | CLIENT_IMAGE_ID_MICROSOFT = 0x00010000, |
181 | | CLIENT_IMAGE_ID_CITRIX = 0x00020000, |
182 | | }; |
183 | | |
184 | | struct rdp_license |
185 | | { |
186 | | LICENSE_STATE state; |
187 | | LICENSE_TYPE type; |
188 | | rdpRdp* rdp; |
189 | | rdpCertificate* certificate; |
190 | | BYTE HardwareId[HWID_LENGTH]; |
191 | | BYTE ClientRandom[CLIENT_RANDOM_LENGTH]; |
192 | | BYTE ServerRandom[SERVER_RANDOM_LENGTH]; |
193 | | BYTE MasterSecret[MASTER_SECRET_LENGTH]; |
194 | | BYTE PremasterSecret[PREMASTER_SECRET_LENGTH]; |
195 | | BYTE SessionKeyBlob[SESSION_KEY_BLOB_LENGTH]; |
196 | | BYTE MacSaltKey[MAC_SALT_KEY_LENGTH]; |
197 | | BYTE LicensingEncryptionKey[LICENSING_ENCRYPTION_KEY_LENGTH]; |
198 | | LICENSE_PRODUCT_INFO* ProductInfo; |
199 | | LICENSE_BLOB* ErrorInfo; |
200 | | LICENSE_BLOB* LicenseInfo; /* Client -> Server */ |
201 | | LICENSE_BLOB* KeyExchangeList; |
202 | | LICENSE_BLOB* ServerCertificate; |
203 | | LICENSE_BLOB* ClientUserName; |
204 | | LICENSE_BLOB* ClientMachineName; |
205 | | LICENSE_BLOB* PlatformChallenge; |
206 | | LICENSE_BLOB* PlatformChallengeResponse; |
207 | | LICENSE_BLOB* EncryptedPremasterSecret; |
208 | | LICENSE_BLOB* EncryptedPlatformChallenge; |
209 | | LICENSE_BLOB* EncryptedPlatformChallengeResponse; |
210 | | LICENSE_BLOB* EncryptedHardwareId; |
211 | | LICENSE_BLOB* EncryptedLicenseInfo; |
212 | | BYTE MACData[LICENSING_ENCRYPTION_KEY_LENGTH]; |
213 | | SCOPE_LIST* ScopeList; |
214 | | UINT32 PacketHeaderLength; |
215 | | UINT32 PreferredKeyExchangeAlg; |
216 | | UINT32 PlatformId; |
217 | | UINT16 ClientType; |
218 | | UINT16 LicenseDetailLevel; |
219 | | BOOL update; |
220 | | wLog* log; |
221 | | }; |
222 | | |
223 | | static BOOL license_send_error_alert(rdpLicense* license, UINT32 dwErrorCode, |
224 | | UINT32 dwStateTransition, const LICENSE_BLOB* info); |
225 | | static BOOL license_set_state(rdpLicense* license, LICENSE_STATE state); |
226 | | static const char* license_get_state_string(LICENSE_STATE state); |
227 | | |
228 | | static const char* license_preferred_key_exchange_alg_string(UINT32 alg, char* buffer, size_t size) |
229 | 0 | { |
230 | 0 | const char* name = NULL; |
231 | |
|
232 | 0 | switch (alg) |
233 | 0 | { |
234 | 0 | case KEY_EXCHANGE_ALG_RSA: |
235 | 0 | name = "KEY_EXCHANGE_ALG_RSA"; |
236 | 0 | break; |
237 | 0 | default: |
238 | 0 | name = "KEY_EXCHANGE_ALG_UNKNOWN"; |
239 | 0 | break; |
240 | 0 | } |
241 | | |
242 | 0 | (void)_snprintf(buffer, size, "%s [0x%08" PRIx32 "]", name, alg); |
243 | 0 | return buffer; |
244 | 0 | } |
245 | | |
246 | | static const char* license_request_type_string(UINT32 type) |
247 | 0 | { |
248 | 0 | switch (type) |
249 | 0 | { |
250 | 0 | case LICENSE_REQUEST: |
251 | 0 | return "LICENSE_REQUEST"; |
252 | 0 | case PLATFORM_CHALLENGE: |
253 | 0 | return "PLATFORM_CHALLENGE"; |
254 | 0 | case NEW_LICENSE: |
255 | 0 | return "NEW_LICENSE"; |
256 | 0 | case UPGRADE_LICENSE: |
257 | 0 | return "UPGRADE_LICENSE"; |
258 | 0 | case LICENSE_INFO: |
259 | 0 | return "LICENSE_INFO"; |
260 | 0 | case NEW_LICENSE_REQUEST: |
261 | 0 | return "NEW_LICENSE_REQUEST"; |
262 | 0 | case PLATFORM_CHALLENGE_RESPONSE: |
263 | 0 | return "PLATFORM_CHALLENGE_RESPONSE"; |
264 | 0 | case ERROR_ALERT: |
265 | 0 | return "ERROR_ALERT"; |
266 | 0 | default: |
267 | 0 | return "LICENSE_REQUEST_TYPE_UNKNOWN"; |
268 | 0 | } |
269 | 0 | } |
270 | | |
271 | | static const char* licencse_blob_type_string(UINT16 type) |
272 | 0 | { |
273 | 0 | switch (type) |
274 | 0 | { |
275 | 0 | case BB_ANY_BLOB: |
276 | 0 | return "BB_ANY_BLOB"; |
277 | 0 | case BB_DATA_BLOB: |
278 | 0 | return "BB_DATA_BLOB"; |
279 | 0 | case BB_RANDOM_BLOB: |
280 | 0 | return "BB_RANDOM_BLOB"; |
281 | 0 | case BB_CERTIFICATE_BLOB: |
282 | 0 | return "BB_CERTIFICATE_BLOB"; |
283 | 0 | case BB_ERROR_BLOB: |
284 | 0 | return "BB_ERROR_BLOB"; |
285 | 0 | case BB_ENCRYPTED_DATA_BLOB: |
286 | 0 | return "BB_ENCRYPTED_DATA_BLOB"; |
287 | 0 | case BB_KEY_EXCHG_ALG_BLOB: |
288 | 0 | return "BB_KEY_EXCHG_ALG_BLOB"; |
289 | 0 | case BB_SCOPE_BLOB: |
290 | 0 | return "BB_SCOPE_BLOB"; |
291 | 0 | case BB_CLIENT_USER_NAME_BLOB: |
292 | 0 | return "BB_CLIENT_USER_NAME_BLOB"; |
293 | 0 | case BB_CLIENT_MACHINE_NAME_BLOB: |
294 | 0 | return "BB_CLIENT_MACHINE_NAME_BLOB"; |
295 | 0 | default: |
296 | 0 | return "BB_UNKNOWN"; |
297 | 0 | } |
298 | 0 | } |
299 | | static wStream* license_send_stream_init(rdpLicense* license, UINT16* sec_flags); |
300 | | |
301 | | static void license_generate_randoms(rdpLicense* license); |
302 | | static BOOL license_generate_keys(rdpLicense* license); |
303 | | static BOOL license_generate_hwid(rdpLicense* license); |
304 | | static BOOL license_encrypt_premaster_secret(rdpLicense* license); |
305 | | |
306 | | static LICENSE_PRODUCT_INFO* license_new_product_info(void); |
307 | | static void license_free_product_info(LICENSE_PRODUCT_INFO* productInfo); |
308 | | static BOOL license_read_product_info(wLog* log, wStream* s, LICENSE_PRODUCT_INFO* productInfo); |
309 | | |
310 | | static LICENSE_BLOB* license_new_binary_blob(UINT16 type); |
311 | | static void license_free_binary_blob(LICENSE_BLOB* blob); |
312 | | static BOOL license_read_binary_blob_data(wLog* log, LICENSE_BLOB* blob, UINT16 type, |
313 | | const void* data, size_t length); |
314 | | static BOOL license_read_binary_blob(wLog* log, wStream* s, LICENSE_BLOB* blob); |
315 | | static BOOL license_write_binary_blob(wStream* s, const LICENSE_BLOB* blob); |
316 | | |
317 | | static SCOPE_LIST* license_new_scope_list(void); |
318 | | static BOOL license_scope_list_resize(SCOPE_LIST* scopeList, UINT32 count); |
319 | | static void license_free_scope_list(SCOPE_LIST* scopeList); |
320 | | static BOOL license_read_scope_list(wLog* log, wStream* s, SCOPE_LIST* scopeList); |
321 | | static BOOL license_write_scope_list(wLog* log, wStream* s, const SCOPE_LIST* scopeList); |
322 | | |
323 | | static BOOL license_read_license_request_packet(rdpLicense* license, wStream* s); |
324 | | static BOOL license_write_license_request_packet(const rdpLicense* license, wStream* s); |
325 | | |
326 | | static BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s); |
327 | | static BOOL license_send_platform_challenge_packet(rdpLicense* license); |
328 | | static BOOL license_read_new_or_upgrade_license_packet(rdpLicense* license, wStream* s); |
329 | | static BOOL license_read_error_alert_packet(rdpLicense* license, wStream* s); |
330 | | |
331 | | static BOOL license_write_new_license_request_packet(const rdpLicense* license, wStream* s); |
332 | | static BOOL license_read_new_license_request_packet(rdpLicense* license, wStream* s); |
333 | | static BOOL license_answer_license_request(rdpLicense* license); |
334 | | |
335 | | static BOOL license_send_platform_challenge_response(rdpLicense* license); |
336 | | static BOOL license_read_platform_challenge_response(rdpLicense* license); |
337 | | |
338 | | static BOOL license_read_client_platform_challenge_response(rdpLicense* license, wStream* s); |
339 | | static BOOL license_write_client_platform_challenge_response(rdpLicense* license, wStream* s); |
340 | | |
341 | | static BOOL license_write_server_upgrade_license(const rdpLicense* license, wStream* s); |
342 | | |
343 | | static BOOL license_send_license_info(rdpLicense* license, const LICENSE_BLOB* calBlob, |
344 | | const BYTE* signature, size_t signature_length); |
345 | | static BOOL license_read_license_info(rdpLicense* license, wStream* s); |
346 | | static state_run_t license_client_recv(rdpLicense* license, wStream* s); |
347 | | static state_run_t license_server_recv(rdpLicense* license, wStream* s); |
348 | | |
349 | 0 | #define PLATFORMID (CLIENT_OS_ID_WINNT_POST_52 | CLIENT_IMAGE_ID_MICROSOFT) |
350 | | |
351 | | #ifdef WITH_DEBUG_LICENSE |
352 | | |
353 | | static const char* error_codes[] = { "ERR_UNKNOWN", |
354 | | "ERR_INVALID_SERVER_CERTIFICATE", |
355 | | "ERR_NO_LICENSE", |
356 | | "ERR_INVALID_MAC", |
357 | | "ERR_INVALID_SCOPE", |
358 | | "ERR_UNKNOWN", |
359 | | "ERR_NO_LICENSE_SERVER", |
360 | | "STATUS_VALID_CLIENT", |
361 | | "ERR_INVALID_CLIENT", |
362 | | "ERR_UNKNOWN", |
363 | | "ERR_UNKNOWN", |
364 | | "ERR_INVALID_PRODUCT_ID", |
365 | | "ERR_INVALID_MESSAGE_LENGTH" }; |
366 | | |
367 | | static const char* state_transitions[] = { "ST_UNKNOWN", "ST_TOTAL_ABORT", "ST_NO_TRANSITION", |
368 | | "ST_RESET_PHASE_TO_START", "ST_RESEND_LAST_MESSAGE" }; |
369 | | |
370 | | static void license_print_product_info(wLog* log, const LICENSE_PRODUCT_INFO* productInfo) |
371 | | { |
372 | | char* CompanyName = NULL; |
373 | | char* ProductId = NULL; |
374 | | |
375 | | WINPR_ASSERT(productInfo); |
376 | | WINPR_ASSERT(productInfo->pbCompanyName); |
377 | | WINPR_ASSERT(productInfo->pbProductId); |
378 | | |
379 | | CompanyName = ConvertWCharNToUtf8Alloc((const WCHAR*)productInfo->pbCompanyName, |
380 | | productInfo->cbCompanyName / sizeof(WCHAR), NULL); |
381 | | ProductId = ConvertWCharNToUtf8Alloc((const WCHAR*)productInfo->pbProductId, |
382 | | productInfo->cbProductId / sizeof(WCHAR), NULL); |
383 | | WLog_Print(log, WLOG_INFO, "ProductInfo:"); |
384 | | WLog_Print(log, WLOG_INFO, "\tdwVersion: 0x%08" PRIX32 "", productInfo->dwVersion); |
385 | | WLog_Print(log, WLOG_INFO, "\tCompanyName: %s", CompanyName); |
386 | | WLog_Print(log, WLOG_INFO, "\tProductId: %s", ProductId); |
387 | | free(CompanyName); |
388 | | free(ProductId); |
389 | | } |
390 | | |
391 | | static void license_print_scope_list(wLog* log, const SCOPE_LIST* scopeList) |
392 | | { |
393 | | WINPR_ASSERT(scopeList); |
394 | | |
395 | | WLog_Print(log, WLOG_INFO, "ScopeList (%" PRIu32 "):", scopeList->count); |
396 | | |
397 | | for (UINT32 index = 0; index < scopeList->count; index++) |
398 | | { |
399 | | const LICENSE_BLOB* scope = NULL; |
400 | | |
401 | | WINPR_ASSERT(scopeList->array); |
402 | | scope = scopeList->array[index]; |
403 | | WINPR_ASSERT(scope); |
404 | | |
405 | | WLog_Print(log, WLOG_INFO, "\t%s", (const char*)scope->data); |
406 | | } |
407 | | } |
408 | | #endif |
409 | | |
410 | | static const char licenseStore[] = "licenses"; |
411 | | |
412 | | static BOOL license_ensure_state(rdpLicense* license, LICENSE_STATE state, UINT32 msg) |
413 | 0 | { |
414 | 0 | const LICENSE_STATE cstate = license_get_state(license); |
415 | |
|
416 | 0 | WINPR_ASSERT(license); |
417 | | |
418 | 0 | if (cstate != state) |
419 | 0 | { |
420 | 0 | const char* scstate = license_get_state_string(cstate); |
421 | 0 | const char* sstate = license_get_state_string(state); |
422 | 0 | const char* where = license_request_type_string(msg); |
423 | |
|
424 | 0 | WLog_Print(license->log, WLOG_WARN, |
425 | 0 | "Received [%s], but found invalid licensing state %s, expected %s", where, |
426 | 0 | scstate, sstate); |
427 | 0 | return FALSE; |
428 | 0 | } |
429 | 0 | return TRUE; |
430 | 0 | } |
431 | | |
432 | | state_run_t license_recv(rdpLicense* license, wStream* s) |
433 | 0 | { |
434 | 0 | WINPR_ASSERT(license); |
435 | 0 | WINPR_ASSERT(license->rdp); |
436 | 0 | WINPR_ASSERT(license->rdp->settings); |
437 | | |
438 | 0 | if (freerdp_settings_get_bool(license->rdp->settings, FreeRDP_ServerMode)) |
439 | 0 | return license_server_recv(license, s); |
440 | 0 | else |
441 | 0 | return license_client_recv(license, s); |
442 | 0 | } |
443 | | |
444 | | static BOOL license_check_stream_length(wLog* log, wStream* s, SSIZE_T expect, const char* where) |
445 | 0 | { |
446 | 0 | const size_t remain = Stream_GetRemainingLength(s); |
447 | |
|
448 | 0 | WINPR_ASSERT(where); |
449 | | |
450 | 0 | if (expect < 0) |
451 | 0 | { |
452 | 0 | WLog_Print(log, WLOG_WARN, "invalid %s, expected value %" PRIdz " invalid", where, expect); |
453 | 0 | return FALSE; |
454 | 0 | } |
455 | 0 | if (remain < (size_t)expect) |
456 | 0 | { |
457 | 0 | WLog_Print(log, WLOG_WARN, "short %s, expected %" PRIdz " bytes, got %" PRIuz, where, |
458 | 0 | expect, remain); |
459 | 0 | return FALSE; |
460 | 0 | } |
461 | 0 | return TRUE; |
462 | 0 | } |
463 | | |
464 | | static BOOL license_check_stream_capacity(wLog* log, wStream* s, size_t expect, const char* where) |
465 | 0 | { |
466 | 0 | WINPR_ASSERT(where); |
467 | | |
468 | 0 | if (!Stream_CheckAndLogRequiredCapacityWLogEx(log, WLOG_WARN, s, expect, 1, |
469 | 0 | "%s(%s:%" PRIuz ") %s", __func__, __FILE__, |
470 | 0 | (size_t)__LINE__, where)) |
471 | 0 | return FALSE; |
472 | | |
473 | 0 | return TRUE; |
474 | 0 | } |
475 | | |
476 | | static BOOL computeCalHash(wLog* log, const char* hostname, char* hashStr, size_t len) |
477 | 0 | { |
478 | 0 | WINPR_DIGEST_CTX* sha1 = NULL; |
479 | 0 | BOOL ret = FALSE; |
480 | 0 | BYTE hash[20] = { 0 }; |
481 | |
|
482 | 0 | WINPR_ASSERT(hostname); |
483 | 0 | WINPR_ASSERT(hashStr); |
484 | | |
485 | 0 | if (len < 2 * sizeof(hash) + 1) |
486 | 0 | return FALSE; |
487 | | |
488 | 0 | if (!(sha1 = winpr_Digest_New())) |
489 | 0 | goto out; |
490 | 0 | if (!winpr_Digest_Init(sha1, WINPR_MD_SHA1)) |
491 | 0 | goto out; |
492 | 0 | if (!winpr_Digest_Update(sha1, (const BYTE*)hostname, strlen(hostname))) |
493 | 0 | goto out; |
494 | 0 | if (!winpr_Digest_Final(sha1, hash, sizeof(hash))) |
495 | 0 | goto out; |
496 | | |
497 | 0 | for (size_t i = 0; i < sizeof(hash); i++, hashStr += 2) |
498 | 0 | (void)sprintf_s(hashStr, 3, "%.2x", hash[i]); |
499 | |
|
500 | 0 | ret = TRUE; |
501 | 0 | out: |
502 | 0 | if (!ret) |
503 | 0 | WLog_Print(log, WLOG_ERROR, "failed to generate SHA1 of hostname '%s'", hostname); |
504 | 0 | winpr_Digest_Free(sha1); |
505 | 0 | return ret; |
506 | 0 | } |
507 | | |
508 | | static BOOL saveCal(wLog* log, const rdpSettings* settings, const BYTE* data, size_t length, |
509 | | const char* hostname) |
510 | 0 | { |
511 | 0 | char hash[41] = { 0 }; |
512 | 0 | FILE* fp = NULL; |
513 | 0 | char* licenseStorePath = NULL; |
514 | 0 | char filename[MAX_PATH] = { 0 }; |
515 | 0 | char filenameNew[MAX_PATH] = { 0 }; |
516 | 0 | char* filepath = NULL; |
517 | 0 | char* filepathNew = NULL; |
518 | |
|
519 | 0 | size_t written = 0; |
520 | 0 | BOOL ret = FALSE; |
521 | 0 | const char* path = freerdp_settings_get_string(settings, FreeRDP_ConfigPath); |
522 | |
|
523 | 0 | WINPR_ASSERT(path); |
524 | 0 | WINPR_ASSERT(data || (length == 0)); |
525 | 0 | WINPR_ASSERT(hostname); |
526 | | |
527 | 0 | if (!winpr_PathFileExists(path)) |
528 | 0 | { |
529 | 0 | if (!winpr_PathMakePath(path, 0)) |
530 | 0 | { |
531 | 0 | WLog_Print(log, WLOG_ERROR, "error creating directory '%s'", path); |
532 | 0 | goto out; |
533 | 0 | } |
534 | 0 | WLog_Print(log, WLOG_INFO, "creating directory %s", path); |
535 | 0 | } |
536 | | |
537 | 0 | if (!(licenseStorePath = GetCombinedPath(path, licenseStore))) |
538 | 0 | { |
539 | 0 | WLog_Print(log, WLOG_ERROR, "Failed to get license store path from '%s' + '%s'", path, |
540 | 0 | licenseStore); |
541 | 0 | goto out; |
542 | 0 | } |
543 | | |
544 | 0 | if (!winpr_PathFileExists(licenseStorePath)) |
545 | 0 | { |
546 | 0 | if (!winpr_PathMakePath(licenseStorePath, 0)) |
547 | 0 | { |
548 | 0 | WLog_Print(log, WLOG_ERROR, "error creating directory '%s'", licenseStorePath); |
549 | 0 | goto out; |
550 | 0 | } |
551 | 0 | WLog_Print(log, WLOG_INFO, "creating directory %s", licenseStorePath); |
552 | 0 | } |
553 | | |
554 | 0 | if (!computeCalHash(log, hostname, hash, sizeof(hash))) |
555 | 0 | goto out; |
556 | 0 | (void)sprintf_s(filename, sizeof(filename) - 1, "%s.cal", hash); |
557 | 0 | (void)sprintf_s(filenameNew, sizeof(filenameNew) - 1, "%s.cal.new", hash); |
558 | |
|
559 | 0 | if (!(filepath = GetCombinedPath(licenseStorePath, filename))) |
560 | 0 | { |
561 | 0 | WLog_Print(log, WLOG_ERROR, "Failed to get license file path from '%s' + '%s'", path, |
562 | 0 | filename); |
563 | 0 | goto out; |
564 | 0 | } |
565 | | |
566 | 0 | if (!(filepathNew = GetCombinedPath(licenseStorePath, filenameNew))) |
567 | 0 | { |
568 | 0 | WLog_Print(log, WLOG_ERROR, "Failed to get license new file path from '%s' + '%s'", path, |
569 | 0 | filenameNew); |
570 | 0 | goto out; |
571 | 0 | } |
572 | | |
573 | 0 | fp = winpr_fopen(filepathNew, "wb"); |
574 | 0 | if (!fp) |
575 | 0 | { |
576 | 0 | WLog_Print(log, WLOG_ERROR, "Failed to open license file '%s'", filepathNew); |
577 | 0 | goto out; |
578 | 0 | } |
579 | | |
580 | 0 | written = fwrite(data, length, 1, fp); |
581 | 0 | (void)fclose(fp); |
582 | |
|
583 | 0 | if (written != 1) |
584 | 0 | { |
585 | 0 | WLog_Print(log, WLOG_ERROR, "Failed to write to license file '%s'", filepathNew); |
586 | 0 | winpr_DeleteFile(filepathNew); |
587 | 0 | goto out; |
588 | 0 | } |
589 | | |
590 | 0 | ret = winpr_MoveFileEx(filepathNew, filepath, MOVEFILE_REPLACE_EXISTING); |
591 | 0 | if (!ret) |
592 | 0 | WLog_Print(log, WLOG_ERROR, "Failed to move license file '%s' to '%s'", filepathNew, |
593 | 0 | filepath); |
594 | |
|
595 | 0 | out: |
596 | 0 | free(filepathNew); |
597 | 0 | free(filepath); |
598 | 0 | free(licenseStorePath); |
599 | 0 | return ret; |
600 | 0 | } |
601 | | |
602 | | static BYTE* loadCalFile(wLog* log, const rdpSettings* settings, const char* hostname, |
603 | | size_t* dataLen) |
604 | 0 | { |
605 | 0 | char* licenseStorePath = NULL; |
606 | 0 | char* calPath = NULL; |
607 | 0 | char calFilename[MAX_PATH] = { 0 }; |
608 | 0 | char hash[41] = { 0 }; |
609 | 0 | INT64 length = 0; |
610 | 0 | size_t status = 0; |
611 | 0 | FILE* fp = NULL; |
612 | 0 | BYTE* ret = NULL; |
613 | |
|
614 | 0 | WINPR_ASSERT(settings); |
615 | 0 | WINPR_ASSERT(hostname); |
616 | 0 | WINPR_ASSERT(dataLen); |
617 | | |
618 | 0 | if (!computeCalHash(log, hostname, hash, sizeof(hash))) |
619 | 0 | { |
620 | 0 | WLog_Print(log, WLOG_ERROR, "loadCalFile: unable to compute hostname hash"); |
621 | 0 | return NULL; |
622 | 0 | } |
623 | | |
624 | 0 | (void)sprintf_s(calFilename, sizeof(calFilename) - 1, "%s.cal", hash); |
625 | |
|
626 | 0 | if (!(licenseStorePath = GetCombinedPath( |
627 | 0 | freerdp_settings_get_string(settings, FreeRDP_ConfigPath), licenseStore))) |
628 | 0 | return NULL; |
629 | | |
630 | 0 | if (!(calPath = GetCombinedPath(licenseStorePath, calFilename))) |
631 | 0 | goto error_path; |
632 | | |
633 | 0 | fp = winpr_fopen(calPath, "rb"); |
634 | 0 | if (!fp) |
635 | 0 | goto error_open; |
636 | | |
637 | 0 | if (_fseeki64(fp, 0, SEEK_END) != 0) |
638 | 0 | goto error_malloc; |
639 | 0 | length = _ftelli64(fp); |
640 | 0 | if (_fseeki64(fp, 0, SEEK_SET) != 0) |
641 | 0 | goto error_malloc; |
642 | 0 | if (length < 0) |
643 | 0 | goto error_malloc; |
644 | | |
645 | 0 | ret = (BYTE*)malloc((size_t)length); |
646 | 0 | if (!ret) |
647 | 0 | goto error_malloc; |
648 | | |
649 | 0 | status = fread(ret, (size_t)length, 1, fp); |
650 | 0 | if (status == 0) |
651 | 0 | goto error_read; |
652 | | |
653 | 0 | *dataLen = (size_t)length; |
654 | |
|
655 | 0 | (void)fclose(fp); |
656 | 0 | free(calPath); |
657 | 0 | free(licenseStorePath); |
658 | 0 | return ret; |
659 | | |
660 | 0 | error_read: |
661 | 0 | free(ret); |
662 | 0 | error_malloc: |
663 | 0 | fclose(fp); |
664 | 0 | error_open: |
665 | 0 | free(calPath); |
666 | 0 | error_path: |
667 | 0 | free(licenseStorePath); |
668 | 0 | return NULL; |
669 | 0 | } |
670 | | |
671 | | /** |
672 | | * Read a licensing preamble. |
673 | | * msdn{cc240480} |
674 | | * @param s stream |
675 | | * @param bMsgType license message type |
676 | | * @param flags message flags |
677 | | * @param wMsgSize message size |
678 | | * @return if the operation completed successfully |
679 | | */ |
680 | | |
681 | | static BOOL license_read_preamble(wLog* log, wStream* s, BYTE* bMsgType, BYTE* flags, |
682 | | UINT16* wMsgSize) |
683 | 0 | { |
684 | 0 | WINPR_ASSERT(bMsgType); |
685 | 0 | WINPR_ASSERT(flags); |
686 | 0 | WINPR_ASSERT(wMsgSize); |
687 | | |
688 | | /* preamble (4 bytes) */ |
689 | 0 | if (!license_check_stream_length(log, s, 4, "license preamble")) |
690 | 0 | return FALSE; |
691 | | |
692 | 0 | Stream_Read_UINT8(s, *bMsgType); /* bMsgType (1 byte) */ |
693 | 0 | Stream_Read_UINT8(s, *flags); /* flags (1 byte) */ |
694 | 0 | Stream_Read_UINT16(s, *wMsgSize); /* wMsgSize (2 bytes) */ |
695 | 0 | return license_check_stream_length(log, s, *wMsgSize - 4ll, "license preamble::wMsgSize"); |
696 | 0 | } |
697 | | |
698 | | /** |
699 | | * Write a licensing preamble. |
700 | | * msdn{cc240480} |
701 | | * @param s stream |
702 | | * @param bMsgType license message type |
703 | | * @param flags message flags |
704 | | * @param wMsgSize message size |
705 | | * @return if the operation completed successfully |
706 | | */ |
707 | | |
708 | | static BOOL license_write_preamble(wStream* s, BYTE bMsgType, BYTE flags, UINT16 wMsgSize) |
709 | 0 | { |
710 | 0 | if (!Stream_EnsureRemainingCapacity(s, 4)) |
711 | 0 | return FALSE; |
712 | | |
713 | | /* preamble (4 bytes) */ |
714 | 0 | Stream_Write_UINT8(s, bMsgType); /* bMsgType (1 byte) */ |
715 | 0 | Stream_Write_UINT8(s, flags); /* flags (1 byte) */ |
716 | 0 | Stream_Write_UINT16(s, wMsgSize); /* wMsgSize (2 bytes) */ |
717 | 0 | return TRUE; |
718 | 0 | } |
719 | | |
720 | | /** |
721 | | * @brief Initialize a license packet stream. |
722 | | * |
723 | | * @param license license module |
724 | | * |
725 | | * @return stream or NULL |
726 | | */ |
727 | | |
728 | | wStream* license_send_stream_init(rdpLicense* license, UINT16* sec_flags) |
729 | 0 | { |
730 | 0 | WINPR_ASSERT(license); |
731 | 0 | WINPR_ASSERT(license->rdp); |
732 | 0 | WINPR_ASSERT(sec_flags); |
733 | | |
734 | 0 | const BOOL do_crypt = license->rdp->do_crypt; |
735 | |
|
736 | 0 | *sec_flags = SEC_LICENSE_PKT; |
737 | | |
738 | | /* |
739 | | * Encryption of licensing packets is optional even if the rdp security |
740 | | * layer is used. If the peer has not indicated that it is capable of |
741 | | * processing encrypted licensing packets (rdp->do_crypt_license) we turn |
742 | | * off encryption (via rdp->do_crypt) before initializing the rdp stream |
743 | | * and re-enable it afterwards. |
744 | | */ |
745 | |
|
746 | 0 | if (do_crypt) |
747 | 0 | { |
748 | 0 | *sec_flags |= SEC_LICENSE_ENCRYPT_CS; |
749 | 0 | license->rdp->do_crypt = license->rdp->do_crypt_license; |
750 | 0 | } |
751 | |
|
752 | 0 | wStream* s = rdp_send_stream_init(license->rdp, sec_flags); |
753 | 0 | if (!s) |
754 | 0 | return NULL; |
755 | | |
756 | 0 | license->rdp->do_crypt = do_crypt; |
757 | 0 | license->PacketHeaderLength = (UINT16)Stream_GetPosition(s); |
758 | 0 | if (!Stream_SafeSeek(s, LICENSE_PREAMBLE_LENGTH)) |
759 | 0 | goto fail; |
760 | 0 | return s; |
761 | | |
762 | 0 | fail: |
763 | 0 | Stream_Release(s); |
764 | 0 | return NULL; |
765 | 0 | } |
766 | | |
767 | | /** |
768 | | * Send an RDP licensing packet. |
769 | | * msdn{cc240479} |
770 | | * @param license license module |
771 | | * @param s stream |
772 | | */ |
773 | | |
774 | | static BOOL license_send(rdpLicense* license, wStream* s, BYTE type, UINT16 sec_flags) |
775 | 0 | { |
776 | 0 | WINPR_ASSERT(license); |
777 | 0 | WINPR_ASSERT(license->rdp); |
778 | | |
779 | 0 | rdpRdp* rdp = license->rdp; |
780 | 0 | WINPR_ASSERT(rdp->settings); |
781 | | |
782 | 0 | DEBUG_LICENSE("Sending %s Packet", license_request_type_string(type)); |
783 | 0 | const size_t length = Stream_GetPosition(s); |
784 | 0 | WINPR_ASSERT(length >= license->PacketHeaderLength); |
785 | 0 | WINPR_ASSERT(length <= UINT16_MAX + license->PacketHeaderLength); |
786 | | |
787 | 0 | const UINT16 wMsgSize = (UINT16)(length - license->PacketHeaderLength); |
788 | 0 | Stream_SetPosition(s, license->PacketHeaderLength); |
789 | 0 | BYTE flags = PREAMBLE_VERSION_3_0; |
790 | | |
791 | | /** |
792 | | * Using EXTENDED_ERROR_MSG_SUPPORTED here would cause mstsc to crash when |
793 | | * running in server mode! This flag seems to be incorrectly documented. |
794 | | */ |
795 | |
|
796 | 0 | if (!rdp->settings->ServerMode) |
797 | 0 | flags |= EXTENDED_ERROR_MSG_SUPPORTED; |
798 | |
|
799 | 0 | if (!license_write_preamble(s, type, flags, wMsgSize)) |
800 | 0 | { |
801 | 0 | Stream_Release(s); |
802 | 0 | return FALSE; |
803 | 0 | } |
804 | | |
805 | | #ifdef WITH_DEBUG_LICENSE |
806 | | WLog_Print(license->log, WLOG_DEBUG, "Sending %s Packet, length %" PRIu16 "", |
807 | | license_request_type_string(type), wMsgSize); |
808 | | winpr_HexLogDump(license->log, WLOG_DEBUG, Stream_PointerAs(s, char) - LICENSE_PREAMBLE_LENGTH, |
809 | | wMsgSize); |
810 | | #endif |
811 | 0 | Stream_SetPosition(s, length); |
812 | 0 | const BOOL ret = rdp_send(rdp, s, MCS_GLOBAL_CHANNEL_ID, sec_flags); |
813 | 0 | return ret; |
814 | 0 | } |
815 | | |
816 | | BOOL license_write_server_upgrade_license(const rdpLicense* license, wStream* s) |
817 | 0 | { |
818 | 0 | WINPR_ASSERT(license); |
819 | | |
820 | 0 | if (!license_write_binary_blob(s, license->EncryptedLicenseInfo)) |
821 | 0 | return FALSE; |
822 | 0 | if (!license_check_stream_capacity(license->log, s, sizeof(license->MACData), |
823 | 0 | "SERVER_UPGRADE_LICENSE::MACData")) |
824 | 0 | return FALSE; |
825 | 0 | Stream_Write(s, license->MACData, sizeof(license->MACData)); |
826 | 0 | return TRUE; |
827 | 0 | } |
828 | | |
829 | | static BOOL license_server_send_new_or_upgrade_license(rdpLicense* license, BOOL upgrade) |
830 | 0 | { |
831 | 0 | UINT16 sec_flags = 0; |
832 | 0 | wStream* s = license_send_stream_init(license, &sec_flags); |
833 | 0 | const BYTE type = upgrade ? UPGRADE_LICENSE : NEW_LICENSE; |
834 | |
|
835 | 0 | if (!s) |
836 | 0 | return FALSE; |
837 | | |
838 | 0 | if (!license_write_server_upgrade_license(license, s)) |
839 | 0 | goto fail; |
840 | | |
841 | 0 | return license_send(license, s, type, sec_flags); |
842 | | |
843 | 0 | fail: |
844 | 0 | Stream_Release(s); |
845 | 0 | return FALSE; |
846 | 0 | } |
847 | | |
848 | | /** |
849 | | * Receive an RDP licensing packet. |
850 | | * msdn{cc240479} |
851 | | * @param license license module |
852 | | * @param s stream |
853 | | * @return if the operation completed successfully |
854 | | */ |
855 | | |
856 | | static state_run_t license_client_recv_int(rdpLicense* license, wStream* s) |
857 | 0 | { |
858 | 0 | BYTE flags = 0; |
859 | 0 | BYTE bMsgType = 0; |
860 | 0 | UINT16 wMsgSize = 0; |
861 | 0 | const size_t length = Stream_GetRemainingLength(s); |
862 | |
|
863 | 0 | WINPR_ASSERT(license); |
864 | | |
865 | 0 | if (!license_read_preamble(license->log, s, &bMsgType, &flags, |
866 | 0 | &wMsgSize)) /* preamble (4 bytes) */ |
867 | 0 | return STATE_RUN_FAILED; |
868 | | |
869 | 0 | DEBUG_LICENSE("Receiving %s Packet", license_request_type_string(bMsgType)); |
870 | |
|
871 | 0 | switch (bMsgType) |
872 | 0 | { |
873 | 0 | case LICENSE_REQUEST: |
874 | | /* Client does not require configuration, so skip this state */ |
875 | 0 | if (license_get_state(license) == LICENSE_STATE_INITIAL) |
876 | 0 | license_set_state(license, LICENSE_STATE_CONFIGURED); |
877 | |
|
878 | 0 | if (!license_ensure_state(license, LICENSE_STATE_CONFIGURED, bMsgType)) |
879 | 0 | return STATE_RUN_FAILED; |
880 | | |
881 | 0 | if (!license_read_license_request_packet(license, s)) |
882 | 0 | return STATE_RUN_FAILED; |
883 | | |
884 | 0 | if (!license_answer_license_request(license)) |
885 | 0 | return STATE_RUN_FAILED; |
886 | | |
887 | 0 | license_set_state(license, LICENSE_STATE_NEW_REQUEST); |
888 | 0 | break; |
889 | | |
890 | 0 | case PLATFORM_CHALLENGE: |
891 | 0 | if (!license_ensure_state(license, LICENSE_STATE_NEW_REQUEST, bMsgType)) |
892 | 0 | return STATE_RUN_FAILED; |
893 | | |
894 | 0 | if (!license_read_platform_challenge_packet(license, s)) |
895 | 0 | return STATE_RUN_FAILED; |
896 | | |
897 | 0 | if (!license_send_platform_challenge_response(license)) |
898 | 0 | return STATE_RUN_FAILED; |
899 | 0 | license_set_state(license, LICENSE_STATE_PLATFORM_CHALLENGE_RESPONSE); |
900 | 0 | break; |
901 | | |
902 | 0 | case NEW_LICENSE: |
903 | 0 | case UPGRADE_LICENSE: |
904 | 0 | if (!license_ensure_state(license, LICENSE_STATE_PLATFORM_CHALLENGE_RESPONSE, bMsgType)) |
905 | 0 | return STATE_RUN_FAILED; |
906 | 0 | if (!license_read_new_or_upgrade_license_packet(license, s)) |
907 | 0 | return STATE_RUN_FAILED; |
908 | 0 | break; |
909 | | |
910 | 0 | case ERROR_ALERT: |
911 | 0 | if (!license_read_error_alert_packet(license, s)) |
912 | 0 | return STATE_RUN_FAILED; |
913 | 0 | break; |
914 | | |
915 | 0 | default: |
916 | 0 | WLog_Print(license->log, WLOG_ERROR, "invalid bMsgType:%" PRIu8 "", bMsgType); |
917 | 0 | return STATE_RUN_FAILED; |
918 | 0 | } |
919 | | |
920 | 0 | if (!tpkt_ensure_stream_consumed(license->log, s, length)) |
921 | 0 | return STATE_RUN_FAILED; |
922 | 0 | return STATE_RUN_SUCCESS; |
923 | 0 | } |
924 | | |
925 | | state_run_t license_client_recv(rdpLicense* license, wStream* s) |
926 | 0 | { |
927 | 0 | state_run_t rc = license_client_recv_int(license, s); |
928 | 0 | if (state_run_failed(rc)) |
929 | 0 | { |
930 | 0 | freerdp_set_last_error(license->rdp->context, ERROR_CTX_LICENSE_CLIENT_INVALID); |
931 | 0 | } |
932 | 0 | return rc; |
933 | 0 | } |
934 | | |
935 | | state_run_t license_server_recv(rdpLicense* license, wStream* s) |
936 | 0 | { |
937 | 0 | state_run_t rc = STATE_RUN_FAILED; |
938 | 0 | BYTE flags = 0; |
939 | 0 | BYTE bMsgType = 0; |
940 | 0 | UINT16 wMsgSize = 0; |
941 | 0 | const size_t length = Stream_GetRemainingLength(s); |
942 | |
|
943 | 0 | WINPR_ASSERT(license); |
944 | | |
945 | 0 | if (!license_read_preamble(license->log, s, &bMsgType, &flags, |
946 | 0 | &wMsgSize)) /* preamble (4 bytes) */ |
947 | 0 | goto fail; |
948 | | |
949 | 0 | DEBUG_LICENSE("Receiving %s Packet", license_request_type_string(bMsgType)); |
950 | |
|
951 | 0 | switch (bMsgType) |
952 | 0 | { |
953 | 0 | case NEW_LICENSE_REQUEST: |
954 | 0 | if (!license_ensure_state(license, LICENSE_STATE_REQUEST, bMsgType)) |
955 | 0 | goto fail; |
956 | 0 | if (!license_read_new_license_request_packet(license, s)) |
957 | 0 | goto fail; |
958 | | // TODO: Validate if client is allowed |
959 | 0 | if (!license_send_error_alert(license, ERR_INVALID_MAC, ST_TOTAL_ABORT, |
960 | 0 | license->ErrorInfo)) |
961 | 0 | goto fail; |
962 | 0 | if (!license_send_platform_challenge_packet(license)) |
963 | 0 | goto fail; |
964 | 0 | license->update = FALSE; |
965 | 0 | if (!license_set_state(license, LICENSE_STATE_PLATFORM_CHALLENGE)) |
966 | 0 | goto fail; |
967 | 0 | break; |
968 | 0 | case LICENSE_INFO: |
969 | 0 | if (!license_ensure_state(license, LICENSE_STATE_REQUEST, bMsgType)) |
970 | 0 | goto fail; |
971 | 0 | if (!license_read_license_info(license, s)) |
972 | 0 | goto fail; |
973 | | // TODO: Validate license info |
974 | 0 | if (!license_send_platform_challenge_packet(license)) |
975 | 0 | goto fail; |
976 | 0 | if (!license_set_state(license, LICENSE_STATE_PLATFORM_CHALLENGE)) |
977 | 0 | goto fail; |
978 | 0 | license->update = TRUE; |
979 | 0 | break; |
980 | | |
981 | 0 | case PLATFORM_CHALLENGE_RESPONSE: |
982 | 0 | if (!license_ensure_state(license, LICENSE_STATE_PLATFORM_CHALLENGE, bMsgType)) |
983 | 0 | goto fail; |
984 | 0 | if (!license_read_client_platform_challenge_response(license, s)) |
985 | 0 | goto fail; |
986 | | |
987 | | // TODO: validate challenge response |
988 | 0 | if (FALSE) |
989 | 0 | { |
990 | 0 | if (license_send_error_alert(license, ERR_INVALID_CLIENT, ST_TOTAL_ABORT, |
991 | 0 | license->ErrorInfo)) |
992 | 0 | goto fail; |
993 | 0 | } |
994 | 0 | else |
995 | 0 | { |
996 | 0 | if (!license_server_send_new_or_upgrade_license(license, license->update)) |
997 | 0 | goto fail; |
998 | | |
999 | 0 | license->type = LICENSE_TYPE_ISSUED; |
1000 | 0 | license_set_state(license, LICENSE_STATE_COMPLETED); |
1001 | |
|
1002 | 0 | rc = STATE_RUN_CONTINUE; /* License issued, switch state */ |
1003 | 0 | } |
1004 | 0 | break; |
1005 | | |
1006 | 0 | case ERROR_ALERT: |
1007 | 0 | if (!license_read_error_alert_packet(license, s)) |
1008 | 0 | goto fail; |
1009 | 0 | break; |
1010 | | |
1011 | 0 | default: |
1012 | 0 | WLog_Print(license->log, WLOG_ERROR, "invalid bMsgType:%" PRIu8 "", bMsgType); |
1013 | 0 | goto fail; |
1014 | 0 | } |
1015 | | |
1016 | 0 | if (!tpkt_ensure_stream_consumed(license->log, s, length)) |
1017 | 0 | goto fail; |
1018 | | |
1019 | 0 | if (!state_run_success(rc)) |
1020 | 0 | rc = STATE_RUN_SUCCESS; |
1021 | |
|
1022 | 0 | fail: |
1023 | 0 | if (state_run_failed(rc)) |
1024 | 0 | { |
1025 | 0 | if (flags & EXTENDED_ERROR_MSG_SUPPORTED) |
1026 | 0 | license_send_error_alert(license, ERR_INVALID_CLIENT, ST_TOTAL_ABORT, NULL); |
1027 | 0 | license_set_state(license, LICENSE_STATE_ABORTED); |
1028 | 0 | } |
1029 | |
|
1030 | 0 | return rc; |
1031 | 0 | } |
1032 | | |
1033 | | void license_generate_randoms(rdpLicense* license) |
1034 | 0 | { |
1035 | 0 | WINPR_ASSERT(license); |
1036 | | |
1037 | | #ifdef LICENSE_NULL_CLIENT_RANDOM |
1038 | | ZeroMemory(license->ClientRandom, sizeof(license->ClientRandom)); /* ClientRandom */ |
1039 | | #else |
1040 | 0 | winpr_RAND(license->ClientRandom, sizeof(license->ClientRandom)); /* ClientRandom */ |
1041 | 0 | #endif |
1042 | |
|
1043 | 0 | winpr_RAND(license->ServerRandom, sizeof(license->ServerRandom)); /* ServerRandom */ |
1044 | |
|
1045 | | #ifdef LICENSE_NULL_PREMASTER_SECRET |
1046 | | ZeroMemory(license->PremasterSecret, sizeof(license->PremasterSecret)); /* PremasterSecret */ |
1047 | | #else |
1048 | 0 | winpr_RAND(license->PremasterSecret, sizeof(license->PremasterSecret)); /* PremasterSecret */ |
1049 | 0 | #endif |
1050 | 0 | } |
1051 | | |
1052 | | /** |
1053 | | * Generate License Cryptographic Keys. |
1054 | | * @param license license module |
1055 | | */ |
1056 | | |
1057 | | static BOOL license_generate_keys(rdpLicense* license) |
1058 | 0 | { |
1059 | 0 | WINPR_ASSERT(license); |
1060 | | |
1061 | 0 | if ( |
1062 | | /* MasterSecret */ |
1063 | 0 | !security_master_secret(license->PremasterSecret, sizeof(license->PremasterSecret), |
1064 | 0 | license->ClientRandom, sizeof(license->ClientRandom), |
1065 | 0 | license->ServerRandom, sizeof(license->ServerRandom), |
1066 | 0 | license->MasterSecret, sizeof(license->MasterSecret)) || |
1067 | | /* SessionKeyBlob */ |
1068 | 0 | !security_session_key_blob(license->MasterSecret, sizeof(license->MasterSecret), |
1069 | 0 | license->ClientRandom, sizeof(license->ClientRandom), |
1070 | 0 | license->ServerRandom, sizeof(license->ServerRandom), |
1071 | 0 | license->SessionKeyBlob, sizeof(license->SessionKeyBlob))) |
1072 | 0 | { |
1073 | 0 | return FALSE; |
1074 | 0 | } |
1075 | 0 | security_mac_salt_key(license->SessionKeyBlob, sizeof(license->SessionKeyBlob), |
1076 | 0 | license->ClientRandom, sizeof(license->ClientRandom), |
1077 | 0 | license->ServerRandom, sizeof(license->ServerRandom), license->MacSaltKey, |
1078 | 0 | sizeof(license->MacSaltKey)); /* MacSaltKey */ |
1079 | 0 | const BOOL ret = security_licensing_encryption_key( |
1080 | 0 | license->SessionKeyBlob, sizeof(license->SessionKeyBlob), license->ClientRandom, |
1081 | 0 | sizeof(license->ClientRandom), license->ServerRandom, sizeof(license->ServerRandom), |
1082 | 0 | license->LicensingEncryptionKey, |
1083 | 0 | sizeof(license->LicensingEncryptionKey)); /* LicensingEncryptionKey */ |
1084 | |
|
1085 | | #ifdef WITH_DEBUG_LICENSE |
1086 | | WLog_Print(license->log, WLOG_DEBUG, "ClientRandom:"); |
1087 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->ClientRandom, |
1088 | | sizeof(license->ClientRandom)); |
1089 | | WLog_Print(license->log, WLOG_DEBUG, "ServerRandom:"); |
1090 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->ServerRandom, |
1091 | | sizeof(license->ServerRandom)); |
1092 | | WLog_Print(license->log, WLOG_DEBUG, "PremasterSecret:"); |
1093 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->PremasterSecret, |
1094 | | sizeof(license->PremasterSecret)); |
1095 | | WLog_Print(license->log, WLOG_DEBUG, "MasterSecret:"); |
1096 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->MasterSecret, |
1097 | | sizeof(license->MasterSecret)); |
1098 | | WLog_Print(license->log, WLOG_DEBUG, "SessionKeyBlob:"); |
1099 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->SessionKeyBlob, |
1100 | | sizeof(license->SessionKeyBlob)); |
1101 | | WLog_Print(license->log, WLOG_DEBUG, "MacSaltKey:"); |
1102 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->MacSaltKey, sizeof(license->MacSaltKey)); |
1103 | | WLog_Print(license->log, WLOG_DEBUG, "LicensingEncryptionKey:"); |
1104 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->LicensingEncryptionKey, |
1105 | | sizeof(license->LicensingEncryptionKey)); |
1106 | | #endif |
1107 | 0 | return ret; |
1108 | 0 | } |
1109 | | |
1110 | | /** |
1111 | | * Generate Unique Hardware Identifier (CLIENT_HARDWARE_ID). |
1112 | | * @param license license module |
1113 | | */ |
1114 | | |
1115 | | BOOL license_generate_hwid(rdpLicense* license) |
1116 | 0 | { |
1117 | 0 | const BYTE* hashTarget = NULL; |
1118 | 0 | size_t targetLen = 0; |
1119 | 0 | BYTE macAddress[6] = { 0 }; |
1120 | |
|
1121 | 0 | WINPR_ASSERT(license); |
1122 | 0 | WINPR_ASSERT(license->rdp); |
1123 | 0 | WINPR_ASSERT(license->rdp->settings); |
1124 | | |
1125 | 0 | ZeroMemory(license->HardwareId, sizeof(license->HardwareId)); |
1126 | |
|
1127 | 0 | if (license->rdp->settings->OldLicenseBehaviour) |
1128 | 0 | { |
1129 | 0 | hashTarget = macAddress; |
1130 | 0 | targetLen = sizeof(macAddress); |
1131 | 0 | } |
1132 | 0 | else |
1133 | 0 | { |
1134 | 0 | wStream buffer = { 0 }; |
1135 | 0 | const char* hostname = license->rdp->settings->ClientHostname; |
1136 | 0 | wStream* s = Stream_StaticInit(&buffer, license->HardwareId, 4); |
1137 | 0 | Stream_Write_UINT32(s, license->PlatformId); |
1138 | | |
1139 | 0 | hashTarget = (const BYTE*)hostname; |
1140 | 0 | targetLen = hostname ? strlen(hostname) : 0; |
1141 | 0 | } |
1142 | | |
1143 | | /* Allow FIPS override for use of MD5 here, really this does not have to be MD5 as we are just |
1144 | | * taking a MD5 hash of the 6 bytes of 0's(macAddress) */ |
1145 | | /* and filling in the Data1-Data4 fields of the CLIENT_HARDWARE_ID structure(from MS-RDPELE |
1146 | | * section 2.2.2.3.1). This is for RDP licensing packets */ |
1147 | | /* which will already be encrypted under FIPS, so the use of MD5 here is not for sensitive data |
1148 | | * protection. */ |
1149 | 0 | return winpr_Digest_Allow_FIPS(WINPR_MD_MD5, hashTarget, targetLen, |
1150 | 0 | &license->HardwareId[HWID_PLATFORM_ID_LENGTH], |
1151 | 0 | WINPR_MD5_DIGEST_LENGTH); |
1152 | 0 | } |
1153 | | |
1154 | | static BOOL license_get_server_rsa_public_key(rdpLicense* license) |
1155 | 0 | { |
1156 | 0 | rdpSettings* settings = NULL; |
1157 | |
|
1158 | 0 | WINPR_ASSERT(license); |
1159 | 0 | WINPR_ASSERT(license->certificate); |
1160 | 0 | WINPR_ASSERT(license->rdp); |
1161 | | |
1162 | 0 | settings = license->rdp->settings; |
1163 | 0 | WINPR_ASSERT(settings); |
1164 | | |
1165 | 0 | if (license->ServerCertificate->length < 1) |
1166 | 0 | { |
1167 | 0 | if (!freerdp_certificate_read_server_cert(license->certificate, settings->ServerCertificate, |
1168 | 0 | settings->ServerCertificateLength)) |
1169 | 0 | return FALSE; |
1170 | 0 | } |
1171 | | |
1172 | 0 | return TRUE; |
1173 | 0 | } |
1174 | | |
1175 | | BOOL license_encrypt_premaster_secret(rdpLicense* license) |
1176 | 0 | { |
1177 | 0 | WINPR_ASSERT(license); |
1178 | 0 | WINPR_ASSERT(license->certificate); |
1179 | | |
1180 | 0 | if (!license_get_server_rsa_public_key(license)) |
1181 | 0 | return FALSE; |
1182 | | |
1183 | 0 | WINPR_ASSERT(license->EncryptedPremasterSecret); |
1184 | | |
1185 | 0 | const rdpCertInfo* info = freerdp_certificate_get_info(license->certificate); |
1186 | 0 | if (!info) |
1187 | 0 | { |
1188 | 0 | WLog_Print(license->log, WLOG_ERROR, "info=%p, license->certificate=%p", info, |
1189 | 0 | license->certificate); |
1190 | 0 | return FALSE; |
1191 | 0 | } |
1192 | | |
1193 | | #ifdef WITH_DEBUG_LICENSE |
1194 | | WLog_Print(license->log, WLOG_DEBUG, "Modulus (%" PRIu32 " bits):", info->ModulusLength * 8); |
1195 | | winpr_HexLogDump(license->log, WLOG_DEBUG, info->Modulus, info->ModulusLength); |
1196 | | WLog_Print(license->log, WLOG_DEBUG, "Exponent:"); |
1197 | | winpr_HexLogDump(license->log, WLOG_DEBUG, info->exponent, sizeof(info->exponent)); |
1198 | | #endif |
1199 | | |
1200 | 0 | BYTE* EncryptedPremasterSecret = (BYTE*)calloc(1, info->ModulusLength); |
1201 | 0 | if (!EncryptedPremasterSecret) |
1202 | 0 | { |
1203 | 0 | WLog_Print(license->log, WLOG_ERROR, |
1204 | 0 | "EncryptedPremasterSecret=%p, info->ModulusLength=%" PRIu32, |
1205 | 0 | EncryptedPremasterSecret, info->ModulusLength); |
1206 | 0 | return FALSE; |
1207 | 0 | } |
1208 | | |
1209 | 0 | license->EncryptedPremasterSecret->type = BB_RANDOM_BLOB; |
1210 | 0 | license->EncryptedPremasterSecret->length = sizeof(license->PremasterSecret); |
1211 | 0 | #ifndef LICENSE_NULL_PREMASTER_SECRET |
1212 | 0 | { |
1213 | 0 | const SSIZE_T length = |
1214 | 0 | crypto_rsa_public_encrypt(license->PremasterSecret, sizeof(license->PremasterSecret), |
1215 | 0 | info, EncryptedPremasterSecret, info->ModulusLength); |
1216 | 0 | if ((length < 0) || (length > UINT16_MAX)) |
1217 | 0 | { |
1218 | 0 | WLog_Print(license->log, WLOG_ERROR, |
1219 | 0 | "RSA public encrypt length=%" PRIdz " < 0 || > %" PRIu16, length, |
1220 | 0 | UINT16_MAX); |
1221 | 0 | return FALSE; |
1222 | 0 | } |
1223 | 0 | license->EncryptedPremasterSecret->length = (UINT16)length; |
1224 | 0 | } |
1225 | 0 | #endif |
1226 | 0 | license->EncryptedPremasterSecret->data = EncryptedPremasterSecret; |
1227 | 0 | return TRUE; |
1228 | 0 | } |
1229 | | |
1230 | | static BOOL license_rc4_with_licenseKey(const rdpLicense* license, const BYTE* input, size_t len, |
1231 | | LICENSE_BLOB* target) |
1232 | 0 | { |
1233 | 0 | WINPR_ASSERT(license); |
1234 | 0 | WINPR_ASSERT(input || (len == 0)); |
1235 | 0 | WINPR_ASSERT(target); |
1236 | 0 | WINPR_ASSERT(len <= UINT16_MAX); |
1237 | | |
1238 | 0 | WINPR_RC4_CTX* rc4 = winpr_RC4_New_Allow_FIPS(license->LicensingEncryptionKey, |
1239 | 0 | sizeof(license->LicensingEncryptionKey)); |
1240 | 0 | if (!rc4) |
1241 | 0 | { |
1242 | 0 | WLog_Print(license->log, WLOG_ERROR, "Failed to allocate RC4"); |
1243 | 0 | return FALSE; |
1244 | 0 | } |
1245 | | |
1246 | 0 | BYTE* buffer = NULL; |
1247 | 0 | if (len > 0) |
1248 | 0 | buffer = realloc(target->data, len); |
1249 | 0 | if (!buffer) |
1250 | 0 | goto error_buffer; |
1251 | | |
1252 | 0 | target->data = buffer; |
1253 | 0 | target->length = (UINT16)len; |
1254 | |
|
1255 | 0 | if (!winpr_RC4_Update(rc4, len, input, buffer)) |
1256 | 0 | goto error_buffer; |
1257 | | |
1258 | 0 | winpr_RC4_Free(rc4); |
1259 | 0 | return TRUE; |
1260 | | |
1261 | 0 | error_buffer: |
1262 | 0 | WLog_Print(license->log, WLOG_ERROR, "Failed to create/update RC4: len=%" PRIuz ", buffer=%p", |
1263 | 0 | len, buffer); |
1264 | 0 | winpr_RC4_Free(rc4); |
1265 | 0 | return FALSE; |
1266 | 0 | } |
1267 | | |
1268 | | /** |
1269 | | * Encrypt the input using the license key and MAC the input for a signature |
1270 | | * |
1271 | | * @param license rdpLicense to get keys and salt from |
1272 | | * @param input the input data to encrypt and MAC |
1273 | | * @param len size of input |
1274 | | * @param target a target LICENSE_BLOB where the encrypted input will be stored |
1275 | | * @param mac the signature buffer (16 bytes) |
1276 | | * @return if the operation completed successfully |
1277 | | */ |
1278 | | static BOOL license_encrypt_and_MAC(rdpLicense* license, const BYTE* input, size_t len, |
1279 | | LICENSE_BLOB* target, BYTE* mac, size_t mac_length) |
1280 | 0 | { |
1281 | 0 | WINPR_ASSERT(license); |
1282 | 0 | return license_rc4_with_licenseKey(license, input, len, target) && |
1283 | 0 | security_mac_data(license->MacSaltKey, sizeof(license->MacSaltKey), input, len, mac, |
1284 | 0 | mac_length); |
1285 | 0 | } |
1286 | | |
1287 | | /** |
1288 | | * Decrypt the input using the license key and check the MAC |
1289 | | * |
1290 | | * @param license rdpLicense to get keys and salt from |
1291 | | * @param input the input data to decrypt and MAC |
1292 | | * @param len size of input |
1293 | | * @param target a target LICENSE_BLOB where the decrypted input will be stored |
1294 | | * @param packetMac the signature buffer (16 bytes) |
1295 | | * |
1296 | | * @return if the operation completed successfully |
1297 | | */ |
1298 | | static BOOL license_decrypt_and_check_MAC(rdpLicense* license, const BYTE* input, size_t len, |
1299 | | LICENSE_BLOB* target, const BYTE* packetMac) |
1300 | 0 | { |
1301 | 0 | BYTE macData[sizeof(license->MACData)] = { 0 }; |
1302 | |
|
1303 | 0 | WINPR_ASSERT(license); |
1304 | 0 | WINPR_ASSERT(target); |
1305 | | |
1306 | 0 | if (freerdp_settings_get_bool(license->rdp->settings, FreeRDP_TransportDumpReplay)) |
1307 | 0 | { |
1308 | 0 | WLog_Print(license->log, WLOG_DEBUG, "TransportDumpReplay active, skipping..."); |
1309 | 0 | return TRUE; |
1310 | 0 | } |
1311 | | |
1312 | 0 | if (!license_rc4_with_licenseKey(license, input, len, target)) |
1313 | 0 | return FALSE; |
1314 | | |
1315 | 0 | if (!security_mac_data(license->MacSaltKey, sizeof(license->MacSaltKey), target->data, len, |
1316 | 0 | macData, sizeof(macData))) |
1317 | 0 | return FALSE; |
1318 | | |
1319 | 0 | if (memcmp(packetMac, macData, sizeof(macData)) != 0) |
1320 | 0 | { |
1321 | 0 | WLog_Print(license->log, WLOG_ERROR, "packetMac != expectedMac"); |
1322 | 0 | return FALSE; |
1323 | 0 | } |
1324 | 0 | return TRUE; |
1325 | 0 | } |
1326 | | |
1327 | | /** |
1328 | | * Read Product Information (PRODUCT_INFO). |
1329 | | * msdn{cc241915} |
1330 | | * @param s stream |
1331 | | * @param productInfo product information |
1332 | | */ |
1333 | | |
1334 | | BOOL license_read_product_info(wLog* log, wStream* s, LICENSE_PRODUCT_INFO* productInfo) |
1335 | 0 | { |
1336 | 0 | WINPR_ASSERT(productInfo); |
1337 | | |
1338 | 0 | if (!license_check_stream_length(log, s, 8, "license product info::cbCompanyName")) |
1339 | 0 | return FALSE; |
1340 | | |
1341 | 0 | Stream_Read_UINT32(s, productInfo->dwVersion); /* dwVersion (4 bytes) */ |
1342 | 0 | Stream_Read_UINT32(s, productInfo->cbCompanyName); /* cbCompanyName (4 bytes) */ |
1343 | | |
1344 | | /* Name must be >0, but there is no upper limit defined, use UINT32_MAX */ |
1345 | 0 | if ((productInfo->cbCompanyName < 2) || (productInfo->cbCompanyName % 2 != 0)) |
1346 | 0 | { |
1347 | 0 | WLog_Print(log, WLOG_WARN, "license product info invalid cbCompanyName %" PRIu32, |
1348 | 0 | productInfo->cbCompanyName); |
1349 | 0 | return FALSE; |
1350 | 0 | } |
1351 | | |
1352 | 0 | if (!license_check_stream_length(log, s, productInfo->cbCompanyName, |
1353 | 0 | "license product info::CompanyName")) |
1354 | 0 | return FALSE; |
1355 | | |
1356 | 0 | productInfo->pbProductId = NULL; |
1357 | 0 | productInfo->pbCompanyName = (BYTE*)malloc(productInfo->cbCompanyName); |
1358 | 0 | if (!productInfo->pbCompanyName) |
1359 | 0 | goto out_fail; |
1360 | 0 | Stream_Read(s, productInfo->pbCompanyName, productInfo->cbCompanyName); |
1361 | |
|
1362 | 0 | if (!license_check_stream_length(log, s, 4, "license product info::cbProductId")) |
1363 | 0 | goto out_fail; |
1364 | | |
1365 | 0 | Stream_Read_UINT32(s, productInfo->cbProductId); /* cbProductId (4 bytes) */ |
1366 | |
|
1367 | 0 | if ((productInfo->cbProductId < 2) || (productInfo->cbProductId % 2 != 0)) |
1368 | 0 | { |
1369 | 0 | WLog_Print(log, WLOG_WARN, "license product info invalid cbProductId %" PRIu32, |
1370 | 0 | productInfo->cbProductId); |
1371 | 0 | goto out_fail; |
1372 | 0 | } |
1373 | | |
1374 | 0 | if (!license_check_stream_length(log, s, productInfo->cbProductId, |
1375 | 0 | "license product info::ProductId")) |
1376 | 0 | goto out_fail; |
1377 | | |
1378 | 0 | productInfo->pbProductId = (BYTE*)malloc(productInfo->cbProductId); |
1379 | 0 | if (!productInfo->pbProductId) |
1380 | 0 | goto out_fail; |
1381 | 0 | Stream_Read(s, productInfo->pbProductId, productInfo->cbProductId); |
1382 | 0 | return TRUE; |
1383 | | |
1384 | 0 | out_fail: |
1385 | 0 | free(productInfo->pbCompanyName); |
1386 | 0 | free(productInfo->pbProductId); |
1387 | 0 | productInfo->pbCompanyName = NULL; |
1388 | 0 | productInfo->pbProductId = NULL; |
1389 | 0 | return FALSE; |
1390 | 0 | } |
1391 | | |
1392 | | static BOOL license_write_product_info(wLog* log, wStream* s, |
1393 | | const LICENSE_PRODUCT_INFO* productInfo) |
1394 | 0 | { |
1395 | 0 | WINPR_ASSERT(productInfo); |
1396 | | |
1397 | 0 | if (!license_check_stream_capacity(log, s, 8, "license product info::cbCompanyName")) |
1398 | 0 | return FALSE; |
1399 | | |
1400 | 0 | Stream_Write_UINT32(s, productInfo->dwVersion); /* dwVersion (4 bytes) */ |
1401 | 0 | Stream_Write_UINT32(s, productInfo->cbCompanyName); /* cbCompanyName (4 bytes) */ |
1402 | | |
1403 | | /* Name must be >0, but there is no upper limit defined, use UINT32_MAX */ |
1404 | 0 | if ((productInfo->cbCompanyName < 2) || (productInfo->cbCompanyName % 2 != 0) || |
1405 | 0 | !productInfo->pbCompanyName) |
1406 | 0 | { |
1407 | 0 | WLog_Print(log, WLOG_WARN, "license product info invalid cbCompanyName %" PRIu32, |
1408 | 0 | productInfo->cbCompanyName); |
1409 | 0 | return FALSE; |
1410 | 0 | } |
1411 | | |
1412 | 0 | if (!license_check_stream_capacity(log, s, productInfo->cbCompanyName, |
1413 | 0 | "license product info::CompanyName")) |
1414 | 0 | return FALSE; |
1415 | | |
1416 | 0 | Stream_Write(s, productInfo->pbCompanyName, productInfo->cbCompanyName); |
1417 | |
|
1418 | 0 | if (!license_check_stream_capacity(log, s, 4, "license product info::cbProductId")) |
1419 | 0 | return FALSE; |
1420 | | |
1421 | 0 | Stream_Write_UINT32(s, productInfo->cbProductId); /* cbProductId (4 bytes) */ |
1422 | | |
1423 | 0 | if ((productInfo->cbProductId < 2) || (productInfo->cbProductId % 2 != 0) || |
1424 | 0 | !productInfo->pbProductId) |
1425 | 0 | { |
1426 | 0 | WLog_Print(log, WLOG_WARN, "license product info invalid cbProductId %" PRIu32, |
1427 | 0 | productInfo->cbProductId); |
1428 | 0 | return FALSE; |
1429 | 0 | } |
1430 | | |
1431 | 0 | if (!license_check_stream_capacity(log, s, productInfo->cbProductId, |
1432 | 0 | "license product info::ProductId")) |
1433 | 0 | return FALSE; |
1434 | | |
1435 | 0 | Stream_Write(s, productInfo->pbProductId, productInfo->cbProductId); |
1436 | 0 | return TRUE; |
1437 | 0 | } |
1438 | | |
1439 | | /** |
1440 | | * Allocate New Product Information (LICENSE_PRODUCT_INFO). |
1441 | | * msdn{cc241915} |
1442 | | * @return new product information |
1443 | | */ |
1444 | | |
1445 | | LICENSE_PRODUCT_INFO* license_new_product_info(void) |
1446 | 0 | { |
1447 | 0 | LICENSE_PRODUCT_INFO* productInfo = |
1448 | 0 | (LICENSE_PRODUCT_INFO*)calloc(1, sizeof(LICENSE_PRODUCT_INFO)); |
1449 | 0 | if (!productInfo) |
1450 | 0 | return NULL; |
1451 | 0 | return productInfo; |
1452 | 0 | } |
1453 | | |
1454 | | /** |
1455 | | * Free Product Information (LICENSE_PRODUCT_INFO). |
1456 | | * msdn{cc241915} |
1457 | | * @param productInfo product information |
1458 | | */ |
1459 | | |
1460 | | void license_free_product_info(LICENSE_PRODUCT_INFO* productInfo) |
1461 | 0 | { |
1462 | 0 | if (productInfo) |
1463 | 0 | { |
1464 | 0 | free(productInfo->pbCompanyName); |
1465 | 0 | free(productInfo->pbProductId); |
1466 | 0 | free(productInfo); |
1467 | 0 | } |
1468 | 0 | } |
1469 | | |
1470 | | BOOL license_read_binary_blob_data(wLog* log, LICENSE_BLOB* blob, UINT16 wBlobType, |
1471 | | const void* data, size_t length) |
1472 | 0 | { |
1473 | 0 | WINPR_ASSERT(blob); |
1474 | 0 | WINPR_ASSERT(length <= UINT16_MAX); |
1475 | 0 | WINPR_ASSERT(data || (length == 0)); |
1476 | | |
1477 | 0 | blob->length = (UINT16)length; |
1478 | 0 | free(blob->data); |
1479 | 0 | blob->data = NULL; |
1480 | |
|
1481 | 0 | if ((blob->type != wBlobType) && (blob->type != BB_ANY_BLOB)) |
1482 | 0 | { |
1483 | 0 | WLog_Print(log, WLOG_ERROR, "license binary blob::type expected %s, got %s", |
1484 | 0 | licencse_blob_type_string(wBlobType), licencse_blob_type_string(blob->type)); |
1485 | 0 | } |
1486 | | |
1487 | | /* |
1488 | | * Server can choose to not send data by setting length to 0. |
1489 | | * If so, it may not bother to set the type, so shortcut the warning |
1490 | | */ |
1491 | 0 | if ((blob->type != BB_ANY_BLOB) && (blob->length == 0)) |
1492 | 0 | { |
1493 | 0 | WLog_Print(log, WLOG_DEBUG, "license binary blob::type %s, length=0, skipping.", |
1494 | 0 | licencse_blob_type_string(blob->type)); |
1495 | 0 | return TRUE; |
1496 | 0 | } |
1497 | | |
1498 | 0 | blob->type = wBlobType; |
1499 | 0 | blob->data = NULL; |
1500 | 0 | if (blob->length > 0) |
1501 | 0 | blob->data = malloc(blob->length); |
1502 | 0 | if (!blob->data) |
1503 | 0 | { |
1504 | 0 | WLog_Print(log, WLOG_ERROR, "license binary blob::length=%" PRIu16 ", blob::data=%p", |
1505 | 0 | blob->length, blob->data); |
1506 | 0 | return FALSE; |
1507 | 0 | } |
1508 | 0 | memcpy(blob->data, data, blob->length); /* blobData */ |
1509 | 0 | return TRUE; |
1510 | 0 | } |
1511 | | |
1512 | | /** |
1513 | | * Read License Binary Blob (LICENSE_BINARY_BLOB). |
1514 | | * msdn{cc240481} |
1515 | | * @param s stream |
1516 | | * @param blob license binary blob |
1517 | | */ |
1518 | | |
1519 | | BOOL license_read_binary_blob(wLog* log, wStream* s, LICENSE_BLOB* blob) |
1520 | 0 | { |
1521 | 0 | UINT16 wBlobType = 0; |
1522 | 0 | UINT16 length = 0; |
1523 | |
|
1524 | 0 | WINPR_ASSERT(blob); |
1525 | | |
1526 | 0 | if (!license_check_stream_length(log, s, 4, "license binary blob::type")) |
1527 | 0 | return FALSE; |
1528 | | |
1529 | 0 | Stream_Read_UINT16(s, wBlobType); /* wBlobType (2 bytes) */ |
1530 | 0 | Stream_Read_UINT16(s, length); /* wBlobLen (2 bytes) */ |
1531 | |
|
1532 | 0 | if (!license_check_stream_length(log, s, length, "license binary blob::length")) |
1533 | 0 | return FALSE; |
1534 | | |
1535 | 0 | if (!license_read_binary_blob_data(log, blob, wBlobType, Stream_Pointer(s), length)) |
1536 | 0 | return FALSE; |
1537 | | |
1538 | 0 | return Stream_SafeSeek(s, length); |
1539 | 0 | } |
1540 | | |
1541 | | /** |
1542 | | * Write License Binary Blob (LICENSE_BINARY_BLOB). |
1543 | | * msdn{cc240481} |
1544 | | * @param s stream |
1545 | | * @param blob license binary blob |
1546 | | */ |
1547 | | |
1548 | | BOOL license_write_binary_blob(wStream* s, const LICENSE_BLOB* blob) |
1549 | 0 | { |
1550 | 0 | WINPR_ASSERT(blob); |
1551 | | |
1552 | 0 | if (!Stream_EnsureRemainingCapacity(s, blob->length + 4)) |
1553 | 0 | return FALSE; |
1554 | | |
1555 | 0 | Stream_Write_UINT16(s, blob->type); /* wBlobType (2 bytes) */ |
1556 | 0 | Stream_Write_UINT16(s, blob->length); /* wBlobLen (2 bytes) */ |
1557 | | |
1558 | 0 | if (blob->length > 0) |
1559 | 0 | Stream_Write(s, blob->data, blob->length); /* blobData */ |
1560 | 0 | return TRUE; |
1561 | 0 | } |
1562 | | |
1563 | | static BOOL license_write_encrypted_premaster_secret_blob(wLog* log, wStream* s, |
1564 | | const LICENSE_BLOB* blob, |
1565 | | UINT32 ModulusLength) |
1566 | 0 | { |
1567 | 0 | const UINT32 length = ModulusLength + 8; |
1568 | |
|
1569 | 0 | WINPR_ASSERT(blob); |
1570 | 0 | WINPR_ASSERT(length <= UINT16_MAX); |
1571 | | |
1572 | 0 | if (blob->length > ModulusLength) |
1573 | 0 | { |
1574 | 0 | WLog_Print(log, WLOG_ERROR, "invalid blob"); |
1575 | 0 | return FALSE; |
1576 | 0 | } |
1577 | | |
1578 | 0 | if (!Stream_EnsureRemainingCapacity(s, length + 4)) |
1579 | 0 | return FALSE; |
1580 | 0 | Stream_Write_UINT16(s, blob->type); /* wBlobType (2 bytes) */ |
1581 | 0 | Stream_Write_UINT16(s, (UINT16)length); /* wBlobLen (2 bytes) */ |
1582 | | |
1583 | 0 | if (blob->length > 0) |
1584 | 0 | Stream_Write(s, blob->data, blob->length); /* blobData */ |
1585 | |
|
1586 | 0 | Stream_Zero(s, length - blob->length); |
1587 | 0 | return TRUE; |
1588 | 0 | } |
1589 | | |
1590 | | static BOOL license_read_encrypted_premaster_secret_blob(wLog* log, wStream* s, LICENSE_BLOB* blob, |
1591 | | UINT32* ModulusLength) |
1592 | 0 | { |
1593 | 0 | if (!license_read_binary_blob(log, s, blob)) |
1594 | 0 | return FALSE; |
1595 | 0 | WINPR_ASSERT(ModulusLength); |
1596 | 0 | *ModulusLength = blob->length; |
1597 | 0 | return TRUE; |
1598 | 0 | } |
1599 | | |
1600 | | /** |
1601 | | * Allocate New License Binary Blob (LICENSE_BINARY_BLOB). |
1602 | | * msdn{cc240481} |
1603 | | * @return new license binary blob |
1604 | | */ |
1605 | | |
1606 | | LICENSE_BLOB* license_new_binary_blob(UINT16 type) |
1607 | 0 | { |
1608 | 0 | LICENSE_BLOB* blob = (LICENSE_BLOB*)calloc(1, sizeof(LICENSE_BLOB)); |
1609 | 0 | if (blob) |
1610 | 0 | blob->type = type; |
1611 | 0 | return blob; |
1612 | 0 | } |
1613 | | |
1614 | | /** |
1615 | | * Free License Binary Blob (LICENSE_BINARY_BLOB). |
1616 | | * msdn{cc240481} |
1617 | | * @param blob license binary blob |
1618 | | */ |
1619 | | |
1620 | | void license_free_binary_blob(LICENSE_BLOB* blob) |
1621 | 0 | { |
1622 | 0 | if (blob) |
1623 | 0 | { |
1624 | 0 | free(blob->data); |
1625 | 0 | free(blob); |
1626 | 0 | } |
1627 | 0 | } |
1628 | | |
1629 | | /** |
1630 | | * Read License Scope List (SCOPE_LIST). |
1631 | | * msdn{cc241916} |
1632 | | * @param s stream |
1633 | | * @param scopeList scope list |
1634 | | */ |
1635 | | |
1636 | | BOOL license_read_scope_list(wLog* log, wStream* s, SCOPE_LIST* scopeList) |
1637 | 0 | { |
1638 | 0 | UINT32 scopeCount = 0; |
1639 | |
|
1640 | 0 | WINPR_ASSERT(scopeList); |
1641 | | |
1642 | 0 | if (!license_check_stream_length(log, s, 4, "license scope list")) |
1643 | 0 | return FALSE; |
1644 | | |
1645 | 0 | Stream_Read_UINT32(s, scopeCount); /* ScopeCount (4 bytes) */ |
1646 | |
|
1647 | 0 | if (!license_check_stream_length(log, s, 4ll * scopeCount, "license scope list::count")) |
1648 | 0 | return FALSE; |
1649 | | |
1650 | 0 | if (!license_scope_list_resize(scopeList, scopeCount)) |
1651 | 0 | return FALSE; |
1652 | | /* ScopeArray */ |
1653 | 0 | for (UINT32 i = 0; i < scopeCount; i++) |
1654 | 0 | { |
1655 | 0 | if (!license_read_binary_blob(log, s, scopeList->array[i])) |
1656 | 0 | return FALSE; |
1657 | 0 | } |
1658 | | |
1659 | 0 | return TRUE; |
1660 | 0 | } |
1661 | | |
1662 | | BOOL license_write_scope_list(wLog* log, wStream* s, const SCOPE_LIST* scopeList) |
1663 | 0 | { |
1664 | 0 | WINPR_ASSERT(scopeList); |
1665 | | |
1666 | 0 | if (!license_check_stream_capacity(log, s, 4, "license scope list")) |
1667 | 0 | return FALSE; |
1668 | | |
1669 | 0 | Stream_Write_UINT32(s, scopeList->count); /* ScopeCount (4 bytes) */ |
1670 | | |
1671 | 0 | if (!license_check_stream_capacity(log, s, scopeList->count * 4ull, |
1672 | 0 | "license scope list::count")) |
1673 | 0 | return FALSE; |
1674 | | |
1675 | | /* ScopeArray */ |
1676 | 0 | WINPR_ASSERT(scopeList->array || (scopeList->count == 0)); |
1677 | 0 | for (UINT32 i = 0; i < scopeList->count; i++) |
1678 | 0 | { |
1679 | 0 | const LICENSE_BLOB* element = scopeList->array[i]; |
1680 | |
|
1681 | 0 | if (!license_write_binary_blob(s, element)) |
1682 | 0 | return FALSE; |
1683 | 0 | } |
1684 | | |
1685 | 0 | return TRUE; |
1686 | 0 | } |
1687 | | |
1688 | | /** |
1689 | | * Allocate New License Scope List (SCOPE_LIST). |
1690 | | * msdn{cc241916} |
1691 | | * @return new scope list |
1692 | | */ |
1693 | | |
1694 | | SCOPE_LIST* license_new_scope_list(void) |
1695 | 0 | { |
1696 | 0 | SCOPE_LIST* list = calloc(1, sizeof(SCOPE_LIST)); |
1697 | 0 | return list; |
1698 | 0 | } |
1699 | | |
1700 | | BOOL license_scope_list_resize(SCOPE_LIST* scopeList, UINT32 count) |
1701 | 0 | { |
1702 | 0 | WINPR_ASSERT(scopeList); |
1703 | 0 | WINPR_ASSERT(scopeList->array || (scopeList->count == 0)); |
1704 | | |
1705 | 0 | for (UINT32 x = count; x < scopeList->count; x++) |
1706 | 0 | { |
1707 | 0 | license_free_binary_blob(scopeList->array[x]); |
1708 | 0 | scopeList->array[x] = NULL; |
1709 | 0 | } |
1710 | |
|
1711 | 0 | if (count > 0) |
1712 | 0 | { |
1713 | 0 | LICENSE_BLOB** tmp = |
1714 | 0 | (LICENSE_BLOB**)realloc((void*)scopeList->array, count * sizeof(LICENSE_BLOB*)); |
1715 | 0 | if (!tmp) |
1716 | 0 | return FALSE; |
1717 | 0 | scopeList->array = tmp; |
1718 | 0 | } |
1719 | 0 | else |
1720 | 0 | { |
1721 | 0 | free((void*)scopeList->array); |
1722 | 0 | scopeList->array = NULL; |
1723 | 0 | } |
1724 | | |
1725 | 0 | for (UINT32 x = scopeList->count; x < count; x++) |
1726 | 0 | { |
1727 | 0 | LICENSE_BLOB* blob = license_new_binary_blob(BB_SCOPE_BLOB); |
1728 | 0 | if (!blob) |
1729 | 0 | { |
1730 | 0 | scopeList->count = x; |
1731 | 0 | return FALSE; |
1732 | 0 | } |
1733 | 0 | scopeList->array[x] = blob; |
1734 | 0 | } |
1735 | | |
1736 | 0 | scopeList->count = count; |
1737 | 0 | return TRUE; |
1738 | 0 | } |
1739 | | |
1740 | | /** |
1741 | | * Free License Scope List (SCOPE_LIST). |
1742 | | * msdn{cc241916} |
1743 | | * @param scopeList scope list |
1744 | | */ |
1745 | | |
1746 | | void license_free_scope_list(SCOPE_LIST* scopeList) |
1747 | 0 | { |
1748 | 0 | if (!scopeList) |
1749 | 0 | return; |
1750 | | |
1751 | 0 | license_scope_list_resize(scopeList, 0); |
1752 | 0 | free(scopeList); |
1753 | 0 | } |
1754 | | |
1755 | | BOOL license_send_license_info(rdpLicense* license, const LICENSE_BLOB* calBlob, |
1756 | | const BYTE* signature, size_t signature_length) |
1757 | 0 | { |
1758 | 0 | WINPR_ASSERT(calBlob); |
1759 | 0 | WINPR_ASSERT(signature); |
1760 | 0 | WINPR_ASSERT(license->certificate); |
1761 | | |
1762 | 0 | const rdpCertInfo* info = freerdp_certificate_get_info(license->certificate); |
1763 | 0 | if (!info) |
1764 | 0 | return FALSE; |
1765 | | |
1766 | 0 | UINT16 sec_flags = 0; |
1767 | 0 | wStream* s = license_send_stream_init(license, &sec_flags); |
1768 | 0 | if (!s) |
1769 | 0 | return FALSE; |
1770 | | |
1771 | 0 | if (!license_check_stream_capacity(license->log, s, 8 + sizeof(license->ClientRandom), |
1772 | 0 | "license info::ClientRandom")) |
1773 | 0 | goto error; |
1774 | | |
1775 | 0 | Stream_Write_UINT32(s, |
1776 | 0 | license->PreferredKeyExchangeAlg); /* PreferredKeyExchangeAlg (4 bytes) */ |
1777 | 0 | Stream_Write_UINT32(s, license->PlatformId); /* PlatformId (4 bytes) */ |
1778 | | |
1779 | | /* ClientRandom (32 bytes) */ |
1780 | 0 | Stream_Write(s, license->ClientRandom, sizeof(license->ClientRandom)); |
1781 | | |
1782 | | /* Licensing Binary Blob with EncryptedPreMasterSecret: */ |
1783 | 0 | if (!license_write_encrypted_premaster_secret_blob( |
1784 | 0 | license->log, s, license->EncryptedPremasterSecret, info->ModulusLength)) |
1785 | 0 | goto error; |
1786 | | |
1787 | | /* Licensing Binary Blob with LicenseInfo: */ |
1788 | 0 | if (!license_write_binary_blob(s, calBlob)) |
1789 | 0 | goto error; |
1790 | | |
1791 | | /* Licensing Binary Blob with EncryptedHWID */ |
1792 | 0 | if (!license_write_binary_blob(s, license->EncryptedHardwareId)) |
1793 | 0 | goto error; |
1794 | | |
1795 | | /* MACData */ |
1796 | 0 | if (!license_check_stream_capacity(license->log, s, signature_length, "license info::MACData")) |
1797 | 0 | goto error; |
1798 | 0 | Stream_Write(s, signature, signature_length); |
1799 | |
|
1800 | 0 | return license_send(license, s, LICENSE_INFO, sec_flags); |
1801 | | |
1802 | 0 | error: |
1803 | 0 | Stream_Release(s); |
1804 | 0 | return FALSE; |
1805 | 0 | } |
1806 | | |
1807 | | static BOOL license_check_preferred_alg(rdpLicense* license, UINT32 PreferredKeyExchangeAlg, |
1808 | | const char* where) |
1809 | 0 | { |
1810 | 0 | WINPR_ASSERT(license); |
1811 | 0 | WINPR_ASSERT(where); |
1812 | | |
1813 | 0 | if (license->PreferredKeyExchangeAlg != PreferredKeyExchangeAlg) |
1814 | 0 | { |
1815 | 0 | char buffer1[64] = { 0 }; |
1816 | 0 | char buffer2[64] = { 0 }; |
1817 | 0 | WLog_Print(license->log, WLOG_WARN, "%s::PreferredKeyExchangeAlg, expected %s, got %s", |
1818 | 0 | where, |
1819 | 0 | license_preferred_key_exchange_alg_string(license->PreferredKeyExchangeAlg, |
1820 | 0 | buffer1, sizeof(buffer1)), |
1821 | 0 | license_preferred_key_exchange_alg_string(PreferredKeyExchangeAlg, buffer2, |
1822 | 0 | sizeof(buffer2))); |
1823 | 0 | return FALSE; |
1824 | 0 | } |
1825 | 0 | return TRUE; |
1826 | 0 | } |
1827 | | |
1828 | | BOOL license_read_license_info(rdpLicense* license, wStream* s) |
1829 | 0 | { |
1830 | 0 | BOOL rc = FALSE; |
1831 | 0 | UINT32 PreferredKeyExchangeAlg = 0; |
1832 | |
|
1833 | 0 | WINPR_ASSERT(license); |
1834 | 0 | WINPR_ASSERT(license->certificate); |
1835 | | |
1836 | 0 | const rdpCertInfo* info = freerdp_certificate_get_info(license->certificate); |
1837 | 0 | if (!info) |
1838 | 0 | goto error; |
1839 | | |
1840 | | /* ClientRandom (32 bytes) */ |
1841 | 0 | if (!license_check_stream_length(license->log, s, 8 + sizeof(license->ClientRandom), |
1842 | 0 | "license info")) |
1843 | 0 | goto error; |
1844 | | |
1845 | 0 | Stream_Read_UINT32(s, PreferredKeyExchangeAlg); /* PreferredKeyExchangeAlg (4 bytes) */ |
1846 | 0 | if (!license_check_preferred_alg(license, PreferredKeyExchangeAlg, "license info")) |
1847 | 0 | goto error; |
1848 | 0 | Stream_Read_UINT32(s, license->PlatformId); /* PlatformId (4 bytes) */ |
1849 | | |
1850 | | /* ClientRandom (32 bytes) */ |
1851 | 0 | Stream_Read(s, license->ClientRandom, sizeof(license->ClientRandom)); |
1852 | | |
1853 | | /* Licensing Binary Blob with EncryptedPreMasterSecret: */ |
1854 | 0 | UINT32 ModulusLength = 0; |
1855 | 0 | if (!license_read_encrypted_premaster_secret_blob( |
1856 | 0 | license->log, s, license->EncryptedPremasterSecret, &ModulusLength)) |
1857 | 0 | goto error; |
1858 | | |
1859 | 0 | if (ModulusLength != info->ModulusLength) |
1860 | 0 | { |
1861 | 0 | WLog_Print(license->log, WLOG_WARN, |
1862 | 0 | "EncryptedPremasterSecret,::ModulusLength[%" PRIu32 |
1863 | 0 | "] != rdpCertInfo::ModulusLength[%" PRIu32 "]", |
1864 | 0 | ModulusLength, info->ModulusLength); |
1865 | 0 | goto error; |
1866 | 0 | } |
1867 | | /* Licensing Binary Blob with LicenseInfo: */ |
1868 | 0 | if (!license_read_binary_blob(license->log, s, license->LicenseInfo)) |
1869 | 0 | goto error; |
1870 | | |
1871 | | /* Licensing Binary Blob with EncryptedHWID */ |
1872 | 0 | if (!license_read_binary_blob(license->log, s, license->EncryptedHardwareId)) |
1873 | 0 | goto error; |
1874 | | |
1875 | | /* MACData */ |
1876 | 0 | if (!license_check_stream_length(license->log, s, sizeof(license->MACData), |
1877 | 0 | "license info::MACData")) |
1878 | 0 | goto error; |
1879 | 0 | Stream_Read(s, license->MACData, sizeof(license->MACData)); |
1880 | |
|
1881 | 0 | rc = TRUE; |
1882 | |
|
1883 | 0 | error: |
1884 | 0 | return rc; |
1885 | 0 | } |
1886 | | |
1887 | | /** |
1888 | | * Read a LICENSE_REQUEST packet. |
1889 | | * msdn{cc241914} |
1890 | | * @param license license module |
1891 | | * @param s stream |
1892 | | */ |
1893 | | |
1894 | | BOOL license_read_license_request_packet(rdpLicense* license, wStream* s) |
1895 | 0 | { |
1896 | 0 | WINPR_ASSERT(license); |
1897 | | |
1898 | | /* ServerRandom (32 bytes) */ |
1899 | 0 | if (!license_check_stream_length(license->log, s, sizeof(license->ServerRandom), |
1900 | 0 | "license request")) |
1901 | 0 | return FALSE; |
1902 | | |
1903 | 0 | Stream_Read(s, license->ServerRandom, sizeof(license->ServerRandom)); |
1904 | | |
1905 | | /* ProductInfo */ |
1906 | 0 | if (!license_read_product_info(license->log, s, license->ProductInfo)) |
1907 | 0 | return FALSE; |
1908 | | |
1909 | | /* KeyExchangeList */ |
1910 | 0 | if (!license_read_binary_blob(license->log, s, license->KeyExchangeList)) |
1911 | 0 | return FALSE; |
1912 | | |
1913 | | /* ServerCertificate */ |
1914 | 0 | if (!license_read_binary_blob(license->log, s, license->ServerCertificate)) |
1915 | 0 | return FALSE; |
1916 | | |
1917 | | /* ScopeList */ |
1918 | 0 | if (!license_read_scope_list(license->log, s, license->ScopeList)) |
1919 | 0 | return FALSE; |
1920 | | |
1921 | | /* Parse Server Certificate */ |
1922 | 0 | if (!freerdp_certificate_read_server_cert(license->certificate, |
1923 | 0 | license->ServerCertificate->data, |
1924 | 0 | license->ServerCertificate->length)) |
1925 | 0 | return FALSE; |
1926 | | |
1927 | 0 | if (!license_generate_keys(license) || !license_generate_hwid(license) || |
1928 | 0 | !license_encrypt_premaster_secret(license)) |
1929 | 0 | return FALSE; |
1930 | | |
1931 | | #ifdef WITH_DEBUG_LICENSE |
1932 | | WLog_Print(license->log, WLOG_DEBUG, "ServerRandom:"); |
1933 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->ServerRandom, |
1934 | | sizeof(license->ServerRandom)); |
1935 | | license_print_product_info(license->log, license->ProductInfo); |
1936 | | license_print_scope_list(license->log, license->ScopeList); |
1937 | | #endif |
1938 | 0 | return TRUE; |
1939 | 0 | } |
1940 | | |
1941 | | BOOL license_write_license_request_packet(const rdpLicense* license, wStream* s) |
1942 | 0 | { |
1943 | 0 | WINPR_ASSERT(license); |
1944 | | |
1945 | | /* ServerRandom (32 bytes) */ |
1946 | 0 | if (!license_check_stream_capacity(license->log, s, sizeof(license->ServerRandom), |
1947 | 0 | "license request")) |
1948 | 0 | return FALSE; |
1949 | 0 | Stream_Write(s, license->ServerRandom, sizeof(license->ServerRandom)); |
1950 | | |
1951 | | /* ProductInfo */ |
1952 | 0 | if (!license_write_product_info(license->log, s, license->ProductInfo)) |
1953 | 0 | return FALSE; |
1954 | | |
1955 | | /* KeyExchangeList */ |
1956 | 0 | if (!license_write_binary_blob(s, license->KeyExchangeList)) |
1957 | 0 | return FALSE; |
1958 | | |
1959 | | /* ServerCertificate */ |
1960 | 0 | if (!license_write_binary_blob(s, license->ServerCertificate)) |
1961 | 0 | return FALSE; |
1962 | | |
1963 | | /* ScopeList */ |
1964 | 0 | if (!license_write_scope_list(license->log, s, license->ScopeList)) |
1965 | 0 | return FALSE; |
1966 | | |
1967 | 0 | return TRUE; |
1968 | 0 | } |
1969 | | |
1970 | | static BOOL license_send_license_request_packet(rdpLicense* license) |
1971 | 0 | { |
1972 | 0 | UINT16 sec_flags = 0; |
1973 | 0 | wStream* s = license_send_stream_init(license, &sec_flags); |
1974 | 0 | if (!s) |
1975 | 0 | return FALSE; |
1976 | | |
1977 | 0 | if (!license_write_license_request_packet(license, s)) |
1978 | 0 | goto fail; |
1979 | | |
1980 | 0 | return license_send(license, s, LICENSE_REQUEST, sec_flags); |
1981 | | |
1982 | 0 | fail: |
1983 | 0 | Stream_Release(s); |
1984 | 0 | return FALSE; |
1985 | 0 | } |
1986 | | |
1987 | | /* |
1988 | | * Read a PLATFORM_CHALLENGE packet. |
1989 | | * msdn{cc241921} |
1990 | | * @param license license module |
1991 | | * @param s stream |
1992 | | */ |
1993 | | |
1994 | | BOOL license_read_platform_challenge_packet(rdpLicense* license, wStream* s) |
1995 | 0 | { |
1996 | 0 | BYTE macData[LICENSING_ENCRYPTION_KEY_LENGTH] = { 0 }; |
1997 | |
|
1998 | 0 | WINPR_ASSERT(license); |
1999 | | |
2000 | 0 | DEBUG_LICENSE("Receiving Platform Challenge Packet"); |
2001 | |
|
2002 | 0 | if (!license_check_stream_length(license->log, s, 4, "license platform challenge")) |
2003 | 0 | return FALSE; |
2004 | | |
2005 | | /* [MS-RDPELE] 2.2.2.4 Server Platform Challenge (SERVER_PLATFORM_CHALLENGE) |
2006 | | * reserved field */ |
2007 | 0 | Stream_Seek_UINT32(s); /* ConnectFlags, Reserved (4 bytes) */ |
2008 | | |
2009 | | /* EncryptedPlatformChallenge */ |
2010 | 0 | license->EncryptedPlatformChallenge->type = BB_ANY_BLOB; |
2011 | 0 | if (!license_read_binary_blob(license->log, s, license->EncryptedPlatformChallenge)) |
2012 | 0 | return FALSE; |
2013 | 0 | license->EncryptedPlatformChallenge->type = BB_ENCRYPTED_DATA_BLOB; |
2014 | | |
2015 | | /* MACData (16 bytes) */ |
2016 | 0 | if (!license_check_stream_length(license->log, s, sizeof(macData), |
2017 | 0 | "license platform challenge::MAC")) |
2018 | 0 | return FALSE; |
2019 | | |
2020 | 0 | Stream_Read(s, macData, sizeof(macData)); |
2021 | 0 | if (!license_decrypt_and_check_MAC(license, license->EncryptedPlatformChallenge->data, |
2022 | 0 | license->EncryptedPlatformChallenge->length, |
2023 | 0 | license->PlatformChallenge, macData)) |
2024 | 0 | return FALSE; |
2025 | | |
2026 | | #ifdef WITH_DEBUG_LICENSE |
2027 | | WLog_Print(license->log, WLOG_DEBUG, "EncryptedPlatformChallenge:"); |
2028 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->EncryptedPlatformChallenge->data, |
2029 | | license->EncryptedPlatformChallenge->length); |
2030 | | WLog_Print(license->log, WLOG_DEBUG, "PlatformChallenge:"); |
2031 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->PlatformChallenge->data, |
2032 | | license->PlatformChallenge->length); |
2033 | | WLog_Print(license->log, WLOG_DEBUG, "MacData:"); |
2034 | | winpr_HexLogDump(license->log, WLOG_DEBUG, macData, sizeof(macData)); |
2035 | | #endif |
2036 | 0 | return TRUE; |
2037 | 0 | } |
2038 | | |
2039 | | BOOL license_send_error_alert(rdpLicense* license, UINT32 dwErrorCode, UINT32 dwStateTransition, |
2040 | | const LICENSE_BLOB* info) |
2041 | 0 | { |
2042 | 0 | UINT16 sec_flags = 0; |
2043 | 0 | wStream* s = license_send_stream_init(license, &sec_flags); |
2044 | |
|
2045 | 0 | if (!s) |
2046 | 0 | goto fail; |
2047 | | |
2048 | 0 | if (!license_check_stream_capacity(license->log, s, 8, "license error alert")) |
2049 | 0 | goto fail; |
2050 | 0 | Stream_Write_UINT32(s, dwErrorCode); |
2051 | 0 | Stream_Write_UINT32(s, dwStateTransition); |
2052 | | |
2053 | 0 | if (info) |
2054 | 0 | { |
2055 | 0 | if (!license_write_binary_blob(s, info)) |
2056 | 0 | goto fail; |
2057 | 0 | } |
2058 | | |
2059 | 0 | return license_send(license, s, ERROR_ALERT, sec_flags); |
2060 | 0 | fail: |
2061 | 0 | Stream_Release(s); |
2062 | 0 | return FALSE; |
2063 | 0 | } |
2064 | | |
2065 | | BOOL license_send_platform_challenge_packet(rdpLicense* license) |
2066 | 0 | { |
2067 | 0 | UINT16 sec_flags = 0; |
2068 | 0 | wStream* s = license_send_stream_init(license, &sec_flags); |
2069 | |
|
2070 | 0 | if (!s) |
2071 | 0 | goto fail; |
2072 | | |
2073 | 0 | DEBUG_LICENSE("Receiving Platform Challenge Packet"); |
2074 | |
|
2075 | 0 | if (!license_check_stream_capacity(license->log, s, 4, "license platform challenge")) |
2076 | 0 | goto fail; |
2077 | | |
2078 | 0 | Stream_Zero(s, 4); /* ConnectFlags, Reserved (4 bytes) */ |
2079 | | |
2080 | | /* EncryptedPlatformChallenge */ |
2081 | 0 | if (!license_write_binary_blob(s, license->EncryptedPlatformChallenge)) |
2082 | 0 | goto fail; |
2083 | | |
2084 | | /* MACData (16 bytes) */ |
2085 | 0 | if (!license_check_stream_length(license->log, s, sizeof(license->MACData), |
2086 | 0 | "license platform challenge::MAC")) |
2087 | 0 | goto fail; |
2088 | | |
2089 | 0 | Stream_Write(s, license->MACData, sizeof(license->MACData)); |
2090 | |
|
2091 | 0 | return license_send(license, s, PLATFORM_CHALLENGE, sec_flags); |
2092 | 0 | fail: |
2093 | 0 | Stream_Release(s); |
2094 | 0 | return FALSE; |
2095 | 0 | } |
2096 | | |
2097 | | static BOOL license_read_encrypted_blob(const rdpLicense* license, wStream* s, LICENSE_BLOB* target) |
2098 | 0 | { |
2099 | 0 | UINT16 wBlobType = 0; |
2100 | 0 | UINT16 wBlobLen = 0; |
2101 | |
|
2102 | 0 | WINPR_ASSERT(license); |
2103 | 0 | WINPR_ASSERT(target); |
2104 | | |
2105 | 0 | if (!license_check_stream_length(license->log, s, 4, "license encrypted blob")) |
2106 | 0 | return FALSE; |
2107 | | |
2108 | 0 | Stream_Read_UINT16(s, wBlobType); |
2109 | 0 | if (wBlobType != BB_ENCRYPTED_DATA_BLOB) |
2110 | 0 | { |
2111 | 0 | WLog_Print( |
2112 | 0 | license->log, WLOG_WARN, |
2113 | 0 | "expecting BB_ENCRYPTED_DATA_BLOB blob, probably a windows 2003 server, continuing..."); |
2114 | 0 | } |
2115 | |
|
2116 | 0 | Stream_Read_UINT16(s, wBlobLen); |
2117 | |
|
2118 | 0 | BYTE* encryptedData = Stream_Pointer(s); |
2119 | 0 | if (!Stream_SafeSeek(s, wBlobLen)) |
2120 | 0 | { |
2121 | 0 | WLog_Print(license->log, WLOG_WARN, |
2122 | 0 | "short license encrypted blob::length, expected %" PRIu16 " bytes, got %" PRIuz, |
2123 | 0 | wBlobLen, Stream_GetRemainingLength(s)); |
2124 | 0 | return FALSE; |
2125 | 0 | } |
2126 | | |
2127 | 0 | return license_rc4_with_licenseKey(license, encryptedData, wBlobLen, target); |
2128 | 0 | } |
2129 | | |
2130 | | /** |
2131 | | * Read a NEW_LICENSE packet. |
2132 | | * msdn{cc241926} |
2133 | | * @param license license module |
2134 | | * @param s stream |
2135 | | */ |
2136 | | |
2137 | | BOOL license_read_new_or_upgrade_license_packet(rdpLicense* license, wStream* s) |
2138 | 0 | { |
2139 | 0 | UINT32 os_major = 0; |
2140 | 0 | UINT32 os_minor = 0; |
2141 | 0 | UINT32 cbScope = 0; |
2142 | 0 | UINT32 cbCompanyName = 0; |
2143 | 0 | UINT32 cbProductId = 0; |
2144 | 0 | UINT32 cbLicenseInfo = 0; |
2145 | 0 | wStream sbuffer = { 0 }; |
2146 | 0 | wStream* licenseStream = NULL; |
2147 | 0 | BOOL ret = FALSE; |
2148 | 0 | BYTE computedMac[16] = { 0 }; |
2149 | 0 | const BYTE* readMac = NULL; |
2150 | |
|
2151 | 0 | WINPR_ASSERT(license); |
2152 | | |
2153 | 0 | DEBUG_LICENSE("Receiving Server New/Upgrade License Packet"); |
2154 | |
|
2155 | 0 | LICENSE_BLOB* calBlob = license_new_binary_blob(BB_DATA_BLOB); |
2156 | 0 | if (!calBlob) |
2157 | 0 | return FALSE; |
2158 | | |
2159 | | /* EncryptedLicenseInfo */ |
2160 | 0 | if (!license_read_encrypted_blob(license, s, calBlob)) |
2161 | 0 | goto fail; |
2162 | | |
2163 | | /* compute MAC and check it */ |
2164 | 0 | readMac = Stream_Pointer(s); |
2165 | 0 | if (!Stream_SafeSeek(s, sizeof(computedMac))) |
2166 | 0 | { |
2167 | 0 | WLog_Print(license->log, WLOG_WARN, |
2168 | 0 | "short license new/upgrade, expected 16 bytes, got %" PRIuz, |
2169 | 0 | Stream_GetRemainingLength(s)); |
2170 | 0 | goto fail; |
2171 | 0 | } |
2172 | | |
2173 | 0 | if (!security_mac_data(license->MacSaltKey, sizeof(license->MacSaltKey), calBlob->data, |
2174 | 0 | calBlob->length, computedMac, sizeof(computedMac))) |
2175 | 0 | goto fail; |
2176 | | |
2177 | 0 | if (memcmp(computedMac, readMac, sizeof(computedMac)) != 0) |
2178 | 0 | { |
2179 | 0 | WLog_Print(license->log, WLOG_ERROR, "new or upgrade license MAC mismatch"); |
2180 | 0 | goto fail; |
2181 | 0 | } |
2182 | | |
2183 | 0 | licenseStream = Stream_StaticConstInit(&sbuffer, calBlob->data, calBlob->length); |
2184 | 0 | if (!licenseStream) |
2185 | 0 | { |
2186 | 0 | WLog_Print(license->log, WLOG_ERROR, |
2187 | 0 | "license::blob::data=%p, license::blob::length=%" PRIu16, calBlob->data, |
2188 | 0 | calBlob->length); |
2189 | 0 | goto fail; |
2190 | 0 | } |
2191 | | |
2192 | 0 | if (!license_check_stream_length(license->log, licenseStream, 8, |
2193 | 0 | "license new/upgrade::blob::version")) |
2194 | 0 | goto fail; |
2195 | | |
2196 | 0 | Stream_Read_UINT16(licenseStream, os_minor); |
2197 | 0 | Stream_Read_UINT16(licenseStream, os_major); |
2198 | |
|
2199 | 0 | WLog_Print(license->log, WLOG_DEBUG, "Version: %" PRIu16 ".%" PRIu16, os_major, os_minor); |
2200 | | |
2201 | | /* Scope */ |
2202 | 0 | Stream_Read_UINT32(licenseStream, cbScope); |
2203 | 0 | if (!license_check_stream_length(license->log, licenseStream, cbScope, |
2204 | 0 | "license new/upgrade::blob::scope")) |
2205 | 0 | goto fail; |
2206 | | |
2207 | | #ifdef WITH_DEBUG_LICENSE |
2208 | | WLog_Print(license->log, WLOG_DEBUG, "Scope:"); |
2209 | | winpr_HexLogDump(license->log, WLOG_DEBUG, Stream_Pointer(licenseStream), cbScope); |
2210 | | #endif |
2211 | 0 | Stream_Seek(licenseStream, cbScope); |
2212 | | |
2213 | | /* CompanyName */ |
2214 | 0 | if (!license_check_stream_length(license->log, licenseStream, 4, |
2215 | 0 | "license new/upgrade::blob::cbCompanyName")) |
2216 | 0 | goto fail; |
2217 | | |
2218 | 0 | Stream_Read_UINT32(licenseStream, cbCompanyName); |
2219 | 0 | if (!license_check_stream_length(license->log, licenseStream, cbCompanyName, |
2220 | 0 | "license new/upgrade::blob::CompanyName")) |
2221 | 0 | goto fail; |
2222 | | |
2223 | | #ifdef WITH_DEBUG_LICENSE |
2224 | | WLog_Print(license->log, WLOG_DEBUG, "Company name:"); |
2225 | | winpr_HexLogDump(license->log, WLOG_DEBUG, Stream_Pointer(licenseStream), cbCompanyName); |
2226 | | #endif |
2227 | 0 | Stream_Seek(licenseStream, cbCompanyName); |
2228 | | |
2229 | | /* productId */ |
2230 | 0 | if (!license_check_stream_length(license->log, licenseStream, 4, |
2231 | 0 | "license new/upgrade::blob::cbProductId")) |
2232 | 0 | goto fail; |
2233 | | |
2234 | 0 | Stream_Read_UINT32(licenseStream, cbProductId); |
2235 | |
|
2236 | 0 | if (!license_check_stream_length(license->log, licenseStream, cbProductId, |
2237 | 0 | "license new/upgrade::blob::ProductId")) |
2238 | 0 | goto fail; |
2239 | | |
2240 | | #ifdef WITH_DEBUG_LICENSE |
2241 | | WLog_Print(license->log, WLOG_DEBUG, "Product id:"); |
2242 | | winpr_HexLogDump(license->log, WLOG_DEBUG, Stream_Pointer(licenseStream), cbProductId); |
2243 | | #endif |
2244 | 0 | Stream_Seek(licenseStream, cbProductId); |
2245 | | |
2246 | | /* licenseInfo */ |
2247 | 0 | if (!license_check_stream_length(license->log, licenseStream, 4, |
2248 | 0 | "license new/upgrade::blob::cbLicenseInfo")) |
2249 | 0 | goto fail; |
2250 | | |
2251 | 0 | Stream_Read_UINT32(licenseStream, cbLicenseInfo); |
2252 | 0 | if (!license_check_stream_length(license->log, licenseStream, cbLicenseInfo, |
2253 | 0 | "license new/upgrade::blob::LicenseInfo")) |
2254 | 0 | goto fail; |
2255 | | |
2256 | 0 | license->type = LICENSE_TYPE_ISSUED; |
2257 | 0 | ret = license_set_state(license, LICENSE_STATE_COMPLETED); |
2258 | |
|
2259 | 0 | if (!license->rdp->settings->OldLicenseBehaviour) |
2260 | 0 | ret = saveCal(license->log, license->rdp->settings, Stream_Pointer(licenseStream), |
2261 | 0 | cbLicenseInfo, license->rdp->settings->ClientHostname); |
2262 | |
|
2263 | 0 | fail: |
2264 | 0 | license_free_binary_blob(calBlob); |
2265 | 0 | return ret; |
2266 | 0 | } |
2267 | | |
2268 | | /** |
2269 | | * Read an ERROR_ALERT packet. |
2270 | | * msdn{cc240482} |
2271 | | * @param license license module |
2272 | | * @param s stream |
2273 | | */ |
2274 | | |
2275 | | BOOL license_read_error_alert_packet(rdpLicense* license, wStream* s) |
2276 | 0 | { |
2277 | 0 | UINT32 dwErrorCode = 0; |
2278 | 0 | UINT32 dwStateTransition = 0; |
2279 | |
|
2280 | 0 | WINPR_ASSERT(license); |
2281 | 0 | WINPR_ASSERT(license->rdp); |
2282 | | |
2283 | 0 | if (!license_check_stream_length(license->log, s, 8ul, "error alert")) |
2284 | 0 | return FALSE; |
2285 | | |
2286 | 0 | Stream_Read_UINT32(s, dwErrorCode); /* dwErrorCode (4 bytes) */ |
2287 | 0 | Stream_Read_UINT32(s, dwStateTransition); /* dwStateTransition (4 bytes) */ |
2288 | |
|
2289 | 0 | if (!license_read_binary_blob(license->log, s, license->ErrorInfo)) /* bbErrorInfo */ |
2290 | 0 | return FALSE; |
2291 | | |
2292 | | #ifdef WITH_DEBUG_LICENSE |
2293 | | WLog_Print(license->log, WLOG_DEBUG, "dwErrorCode: %s, dwStateTransition: %s", |
2294 | | error_codes[dwErrorCode], state_transitions[dwStateTransition]); |
2295 | | #endif |
2296 | | |
2297 | 0 | if (dwErrorCode == STATUS_VALID_CLIENT) |
2298 | 0 | { |
2299 | 0 | license->type = LICENSE_TYPE_NONE; |
2300 | 0 | return license_set_state(license, LICENSE_STATE_COMPLETED); |
2301 | 0 | } |
2302 | | |
2303 | 0 | switch (dwStateTransition) |
2304 | 0 | { |
2305 | 0 | case ST_TOTAL_ABORT: |
2306 | 0 | license_set_state(license, LICENSE_STATE_ABORTED); |
2307 | 0 | break; |
2308 | 0 | case ST_NO_TRANSITION: |
2309 | 0 | license_set_state(license, LICENSE_STATE_COMPLETED); |
2310 | 0 | break; |
2311 | 0 | case ST_RESET_PHASE_TO_START: |
2312 | 0 | license_set_state(license, LICENSE_STATE_CONFIGURED); |
2313 | 0 | break; |
2314 | 0 | case ST_RESEND_LAST_MESSAGE: |
2315 | 0 | break; |
2316 | 0 | default: |
2317 | 0 | break; |
2318 | 0 | } |
2319 | | |
2320 | 0 | return TRUE; |
2321 | 0 | } |
2322 | | |
2323 | | /** |
2324 | | * Write a NEW_LICENSE_REQUEST packet. |
2325 | | * msdn{cc241918} |
2326 | | * @param license license module |
2327 | | * @param s stream |
2328 | | */ |
2329 | | |
2330 | | BOOL license_write_new_license_request_packet(const rdpLicense* license, wStream* s) |
2331 | 0 | { |
2332 | 0 | WINPR_ASSERT(license); |
2333 | | |
2334 | 0 | const rdpCertInfo* info = freerdp_certificate_get_info(license->certificate); |
2335 | 0 | if (!info) |
2336 | 0 | return FALSE; |
2337 | | |
2338 | 0 | if (!license_check_stream_capacity(license->log, s, 8 + sizeof(license->ClientRandom), |
2339 | 0 | "License Request")) |
2340 | 0 | return FALSE; |
2341 | | |
2342 | 0 | Stream_Write_UINT32(s, |
2343 | 0 | license->PreferredKeyExchangeAlg); /* PreferredKeyExchangeAlg (4 bytes) */ |
2344 | 0 | Stream_Write_UINT32(s, license->PlatformId); /* PlatformId (4 bytes) */ |
2345 | 0 | Stream_Write(s, license->ClientRandom, |
2346 | 0 | sizeof(license->ClientRandom)); /* ClientRandom (32 bytes) */ |
2347 | |
|
2348 | 0 | if (/* EncryptedPremasterSecret */ |
2349 | 0 | !license_write_encrypted_premaster_secret_blob( |
2350 | 0 | license->log, s, license->EncryptedPremasterSecret, info->ModulusLength) || |
2351 | | /* ClientUserName */ |
2352 | 0 | !license_write_binary_blob(s, license->ClientUserName) || |
2353 | | /* ClientMachineName */ |
2354 | 0 | !license_write_binary_blob(s, license->ClientMachineName)) |
2355 | 0 | { |
2356 | 0 | return FALSE; |
2357 | 0 | } |
2358 | | |
2359 | | #ifdef WITH_DEBUG_LICENSE |
2360 | | WLog_Print(license->log, WLOG_DEBUG, "PreferredKeyExchangeAlg: 0x%08" PRIX32 "", |
2361 | | license->PreferredKeyExchangeAlg); |
2362 | | WLog_Print(license->log, WLOG_DEBUG, "ClientRandom:"); |
2363 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->ClientRandom, |
2364 | | sizeof(license->ClientRandom)); |
2365 | | WLog_Print(license->log, WLOG_DEBUG, "EncryptedPremasterSecret"); |
2366 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->EncryptedPremasterSecret->data, |
2367 | | license->EncryptedPremasterSecret->length); |
2368 | | WLog_Print(license->log, WLOG_DEBUG, "ClientUserName (%" PRIu16 "): %s", |
2369 | | license->ClientUserName->length, (char*)license->ClientUserName->data); |
2370 | | WLog_Print(license->log, WLOG_DEBUG, "ClientMachineName (%" PRIu16 "): %s", |
2371 | | license->ClientMachineName->length, (char*)license->ClientMachineName->data); |
2372 | | #endif |
2373 | 0 | return TRUE; |
2374 | 0 | } |
2375 | | |
2376 | | BOOL license_read_new_license_request_packet(rdpLicense* license, wStream* s) |
2377 | 0 | { |
2378 | 0 | UINT32 PreferredKeyExchangeAlg = 0; |
2379 | |
|
2380 | 0 | WINPR_ASSERT(license); |
2381 | | |
2382 | 0 | if (!license_check_stream_length(license->log, s, 8ull + sizeof(license->ClientRandom), |
2383 | 0 | "new license request")) |
2384 | 0 | return FALSE; |
2385 | | |
2386 | 0 | Stream_Read_UINT32(s, PreferredKeyExchangeAlg); /* PreferredKeyExchangeAlg (4 bytes) */ |
2387 | 0 | if (!license_check_preferred_alg(license, PreferredKeyExchangeAlg, "new license request")) |
2388 | 0 | return FALSE; |
2389 | | |
2390 | 0 | Stream_Read_UINT32(s, license->PlatformId); /* PlatformId (4 bytes) */ |
2391 | 0 | Stream_Read(s, license->ClientRandom, |
2392 | 0 | sizeof(license->ClientRandom)); /* ClientRandom (32 bytes) */ |
2393 | | |
2394 | | /* EncryptedPremasterSecret */ |
2395 | 0 | UINT32 ModulusLength = 0; |
2396 | 0 | if (!license_read_encrypted_premaster_secret_blob( |
2397 | 0 | license->log, s, license->EncryptedPremasterSecret, &ModulusLength)) |
2398 | 0 | return FALSE; |
2399 | | |
2400 | 0 | const rdpCertInfo* info = freerdp_certificate_get_info(license->certificate); |
2401 | 0 | if (!info) |
2402 | 0 | WLog_Print(license->log, WLOG_WARN, |
2403 | 0 | "Missing license certificate, skipping ModulusLength checks"); |
2404 | 0 | else if (ModulusLength != info->ModulusLength) |
2405 | 0 | { |
2406 | 0 | WLog_Print(license->log, WLOG_WARN, |
2407 | 0 | "EncryptedPremasterSecret expected to be %" PRIu32 " bytes, but read %" PRIu32 |
2408 | 0 | " bytes", |
2409 | 0 | info->ModulusLength, ModulusLength); |
2410 | 0 | return FALSE; |
2411 | 0 | } |
2412 | | |
2413 | | /* ClientUserName */ |
2414 | 0 | if (!license_read_binary_blob(license->log, s, license->ClientUserName)) |
2415 | 0 | return FALSE; |
2416 | | /* ClientMachineName */ |
2417 | 0 | if (!license_read_binary_blob(license->log, s, license->ClientMachineName)) |
2418 | 0 | return FALSE; |
2419 | | |
2420 | 0 | return TRUE; |
2421 | 0 | } |
2422 | | |
2423 | | /** |
2424 | | * Send a NEW_LICENSE_REQUEST packet. |
2425 | | * msdn{cc241918} |
2426 | | * @param license license module |
2427 | | */ |
2428 | | |
2429 | | BOOL license_answer_license_request(rdpLicense* license) |
2430 | 0 | { |
2431 | 0 | UINT16 sec_flags = 0; |
2432 | 0 | wStream* s = NULL; |
2433 | 0 | BYTE* license_data = NULL; |
2434 | 0 | size_t license_size = 0; |
2435 | 0 | BOOL status = 0; |
2436 | 0 | char* username = NULL; |
2437 | |
|
2438 | 0 | WINPR_ASSERT(license); |
2439 | 0 | WINPR_ASSERT(license->rdp); |
2440 | 0 | WINPR_ASSERT(license->rdp->settings); |
2441 | | |
2442 | 0 | if (!license->rdp->settings->OldLicenseBehaviour) |
2443 | 0 | license_data = loadCalFile(license->log, license->rdp->settings, |
2444 | 0 | license->rdp->settings->ClientHostname, &license_size); |
2445 | |
|
2446 | 0 | if (license_data) |
2447 | 0 | { |
2448 | 0 | LICENSE_BLOB* calBlob = NULL; |
2449 | 0 | BYTE signature[LICENSING_ENCRYPTION_KEY_LENGTH] = { 0 }; |
2450 | |
|
2451 | 0 | DEBUG_LICENSE("Sending Saved License Packet"); |
2452 | |
|
2453 | 0 | WINPR_ASSERT(license->EncryptedHardwareId); |
2454 | 0 | license->EncryptedHardwareId->type = BB_ENCRYPTED_DATA_BLOB; |
2455 | 0 | if (!license_encrypt_and_MAC(license, license->HardwareId, sizeof(license->HardwareId), |
2456 | 0 | license->EncryptedHardwareId, signature, sizeof(signature))) |
2457 | 0 | { |
2458 | 0 | free(license_data); |
2459 | 0 | return FALSE; |
2460 | 0 | } |
2461 | | |
2462 | 0 | calBlob = license_new_binary_blob(BB_DATA_BLOB); |
2463 | 0 | if (!calBlob) |
2464 | 0 | { |
2465 | 0 | free(license_data); |
2466 | 0 | return FALSE; |
2467 | 0 | } |
2468 | 0 | calBlob->data = license_data; |
2469 | 0 | WINPR_ASSERT(license_size <= UINT16_MAX); |
2470 | 0 | calBlob->length = (UINT16)license_size; |
2471 | |
|
2472 | 0 | status = license_send_license_info(license, calBlob, signature, sizeof(signature)); |
2473 | 0 | license_free_binary_blob(calBlob); |
2474 | |
|
2475 | 0 | return status; |
2476 | 0 | } |
2477 | | |
2478 | 0 | DEBUG_LICENSE("Sending New License Packet"); |
2479 | |
|
2480 | 0 | s = license_send_stream_init(license, &sec_flags); |
2481 | 0 | if (!s) |
2482 | 0 | return FALSE; |
2483 | 0 | if (license->rdp->settings->Username != NULL) |
2484 | 0 | username = license->rdp->settings->Username; |
2485 | 0 | else |
2486 | 0 | username = "username"; |
2487 | |
|
2488 | 0 | { |
2489 | 0 | WINPR_ASSERT(license->ClientUserName); |
2490 | 0 | const size_t len = strlen(username) + 1; |
2491 | 0 | WINPR_ASSERT(len <= UINT16_MAX); |
2492 | | |
2493 | 0 | license->ClientUserName->data = (BYTE*)username; |
2494 | 0 | license->ClientUserName->length = (UINT16)len; |
2495 | 0 | } |
2496 | | |
2497 | 0 | { |
2498 | 0 | WINPR_ASSERT(license->ClientMachineName); |
2499 | 0 | const size_t len = strlen(license->rdp->settings->ClientHostname) + 1; |
2500 | 0 | WINPR_ASSERT(len <= UINT16_MAX); |
2501 | | |
2502 | 0 | license->ClientMachineName->data = (BYTE*)license->rdp->settings->ClientHostname; |
2503 | 0 | license->ClientMachineName->length = (UINT16)len; |
2504 | 0 | } |
2505 | 0 | status = license_write_new_license_request_packet(license, s); |
2506 | |
|
2507 | 0 | WINPR_ASSERT(license->ClientUserName); |
2508 | 0 | license->ClientUserName->data = NULL; |
2509 | 0 | license->ClientUserName->length = 0; |
2510 | |
|
2511 | 0 | WINPR_ASSERT(license->ClientMachineName); |
2512 | 0 | license->ClientMachineName->data = NULL; |
2513 | 0 | license->ClientMachineName->length = 0; |
2514 | |
|
2515 | 0 | if (!status) |
2516 | 0 | { |
2517 | 0 | Stream_Release(s); |
2518 | 0 | return FALSE; |
2519 | 0 | } |
2520 | | |
2521 | 0 | return license_send(license, s, NEW_LICENSE_REQUEST, sec_flags); |
2522 | 0 | } |
2523 | | |
2524 | | /** |
2525 | | * Send Client Challenge Response Packet. |
2526 | | * msdn{cc241922} |
2527 | | * @param license license module |
2528 | | */ |
2529 | | |
2530 | | BOOL license_send_platform_challenge_response(rdpLicense* license) |
2531 | 0 | { |
2532 | 0 | wStream* challengeRespData = NULL; |
2533 | 0 | BYTE* buffer = NULL; |
2534 | 0 | BOOL status = 0; |
2535 | |
|
2536 | 0 | WINPR_ASSERT(license); |
2537 | 0 | WINPR_ASSERT(license->PlatformChallenge); |
2538 | 0 | WINPR_ASSERT(license->MacSaltKey); |
2539 | 0 | WINPR_ASSERT(license->EncryptedPlatformChallenge); |
2540 | 0 | WINPR_ASSERT(license->EncryptedHardwareId); |
2541 | | |
2542 | 0 | DEBUG_LICENSE("Sending Platform Challenge Response Packet"); |
2543 | |
|
2544 | 0 | license->EncryptedPlatformChallenge->type = BB_DATA_BLOB; |
2545 | | |
2546 | | /* prepare the PLATFORM_CHALLENGE_RESPONSE_DATA */ |
2547 | 0 | challengeRespData = Stream_New(NULL, 8 + license->PlatformChallenge->length); |
2548 | 0 | if (!challengeRespData) |
2549 | 0 | return FALSE; |
2550 | 0 | Stream_Write_UINT16(challengeRespData, PLATFORM_CHALLENGE_RESPONSE_VERSION); /* wVersion */ |
2551 | 0 | Stream_Write_UINT16(challengeRespData, license->ClientType); /* wClientType */ |
2552 | 0 | Stream_Write_UINT16(challengeRespData, license->LicenseDetailLevel); /* wLicenseDetailLevel */ |
2553 | 0 | Stream_Write_UINT16(challengeRespData, license->PlatformChallenge->length); /* cbChallenge */ |
2554 | 0 | Stream_Write(challengeRespData, license->PlatformChallenge->data, |
2555 | 0 | license->PlatformChallenge->length); /* pbChallenge */ |
2556 | 0 | Stream_SealLength(challengeRespData); |
2557 | | |
2558 | | /* compute MAC of PLATFORM_CHALLENGE_RESPONSE_DATA + HWID */ |
2559 | 0 | const size_t length = Stream_Length(challengeRespData) + sizeof(license->HardwareId); |
2560 | 0 | buffer = (BYTE*)malloc(length); |
2561 | 0 | if (!buffer) |
2562 | 0 | { |
2563 | 0 | Stream_Free(challengeRespData, TRUE); |
2564 | 0 | return FALSE; |
2565 | 0 | } |
2566 | | |
2567 | 0 | CopyMemory(buffer, Stream_Buffer(challengeRespData), Stream_Length(challengeRespData)); |
2568 | 0 | CopyMemory(&buffer[Stream_Length(challengeRespData)], license->HardwareId, |
2569 | 0 | sizeof(license->HardwareId)); |
2570 | 0 | status = security_mac_data(license->MacSaltKey, sizeof(license->MacSaltKey), buffer, length, |
2571 | 0 | license->MACData, sizeof(license->MACData)); |
2572 | 0 | free(buffer); |
2573 | |
|
2574 | 0 | if (!status) |
2575 | 0 | { |
2576 | 0 | Stream_Free(challengeRespData, TRUE); |
2577 | 0 | return FALSE; |
2578 | 0 | } |
2579 | | |
2580 | 0 | license->EncryptedHardwareId->type = BB_ENCRYPTED_DATA_BLOB; |
2581 | 0 | if (!license_rc4_with_licenseKey(license, license->HardwareId, sizeof(license->HardwareId), |
2582 | 0 | license->EncryptedHardwareId)) |
2583 | 0 | { |
2584 | 0 | Stream_Free(challengeRespData, TRUE); |
2585 | 0 | return FALSE; |
2586 | 0 | } |
2587 | | |
2588 | 0 | status = license_rc4_with_licenseKey(license, Stream_Buffer(challengeRespData), |
2589 | 0 | Stream_Length(challengeRespData), |
2590 | 0 | license->EncryptedPlatformChallengeResponse); |
2591 | 0 | Stream_Free(challengeRespData, TRUE); |
2592 | 0 | if (!status) |
2593 | 0 | return FALSE; |
2594 | | |
2595 | | #ifdef WITH_DEBUG_LICENSE |
2596 | | WLog_Print(license->log, WLOG_DEBUG, "LicensingEncryptionKey:"); |
2597 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->LicensingEncryptionKey, 16); |
2598 | | WLog_Print(license->log, WLOG_DEBUG, "HardwareId:"); |
2599 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->HardwareId, sizeof(license->HardwareId)); |
2600 | | WLog_Print(license->log, WLOG_DEBUG, "EncryptedHardwareId:"); |
2601 | | winpr_HexLogDump(license->log, WLOG_DEBUG, license->EncryptedHardwareId->data, |
2602 | | license->EncryptedHardwareId->length); |
2603 | | #endif |
2604 | 0 | UINT16 sec_flags = 0; |
2605 | 0 | wStream* s = license_send_stream_init(license, &sec_flags); |
2606 | 0 | if (!s) |
2607 | 0 | return FALSE; |
2608 | | |
2609 | 0 | if (license_write_client_platform_challenge_response(license, s)) |
2610 | 0 | return license_send(license, s, PLATFORM_CHALLENGE_RESPONSE, sec_flags); |
2611 | | |
2612 | 0 | Stream_Release(s); |
2613 | 0 | return FALSE; |
2614 | 0 | } |
2615 | | |
2616 | | BOOL license_read_platform_challenge_response(WINPR_ATTR_UNUSED rdpLicense* license) |
2617 | 0 | { |
2618 | 0 | WINPR_ASSERT(license); |
2619 | 0 | WINPR_ASSERT(license->PlatformChallenge); |
2620 | 0 | WINPR_ASSERT(license->MacSaltKey); |
2621 | 0 | WINPR_ASSERT(license->EncryptedPlatformChallenge); |
2622 | 0 | WINPR_ASSERT(license->EncryptedHardwareId); |
2623 | | |
2624 | 0 | DEBUG_LICENSE("Receiving Platform Challenge Response Packet"); |
2625 | |
|
2626 | | #if defined(WITH_LICENSE_DECRYPT_CHALLENGE_RESPONSE) |
2627 | | BOOL rc = FALSE; |
2628 | | LICENSE_BLOB* dblob = license_new_binary_blob(BB_ANY_BLOB); |
2629 | | if (!dblob) |
2630 | | return FALSE; |
2631 | | |
2632 | | wStream sbuffer = { 0 }; |
2633 | | UINT16 wVersion = 0; |
2634 | | UINT16 cbChallenge = 0; |
2635 | | const BYTE* pbChallenge = NULL; |
2636 | | LICENSE_BLOB* blob = license->EncryptedPlatformChallengeResponse; |
2637 | | |
2638 | | if (!license_rc4_with_licenseKey(license, blob->data, blob->length, dblob)) |
2639 | | goto fail; |
2640 | | |
2641 | | wStream* s = Stream_StaticConstInit(&sbuffer, dblob->data, dblob->length); |
2642 | | if (!license_check_stream_length(s, 8, "PLATFORM_CHALLENGE_RESPONSE_DATA")) |
2643 | | goto fail; |
2644 | | |
2645 | | Stream_Read_UINT16(s, wVersion); |
2646 | | if (wVersion != PLATFORM_CHALLENGE_RESPONSE_VERSION) |
2647 | | { |
2648 | | WLog_Print(license->log, WLOG_WARN, |
2649 | | "Invalid PLATFORM_CHALLENGE_RESPONSE_DATA::wVersion 0x%04" PRIx16 |
2650 | | ", expected 0x04" PRIx16, |
2651 | | wVersion, PLATFORM_CHALLENGE_RESPONSE_VERSION); |
2652 | | goto fail; |
2653 | | } |
2654 | | Stream_Read_UINT16(s, license->ClientType); |
2655 | | Stream_Read_UINT16(s, license->LicenseDetailLevel); |
2656 | | Stream_Read_UINT16(s, cbChallenge); |
2657 | | |
2658 | | if (!license_check_stream_length(s, cbChallenge, |
2659 | | "PLATFORM_CHALLENGE_RESPONSE_DATA::pbChallenge")) |
2660 | | goto fail; |
2661 | | |
2662 | | pbChallenge = Stream_Pointer(s); |
2663 | | if (!license_read_binary_blob_data(license->PlatformChallengeResponse, BB_DATA_BLOB, |
2664 | | pbChallenge, cbChallenge)) |
2665 | | goto fail; |
2666 | | if (!Stream_SafeSeek(s, cbChallenge)) |
2667 | | goto fail; |
2668 | | |
2669 | | rc = TRUE; |
2670 | | fail: |
2671 | | license_free_binary_blob(dblob); |
2672 | | return rc; |
2673 | | #else |
2674 | 0 | return TRUE; |
2675 | 0 | #endif |
2676 | 0 | } |
2677 | | |
2678 | | BOOL license_write_client_platform_challenge_response(rdpLicense* license, wStream* s) |
2679 | 0 | { |
2680 | 0 | WINPR_ASSERT(license); |
2681 | | |
2682 | 0 | if (!license_write_binary_blob(s, license->EncryptedPlatformChallengeResponse)) |
2683 | 0 | return FALSE; |
2684 | 0 | if (!license_write_binary_blob(s, license->EncryptedHardwareId)) |
2685 | 0 | return FALSE; |
2686 | 0 | if (!license_check_stream_capacity(license->log, s, sizeof(license->MACData), |
2687 | 0 | "CLIENT_PLATFORM_CHALLENGE_RESPONSE::MACData")) |
2688 | 0 | return FALSE; |
2689 | 0 | Stream_Write(s, license->MACData, sizeof(license->MACData)); |
2690 | 0 | return TRUE; |
2691 | 0 | } |
2692 | | |
2693 | | BOOL license_read_client_platform_challenge_response(rdpLicense* license, wStream* s) |
2694 | 0 | { |
2695 | 0 | WINPR_ASSERT(license); |
2696 | | |
2697 | 0 | if (!license_read_binary_blob(license->log, s, license->EncryptedPlatformChallengeResponse)) |
2698 | 0 | return FALSE; |
2699 | 0 | if (!license_read_binary_blob(license->log, s, license->EncryptedHardwareId)) |
2700 | 0 | return FALSE; |
2701 | 0 | if (!license_check_stream_length(license->log, s, sizeof(license->MACData), |
2702 | 0 | "CLIENT_PLATFORM_CHALLENGE_RESPONSE::MACData")) |
2703 | 0 | return FALSE; |
2704 | 0 | Stream_Read(s, license->MACData, sizeof(license->MACData)); |
2705 | 0 | return license_read_platform_challenge_response(license); |
2706 | 0 | } |
2707 | | |
2708 | | /** |
2709 | | * Send Server License Error - Valid Client Packet. |
2710 | | * msdn{cc241922} |
2711 | | * |
2712 | | * @param rdp A pointer to the context to use |
2713 | | * |
2714 | | * @return \b TRUE for success, \b FALSE otherwise |
2715 | | */ |
2716 | | |
2717 | | BOOL license_send_valid_client_error_packet(rdpRdp* rdp) |
2718 | 0 | { |
2719 | 0 | WINPR_ASSERT(rdp); |
2720 | 0 | rdpLicense* license = rdp->license; |
2721 | 0 | WINPR_ASSERT(license); |
2722 | | |
2723 | 0 | license->state = LICENSE_STATE_COMPLETED; |
2724 | 0 | license->type = LICENSE_TYPE_NONE; |
2725 | 0 | return license_send_error_alert(license, STATUS_VALID_CLIENT, ST_NO_TRANSITION, |
2726 | 0 | license->ErrorInfo); |
2727 | 0 | } |
2728 | | |
2729 | | /** |
2730 | | * Instantiate new license module. |
2731 | | * @param rdp RDP module |
2732 | | * @return new license module |
2733 | | */ |
2734 | | |
2735 | | rdpLicense* license_new(rdpRdp* rdp) |
2736 | 0 | { |
2737 | 0 | WINPR_ASSERT(rdp); |
2738 | | |
2739 | 0 | rdpLicense* license = (rdpLicense*)calloc(1, sizeof(rdpLicense)); |
2740 | 0 | if (!license) |
2741 | 0 | return NULL; |
2742 | 0 | license->log = WLog_Get(LICENSE_TAG); |
2743 | 0 | WINPR_ASSERT(license->log); |
2744 | | |
2745 | 0 | license->PlatformId = PLATFORMID; |
2746 | 0 | license->ClientType = OTHER_PLATFORM_CHALLENGE_TYPE; |
2747 | 0 | license->LicenseDetailLevel = LICENSE_DETAIL_DETAIL; |
2748 | 0 | license->PreferredKeyExchangeAlg = KEY_EXCHANGE_ALG_RSA; |
2749 | 0 | license->rdp = rdp; |
2750 | |
|
2751 | 0 | license_set_state(license, LICENSE_STATE_INITIAL); |
2752 | 0 | if (!(license->certificate = freerdp_certificate_new())) |
2753 | 0 | goto out_error; |
2754 | 0 | if (!(license->ProductInfo = license_new_product_info())) |
2755 | 0 | goto out_error; |
2756 | 0 | if (!(license->ErrorInfo = license_new_binary_blob(BB_ERROR_BLOB))) |
2757 | 0 | goto out_error; |
2758 | 0 | if (!(license->LicenseInfo = license_new_binary_blob(BB_DATA_BLOB))) |
2759 | 0 | goto out_error; |
2760 | 0 | if (!(license->KeyExchangeList = license_new_binary_blob(BB_KEY_EXCHG_ALG_BLOB))) |
2761 | 0 | goto out_error; |
2762 | 0 | if (!(license->ServerCertificate = license_new_binary_blob(BB_CERTIFICATE_BLOB))) |
2763 | 0 | goto out_error; |
2764 | 0 | if (!(license->ClientUserName = license_new_binary_blob(BB_CLIENT_USER_NAME_BLOB))) |
2765 | 0 | goto out_error; |
2766 | 0 | if (!(license->ClientMachineName = license_new_binary_blob(BB_CLIENT_MACHINE_NAME_BLOB))) |
2767 | 0 | goto out_error; |
2768 | 0 | if (!(license->PlatformChallenge = license_new_binary_blob(BB_ANY_BLOB))) |
2769 | 0 | goto out_error; |
2770 | 0 | if (!(license->PlatformChallengeResponse = license_new_binary_blob(BB_ANY_BLOB))) |
2771 | 0 | goto out_error; |
2772 | 0 | if (!(license->EncryptedPlatformChallenge = license_new_binary_blob(BB_ANY_BLOB))) |
2773 | 0 | goto out_error; |
2774 | 0 | if (!(license->EncryptedPlatformChallengeResponse = |
2775 | 0 | license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB))) |
2776 | 0 | goto out_error; |
2777 | 0 | if (!(license->EncryptedPremasterSecret = license_new_binary_blob(BB_ANY_BLOB))) |
2778 | 0 | goto out_error; |
2779 | 0 | if (!(license->EncryptedHardwareId = license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB))) |
2780 | 0 | goto out_error; |
2781 | 0 | if (!(license->EncryptedLicenseInfo = license_new_binary_blob(BB_ENCRYPTED_DATA_BLOB))) |
2782 | 0 | goto out_error; |
2783 | 0 | if (!(license->ScopeList = license_new_scope_list())) |
2784 | 0 | goto out_error; |
2785 | | |
2786 | 0 | license_generate_randoms(license); |
2787 | |
|
2788 | 0 | return license; |
2789 | | |
2790 | 0 | out_error: |
2791 | 0 | WINPR_PRAGMA_DIAG_PUSH |
2792 | 0 | WINPR_PRAGMA_DIAG_IGNORED_MISMATCHED_DEALLOC |
2793 | 0 | license_free(license); |
2794 | 0 | WINPR_PRAGMA_DIAG_POP |
2795 | 0 | return NULL; |
2796 | 0 | } |
2797 | | |
2798 | | /** |
2799 | | * Free license module. |
2800 | | * @param license license module to be freed |
2801 | | */ |
2802 | | |
2803 | | void license_free(rdpLicense* license) |
2804 | 0 | { |
2805 | 0 | if (license) |
2806 | 0 | { |
2807 | 0 | freerdp_certificate_free(license->certificate); |
2808 | 0 | license_free_product_info(license->ProductInfo); |
2809 | 0 | license_free_binary_blob(license->ErrorInfo); |
2810 | 0 | license_free_binary_blob(license->LicenseInfo); |
2811 | 0 | license_free_binary_blob(license->KeyExchangeList); |
2812 | 0 | license_free_binary_blob(license->ServerCertificate); |
2813 | 0 | license_free_binary_blob(license->ClientUserName); |
2814 | 0 | license_free_binary_blob(license->ClientMachineName); |
2815 | 0 | license_free_binary_blob(license->PlatformChallenge); |
2816 | 0 | license_free_binary_blob(license->PlatformChallengeResponse); |
2817 | 0 | license_free_binary_blob(license->EncryptedPlatformChallenge); |
2818 | 0 | license_free_binary_blob(license->EncryptedPlatformChallengeResponse); |
2819 | 0 | license_free_binary_blob(license->EncryptedPremasterSecret); |
2820 | 0 | license_free_binary_blob(license->EncryptedHardwareId); |
2821 | 0 | license_free_binary_blob(license->EncryptedLicenseInfo); |
2822 | 0 | license_free_scope_list(license->ScopeList); |
2823 | 0 | free(license); |
2824 | 0 | } |
2825 | 0 | } |
2826 | | |
2827 | | LICENSE_STATE license_get_state(const rdpLicense* license) |
2828 | 0 | { |
2829 | 0 | WINPR_ASSERT(license); |
2830 | 0 | return license->state; |
2831 | 0 | } |
2832 | | |
2833 | | LICENSE_TYPE license_get_type(const rdpLicense* license) |
2834 | 0 | { |
2835 | 0 | WINPR_ASSERT(license); |
2836 | 0 | return license->type; |
2837 | 0 | } |
2838 | | |
2839 | | BOOL license_set_state(rdpLicense* license, LICENSE_STATE state) |
2840 | 0 | { |
2841 | 0 | WINPR_ASSERT(license); |
2842 | 0 | license->state = state; |
2843 | 0 | switch (state) |
2844 | 0 | { |
2845 | 0 | case LICENSE_STATE_COMPLETED: |
2846 | 0 | break; |
2847 | 0 | case LICENSE_STATE_ABORTED: |
2848 | 0 | default: |
2849 | 0 | license->type = LICENSE_TYPE_INVALID; |
2850 | 0 | break; |
2851 | 0 | } |
2852 | | |
2853 | 0 | return TRUE; |
2854 | 0 | } |
2855 | | |
2856 | | const char* license_get_state_string(LICENSE_STATE state) |
2857 | 0 | { |
2858 | 0 | switch (state) |
2859 | 0 | { |
2860 | 0 | case LICENSE_STATE_INITIAL: |
2861 | 0 | return "LICENSE_STATE_INITIAL"; |
2862 | 0 | case LICENSE_STATE_CONFIGURED: |
2863 | 0 | return "LICENSE_STATE_CONFIGURED"; |
2864 | 0 | case LICENSE_STATE_REQUEST: |
2865 | 0 | return "LICENSE_STATE_REQUEST"; |
2866 | 0 | case LICENSE_STATE_NEW_REQUEST: |
2867 | 0 | return "LICENSE_STATE_NEW_REQUEST"; |
2868 | 0 | case LICENSE_STATE_PLATFORM_CHALLENGE: |
2869 | 0 | return "LICENSE_STATE_PLATFORM_CHALLENGE"; |
2870 | 0 | case LICENSE_STATE_PLATFORM_CHALLENGE_RESPONSE: |
2871 | 0 | return "LICENSE_STATE_PLATFORM_CHALLENGE_RESPONSE"; |
2872 | 0 | case LICENSE_STATE_COMPLETED: |
2873 | 0 | return "LICENSE_STATE_COMPLETED"; |
2874 | 0 | case LICENSE_STATE_ABORTED: |
2875 | 0 | return "LICENSE_STATE_ABORTED"; |
2876 | 0 | default: |
2877 | 0 | return "LICENSE_STATE_UNKNOWN"; |
2878 | 0 | } |
2879 | 0 | } |
2880 | | |
2881 | | BOOL license_server_send_request(rdpLicense* license) |
2882 | 0 | { |
2883 | 0 | if (!license_ensure_state(license, LICENSE_STATE_CONFIGURED, LICENSE_REQUEST)) |
2884 | 0 | return FALSE; |
2885 | 0 | if (!license_send_license_request_packet(license)) |
2886 | 0 | return FALSE; |
2887 | 0 | return license_set_state(license, LICENSE_STATE_REQUEST); |
2888 | 0 | } |
2889 | | |
2890 | | static BOOL license_set_string(wLog* log, const char* what, const char* value, BYTE** bdst, |
2891 | | UINT32* dstLen) |
2892 | 0 | { |
2893 | 0 | WINPR_ASSERT(what); |
2894 | 0 | WINPR_ASSERT(value); |
2895 | 0 | WINPR_ASSERT(bdst); |
2896 | 0 | WINPR_ASSERT(dstLen); |
2897 | | |
2898 | 0 | union |
2899 | 0 | { |
2900 | 0 | WCHAR** w; |
2901 | 0 | BYTE** b; |
2902 | 0 | } cnv; |
2903 | 0 | cnv.b = bdst; |
2904 | |
|
2905 | 0 | size_t len = 0; |
2906 | 0 | *cnv.w = ConvertUtf8ToWCharAlloc(value, &len); |
2907 | 0 | if (!*cnv.w || (len > UINT32_MAX / sizeof(WCHAR))) |
2908 | 0 | { |
2909 | 0 | WLog_Print(log, WLOG_ERROR, "license->ProductInfo: %s == %p || %" PRIu32 " > UINT32_MAX", |
2910 | 0 | what, *cnv.w, len); |
2911 | 0 | return FALSE; |
2912 | 0 | } |
2913 | 0 | *dstLen = (UINT32)(len * sizeof(WCHAR)); |
2914 | 0 | return TRUE; |
2915 | 0 | } |
2916 | | |
2917 | | BOOL license_server_configure(rdpLicense* license) |
2918 | 0 | { |
2919 | 0 | wStream* s = NULL; |
2920 | 0 | UINT32 algs[] = { KEY_EXCHANGE_ALG_RSA }; |
2921 | |
|
2922 | 0 | WINPR_ASSERT(license); |
2923 | 0 | WINPR_ASSERT(license->rdp); |
2924 | | |
2925 | 0 | const rdpSettings* settings = license->rdp->settings; |
2926 | |
|
2927 | 0 | const char* CompanyName = |
2928 | 0 | freerdp_settings_get_string(settings, FreeRDP_ServerLicenseCompanyName); |
2929 | |
|
2930 | 0 | const char* ProductName = |
2931 | 0 | freerdp_settings_get_string(settings, FreeRDP_ServerLicenseProductName); |
2932 | 0 | const UINT32 ProductVersion = |
2933 | 0 | freerdp_settings_get_uint32(settings, FreeRDP_ServerLicenseProductVersion); |
2934 | 0 | const UINT32 issuerCount = |
2935 | 0 | freerdp_settings_get_uint32(settings, FreeRDP_ServerLicenseProductIssuersCount); |
2936 | |
|
2937 | 0 | const void* ptr = freerdp_settings_get_pointer(settings, FreeRDP_ServerLicenseProductIssuers); |
2938 | 0 | const char** issuers = WINPR_REINTERPRET_CAST(ptr, const void*, const char**); |
2939 | |
|
2940 | 0 | WINPR_ASSERT(CompanyName); |
2941 | 0 | WINPR_ASSERT(ProductName); |
2942 | 0 | WINPR_ASSERT(ProductVersion > 0); |
2943 | 0 | WINPR_ASSERT(issuers || (issuerCount == 0)); |
2944 | | |
2945 | 0 | if (!license_ensure_state(license, LICENSE_STATE_INITIAL, LICENSE_REQUEST)) |
2946 | 0 | return FALSE; |
2947 | | |
2948 | 0 | license->ProductInfo->dwVersion = ProductVersion; |
2949 | 0 | if (!license_set_string(license->log, "pbCompanyName", CompanyName, |
2950 | 0 | &license->ProductInfo->pbCompanyName, |
2951 | 0 | &license->ProductInfo->cbCompanyName)) |
2952 | 0 | return FALSE; |
2953 | | |
2954 | 0 | if (!license_set_string(license->log, "pbProductId", ProductName, |
2955 | 0 | &license->ProductInfo->pbProductId, &license->ProductInfo->cbProductId)) |
2956 | 0 | return FALSE; |
2957 | | |
2958 | 0 | if (!license_read_binary_blob_data(license->log, license->KeyExchangeList, |
2959 | 0 | BB_KEY_EXCHG_ALG_BLOB, algs, sizeof(algs))) |
2960 | 0 | return FALSE; |
2961 | | |
2962 | 0 | if (!freerdp_certificate_read_server_cert(license->certificate, settings->ServerCertificate, |
2963 | 0 | settings->ServerCertificateLength)) |
2964 | 0 | return FALSE; |
2965 | | |
2966 | 0 | s = Stream_New(NULL, 1024); |
2967 | 0 | if (!s) |
2968 | 0 | return FALSE; |
2969 | 0 | else |
2970 | 0 | { |
2971 | 0 | BOOL r = FALSE; |
2972 | 0 | SSIZE_T res = |
2973 | 0 | freerdp_certificate_write_server_cert(license->certificate, CERT_CHAIN_VERSION_2, s); |
2974 | 0 | if (res >= 0) |
2975 | 0 | r = license_read_binary_blob_data(license->log, license->ServerCertificate, |
2976 | 0 | BB_CERTIFICATE_BLOB, Stream_Buffer(s), |
2977 | 0 | Stream_GetPosition(s)); |
2978 | |
|
2979 | 0 | Stream_Free(s, TRUE); |
2980 | 0 | if (!r) |
2981 | 0 | return FALSE; |
2982 | 0 | } |
2983 | | |
2984 | 0 | if (!license_scope_list_resize(license->ScopeList, issuerCount)) |
2985 | 0 | return FALSE; |
2986 | 0 | for (size_t x = 0; x < issuerCount; x++) |
2987 | 0 | { |
2988 | 0 | LICENSE_BLOB* blob = license->ScopeList->array[x]; |
2989 | 0 | const char* name = issuers[x]; |
2990 | 0 | const size_t length = strnlen(name, UINT16_MAX) + 1; |
2991 | 0 | if ((length == 0) || (length > UINT16_MAX)) |
2992 | 0 | { |
2993 | 0 | WLog_Print(license->log, WLOG_WARN, |
2994 | 0 | "%s: Invalid issuer at position %" PRIuz ": length 0 < %" PRIuz |
2995 | 0 | " <= %" PRIu16 " ['%s']", |
2996 | 0 | x, length, UINT16_MAX, name); |
2997 | 0 | return FALSE; |
2998 | 0 | } |
2999 | 0 | if (!license_read_binary_blob_data(license->log, blob, BB_SCOPE_BLOB, name, length)) |
3000 | 0 | return FALSE; |
3001 | 0 | } |
3002 | | |
3003 | 0 | return license_set_state(license, LICENSE_STATE_CONFIGURED); |
3004 | 0 | } |
3005 | | |
3006 | | rdpLicense* license_get(rdpContext* context) |
3007 | 0 | { |
3008 | 0 | WINPR_ASSERT(context); |
3009 | 0 | WINPR_ASSERT(context->rdp); |
3010 | 0 | return context->rdp->license; |
3011 | 0 | } |