archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/termsrv/license/lkplite/lkplite.cpp

1148 lines
28 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+--------------------------------------------------------------------------
  2. //
  3. // Copyright (c) 1997-2000 Microsoft Corporation
  4. //
  5. // File:
  6. //
  7. // Contents:
  8. //
  9. // History:
  10. //
  11. //---------------------------------------------------------------------------
  13. #ifndef _WIN32_WINNT
  14. #define _WIN32_WINNT 0x0400
  15. #endif
  16. #include <windows.h>
  17. #include <wincrypt.h>
  18. #include <stdio.h>
  19. #include <tchar.h>
  20. #include "Shortsig.h"
  21. #include "base24.h"
  22. #include "lkplite.h"
  23. #include "rc4.h"
  24. #include "md5.h"
  26. //internal functions
  27. #define LKPLITE_PID_LEN _tcslen(_TEXT("12345-123-1234567-12345"))
  29. #define SIGNATURE_LEN 104
  31. #define LKPLITE_PID_FIRSTCOPYOFFSET 10
  32. #define LKPLITE_PID_SECONDCOPYOFFSET 18
  33. #define LKPLITE_SPK_BITSTUFF 0x00000000000000FF
  35. #define LKPLITE_RAWDATALEN 20
  37. DWORD ValidatePID ( LPTSTR lpszPID );
  38. __int64 GetSPKIDFromPID ( LPTSTR lpszPID );
  41. #ifndef SIG_VERIFY_ONLY
  42. BYTE abLKPPrivateKey0[] =
  43. {
  44. 0x64, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0xff, 0xab,
  45. 0xa9, 0xba, 0xae, 0xdf, 0x30, 0x01, 0xb7, 0x1e, 0x79, 0x64,
  46. 0x46, 0x00, 0x00, 0x00, 0x50, 0x6d, 0x54, 0x36, 0x05, 0x00,
  47. 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x3d, 0xcb, 0x68, 0x79,
  48. 0x23, 0x52, 0x2c, 0x98, 0x24, 0x00, 0x00, 0x00, 0x83, 0x1c,
  49. 0x65, 0x18, 0x2b, 0xd6, 0x7b, 0x6f, 0x05, 0x00, 0x00, 0x00,
  50. 0x29, 0xe8, 0xe0, 0x1e, 0x71, 0xa0, 0x80, 0x40, 0x36, 0x26,
  51. 0x23, 0xe3, 0xab, 0x55, 0xa2, 0x7b, 0xac, 0xda, 0xf3, 0x29,
  52. 0x4d, 0xe1, 0x1a, 0xfa, 0x54, 0x41, 0xb7, 0xd3, 0x28, 0x27,
  53. 0x02, 0x7e, 0x9b, 0x2b, 0xc6, 0xf7, 0x6e, 0x82, 0x2c, 0xe4
  54. };
  57. BYTE abLSIDPrivateKey0[] =
  58. {
  59. 0x64, 0x00, 0x00, 0x00, 0x09, 0x00, 0x00, 0x00, 0x79, 0x6d,
  60. 0x1a, 0x6c, 0xae, 0xdf, 0x30, 0x01, 0x83, 0xa1, 0xc9, 0xb1,
  61. 0x46, 0x00, 0x00, 0x00, 0x1d, 0x6e, 0x56, 0x37, 0x05, 0x00,
  62. 0x00, 0x00, 0x64, 0x00, 0x00, 0x00, 0x49, 0x17, 0x6c, 0x21,
  63. 0x8e, 0x1d, 0x01, 0x1a, 0x22, 0x00, 0x00, 0x00, 0xa8, 0x60,
  64. 0x22, 0xb7, 0x36, 0xe3, 0x43, 0x57, 0x08, 0x00, 0x00, 0x00,
  65. 0x4b, 0x18, 0x12, 0x54, 0x39, 0x8f, 0x7c, 0x85, 0x88, 0xc4,
  66. 0x61, 0x16, 0x39, 0x17, 0x29, 0x67, 0xe2, 0xe0, 0x20, 0x2c,
  67. 0xcb, 0xeb, 0x5b, 0xd7, 0x75, 0xf0, 0xb8, 0xf3, 0x87, 0x48,
  68. 0x6d, 0x49, 0xce, 0x9a, 0xb3, 0x12, 0x82, 0x05, 0x51, 0xb5
  69. };
  71. #endif
  74. BYTE abLKPPublicKey0[] =
  75. {
  76. 0x6c, 0x01, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0xb7, 0x1e,
  77. 0x79, 0x64, 0xae, 0xdf, 0x30, 0x01, 0x0c, 0x00, 0x00, 0x00,
  78. 0x23, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x00, 0xf1, 0x89,
  79. 0x3e, 0xb9, 0x7f, 0x5e, 0xc9, 0x40, 0x4f, 0x0d, 0x64, 0x2c,
  80. 0x9e, 0x1c, 0x5b, 0xd7, 0x43, 0xb3, 0x51, 0x59, 0x27, 0x81,
  81. 0xfb, 0x16, 0x86, 0xa7, 0xb5, 0x9d, 0x89, 0xdb, 0x52, 0xf6,
  82. 0x3e, 0x95, 0xc9, 0x4c, 0x7b, 0x34, 0x54, 0x01, 0xab, 0x3c,
  83. 0x10, 0xb9, 0x35, 0x40, 0x64, 0xba, 0x01, 0x00, 0x00, 0x00,
  84. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  85. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  86. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  87. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  88. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  89. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  90. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  91. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  92. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  93. 0x00, 0x00, 0x39, 0x4d, 0x13, 0xde, 0xe2, 0xc9, 0x68, 0xb5,
  94. 0xef, 0x45, 0x67, 0x94, 0xde, 0x01, 0xdd, 0x35, 0x56, 0x30,
  95. 0x7b, 0xcd, 0xbc, 0xd5, 0x88, 0x77, 0xee, 0xf9, 0x5d, 0xa1,
  96. 0xaf, 0xab, 0xc2, 0xdf, 0xf8, 0x6c, 0x8c, 0x3d, 0xce, 0x4d,
  97. 0xab, 0x27, 0x6b, 0xcc, 0x64, 0x77, 0x8b, 0xbd, 0x71, 0x7b,
  98. 0xdd, 0x93, 0x05, 0xe5, 0xeb, 0xf1, 0xe0, 0x7c, 0xe8, 0x35,
  99. 0x0d, 0x4e, 0x31, 0x22, 0x23, 0x42, 0xaf, 0x33, 0x9f, 0x72,
  100. 0xda, 0xc9, 0x77, 0xa6, 0xe9, 0xcf, 0xac, 0x26, 0xe0, 0xb7,
  101. 0x6e, 0x50, 0xbb, 0x32, 0x71, 0x35, 0x32, 0xc2, 0x41, 0xdf,
  102. 0x76, 0x24, 0xbe, 0xdf, 0x4a, 0x90, 0xff, 0x2e, 0xdc, 0x16,
  103. 0x02, 0x6c, 0xd0, 0x85, 0xf5, 0xdd, 0xf0, 0x0d, 0xe6, 0x01,
  104. 0x75, 0x05, 0x75, 0x87, 0x3b, 0xb6, 0xc8, 0x51, 0x7f, 0x66,
  105. 0xcd, 0x2b, 0x52, 0x0b, 0x09, 0xec, 0xa5, 0x4a, 0xdf, 0x2b,
  106. 0xf0, 0xbd, 0x0e, 0x83, 0x2f, 0xa9, 0xbb, 0xde, 0x43, 0x6e,
  107. 0x4f, 0x38, 0x13, 0xa3, 0x70, 0x2e, 0x5e, 0x7f, 0xf2, 0x84,
  108. 0xaa, 0xfe, 0x12, 0x7d, 0x4e, 0x17, 0xad, 0x7a, 0x3c, 0x05,
  109. 0x40, 0x92, 0xf8, 0x34, 0x97, 0x43, 0x88, 0x93, 0xf1, 0x78,
  110. 0xe4, 0xe9, 0xe6, 0x4c, 0x2d, 0xf9, 0xcf, 0xf8, 0xb5, 0x34,
  111. 0x8c, 0x98, 0x56, 0x8d, 0x89, 0x9d, 0x34, 0xf5, 0xfa, 0xb6,
  112. 0x78, 0xfa, 0x5a, 0x85
  113. };
  117. BYTE abLSIDPublicKey0[] =
  118. {
  119. 0x6c, 0x01, 0x00, 0x00, 0x07, 0x00, 0x00, 0x00, 0x83, 0xa1,
  120. 0xc9, 0xb1, 0xae, 0xdf, 0x30, 0x01, 0x0c, 0x00, 0x00, 0x00,
  121. 0x23, 0x00, 0x00, 0x00, 0x45, 0x00, 0x00, 0x00, 0x31, 0x07,
  122. 0xcb, 0x01, 0x1e, 0x92, 0x74, 0x0b, 0x1e, 0x2b, 0x2d, 0x07,
  123. 0x68, 0xc5, 0xff, 0x21, 0xc5, 0x5c, 0x32, 0xb6, 0x44, 0xdb,
  124. 0x02, 0x09, 0xde, 0x2e, 0xc6, 0x6d, 0xb5, 0xc4, 0xd4, 0x44,
  125. 0x6f, 0xc7, 0x0d, 0xba, 0x4e, 0xe5, 0x0b, 0x0f, 0x92, 0xb1,
  126. 0x22, 0x25, 0xab, 0xdd, 0x86, 0x8d, 0x01, 0x00, 0x00, 0x00,
  127. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  128. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  129. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  130. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  131. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  132. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  133. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  134. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  135. 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
  136. 0x00, 0x00, 0xdb, 0x86, 0x67, 0xfb, 0x5c, 0x8c, 0x53, 0x72,
  137. 0x0e, 0x49, 0x94, 0x97, 0x94, 0x15, 0xfc, 0x25, 0x0d, 0xdd,
  138. 0xa1, 0xe4, 0xa0, 0xf0, 0xc3, 0x17, 0xf6, 0x98, 0xce, 0x9c,
  139. 0x07, 0x31, 0x10, 0xb7, 0x73, 0x16, 0x4f, 0x91, 0xbb, 0xfa,
  140. 0x01, 0xde, 0x9e, 0x79, 0xf2, 0x66, 0x58, 0xf5, 0x77, 0x45,
  141. 0x55, 0xf0, 0xa8, 0xb8, 0x0c, 0x2c, 0x0f, 0x15, 0xc7, 0x28,
  142. 0xce, 0x81, 0x69, 0x4e, 0x55, 0xd5, 0xf3, 0x89, 0xdc, 0x11,
  143. 0x34, 0x09, 0x40, 0x94, 0x5c, 0xaa, 0xd0, 0x6a, 0x5a, 0x06,
  144. 0x8e, 0x62, 0x6e, 0x5f, 0x7e, 0x35, 0x44, 0x5f, 0x06, 0xb2,
  145. 0xa5, 0xe8, 0x3c, 0x1b, 0x4d, 0xb8, 0xc6, 0x5e, 0xe0, 0xe4,
  146. 0xa6, 0xac, 0x80, 0xef, 0x8c, 0x99, 0x23, 0x06, 0x70, 0xd6,
  147. 0x6c, 0x62, 0x01, 0xb6, 0xde, 0x3b, 0x0c, 0x5e, 0x2a, 0x96,
  148. 0x9e, 0x63, 0x58, 0x9f, 0xdf, 0xf1, 0xaf, 0x5d, 0x02, 0xb6,
  149. 0x84, 0xc1, 0x52, 0x1f, 0xbc, 0xb8, 0x0c, 0x72, 0x3c, 0x1b,
  150. 0xb4, 0x58, 0x51, 0xab, 0x73, 0x19, 0x65, 0xbb, 0xc6, 0xb4,
  151. 0xb2, 0x53, 0xeb, 0x17, 0x4c, 0x42, 0xc9, 0xc2, 0xcd, 0x7f,
  152. 0x88, 0x0f, 0xb8, 0xaa, 0xc4, 0xca, 0xaa, 0xe0, 0xa0, 0xe1,
  153. 0x5f, 0xdb, 0x6e, 0xb8, 0x26, 0xf9, 0x8d, 0x4a, 0xe7, 0xdb,
  154. 0x1e, 0xdc, 0xc7, 0xdf, 0xf0, 0x35, 0x88, 0xec, 0x1d, 0xbe,
  155. 0xab, 0xa4, 0x8d, 0x39
  156. };
  159. //SPK functions
  160. //SPK Format
  161. //Total length = 160 bits
  162. //SPK = 58 bits
  163. //Signature = 120 bits
  164. //SPK break down :
  165. // Bits 1 ..18 - Unique Id max value = 262144
  166. // Bit 19 - SPK Type = 0 = BASIC 1 = SELECT
  167. // Bits 20..56 = SPK Id extracted from PID.
  168. // PID is in this format 12345-123-1234567-12345
  169. // we are using chars 11-16 and 19 thru' end of PID and converting it to a
  170. // number.
  171. // Bits 57 .. end = signature for the first 56 bits
  172. //
  173. #ifndef SIG_VERIFY_ONLY
  174. DWORD LKPLiteGenSPK (
  175. LPTSTR pszPID, //PID for the product. Should include the installation number
  176. DWORD dwUniqueId, //unique Id to be put in the SPK
  177. short nSPKType, //Can be 1 for select or 0 for BASIC
  178. LPTSTR * ppszSPK
  179. )
  180. {
  181. DWORD dwRetCode = ERROR_SUCCESS;
  182. BYTE bSPK[LKPLITE_SPK_LEN] = {0xFF};
  183. __int64 n64SPK = 0;
  184. __int64 n64UniqueId = dwUniqueId;
  185. __int64 n64PID =0;
  188. //validate incomming parametetrs
  189. if ( NULL == pszPID || NULL == pszPID ||
  190. (LKPLITE_SPK_SELECT != nSPKType && LKPLITE_SPK_BASIC != nSPKType ) ||
  191. 0 ==dwUniqueId )
  192. {
  193. dwRetCode = ERROR_INVALID_PARAMETER;
  194. goto done;
  195. }
  196. //validate syntax of PID
  197. if ( ( dwRetCode = ValidatePID ( pszPID ) ) != ERROR_SUCCESS )
  198. {
  199. goto done;
  200. }
  201. //ALL OK so generate the SPK now
  202. n64SPK = dwUniqueId;
  203. n64SPK <<= 46; //left shift this by 46 bits
  204. //Or the bit mask for select/basic cert types.
  205. if ( nSPKType == LKPLITE_SPK_SELECT )
  206. {
  207. n64SPK |= LKPLITE_SPK_SELECT_MASK;
  208. }
  209. else if ( nSPKType == LKPLITE_SPK_BASIC )
  210. {
  211. n64SPK |= LKPLITE_SPK_BASIC_MASK;
  212. }
  214. //extract the PID stuff and move it into the stuff
  215. n64PID = GetSPKIDFromPID ( pszPID );
  216. //move the pid left by 8 bits and or it with the main stuff
  217. n64PID <<= 8;
  218. //set the last 8 bits of this PID to 1's
  219. n64PID |= LKPLITE_SPK_BITSTUFF;
  220. //or the PID with SPK
  221. n64SPK |= n64PID;
  223. memcpy ( bSPK, ((BYTE *) (&n64SPK)) + 1, sizeof(n64SPK)-1);
  224. //get the signature and then
  225. //assign the pointer
  226. /*
  227. dwRetCode = CryptSignBatch(0, NULL, 7, bSPK, sizeof(abPrivateKey0),abPrivateKey0,
  228. sizeof(abPublicKey0), abPublicKey0, SIGNATURE_LEN,
  229. bSPK+7,1);
  230. */
  232. dwRetCode = CryptSign(0, NULL, 7, bSPK, sizeof(abLSIDPrivateKey0), abLSIDPrivateKey0,
  233. sizeof(abLSIDPublicKey0), abLSIDPublicKey0, SIGNATURE_LEN,
  234. bSPK+7);
  236. if (dwRetCode != SS_OK)
  237. {
  238. goto done;
  239. }
  240. //encrypt it with the pid passed in
  241. dwRetCode = LKPLiteEncryptUsingPID(pszPID,
  242. bSPK,
  243. LKPLITE_RAWDATALEN);
  244. if (dwRetCode != ERROR_SUCCESS)
  245. {
  246. goto done;
  247. }
  249. dwRetCode = B24EncodeMSID((PBYTE)bSPK, ppszSPK);
  251. done:
  252. return dwRetCode;
  253. }
  254. #endif
  258. DWORD LKPLiteVerifySPK (
  259. LPTSTR pszPID, //PID to validate against
  260. LPTSTR pszSPK,
  261. DWORD * pdwVerifyResult
  262. )
  263. {
  264. DWORD dwRetCode = ERROR_SUCCESS;
  265. PBYTE pbDecodedSPK = NULL;
  266. __int64 n64SPK = 0;
  267. __int64 n64SPKPID =0;
  268. __int64 n64SPKVerifyPID =0;
  270. //common validations
  271. if ( NULL == pszPID || NULL == pszSPK ||
  272. NULL == pdwVerifyResult )
  273. {
  274. dwRetCode = ERROR_INVALID_PARAMETER;
  275. goto done;
  276. }
  278. if ((dwRetCode = ValidatePID ( pszPID ))!= ERROR_SUCCESS)
  279. {
  280. goto done;
  281. }
  283. //now decode the stuff comming in
  284. //base24 expects a string so we need to do this conversion
  287. dwRetCode = B24DecodeMSID(pszSPK , &pbDecodedSPK);
  288. if ( ERROR_SUCCESS != dwRetCode )
  289. {
  290. goto done;
  291. }
  294. dwRetCode = LKPLiteDecryptUsingPID(pszPID,
  295. pbDecodedSPK,
  296. LKPLITE_RAWDATALEN);
  297. if (dwRetCode != ERROR_SUCCESS)
  298. {
  299. goto done;
  300. }
  302. //Call function to verify signature on SPK
  303. dwRetCode = CryptVerifySig(7, pbDecodedSPK, sizeof(abLSIDPublicKey0),
  304. abLSIDPublicKey0, SIGNATURE_LEN, pbDecodedSPK+7);
  305. if (dwRetCode != SS_OK)
  306. {
  307. *pdwVerifyResult = LKPLITE_SPK_INVALID;
  308. goto done;
  309. }
  312. memcpy ( ((BYTE *) &n64SPK) + 1, pbDecodedSPK, sizeof(n64SPK) -1 );
  314. //now get the contents of SPK and then see if it matches with
  315. //the PID passed in
  316. //extract bits 20 - 56 and then move them right 8 bits
  317. n64SPKPID = n64SPK & LKPLITE_SPK_PID_MASK;
  318. n64SPKPID >>= 8;
  319. n64SPKVerifyPID = GetSPKIDFromPID ( pszPID );
  320. if ( n64SPKVerifyPID != n64SPKPID )
  321. {
  322. *pdwVerifyResult = LKPLITE_SPK_INVALID;
  323. }
  324. else
  325. {
  326. *pdwVerifyResult = LKPLITE_SPK_VALID;
  327. }
  329. done:
  330. if ( pbDecodedSPK )
  331. HeapFree (GetProcessHeap(),0,pbDecodedSPK );
  332. return dwRetCode;
  333. }
  336. DWORD LKPLiteCrackSPK (
  337. LPTSTR pszPID,
  338. LPTSTR pszSPK, //Pointer to SPK
  339. LPTSTR pszPIDPart, //PID Part of SPK
  340. DWORD * pdwUniqueId, //uniqueId part of SPK
  341. short * pnSPKType //Type of SPK - Select/Basic
  342. )
  343. {
  344. DWORD dwRetCode = ERROR_SUCCESS;
  345. PBYTE pbDecodedSPK = NULL;
  346. __int64 n64SPK =0;
  347. __int64 n64PIDPart =0;
  348. __int64 n64UniqueId =0;
  350. LPTSTR lpszEncodedSPK = NULL;
  352. //Validate the parameters
  353. if ( NULL == pszSPK || NULL == pszPIDPart ||
  354. NULL == pdwUniqueId || NULL == pnSPKType
  355. )
  356. {
  357. dwRetCode = ERROR_INVALID_PARAMETER;
  358. goto done;
  359. }
  360. //decode the SPK here
  361. dwRetCode = B24DecodeMSID(pszSPK, &pbDecodedSPK);
  362. if ( ERROR_SUCCESS != dwRetCode )
  363. {
  364. goto done;
  365. }
  367. dwRetCode = LKPLiteDecryptUsingPID(pszPID,
  368. pbDecodedSPK,
  369. LKPLITE_RAWDATALEN);
  370. if (dwRetCode != ERROR_SUCCESS)
  371. {
  372. goto done;
  373. }
  375. //get the SPK portion of it
  376. memcpy ( ((BYTE *) &n64SPK) + 1, pbDecodedSPK, sizeof(n64SPK) - 1);
  378. //get the first 20 bits into
  379. n64UniqueId = n64SPK & LKPLITE_SPK_UNIQUEID_MASK;
  380. n64UniqueId >>= 46;
  381. *pdwUniqueId = (DWORD)n64UniqueId;
  382. //check to see select / basic mask
  383. if ( n64SPK & LKPLITE_SPK_SELECT_MASK )
  384. {
  385. *pnSPKType = LKPLITE_SPK_SELECT;
  386. }
  387. else
  388. {
  389. *pnSPKType = LKPLITE_SPK_BASIC;
  390. }
  392. //get the PID part
  393. n64PIDPart = n64SPK & LKPLITE_SPK_PID_MASK;
  394. n64PIDPart >>= 6;
  395. pszPIDPart = _i64tot (n64PIDPart, pszPIDPart, 10);
  396. done:
  397. if ( pbDecodedSPK )
  398. HeapFree (GetProcessHeap(), 0, pbDecodedSPK );
  399. return dwRetCode;
  400. }
  402. //LKP functions
  403. //LKP Format
  404. // Bits 1..10 - Product Code It is 256 for not which is NT 5.0 product code
  405. // Bits 11..24 - Quantity Max 9999
  406. // Bits 25..36 - Serial num Max 4K
  407. // Bits 37..38 - Program Type 0-SELECT,1-MOLP, 2-RETAIL
  408. // Bits 39..46 - Dt Of expiration in months from today
  409. // Bits 47..53 - Version 1-99
  410. // Bits 54..56 - Upgrade / Full flag
  411. // Bits 57 .. end - Signature
  412. //
  413. #ifndef SIG_VERIFY_ONLY
  414. DWORD LKPLiteGenLKP (
  415. LPTSTR lpszPID, //used for encrypting the LKPLite structure
  416. LPTSTR lpszProductCode, //Product Code
  417. DWORD dwQuantity, //quantity
  418. DWORD dwSerialNum, //serail number of SPK
  419. DWORD dwExpirationMos, //expiration in number of months from today
  420. DWORD dwVersion, //version number can be upto 99
  421. DWORD dwUpgrade, //upgrade or full license
  422. DWORD dwProgramType, //SELECT,MOLP or RETAIL
  423. LPTSTR * ppszLKPLite
  424. )
  425. {
  426. DWORD dwRetCode = ERROR_SUCCESS;
  427. __int64 n64LKPLite = _ttoi(lpszProductCode);
  428. __int64 n64Qty = dwQuantity;
  429. __int64 n64SerialNo = dwSerialNum;
  430. __int64 n64dtOfExp = dwExpirationMos;
  431. __int64 n64Version = dwVersion;
  432. __int64 n64Upgrade = dwUpgrade;
  433. __int64 n64Program = dwProgramType;
  435. BYTE bLKP[LKPLITE_LKP_LEN] = {0};
  437. //validate params
  438. if ( NULL == lpszPID || NULL == lpszProductCode ||
  439. ( dwQuantity <= 0 || dwQuantity > 9999) ||
  440. ( dwSerialNum <= 0 || dwSerialNum >= 0xFFF ) ||
  441. ( dwExpirationMos <= 0 || dwExpirationMos >= 255) ||
  442. ( dwVersion <= 0 || dwVersion >= 99) ||
  443. ( dwUpgrade != 1 && dwUpgrade != 0 ) ||
  444. ( dwProgramType != LKPLITE_PROGRAM_SELECT && dwProgramType != LKPLITE_PROGRAM_MOLP &&
  445. dwProgramType != LKPLITE_PROGRAM_RETAIL)
  446. )
  447. {
  448. dwRetCode = ERROR_INVALID_PARAMETER;
  449. goto done;
  450. }
  452. //move the product code to extreme left
  453. n64LKPLite <<= 54;
  455. //move the quantity to position
  456. n64Qty <<= 40;
  457. n64LKPLite |= n64Qty;
  459. //move Serial number into position
  460. n64SerialNo <<= 28;
  461. n64LKPLite |= n64SerialNo;
  463. //move Program Type into position
  464. n64Program <<= 26;
  465. n64LKPLite |= n64Program;
  467. //move dt of expitration into position
  468. n64dtOfExp <<= 18;
  469. n64LKPLite |= n64dtOfExp;
  471. //move Version into place
  472. n64Version <<= 11;
  473. n64LKPLite |= n64Version;
  474. //move upgrade in place
  475. n64Upgrade <<= 8;
  476. n64LKPLite |= n64Upgrade;
  477. //set the last 8 bits of this PID to 1's
  478. n64LKPLite |= LKPLITE_SPK_BITSTUFF;
  480. memcpy ( bLKP, ((BYTE *) &n64LKPLite) + 1, sizeof(n64LKPLite ) - 1);
  481. /*
  482. dwRetCode = CryptSignBatch(0, NULL, 7, bLKP, sizeof(abPrivateKey0),abPrivateKey0,
  483. sizeof(abPublicKey0), abPublicKey0, SIGNATURE_LEN,
  484. bLKP+7,1);
  485. */
  486. //sign the lkp here
  487. dwRetCode = CryptSign(0, NULL, 7, bLKP, sizeof(abLKPPrivateKey0), abLKPPrivateKey0,
  488. sizeof(abLKPPublicKey0), abLKPPublicKey0, SIGNATURE_LEN,
  489. bLKP+7);
  491. if (dwRetCode != SS_OK)
  492. {
  493. goto done;
  494. }
  496. //encrypt it with the pid passed in
  497. dwRetCode = LKPLiteEncryptUsingPID(lpszPID,
  498. bLKP,
  499. LKPLITE_RAWDATALEN);
  500. if (dwRetCode != ERROR_SUCCESS)
  501. {
  502. goto done;
  503. }
  505. // memset ( bLKP, 0xFF, sizeof(bLKP));
  507. //now encode the spk
  508. dwRetCode = B24EncodeMSID((PBYTE)bLKP, ppszLKPLite);
  509. done:
  511. return dwRetCode;
  512. }
  513. #endif
  517. //This function has to verify the LKP by decrypting it
  518. //and matching the signature
  519. DWORD LKPLiteVerifyLKP (
  520. LPTSTR lpszPID, //PID for verifying the LKP lite blob
  521. LPTSTR pszLKPLite, //B24 encoded LKP
  522. DWORD * pdwVerifyResult
  523. )
  524. {
  525. DWORD dwRetCode = ERROR_SUCCESS;
  526. PBYTE pbDecodedLKP = NULL;
  527. *pdwVerifyResult = LKPLITE_LKP_VALID;
  529. //decode the SPK here
  530. dwRetCode = B24DecodeMSID(pszLKPLite, &pbDecodedLKP);
  531. if ( ERROR_SUCCESS != dwRetCode )
  532. {
  533. goto done;
  534. }
  536. dwRetCode = LKPLiteDecryptUsingPID(lpszPID,
  537. pbDecodedLKP,
  538. LKPLITE_RAWDATALEN);
  539. if (dwRetCode != ERROR_SUCCESS)
  540. {
  541. goto done;
  542. }
  544. //Call function to verify signature on SPK
  545. dwRetCode = CryptVerifySig(7, pbDecodedLKP, sizeof(abLKPPublicKey0),
  546. abLKPPublicKey0, SIGNATURE_LEN, pbDecodedLKP+7);
  547. if (dwRetCode != SS_OK)
  548. {
  549. *pdwVerifyResult = LKPLITE_SPK_INVALID;
  550. }
  552. done:
  553. if (pbDecodedLKP != NULL)
  554. {
  555. HeapFree(GetProcessHeap(), 0, pbDecodedLKP);
  556. }
  558. return dwRetCode;
  559. }
  562. DWORD LKPLiteCrackLKP (
  563. LPTSTR lpszPID,
  564. LPTSTR pszLKPLite,
  565. LPTSTR lpszProductCode,
  566. DWORD * pdwQuantity,
  567. DWORD * pdwSerialNum,
  568. DWORD * pdwExpirationMos,
  569. DWORD * pdwVersion,
  570. DWORD * pdwUpgrade,
  571. DWORD * pdwProgramType
  572. )
  573. {
  574. DWORD dwRetCode = ERROR_SUCCESS;
  575. PBYTE pbDecodedLKP = NULL;
  576. __int64 n64LKPLite = 0;
  577. __int64 n64ProductCode = 0;
  578. __int64 n64Qty = 0;
  579. __int64 n64SerialNo = 0;
  580. __int64 n64dtOfExp = 0;
  581. __int64 n64Version = 0;
  582. __int64 n64Upgrade = 0;
  583. __int64 n64Program = 0;
  585. if ( NULL == lpszPID || NULL == pszLKPLite ||
  586. NULL == lpszProductCode || NULL == pdwQuantity ||
  587. NULL == pdwSerialNum || NULL == pdwExpirationMos ||
  588. NULL == pdwVersion || NULL == pdwUpgrade ||
  589. NULL == pdwProgramType || NULL == pdwProgramType
  590. )
  591. {
  592. dwRetCode = ERROR_INVALID_PARAMETER;
  593. goto done;
  594. }
  596. //decode and decrypt the lkp here
  598. dwRetCode = B24DecodeMSID(pszLKPLite, &pbDecodedLKP);
  599. if ( ERROR_SUCCESS != dwRetCode )
  600. {
  601. goto done;
  602. }
  604. dwRetCode = LKPLiteDecryptUsingPID(lpszPID,
  605. pbDecodedLKP,
  606. LKPLITE_RAWDATALEN);
  607. if (dwRetCode != ERROR_SUCCESS)
  608. {
  609. goto done;
  610. }
  612. //copy all the stuff into int64 type
  614. memcpy ( ((BYTE *) &n64LKPLite) + 1, pbDecodedLKP, sizeof(n64LKPLite ) - 1 );
  616. // Decrypt it using the PID
  617. n64ProductCode = n64LKPLite & LKPLITE_LKP_PRODUCT_MASK;
  618. n64ProductCode >>= 54;
  620. //move the quantity to position
  621. n64Qty = n64LKPLite & LKPLITE_LKP_QUANTITY_MASK;
  622. n64Qty >>= 40;
  624. //move Serial number into position
  625. n64SerialNo = n64LKPLite & LKPLITE_LKP_SERAIL_NO_MASK;
  626. n64SerialNo >>= 28;
  628. //move Program Type into position
  629. n64Program = n64LKPLite & LKPLITE_LKP_PROGRAM_MASK;
  630. n64Program >>= 26;
  632. //move dt of expitration into position
  633. n64dtOfExp = n64LKPLite & LKPLITE_LKP_EXP_DATE_MASK;
  634. n64dtOfExp >>= 18;
  636. //move Version into place
  637. n64Version = n64LKPLite & LKPLITE_LKP_VERSION_MASK;
  638. n64Version >>= 11;
  640. //move upgrade in place
  641. n64Upgrade = n64LKPLite & LKPLITE_LKP_UPG_FULL_MASK;
  642. n64Upgrade >>= 8;
  644. done:
  646. if ( ERROR_SUCCESS == dwRetCode )
  647. {
  648. _stprintf(lpszProductCode, _T("%03d"), n64ProductCode);
  649. // _i64tot ( n64ProductCode, lpszProductCode, 10 );
  650. *pdwQuantity = (DWORD)n64Qty;
  651. *pdwSerialNum = (DWORD)n64SerialNo;
  652. *pdwExpirationMos = (DWORD)n64dtOfExp;
  653. *pdwVersion = (DWORD)n64Version;
  654. *pdwUpgrade = (DWORD)n64Upgrade;
  655. *pdwProgramType = (DWORD)n64Program;
  656. }
  657. if ( pbDecodedLKP )
  658. HeapFree ( GetProcessHeap(),0, pbDecodedLKP );
  660. return dwRetCode;
  661. }
  665. //internal functions
  666. DWORD ValidatePID ( LPTSTR lpszPID )
  667. {
  668. DWORD dwRetCode = ERROR_SUCCESS;
  669. DWORD dwPIDLen = _tcslen( lpszPID );
  670. DWORD dwCounter =0;
  672. if ( dwPIDLen != LKPLITE_PID_LEN )
  673. {
  674. dwRetCode = ERROR_INVALID_PARAMETER;
  675. }
  676. else
  677. {
  678. //check for syntax
  679. for ( dwCounter = 0; dwCounter < dwPIDLen; dwCounter ++ )
  680. {
  681. if ( !_istdigit ( *(lpszPID + dwCounter ) ) )
  682. {
  683. switch(dwCounter)
  684. {
  685. case 5:
  686. if (*(lpszPID + dwCounter ) != _T('-') )
  687. dwRetCode = ERROR_INVALID_PARAMETER;
  688. break;
  689. case 6:
  690. if (*(lpszPID + dwCounter ) != _T('O') && *(lpszPID + dwCounter ) != _T('o') )
  691. dwRetCode = ERROR_INVALID_PARAMETER;
  692. break;
  693. case 7:
  694. if (*(lpszPID + dwCounter ) != _T('E') && *(lpszPID + dwCounter ) != _T('e') )
  695. dwRetCode = ERROR_INVALID_PARAMETER;
  696. break;
  697. case 8:
  698. if (*(lpszPID + dwCounter ) != _T('M') && *(lpszPID + dwCounter ) != _T('m') )
  699. dwRetCode = ERROR_INVALID_PARAMETER;
  700. break;
  701. case 9:
  702. if (*(lpszPID + dwCounter ) != _T('-') )
  703. dwRetCode = ERROR_INVALID_PARAMETER;
  704. break;
  705. case 17:
  706. if (*(lpszPID + dwCounter ) != _T('-') )
  707. dwRetCode = ERROR_INVALID_PARAMETER;
  708. break;
  709. default:
  710. dwRetCode = ERROR_INVALID_PARAMETER;
  711. }
  712. }
  713. else
  714. {
  715. switch(dwCounter)
  716. {
  717. case 5:
  718. case 9:
  719. case 17:
  720. dwRetCode = ERROR_INVALID_PARAMETER;
  721. break;
  722. }
  723. }
  724. }
  725. }
  726. //can check here for mod 7 thing too but for now assume its OK.
  727. return dwRetCode;
  728. }
  730. //Assume that the PID comming in has aleady been validated
  731. __int64 GetSPKIDFromPID ( LPTSTR lpszPID )
  732. {
  733. __int64 n64PID;
  734. TCHAR szPID[12] = {0};
  736. memcpy ( szPID, lpszPID + 10, 6 * sizeof(TCHAR));
  737. memcpy ( szPID + 6, lpszPID+ 18, 5 * sizeof(TCHAR));
  738. n64PID = _ttoi64(szPID);
  739. return n64PID;
  740. }
  744. DWORD LKPLiteGenConfNumber(LPTSTR lpszLSID,
  745. LPTSTR lpszPID,
  746. LPTSTR *lpszConfirmation)
  747. {
  748. BYTE * pbDecodedData = NULL;
  749. DWORD dwRetCode = ERROR_SUCCESS;
  750. DWORD dwConfirmation;
  752. // lpszLSID is base 24 encoded, so decode it first
  753. dwRetCode = B24DecodeMSID(lpszLSID, &pbDecodedData);
  754. if (dwRetCode != ERROR_SUCCESS)
  755. {
  756. goto done;
  757. }
  759. // Decoded Data is available. Copy the leading 4 bytes for generating the confirmation
  760. // Number
  761. memcpy(&dwConfirmation, pbDecodedData, sizeof(DWORD));
  763. // Encrypt this number using the PID
  764. dwRetCode = LKPLiteEncryptUsingPID(lpszPID, (BYTE *) &dwConfirmation, sizeof(DWORD));
  765. if (dwRetCode != ERROR_SUCCESS)
  766. {
  767. goto done;
  768. }
  770. // Now Encode the Encrypted stream
  771. dwRetCode = B24EncodeCNumber((BYTE *) &dwConfirmation, lpszConfirmation);
  772. if (dwRetCode != ERROR_SUCCESS)
  773. {
  774. goto done;
  775. }
  777. done:
  778. if (pbDecodedData)
  779. {
  780. HeapFree(GetProcessHeap(), 0, pbDecodedData);
  781. }
  783. return dwRetCode;
  784. }
  790. DWORD LKPLiteValConfNumber(LPTSTR lpszLSID,
  791. LPTSTR lpszPID,
  792. LPTSTR lpszConfirmation)
  793. {
  794. BYTE * pbDecodedLSID = NULL;
  795. BYTE * pbDecodedConf = NULL;
  796. DWORD dwRetCode = ERROR_SUCCESS;
  798. // lpszLSID is base 24 encoded, so decode it first
  799. dwRetCode = B24DecodeMSID(lpszLSID, &pbDecodedLSID);
  800. if (dwRetCode != ERROR_SUCCESS)
  801. {
  802. goto done;
  803. }
  805. // Decode Confirmation Number
  806. dwRetCode = B24DecodeCNumber(lpszConfirmation, &pbDecodedConf);
  807. if (dwRetCode != ERROR_SUCCESS)
  808. {
  809. goto done;
  810. }
  812. // Decrypt the leading 4 bytes
  813. dwRetCode = LKPLiteDecryptUsingPID(lpszPID, pbDecodedConf, sizeof(DWORD));
  814. if (dwRetCode != ERROR_SUCCESS)
  815. {
  816. goto done;
  817. }
  820. if (memcmp(pbDecodedLSID, pbDecodedConf, sizeof(DWORD)) != 0)
  821. {
  822. // does not match
  823. dwRetCode = LKPLITE_INVALID_CONFNUM;
  824. }
  826. done:
  827. if (pbDecodedLSID)
  828. {
  829. HeapFree(GetProcessHeap(), 0, pbDecodedLSID);
  830. }
  832. if (pbDecodedConf)
  833. {
  834. HeapFree(GetProcessHeap(), 0, pbDecodedConf);
  835. }
  837. return dwRetCode;
  838. }
  841. /////////////////////////////////////////////////////////
  843. DWORD WINAPI
  844. EncryptDecryptData(
  845. IN PBYTE pbParm,
  846. IN DWORD cbParm,
  847. IN OUT PBYTE pbData,
  848. IN DWORD cbData
  849. )
  850. /*++
  852. Abstract:
  854. Internal routine to encrypt/decrypt a blob of data
  856. Parameter:
  858. pbParm : binary blob to generate encrypt/decrypt key.
  859. cbParm : size of binary blob.
  860. pbData : data to be encrypt/decrypt.
  861. cbData : size of data to be encrypt/decrypt.
  863. Returns:
  865. ERROR_SUCCESS or error code.
  867. Remark:
  870. --*/
  871. {
  872. DWORD dwRetCode = ERROR_SUCCESS;
  873. MD5_CTX md5Ctx;
  874. RC4_KEYSTRUCT rc4KS;
  875. BYTE key[16];
  876. int i;
  878. if(NULL == pbParm || 0 == cbParm)
  879. {
  880. SetLastError(dwRetCode = ERROR_INVALID_PARAMETER);
  881. return dwRetCode;
  882. }
  884. MD5Init(&md5Ctx);
  885. MD5Update(
  886. &md5Ctx,
  887. pbParm,
  888. cbParm
  889. );
  891. MD5Final(&md5Ctx);
  893. memset(key, 0, sizeof(key));
  895. for(i=0; i < 5; i++)
  896. {
  897. key[i] = md5Ctx.digest[i];
  898. }
  900. //
  901. // Call RC4 to encrypt/decrypt data
  902. //
  903. rc4_key(
  904. &rc4KS,
  905. sizeof(key),
  906. key
  907. );
  909. rc4(&rc4KS, cbData, pbData);
  911. return dwRetCode;
  912. }
  914. DWORD LKPLiteEncryptUsingPID(LPTSTR lpszPID,
  915. BYTE * pbBufferToEncrypt,
  916. DWORD dwLength)
  917. {
  918. DWORD dwRetCode = ERROR_SUCCESS;
  920. #if 1
  922. dwRetCode = EncryptDecryptData(
  923. (PBYTE) lpszPID,
  924. lstrlen(lpszPID)*sizeof(TCHAR),
  925. pbBufferToEncrypt,
  926. dwLength
  927. );
  930. #else
  932. BOOL bRet;
  933. HCRYPTPROV hProv = NULL;
  934. HCRYPTKEY hCKey = NULL;
  935. HCRYPTHASH hHash = NULL;
  937. bRet = CryptAcquireContext(&hProv,
  938. NULL,
  939. NULL,
  940. PROV_RSA_FULL,
  941. CRYPT_VERIFYCONTEXT);
  943. if (!bRet)
  944. {
  945. dwRetCode = GetLastError();
  946. goto done;
  947. }
  950. bRet = CryptCreateHash(hProv,
  951. CALG_MD5,
  952. 0,
  953. 0,
  954. &hHash);
  955. if (!bRet)
  956. {
  957. dwRetCode = GetLastError();
  958. goto done;
  959. }
  961. bRet = CryptHashData(hHash,
  962. (BYTE *) lpszPID,
  963. lstrlen(lpszPID)*sizeof(TCHAR),
  964. 0);
  965. if (!bRet)
  966. {
  967. dwRetCode = GetLastError();
  968. goto done;
  969. }
  971. bRet = CryptDeriveKey(hProv,
  972. CALG_RC4,
  973. hHash,
  974. 0,
  975. &hCKey);
  976. if (!bRet)
  977. {
  978. dwRetCode = GetLastError();
  979. goto done;
  980. }
  982. bRet = CryptEncrypt(hCKey,
  983. 0,
  984. TRUE,
  985. 0,
  986. pbBufferToEncrypt,
  987. &dwLength,
  988. dwLength);
  990. if (!bRet)
  991. {
  992. dwRetCode = GetLastError();
  993. goto done;
  994. }
  996. done:
  997. if (hCKey != NULL)
  998. {
  999. bRet = CryptDestroyKey(hCKey);
  1000. if (!bRet)
  1001. {
  1002. dwRetCode = GetLastError();
  1003. }
  1004. }
  1006. if (hHash != NULL)
  1007. {
  1008. bRet = CryptDestroyHash(hHash);
  1009. if (!bRet)
  1010. {
  1011. dwRetCode = GetLastError();
  1012. }
  1013. }
  1015. if (hProv != NULL)
  1016. {
  1017. bRet = CryptReleaseContext( hProv, 0 );
  1019. if (!bRet)
  1020. {
  1021. dwRetCode = GetLastError();
  1022. }
  1023. }
  1025. #endif
  1027. return dwRetCode;
  1028. }
  1034. DWORD LKPLiteDecryptUsingPID(LPTSTR lpszPID,
  1035. BYTE * pbBufferToDecrypt,
  1036. DWORD dwLength)
  1037. {
  1038. DWORD dwRetCode = ERROR_SUCCESS;
  1040. #if 1
  1042. dwRetCode = EncryptDecryptData(
  1043. (PBYTE) lpszPID,
  1044. lstrlen(lpszPID)*sizeof(TCHAR),
  1045. pbBufferToDecrypt,
  1046. dwLength
  1047. );
  1048. #else
  1050. BOOL bRet;
  1051. HCRYPTPROV hProv = NULL;
  1052. HCRYPTKEY hCKey = NULL;
  1053. HCRYPTHASH hHash = NULL;
  1055. bRet = CryptAcquireContext(&hProv,
  1056. NULL,
  1057. NULL,
  1058. PROV_RSA_FULL,
  1059. CRYPT_VERIFYCONTEXT);
  1061. if (!bRet)
  1062. {
  1063. dwRetCode = GetLastError();
  1064. goto done;
  1065. }
  1068. bRet = CryptCreateHash(hProv,
  1069. CALG_MD5,
  1070. 0,
  1071. 0,
  1072. &hHash);
  1073. if (!bRet)
  1074. {
  1075. dwRetCode = GetLastError();
  1076. goto done;
  1077. }
  1079. bRet = CryptHashData(hHash,
  1080. (BYTE *) lpszPID,
  1081. lstrlen(lpszPID)*sizeof(TCHAR),
  1082. 0);
  1083. if (!bRet)
  1084. {
  1085. dwRetCode = GetLastError();
  1086. goto done;
  1087. }
  1089. bRet = CryptDeriveKey(hProv,
  1090. CALG_RC4,
  1091. hHash,
  1092. 0,
  1093. &hCKey);
  1094. if (!bRet)
  1095. {
  1096. dwRetCode = GetLastError();
  1097. goto done;
  1098. }
  1100. bRet = CryptDecrypt(hCKey,
  1101. 0,
  1102. TRUE,
  1103. 0,
  1104. (BYTE *) pbBufferToDecrypt,
  1105. &dwLength);
  1106. if (!bRet)
  1107. {
  1108. dwRetCode = GetLastError();
  1109. goto done;
  1110. }
  1112. done:
  1113. if (hCKey != NULL)
  1114. {
  1115. bRet = CryptDestroyKey(hCKey);
  1116. if (!bRet)
  1117. {
  1118. dwRetCode = GetLastError();
  1119. }
  1120. }
  1122. if (hHash != NULL)
  1123. {
  1124. bRet = CryptDestroyHash(hHash);
  1125. if (!bRet)
  1126. {
  1127. dwRetCode = GetLastError();
  1128. }
  1129. }
  1131. if (hProv != NULL)
  1132. {
  1133. bRet = CryptReleaseContext( hProv, 0 );
  1135. if (!bRet)
  1136. {
  1137. dwRetCode = GetLastError();
  1138. }
  1139. }
  1141. #endif
  1143. return dwRetCode;
  1144. }