moonlight-qt/app/backend/nvpairingmanager.cpp

356 lines
13 KiB
C++
Raw Normal View History

2018-04-29 02:01:00 +00:00
#include "nvpairingmanager.h"
2018-04-29 05:14:27 +00:00
#include "utils.h"
2018-04-29 02:01:00 +00:00
#include <stdexcept>
2018-04-29 05:14:27 +00:00
#include <openssl/bio.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/evp.h>
2018-04-29 02:01:00 +00:00
2019-01-06 22:35:33 +00:00
#define REQUEST_TIMEOUT_MS 5000
NvPairingManager::NvPairingManager(NvComputer* computer) :
m_Http(computer)
2018-04-29 02:01:00 +00:00
{
2018-06-27 02:01:40 +00:00
QByteArray cert = IdentityManager::get()->getCertificate();
2018-04-29 07:55:18 +00:00
BIO *bio = BIO_new_mem_buf(cert.data(), -1);
2018-04-29 05:14:27 +00:00
THROW_BAD_ALLOC_IF_NULL(bio);
2018-04-29 02:01:00 +00:00
2018-04-29 05:14:27 +00:00
m_Cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
BIO_free_all(bio);
if (m_Cert == nullptr)
{
throw std::runtime_error("Unable to load certificate");
2018-04-29 05:14:27 +00:00
}
2018-06-27 02:01:40 +00:00
QByteArray pk = IdentityManager::get()->getPrivateKey();
2018-04-29 07:55:18 +00:00
bio = BIO_new_mem_buf(pk.data(), -1);
2018-04-29 05:14:27 +00:00
THROW_BAD_ALLOC_IF_NULL(bio);
m_PrivateKey = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
2018-04-29 05:14:27 +00:00
BIO_free_all(bio);
if (m_PrivateKey == nullptr)
2018-04-29 05:14:27 +00:00
{
throw std::runtime_error("Unable to load private key");
2018-04-29 05:14:27 +00:00
}
}
NvPairingManager::~NvPairingManager()
{
X509_free(m_Cert);
EVP_PKEY_free(m_PrivateKey);
2018-04-29 02:01:00 +00:00
}
QByteArray
NvPairingManager::generateRandomBytes(int length)
{
2018-04-29 05:14:27 +00:00
char* data = static_cast<char*>(alloca(length));
RAND_bytes(reinterpret_cast<unsigned char*>(data), length);
return QByteArray(data, length);
}
QByteArray
NvPairingManager::encrypt(const QByteArray& plaintext, const QByteArray& key)
2018-04-29 05:14:27 +00:00
{
QByteArray ciphertext(plaintext.size(), 0);
EVP_CIPHER_CTX* cipher;
int ciphertextLen;
2018-04-29 02:01:00 +00:00
cipher = EVP_CIPHER_CTX_new();
THROW_BAD_ALLOC_IF_NULL(cipher);
EVP_EncryptInit(cipher, EVP_aes_128_ecb(), reinterpret_cast<const unsigned char*>(key.data()), NULL);
EVP_CIPHER_CTX_set_padding(cipher, 0);
EVP_EncryptUpdate(cipher,
reinterpret_cast<unsigned char*>(ciphertext.data()),
&ciphertextLen,
reinterpret_cast<const unsigned char*>(plaintext.data()),
plaintext.length());
Q_ASSERT(ciphertextLen == ciphertext.length());
EVP_CIPHER_CTX_free(cipher);
2018-04-29 02:01:00 +00:00
2018-04-29 05:14:27 +00:00
return ciphertext;
}
QByteArray
NvPairingManager::decrypt(const QByteArray& ciphertext, const QByteArray& key)
2018-04-29 05:14:27 +00:00
{
QByteArray plaintext(ciphertext.size(), 0);
EVP_CIPHER_CTX* cipher;
int plaintextLen;
2018-04-29 05:14:27 +00:00
cipher = EVP_CIPHER_CTX_new();
THROW_BAD_ALLOC_IF_NULL(cipher);
EVP_DecryptInit(cipher, EVP_aes_128_ecb(), reinterpret_cast<const unsigned char*>(key.data()), NULL);
EVP_CIPHER_CTX_set_padding(cipher, 0);
EVP_DecryptUpdate(cipher,
reinterpret_cast<unsigned char*>(plaintext.data()),
&plaintextLen,
reinterpret_cast<const unsigned char*>(ciphertext.data()),
ciphertext.length());
Q_ASSERT(plaintextLen == plaintext.length());
EVP_CIPHER_CTX_free(cipher);
2018-04-29 05:14:27 +00:00
return plaintext;
}
2018-04-29 08:48:41 +00:00
QByteArray
NvPairingManager::getSignatureFromPemCert(const QByteArray& certificate)
2018-04-29 08:48:41 +00:00
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
BIO* bio = BIO_new_mem_buf(const_cast<char*>(certificate.data()), -1);
#else
2018-04-29 08:48:41 +00:00
BIO* bio = BIO_new_mem_buf(certificate.data(), -1);
#endif
2018-04-29 08:48:41 +00:00
THROW_BAD_ALLOC_IF_NULL(bio);
X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
BIO_free_all(bio);
2018-07-22 02:02:12 +00:00
#if (OPENSSL_VERSION_NUMBER < 0x10002000L)
ASN1_BIT_STRING *asnSignature = cert->signature;
#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
ASN1_BIT_STRING *asnSignature;
X509_get0_signature(&asnSignature, NULL, cert);
#else
2018-07-22 02:02:12 +00:00
const ASN1_BIT_STRING *asnSignature;
2018-04-29 08:48:41 +00:00
X509_get0_signature(&asnSignature, NULL, cert);
2018-07-22 02:02:12 +00:00
#endif
2018-04-29 08:48:41 +00:00
QByteArray signature(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);
X509_free(cert);
return signature;
}
2018-04-29 05:14:27 +00:00
bool
NvPairingManager::verifySignature(const QByteArray& data, const QByteArray& signature, const QByteArray& serverCertificate)
2018-04-29 05:14:27 +00:00
{
#if (OPENSSL_VERSION_NUMBER < 0x10100000L)
BIO* bio = BIO_new_mem_buf(const_cast<char*>(serverCertificate.data()), -1);
#else
2018-04-29 08:48:41 +00:00
BIO* bio = BIO_new_mem_buf(serverCertificate.data(), -1);
#endif
2018-04-29 08:48:41 +00:00
THROW_BAD_ALLOC_IF_NULL(bio);
X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
BIO_free_all(bio);
EVP_PKEY* pubKey = X509_get_pubkey(cert);
2018-04-29 05:14:27 +00:00
THROW_BAD_ALLOC_IF_NULL(pubKey);
EVP_MD_CTX* mdctx = EVP_MD_CTX_create();
THROW_BAD_ALLOC_IF_NULL(mdctx);
EVP_DigestVerifyInit(mdctx, nullptr, EVP_sha256(), nullptr, pubKey);
EVP_DigestVerifyUpdate(mdctx, data.data(), data.length());
int result = EVP_DigestVerifyFinal(mdctx, reinterpret_cast<unsigned char*>(const_cast<char*>(signature.data())), signature.length());
2018-04-29 05:14:27 +00:00
EVP_PKEY_free(pubKey);
EVP_MD_CTX_destroy(mdctx);
2018-04-29 08:48:41 +00:00
X509_free(cert);
2018-04-29 05:14:27 +00:00
return result > 0;
}
QByteArray
NvPairingManager::signMessage(const QByteArray& message)
2018-04-29 05:14:27 +00:00
{
EVP_MD_CTX *ctx = EVP_MD_CTX_create();
THROW_BAD_ALLOC_IF_NULL(ctx);
EVP_DigestSignInit(ctx, NULL, EVP_sha256(), NULL, m_PrivateKey);
EVP_DigestSignUpdate(ctx, reinterpret_cast<unsigned char*>(const_cast<char*>(message.data())), message.length());
2018-04-29 05:14:27 +00:00
size_t signatureLength = 0;
EVP_DigestSignFinal(ctx, NULL, &signatureLength);
2018-06-24 05:16:59 +00:00
QByteArray signature((int)signatureLength, 0);
2018-04-29 05:14:27 +00:00
EVP_DigestSignFinal(ctx, reinterpret_cast<unsigned char*>(signature.data()), &signatureLength);
EVP_MD_CTX_destroy(ctx);
return signature;
2018-04-29 02:01:00 +00:00
}
QByteArray
NvPairingManager::saltPin(const QByteArray& salt, QString pin)
2018-04-29 02:01:00 +00:00
{
2018-04-29 05:14:27 +00:00
return QByteArray().append(salt).append(pin.toLatin1());
2018-04-29 02:01:00 +00:00
}
NvPairingManager::PairState
2018-12-22 02:08:07 +00:00
NvPairingManager::pair(QString appVersion, QString pin, QSslCertificate& serverCert)
2018-04-29 02:01:00 +00:00
{
2018-07-06 06:12:55 +00:00
int serverMajorVersion = NvHTTP::parseQuad(appVersion).at(0);
qInfo() << "Pairing with server generation:" << serverMajorVersion;
2018-04-29 02:01:00 +00:00
QCryptographicHash::Algorithm hashAlgo;
2018-04-29 05:14:27 +00:00
int hashLength;
2018-04-29 02:01:00 +00:00
if (serverMajorVersion >= 7)
{
// Gen 7+ uses SHA-256 hashing
hashAlgo = QCryptographicHash::Sha256;
2018-04-29 05:14:27 +00:00
hashLength = 32;
2018-04-29 02:01:00 +00:00
}
else
{
// Prior to Gen 7 uses SHA-1 hashing
hashAlgo = QCryptographicHash::Sha1;
2018-04-29 05:14:27 +00:00
hashLength = 20;
2018-04-29 02:01:00 +00:00
}
QByteArray salt = generateRandomBytes(16);
QByteArray saltedPin = saltPin(salt, pin);
2021-03-03 00:14:15 +00:00
QByteArray aesKey = QCryptographicHash::hash(saltedPin, hashAlgo).constData();
aesKey.truncate(16);
2018-04-29 02:01:00 +00:00
QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
2018-04-29 05:14:27 +00:00
"devicename=roth&updateState=1&phrase=getservercert&salt=" +
2018-06-27 02:01:40 +00:00
salt.toHex() + "&clientcert=" + IdentityManager::get()->getCertificate().toHex(),
2019-01-06 22:35:33 +00:00
0);
2018-06-27 04:49:33 +00:00
NvHTTP::verifyResponseStatus(getCert);
if (NvHTTP::getXmlString(getCert, "paired") != "1")
2018-04-29 05:14:27 +00:00
{
qCritical() << "Failed pairing at stage #1";
2018-04-29 05:14:27 +00:00
return PairState::FAILED;
}
2018-12-22 02:08:07 +00:00
QByteArray serverCertStr = NvHTTP::getXmlStringFromHex(getCert, "plaincert");
if (serverCertStr == nullptr)
2018-04-29 08:48:41 +00:00
{
qCritical() << "Server likely already pairing";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 08:48:41 +00:00
return PairState::ALREADY_IN_PROGRESS;
}
QSslCertificate unverifiedServerCert = QSslCertificate(serverCertStr);
if (unverifiedServerCert.isNull()) {
Q_ASSERT(!unverifiedServerCert.isNull());
2018-12-23 03:55:28 +00:00
qCritical() << "Failed to parse plaincert";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-12-23 03:55:28 +00:00
return PairState::FAILED;
}
// Pin this cert for TLS until pairing is complete. If successful, we will propagate
// the cert into the NvComputer object and persist it.
m_Http.setServerCert(unverifiedServerCert);
2018-12-23 03:55:28 +00:00
2018-04-29 08:48:41 +00:00
QByteArray randomChallenge = generateRandomBytes(16);
QByteArray encryptedChallenge = encrypt(randomChallenge, aesKey);
2018-04-29 05:14:27 +00:00
QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&clientchallenge=" +
encryptedChallenge.toHex(),
2019-01-06 22:35:33 +00:00
REQUEST_TIMEOUT_MS);
2018-06-27 04:49:33 +00:00
NvHTTP::verifyResponseStatus(challengeXml);
if (NvHTTP::getXmlString(challengeXml, "paired") != "1")
2018-04-29 05:14:27 +00:00
{
qCritical() << "Failed pairing at stage #2";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 05:14:27 +00:00
return PairState::FAILED;
}
QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), aesKey);
2018-04-29 05:14:27 +00:00
QByteArray clientSecretData = generateRandomBytes(16);
QByteArray challengeResponse;
2018-04-29 08:48:41 +00:00
QByteArray serverResponse(challengeResponseData.data(), hashLength);
2018-04-29 05:14:27 +00:00
2018-07-22 02:02:12 +00:00
#if (OPENSSL_VERSION_NUMBER < 0x10002000L)
ASN1_BIT_STRING *asnSignature = m_Cert->signature;
#elif (OPENSSL_VERSION_NUMBER < 0x10100000L)
ASN1_BIT_STRING *asnSignature;
2018-07-22 02:02:12 +00:00
X509_get0_signature(&asnSignature, NULL, m_Cert);
#else
const ASN1_BIT_STRING *asnSignature;
2018-04-29 05:14:27 +00:00
X509_get0_signature(&asnSignature, NULL, m_Cert);
2018-07-22 02:02:12 +00:00
#endif
2018-04-29 05:14:27 +00:00
challengeResponse.append(challengeResponseData.data() + hashLength, 16);
2018-04-29 08:48:41 +00:00
challengeResponse.append(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);
2018-04-29 05:14:27 +00:00
challengeResponse.append(clientSecretData);
2019-07-06 04:04:04 +00:00
QByteArray paddedHash = QCryptographicHash::hash(challengeResponse, hashAlgo);
paddedHash.resize(32);
QByteArray encryptedChallengeResponseHash = encrypt(paddedHash, aesKey);
2018-04-29 05:14:27 +00:00
QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&serverchallengeresp=" +
encryptedChallengeResponseHash.toHex(),
2019-01-06 22:35:33 +00:00
REQUEST_TIMEOUT_MS);
2018-06-27 04:49:33 +00:00
NvHTTP::verifyResponseStatus(respXml);
if (NvHTTP::getXmlString(respXml, "paired") != "1")
2018-04-29 05:14:27 +00:00
{
qCritical() << "Failed pairing at stage #3";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 05:14:27 +00:00
return PairState::FAILED;
}
2018-06-27 04:49:33 +00:00
QByteArray pairingSecret = NvHTTP::getXmlStringFromHex(respXml, "pairingsecret");
QByteArray serverSecret = pairingSecret.left(16);
QByteArray serverSignature = pairingSecret.mid(16);
2018-04-29 05:14:27 +00:00
2018-04-29 08:48:41 +00:00
if (!verifySignature(serverSecret,
serverSignature,
2018-12-22 02:08:07 +00:00
serverCertStr))
2018-04-29 05:14:27 +00:00
{
qCritical() << "MITM detected";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 05:14:27 +00:00
return PairState::FAILED;
}
2018-04-29 08:48:41 +00:00
QByteArray expectedResponseData;
expectedResponseData.append(randomChallenge);
2018-12-22 02:08:07 +00:00
expectedResponseData.append(getSignatureFromPemCert(serverCertStr));
2018-04-29 08:48:41 +00:00
expectedResponseData.append(serverSecret);
if (QCryptographicHash::hash(expectedResponseData, hashAlgo) != serverResponse)
{
qCritical() << "Incorrect PIN";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 08:48:41 +00:00
return PairState::PIN_WRONG;
}
2018-04-29 05:14:27 +00:00
QByteArray clientPairingSecret;
clientPairingSecret.append(clientSecretData);
clientPairingSecret.append(signMessage(clientSecretData));
QString secretRespXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
"pair",
"devicename=roth&updateState=1&clientpairingsecret=" +
clientPairingSecret.toHex(),
2019-01-06 22:35:33 +00:00
REQUEST_TIMEOUT_MS);
2018-06-27 04:49:33 +00:00
NvHTTP::verifyResponseStatus(secretRespXml);
if (NvHTTP::getXmlString(secretRespXml, "paired") != "1")
2018-04-29 05:14:27 +00:00
{
qCritical() << "Failed pairing at stage #4";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 05:14:27 +00:00
return PairState::FAILED;
}
QString pairChallengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttps,
"pair",
2018-06-27 05:58:15 +00:00
"devicename=roth&updateState=1&phrase=pairchallenge",
2019-01-06 22:35:33 +00:00
REQUEST_TIMEOUT_MS);
2018-06-27 04:49:33 +00:00
NvHTTP::verifyResponseStatus(pairChallengeXml);
if (NvHTTP::getXmlString(pairChallengeXml, "paired") != "1")
2018-04-29 05:14:27 +00:00
{
qCritical() << "Failed pairing at stage #5";
2019-01-06 22:35:33 +00:00
m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, REQUEST_TIMEOUT_MS);
2018-04-29 05:14:27 +00:00
return PairState::FAILED;
}
serverCert = std::move(unverifiedServerCert);
2018-04-29 05:14:27 +00:00
return PairState::PAIRED;
2018-04-29 02:01:00 +00:00
}