526互联

licensecc 库实现软件授权

发布时间 2023-07-27 11:02:22作者: ID是菜鸟

目录

1.licensecc编译相关准备

OpenSSL

https://github.com/openssl/openssl#download
OpenSSL是用于运输层安全性(TLS)协议的强大,商业级,功能丰富的开源工具包,以前称为安全套接字层(SSL)协议。 协议实现基于全强度通用密码库,该库也可以独立使用。

环境篇-Windows下安装OpenSSL

https://blog.csdn.net/zyhse/article/details/108186278
OpenSSL是一个功能丰富且开源的安全工具箱,它提供的主要功能有:SSL协议实现(包括SSLv2、SSLv3和TLSv1)、大量软算法(对称/非对称/摘要)、大数运算、非对称算法密钥生成、ASN.1编解码库、证书请求(PKCS10)编解码、数字证书编解码、CRL编解码、OCSP协议、数字证书验证、PKCS7标准实现和PKCS12个人数字证书格式实现等功能。

  OpenSSL采用C语言作为开发语言,这使得它具有优秀的跨平台性能,OpenSSL支持:

Linux
UNIX
Windows
Mac等平台
OpenSSL的github地址:https://github.com/openssl/openssl

  OpenSSL工具箱,主要包括以下三个组件:

openssl:多用途的命令行工具
libcrypto:加密算法库
libssl:加密模块应用库,实现了ssl及TLS协议

SSL协议原理详解

SSL协议原理详解
https://blog.csdn.net/qq_38265137/article/details/90112705
SSL (Secure Sockets Layer)安全套接层。是由Netscape公司于1990年开发,用于保障Word Wide Web(WWW)通讯的安全。主要任务是提供私密性,信息完整性和身份认证。1994年改版为SSLv2,1995年改版为SSLv3.

TLS(Transport Layer Security)安全传输层协议,)用于在两个通信应用程序之间提供保密性和数据完整性。该标准协议是由IETF于1999年颁布,整体来说TLS非常类似SSLv3,只是对SSLv3做了些增加和修改。

openssl库无法链接的解决方式

1.重新安装openssl的windows下msi格式文件
2.在cmake中进行以下路径设置,主要设置为bin中openssl.exe的文件路径以及include文件路径

2. licensecc项目组成

该软件由4个主要子组件制造:

  • a C++ library with a nice C api, licensecc with minimal (or no) external dependencies (the part you have to integrate in your software) that is the project you're currently in.

  • a license debugger lcc-inspector to be sent to the final customer when there are licensing problems or for calculating the pc hash before issuing the license.

  • a license generator (github project lcc-license-generatorlccgen for customizing the library and generate the licenses.

  • Usage examples to simplify the integration in your projec

  • 一个带有良好C API的C ++库,具有最小(或否)外部依赖项(您必须集成在软件中的部分)的许可(您必须在软件中)。

  • 在签发许可之前,将在有许可问题或计算PC Hash时将许可证调试器LCC调试器发送给最终客户。

  • 许可生成器(GitHub Project LCC-LICENSE-GENERATOR)LCCGEN用于自定义库并生成许可证。

  • 用法示例简化项目中的集成。

3.licensecc的使用方法

http://open-license-manager.github.io/licensecc/api/public_api.html#public-api

3.1 hardware identifier硬件识别

Hardware identifiers are used to link the execution of the software to a physical hardware (a pc). The software executing on client’s hardware, when it finds the license is missing, calls the api identify_pc and generates an hardware identifier. The client has to communicate the hardware id back to the software publisher that will issue a license for him (for details see: issue licenses).

硬件标识符用于将软件的执行链接到物理硬件(PC)。 在客户端硬件上执行的软件,当它发现丢失许可证时,请调用API identify_pc并生成硬件标识符。 客户必须将硬件ID传达给软件发布者,该软件发布者将为他颁发许可证(有关详细信息,请参见:发行许可证)

The licensed application will call the api method identify_pc to generate an hardware identifier and print it out to the user, the user then will contact the software licensor to get an appropriate license.

许可的应用程序将调用API方法 identify_pc生成硬件标识符并将其打印给用户,然后用户将联系软件许可器以获得适当的许可证。

The licensed application can either decide an identification strategy by passing it in the identify_pc parameter hw_id_method (see: LCC_API_HW_IDENTIFICATION_STRATEGY ) or let licensecc automatically choose how to generate the identifier (by passing hw_id_method=STRATEGY_DEFAULT). In this case licensecc is able to identify which virtual environment the user is running in and select the appropriate generation strategy.

许可的应用程序可以通过在identify_pc参数hw_id_method中传递识别策略(请参阅:lcc_api_hw_identification_strategy),或让LICENSECC自动选择如何生成标识符(通过传递HW_ID_Method = strategy_default)。

在这种情况下,LicenSECC能够确定用户正在运行的虚拟环境并选择适当的生成策略。

3.2硬件识别码生成过程Default identifier generation (implementation details)

When the licensed software calls identify_pc with LCC_API_HW_IDENTIFICATION_STRATEGY::STRATEGY_DEFAULT the identifier generation will follow these steps:

It will first look to the environment variable IDENTIFICATION_STRATEGY. If set it will use the identification strategy in that variable.

It will try to determine which virtual environment the licensed software is running in.
If no virtual environment found it will use the strategies in LCC_BARE_TO_METAL_STRATEGIES, it will try them one by one until the first one succeeds.

If it detects it’s running in a Virtual Machine it will try the strategies in LCC_VM_STRATEGIES, it will try them one by one until the first one succeeds.

if you’re interested in implementing your own hardware identification strategy you can have a look to the library
extension points.

3.3 API_identify_pc

bool identify_pc(LCC_API_HW_IDENTIFICATION_STRATEGYhw_id_method, char **identifier_out, size_t **buf_size, ExecutionEnvironmentInfo **execution_environment_info*)

Calculates the hardware identifier associated with a specific pc.

  • The caller, when it doesn’t find a valid license (see acquire_license below) should show to the user the calculated identifier.
  • The user should report the pc_identifier to the software editor that will in turn use it to issue a license.
  • pc_id_method = STRATEGY_DEFAULT is usually the best choice.
  • First call this method with identifier_out = nullptr and buf_size = 0 , it will return the requested buffer size in buf_size parameter.
  • Then allocate the necessary memory, and call the method again.

Return
true if successful, false if failure (because it is not possible to identify or buffer too small).
Parameters
hw_id_method[in]: specifies a preferred identification method. Usually STRATEGY_DEFAULT works well. See the wiki for more informations.
identifier_out[out]: buffer where the identification string will be placed.
buf_size[in-out]: size of the buffer where the identification string will be placed.
execution_environment_info[out]: if not null will contain the informations about the execution environment.

  • enumLCC_API_HW_IDENTIFICATION_STRATEGY

    This enum list all the possible pc identification strategy. It is to be used as a parameter of identify_pcSTRATEGY_DEFAULT Should be used in most cases.Values:**enumeratorSTRATEGY_DEFAULTDefault strategy.This strategy first checks the content of the environment variable IDENTIFICATION_STRATEGY. If the variable is defined it will use the strategy specified in there, if not defined it will try to detect which virtual environment the software is running in.If no virtual environment is detected it will try the strategies defined in LCC_BARE_TO_METAL_STRATEGIESIf it detects the software is running in a virtual machine it will use LCC_VM_STRATEGIESIf it detects the software is running in a docker or in an LXC it will use ::LCC_DOCKER_STRATEGIES or ::LCC_DOCKER_STRATEGIESIf it detects the software is running in a virtual machine in the cloud it will use LCC_CLOUD_STRATEGIESenumeratorSTRATEGY_ETHERNETenumeratorSTRATEGY_IP_ADDRESSenumeratorSTRATEGY_DISKenumeratorSTRATEGY_CPU_SIZENot yet implementedenumeratorSTRATEGY_HOST_NAMENot yet implementedenumeratorSTRATEGY_NONE

  • LCC_BARE_TO_METAL_STRATEGIES

    List the strategies used when no virtual envrionment is detected

  • LCC_VM_STRATEGIES

    List the strategies used when the software is executing in a virtual machine

  • LCC_LXC_STRATEGIES

  • LCC_DOCKER_STRATEGIES

  • LCC_CLOUD_STRATEGIES

    List the strategies used when it’s detected an execution in the cloud

3.4 license检索 License retrieval

how licensecc find the license file
Licensecc, when integrated into a software can automatically find its license file (or multiple license files) based on:
An environment variable:
Placing the full path of the license file in the environment variable LICENSE_LOCATION the library will look for it. Multiple license files can be separated by ‘;’

Placing the full license content in the environment LICENSE_DATA will let the library load it.

Placing the license in the same folder of the licensed executable will make the software find its own license. The filename must be the same of the executable, the extension .lic. eg. if you’re licensing my_awesome_software.exe the license file must be in the same folder and must be called my_awesome_software.lic.

The calling application can specify the location (or the complete license data) using LicenseLocation structure.

Implementing and registering the interface LicenseLocator software authors can easily define their own strategy.

5.项目中集成使用licensecc

使用例子链接如下

https://github.com/open-license-manager/examples

5.1 Build System - locate and link the licensecc

We strongly recommend to use CMake as a build system. If this is the case, the easiest way to compile is to configure LicenseCC as a git submodule of your project.

Then you can copy the cmake module Findlicensecc.cmake into your cmake modules directory in order to be able to locate the compiled library.

Adding the following lines to your CMakeLists.txt

find_package(licensecc 2.0.0 REQUIRED)

will make the external target** licensecc::licensecc_static** to be available for linking.
Findlicensecc.cmake takes the following CMake variables as input.
Cmake variable
LICENSECC_LOCATION
If licensecc was not checked out as a git submodule, in this variable you can provide an hint
to locate the library. It may point to the installation folder or the source folder.
LCC_PROJECT_NAME
Name of the project (the software where you want to integrate licensecc).
Alternatively it is possible to specify a component name in the component section

5.2 Call Licensecc from your code

The file containing the public api is include/licensecc/licensecc.h. Functions in there are considered stable

5.3 发行许可证

Issue licenses
The easiest way to issue licenses is to enter the project library and create the following project structure: The projects folder can be anyware. We created one in licensecc/projects for your convenience (and for testing purposes). A default project1 named DEFAULT has been created for you when you configured the project with cmake. You can re-configure the project with the LCC_PROJECT_NAME cmake variable to create a new project.
发行许可证
签发许可证的最简单方法是输入项目库并创建以下项目结构:项目文件夹可以是任何软件。 为了您的方便(以及用于测试目的),我们在LicenSecc/Projects中创建了一个。 当您使用cmake配置项目时,已经为您创建了一个名为default的默认项目1。 您可以使用LCC_PROJECT_NAME CMAKE变量重新配置该项目以创建一个新项目。

Place the lcc executable in your path (this is the executable needed to issue licenses). This executable is compiled together with the library, you should find it somewhere in your build tree or where you installed the library.

The lines below will create a perpetual unlimited license for your software:

将LCC可执行文件放在您的路径中(这是签发许可证所需的可执行文件)。 此可执行文件与库一起编译,您应该在构建树或安装库的位置找到它。

下面的行将为您的软件创建永久无限许可证:

cd projects/DEFAULT #(or whatever your project name is) 
lcc license issue -o licenses/{license-file-name}.lic

5.4 Licensing software with hardware identifier

To issue a license linked to a specific machine you first need to retrieve an hardware identifier for it. This can be done running an executable in the destination machine (usually it is your own software, that calls licensecc api and prints out the required identifier).

要发布链接到特定机器的许可证,您首先需要为其检索硬件标识符。 可以在目标计算机中运行可执行文件(通常是您自己的软件,可以调用LICENSECC API并打印出所需的标识符)。

If you are just experimenting the library you can compile and use the examples project to print out such hardware signature or you can run lccinspector in the destination machine.

Once you have the hardware identifier you can issue the command:

cd projects/DEFAULT #(or whatever your `lcc-project` is) 
lcc license issue --client-signature XXXX-XXXX-XXXX -o licenses/{license-file-name}.lic

to create the license file (usually this command is issued in the host machine where you compiled licensecc).

5.5.Full set of options

A good way to start exploring available options is the command: lcc license issue --help

Parameter Description
base64,b the license is encoded for inclusion in environment variables
valid-from Specify the start of the validity for this license. Format YYYY-MM-DD. If not specified defaults to today
valid-to .The expire date for this license. Format YYYY-MM-DD. If not specified the license won't expire
client-signature The signature of the hardware where the licensed software will run. It should be in the format XXXX-XXXX-XXXX. If not specified the license won't be linked to a specific pc
.output-file nameLicense output file path
.extra-data Application specific data.They'll be returned when calling the acquire_license
feature-names Comma separated list of features to license. See multi-feature discussion.

Note: 1 a project is a container for the customizations of licensecc. In special way its keys and build parameters. The name should reflect the name of the software you want to add a license to. The project name appears in the license file.

1一个项目是用于许可定制的容器。 以特殊的方式其键并构建参数。 该名称应反映您要添加许可证的软件的名称。 项目名称出现在许可证文件中。

6.API

Verify a license

  • LCC_EVENT_TYPE acquire_license(constCallerInformations **callerInformationconstLicenseLocation **licenseLocationLicenseInfo **license_out*)

    This method is used to request the use of one license for a product. In case of local license it’s used to check if the product is licensed.

# 7 Development and usage workflow

Below a description of the planned development and usage process. Comments and progress are reported on issue #42

dev-build-process

Build release

Open License Manager developers build a new release merging code to the master branch. Implementing GitFlow this should happen only when a new release is ready to be deployed. Travis CI builds the release for the supported environments and deploys it to GitHub release system.

Binary release contents

license generator executable (lccgen).
source code of the unconfigured library.
source code of (part of) the tests.

Test (1)

Contextually to the previous step Travis CI carries out all the tests. A special attention is about how carry out functional tests. In this phase the library is configured, compiled (only for the tests sake), linked with a mock executable and tested together with the license generator.

Initialize library

In this phase the signing keys are generated by license generator executable (lccgen), and optionally the source code of the library may be modified or obfuscated.

Test (2)

Integrate into the product
The source code of the library can and should be manually altered to prevent hackers to find a single cracking mechanism for all the products that integrate the library.

deliver the product to the client

Compiled product is delivered to the client.

If we want to link the execution to a specific hardware we need to send the product to the client without a license (or a demo executable, with the sole intent to generate the machine identifier).

If we just want to send a demo product with an expiry date we prepare a license without the machine identifier.

Build process

From the process described above, (strange to say) the license generator (lcc) configures itself as a build dependency of the licensing library, thus it needs to be built first.

8 licensecc的加密过程的理解

  1. 可以理解私钥是加密钥,公钥是解密钥。具体参考https://zhuanlan.zhihu.com/p/113522792

  2. 公钥和私钥是非对称存在,即私钥只有一个,但是公钥可以有多个。

  3. 结合其使用特定可以大概了解licensecc的使用,首先通过将licesecc作为当前的项目子项目进行引入以及编译,则此时在项目中就会生成当前项目的私钥。具体参考https://www.jianshu.com/p/eca35e99b4af

  4. 使用私钥结合lccgen生成license,可见license实际是包含了公钥以及其他硬件信息的加密文件。

  5. 然后通过生成的license去验证其是否ok。

  6. 当然需要在待授权项目中增加相应的lisence授权判断。

9 实际使用方式

  1. 通过licensecc的工程中的测试工具去生成私钥

  2. 以此为记住通过lccgen工具去产生公钥

  3. 通过对比发现同一个工程每次生成的私钥是不同的,因此需要注意对私钥的保

10 主要库的调用关系

  1. lccgen.exe 调用license_generator_lib.lib实现license的生成
  2. lccinspector调用 licensecc_static.lib实现对于cpu以及network检测
    3 . project_initialize 工程同时生成
    test_project 项目测试公钥以及私钥
    F:\Code11\lisenceCC\licensecc\projects\DEFAULT\private_key.rsa
    F:\Code11\lisenceCC\licensecc\projects\DEFAULT\include\licensecc\DEFAULT\public_key.h
  3. test_command-line 命令行使用
    以上公钥和私钥结合命令输入参数等形成license