diff --git a/app/backend/identitymanager.cpp b/app/backend/identitymanager.cpp index 7c5933b6..b7587273 100644 --- a/app/backend/identitymanager.cpp +++ b/app/backend/identitymanager.cpp @@ -5,7 +5,6 @@ #include #include -#include #include #include @@ -32,20 +31,16 @@ void IdentityManager::createCredentials(QSettings& settings) X509* cert = X509_new(); THROW_BAD_ALLOC_IF_NULL(cert); - EVP_PKEY* pk = EVP_PKEY_new(); + EVP_PKEY* pk; + EVP_PKEY_CTX* ctx = EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, NULL); + THROW_BAD_ALLOC_IF_NULL(ctx); + + EVP_PKEY_keygen_init(ctx); + EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, 2048); + EVP_PKEY_keygen(ctx, &pk); + EVP_PKEY_CTX_free(ctx); THROW_BAD_ALLOC_IF_NULL(pk); - BIGNUM* bne = BN_new(); - THROW_BAD_ALLOC_IF_NULL(bne); - - RSA* rsa = RSA_new(); - THROW_BAD_ALLOC_IF_NULL(rsa); - - BN_set_word(bne, RSA_F4); - RSA_generate_key_ex(rsa, 2048, bne, nullptr); - - EVP_PKEY_assign_RSA(pk, rsa); - X509_set_version(cert, 2); ASN1_INTEGER_set(X509_get_serialNumber(cert), 0); #if OPENSSL_VERSION_NUMBER < 0x10100000L @@ -94,7 +89,6 @@ void IdentityManager::createCredentials(QSettings& settings) X509_free(cert); EVP_PKEY_free(pk); - BN_free(bne); BIO_free(biokey); BIO_free(biocert); diff --git a/app/backend/nvpairingmanager.cpp b/app/backend/nvpairingmanager.cpp index 4f9bba34..7a41e6f5 100644 --- a/app/backend/nvpairingmanager.cpp +++ b/app/backend/nvpairingmanager.cpp @@ -4,7 +4,6 @@ #include #include -#include #include #include #include @@ -53,31 +52,51 @@ NvPairingManager::generateRandomBytes(int length) } QByteArray -NvPairingManager::encrypt(const QByteArray& plaintext, AES_KEY* key) +NvPairingManager::encrypt(const QByteArray& plaintext, const QByteArray& key) { QByteArray ciphertext(plaintext.size(), 0); + EVP_CIPHER_CTX* cipher; + int ciphertextLen; - for (int i = 0; i < plaintext.size(); i += 16) - { - AES_encrypt(reinterpret_cast(const_cast(&plaintext.data()[i])), - reinterpret_cast(&ciphertext.data()[i]), - key); - } + cipher = EVP_CIPHER_CTX_new(); + THROW_BAD_ALLOC_IF_NULL(cipher); + + EVP_EncryptInit(cipher, EVP_aes_128_ecb(), reinterpret_cast(key.data()), NULL); + EVP_CIPHER_CTX_set_padding(cipher, 0); + + EVP_EncryptUpdate(cipher, + reinterpret_cast(ciphertext.data()), + &ciphertextLen, + reinterpret_cast(plaintext.data()), + plaintext.length()); + Q_ASSERT(ciphertextLen == ciphertext.length()); + + EVP_CIPHER_CTX_free(cipher); return ciphertext; } QByteArray -NvPairingManager::decrypt(const QByteArray& ciphertext, AES_KEY* key) +NvPairingManager::decrypt(const QByteArray& ciphertext, const QByteArray& key) { QByteArray plaintext(ciphertext.size(), 0); + EVP_CIPHER_CTX* cipher; + int plaintextLen; - for (int i = 0; i < plaintext.size(); i += 16) - { - AES_decrypt(reinterpret_cast(const_cast(&ciphertext.data()[i])), - reinterpret_cast(&plaintext.data()[i]), - key); - } + cipher = EVP_CIPHER_CTX_new(); + THROW_BAD_ALLOC_IF_NULL(cipher); + + EVP_DecryptInit(cipher, EVP_aes_128_ecb(), reinterpret_cast(key.data()), NULL); + EVP_CIPHER_CTX_set_padding(cipher, 0); + + EVP_DecryptUpdate(cipher, + reinterpret_cast(plaintext.data()), + &plaintextLen, + reinterpret_cast(ciphertext.data()), + ciphertext.length()); + Q_ASSERT(plaintextLen == plaintext.length()); + + EVP_CIPHER_CTX_free(cipher); return plaintext; } @@ -188,9 +207,8 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC QByteArray salt = generateRandomBytes(16); QByteArray saltedPin = saltPin(salt, pin); - AES_KEY encKey, decKey; - AES_set_decrypt_key(reinterpret_cast(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &decKey); - AES_set_encrypt_key(reinterpret_cast(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &encKey); + QByteArray aesKey = QCryptographicHash::hash(saltedPin, hashAlgo).data(); + aesKey.truncate(16); QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", @@ -225,7 +243,7 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC m_Http.setServerCert(serverCert); QByteArray randomChallenge = generateRandomBytes(16); - QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey); + QByteArray encryptedChallenge = encrypt(randomChallenge, aesKey); QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", "devicename=roth&updateState=1&clientchallenge=" + @@ -239,7 +257,7 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC return PairState::FAILED; } - QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), &decKey); + QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), aesKey); QByteArray clientSecretData = generateRandomBytes(16); QByteArray challengeResponse; QByteArray serverResponse(challengeResponseData.data(), hashLength); @@ -260,7 +278,7 @@ NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverC QByteArray paddedHash = QCryptographicHash::hash(challengeResponse, hashAlgo); paddedHash.resize(32); - QByteArray encryptedChallengeResponseHash = encrypt(paddedHash, &encKey); + QByteArray encryptedChallengeResponseHash = encrypt(paddedHash, aesKey); QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "pair", "devicename=roth&updateState=1&serverchallengeresp=" + diff --git a/app/backend/nvpairingmanager.h b/app/backend/nvpairingmanager.h index accb0896..04182a57 100644 --- a/app/backend/nvpairingmanager.h +++ b/app/backend/nvpairingmanager.h @@ -3,7 +3,6 @@ #include "identitymanager.h" #include "nvhttp.h" -#include #include #include @@ -33,10 +32,10 @@ private: saltPin(const QByteArray& salt, QString pin); QByteArray - encrypt(const QByteArray& plaintext, AES_KEY* key); + encrypt(const QByteArray& plaintext, const QByteArray& key); QByteArray - decrypt(const QByteArray& ciphertext, AES_KEY* key); + decrypt(const QByteArray& ciphertext, const QByteArray& key); QByteArray getSignatureFromPemCert(const QByteArray& certificate);