moonlight-qt/nvpairingmanager.cpp

#include "nvpairingmanager.h"
#include "utils.h"

#include <QRandomGenerator>

#include <openssl/bio.h>
#include <openssl/aes.h>
#include <openssl/rand.h>
#include <openssl/pem.h>
#include <openssl/x509.h>
#include <openssl/evp.h>

NvPairingManager::NvPairingManager(QString address, IdentityManager im) :
    m_Http(address, im),
    m_Im(im)
{
    QByteArray cert = m_Im.getCertificate();
    BIO *bio = BIO_new_mem_buf(cert.data(), -1);
    THROW_BAD_ALLOC_IF_NULL(bio);

    m_Cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
    BIO_free_all(bio);
    if (m_Cert == nullptr)
    {
        throw new std::runtime_error("Unable to load certificate");
    }

    QByteArray pk = m_Im.getPrivateKey();
    bio = BIO_new_mem_buf(pk.data(), -1);
    THROW_BAD_ALLOC_IF_NULL(bio);

    m_PrivateKey = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);
    BIO_free_all(bio);
    if (m_PrivateKey == nullptr)
    {
        throw new std::runtime_error("Unable to load private key");
    }
}

NvPairingManager::~NvPairingManager()
{
    X509_free(m_Cert);
    EVP_PKEY_free(m_PrivateKey);
}

QString
NvPairingManager::generatePinString()
{
    return QString::asprintf("%04d", QRandomGenerator::global()->bounded(10000));
}

QByteArray
NvPairingManager::generateRandomBytes(int length)
{
    char* data = static_cast<char*>(alloca(length));
    RAND_bytes(reinterpret_cast<unsigned char*>(data), length);
    return QByteArray(data, length);
}

QByteArray
NvPairingManager::encrypt(QByteArray plaintext, AES_KEY* key)
{
    QByteArray ciphertext(plaintext.size(), 0);

    for (int i = 0; i < plaintext.size(); i += 16)
    {
        AES_encrypt(reinterpret_cast<unsigned char*>(&plaintext.data()[i]),
                    reinterpret_cast<unsigned char*>(&ciphertext.data()[i]),
                    key);
    }

    return ciphertext;
}

QByteArray
NvPairingManager::decrypt(QByteArray ciphertext, AES_KEY* key)
{
    QByteArray plaintext(ciphertext.size(), 0);

    for (int i = 0; i < plaintext.size(); i += 16)
    {
        AES_decrypt(reinterpret_cast<unsigned char*>(&ciphertext.data()[i]),
                    reinterpret_cast<unsigned char*>(&plaintext.data()[i]),
                    key);
    }

    return plaintext;
}

QByteArray
NvPairingManager::getSignatureFromPemCert(QByteArray certificate)
{
    BIO* bio = BIO_new_mem_buf(certificate.data(), -1);
    THROW_BAD_ALLOC_IF_NULL(bio);

    X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
    BIO_free_all(bio);

    ASN1_BIT_STRING* asnSignature;
    X509_get0_signature(&asnSignature, NULL, cert);

    QByteArray signature(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);

    X509_free(cert);

    return signature;
}

bool
NvPairingManager::verifySignature(QByteArray data, QByteArray signature, QByteArray serverCertificate)
{
    BIO* bio = BIO_new_mem_buf(serverCertificate.data(), -1);
    THROW_BAD_ALLOC_IF_NULL(bio);

    X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);
    BIO_free_all(bio);

    EVP_PKEY* pubKey = X509_get_pubkey(cert);
    THROW_BAD_ALLOC_IF_NULL(pubKey);

    EVP_MD_CTX* mdctx = EVP_MD_CTX_create();
    THROW_BAD_ALLOC_IF_NULL(mdctx);

    EVP_DigestVerifyInit(mdctx, nullptr, EVP_sha256(), nullptr, pubKey);
    EVP_DigestVerifyUpdate(mdctx, data.data(), data.length());
    int result = EVP_DigestVerifyFinal(mdctx, reinterpret_cast<unsigned char*>(signature.data()), signature.length());

    EVP_PKEY_free(pubKey);
    EVP_MD_CTX_destroy(mdctx);
    X509_free(cert);

    return result > 0;
}

QByteArray
NvPairingManager::signMessage(QByteArray message)
{
    EVP_MD_CTX *ctx = EVP_MD_CTX_create();
    THROW_BAD_ALLOC_IF_NULL(ctx);

    const EVP_MD *md = EVP_get_digestbyname("SHA256");
    THROW_BAD_ALLOC_IF_NULL(md);

    EVP_DigestInit_ex(ctx, md, NULL);
    EVP_DigestSignInit(ctx, NULL, md, NULL, m_PrivateKey);
    EVP_DigestSignUpdate(ctx, reinterpret_cast<unsigned char*>(message.data()), message.length());

    size_t signatureLength = 0;
    EVP_DigestSignFinal(ctx, NULL, &signatureLength);

    QByteArray signature(signatureLength, 0);
    EVP_DigestSignFinal(ctx, reinterpret_cast<unsigned char*>(signature.data()), &signatureLength);

    EVP_MD_CTX_destroy(ctx);

    return signature;
}

QByteArray
NvPairingManager::saltPin(QByteArray salt, QString pin)
{
    return QByteArray().append(salt).append(pin.toLatin1());
}

NvPairingManager::PairState
NvPairingManager::pair(QString serverInfo, QString pin)
{
    int serverMajorVersion = m_Http.getServerVersionQuad(serverInfo).at(0);
    qDebug() << "Pairing with server generation: " << serverMajorVersion;

    QCryptographicHash::Algorithm hashAlgo;
    int hashLength;
    if (serverMajorVersion >= 7)
    {
        // Gen 7+ uses SHA-256 hashing
        hashAlgo = QCryptographicHash::Sha256;
        hashLength = 32;
    }
    else
    {
        // Prior to Gen 7 uses SHA-1 hashing
        hashAlgo = QCryptographicHash::Sha1;
        hashLength = 20;
    }

    QByteArray salt = generateRandomBytes(16);
    QByteArray saltedPin = saltPin(salt, pin);

    AES_KEY encKey, decKey;
    AES_set_decrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &decKey);
    AES_set_encrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &encKey);

    QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
                                                    "pair",
                                                    "devicename=roth&updateState=1&phrase=getservercert&salt=" +
                                                    salt.toHex() + "&clientcert=" + m_Im.getCertificate().toHex(),
                                                    false);
    m_Http.verifyResponseStatus(getCert);
    if (m_Http.getXmlString(getCert, "paired") != "1")
    {
        qDebug() << "Failed pairing at stage #1";
        return PairState::FAILED;
    }

    QByteArray serverCert = m_Http.getXmlStringFromHex(getCert, "plaincert");
    if (serverCert == nullptr)
    {
        qDebug() << "Server likely already pairing";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::ALREADY_IN_PROGRESS;
    }

    QByteArray randomChallenge = generateRandomBytes(16);
    QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey);
    QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
                                                         "pair",
                                                         "devicename=roth&updateState=1&clientchallenge=" +
                                                         encryptedChallenge.toHex(),
                                                         true);
    m_Http.verifyResponseStatus(challengeXml);
    if (m_Http.getXmlString(challengeXml, "paired") != "1")
    {
        qDebug() << "Failed pairing at stage #2";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::FAILED;
    }

    QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), &decKey);
    QByteArray clientSecretData = generateRandomBytes(16);
    QByteArray challengeResponse;
    QByteArray serverResponse(challengeResponseData.data(), hashLength);

    ASN1_BIT_STRING* asnSignature;
    X509_get0_signature(&asnSignature, NULL, m_Cert);

    challengeResponse.append(challengeResponseData.data() + hashLength, 16);
    challengeResponse.append(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);
    challengeResponse.append(clientSecretData);

    QByteArray encryptedChallengeResponseHash = encrypt(QCryptographicHash::hash(challengeResponse, hashAlgo), &encKey);
    QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
                                                    "pair",
                                                    "devicename=roth&updateState=1&serverchallengeresp=" +
                                                    encryptedChallengeResponseHash.toHex(),
                                                    true);
    m_Http.verifyResponseStatus(respXml);
    if (m_Http.getXmlString(respXml, "paired") != "1")
    {
        qDebug() << "Failed pairing at stage #3";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::FAILED;
    }

    QByteArray pairingSecret = m_Http.getXmlStringFromHex(respXml, "pairingsecret");
    QByteArray serverSecret = QByteArray(pairingSecret.data(), 16);
    QByteArray serverSignature = QByteArray(&pairingSecret.data()[16], 256);

    if (!verifySignature(serverSecret,
                         serverSignature,
                         serverCert))
    {
        qDebug() << "MITM detected";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::FAILED;
    }

    QByteArray expectedResponseData;
    expectedResponseData.append(randomChallenge);
    expectedResponseData.append(getSignatureFromPemCert(serverCert));
    expectedResponseData.append(serverSecret);
    if (QCryptographicHash::hash(expectedResponseData, hashAlgo) != serverResponse)
    {
        qDebug() << "Incorrect PIN";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::PIN_WRONG;
    }

    QByteArray clientPairingSecret;
    clientPairingSecret.append(clientSecretData);
    clientPairingSecret.append(signMessage(clientSecretData));

    QString secretRespXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,
                                                          "pair",
                                                          "devicename=roth&updateState=1&clientpairingsecret=" +
                                                          clientPairingSecret.toHex(),
                                                          true);
    m_Http.verifyResponseStatus(secretRespXml);
    if (m_Http.getXmlString(secretRespXml, "paired") != "1")
    {
        qDebug() << "Failed pairing at stage #4";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::FAILED;
    }

    QString pairChallengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttps,
                                                             "pair",
                                                             "devicename=roth&updateState=1&phase=pairchallenge",
                                                             true);
    m_Http.verifyResponseStatus(pairChallengeXml);
    if (m_Http.getXmlString(pairChallengeXml, "paired") != "1")
    {
        qDebug() << "Failed pairing at stage #5";
        m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);
        return PairState::FAILED;
    }

    return PairState::PAIRED;
}
pairing stuff 2018-04-29 02:01:00 +00:00			`#include "nvpairingmanager.h"`
more work 2018-04-29 05:14:27 +00:00			`#include "utils.h"`
pairing stuff 2018-04-29 02:01:00 +00:00
			`#include <QRandomGenerator>`

more work 2018-04-29 05:14:27 +00:00			`#include <openssl/bio.h>`
pairing stuff 2018-04-29 02:01:00 +00:00			`#include <openssl/aes.h>`
more work 2018-04-29 05:14:27 +00:00			`#include <openssl/rand.h>`
			`#include <openssl/pem.h>`
			`#include <openssl/x509.h>`
			`#include <openssl/evp.h>`
pairing stuff 2018-04-29 02:01:00 +00:00
more work 2018-04-29 05:14:27 +00:00			`NvPairingManager::NvPairingManager(QString address, IdentityManager im) :`
			`m_Http(address, im),`
			`m_Im(im)`
pairing stuff 2018-04-29 02:01:00 +00:00			`{`
fix XML processing 2018-04-29 07:55:18 +00:00			`QByteArray cert = m_Im.getCertificate();`
			`BIO *bio = BIO_new_mem_buf(cert.data(), -1);`
more work 2018-04-29 05:14:27 +00:00			`THROW_BAD_ALLOC_IF_NULL(bio);`
pairing stuff 2018-04-29 02:01:00 +00:00
more work 2018-04-29 05:14:27 +00:00			`m_Cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);`
			`BIO_free_all(bio);`
			`if (m_Cert == nullptr)`
			`{`
			`throw new std::runtime_error("Unable to load certificate");`
			`}`

fix XML processing 2018-04-29 07:55:18 +00:00			`QByteArray pk = m_Im.getPrivateKey();`
			`bio = BIO_new_mem_buf(pk.data(), -1);`
more work 2018-04-29 05:14:27 +00:00			`THROW_BAD_ALLOC_IF_NULL(bio);`

Fix PEM reading issues and assert to catch generating corrupt keypairs 2018-05-01 04:33:36 +00:00			`m_PrivateKey = PEM_read_bio_PrivateKey(bio, nullptr, nullptr, nullptr);`
more work 2018-04-29 05:14:27 +00:00			`BIO_free_all(bio);`
Fix PEM reading issues and assert to catch generating corrupt keypairs 2018-05-01 04:33:36 +00:00			`if (m_PrivateKey == nullptr)`
more work 2018-04-29 05:14:27 +00:00			`{`
			`throw new std::runtime_error("Unable to load private key");`
			`}`
			`}`

			`NvPairingManager::~NvPairingManager()`
			`{`
			`X509_free(m_Cert);`
			`EVP_PKEY_free(m_PrivateKey);`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`

			`QString`
			`NvPairingManager::generatePinString()`
			`{`
pairing works 2018-04-29 08:48:41 +00:00			`return QString::asprintf("%04d", QRandomGenerator::global()->bounded(10000));`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`

			`QByteArray`
			`NvPairingManager::generateRandomBytes(int length)`
			`{`
more work 2018-04-29 05:14:27 +00:00			`char* data = static_cast<char*>(alloca(length));`
			`RAND_bytes(reinterpret_cast<unsigned char*>(data), length);`
			`return QByteArray(data, length);`
			`}`

			`QByteArray`
			`NvPairingManager::encrypt(QByteArray plaintext, AES_KEY* key)`
			`{`
			`QByteArray ciphertext(plaintext.size(), 0);`
pairing stuff 2018-04-29 02:01:00 +00:00
more work 2018-04-29 05:14:27 +00:00			`for (int i = 0; i < plaintext.size(); i += 16)`
pairing stuff 2018-04-29 02:01:00 +00:00			`{`
more work 2018-04-29 05:14:27 +00:00			`AES_encrypt(reinterpret_cast<unsigned char*>(&plaintext.data()[i]),`
			`reinterpret_cast<unsigned char*>(&ciphertext.data()[i]),`
			`key);`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`

more work 2018-04-29 05:14:27 +00:00			`return ciphertext;`
			`}`

			`QByteArray`
			`NvPairingManager::decrypt(QByteArray ciphertext, AES_KEY* key)`
			`{`
			`QByteArray plaintext(ciphertext.size(), 0);`

			`for (int i = 0; i < plaintext.size(); i += 16)`
			`{`
			`AES_decrypt(reinterpret_cast<unsigned char*>(&ciphertext.data()[i]),`
			`reinterpret_cast<unsigned char*>(&plaintext.data()[i]),`
			`key);`
			`}`

			`return plaintext;`
			`}`

pairing works 2018-04-29 08:48:41 +00:00			`QByteArray`
			`NvPairingManager::getSignatureFromPemCert(QByteArray certificate)`
			`{`
			`BIO* bio = BIO_new_mem_buf(certificate.data(), -1);`
			`THROW_BAD_ALLOC_IF_NULL(bio);`

			`X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);`
			`BIO_free_all(bio);`

Fix build with Clang 2018-04-30 01:44:34 +00:00			`ASN1_BIT_STRING* asnSignature;`
pairing works 2018-04-29 08:48:41 +00:00			`X509_get0_signature(&asnSignature, NULL, cert);`

			`QByteArray signature(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);`

			`X509_free(cert);`

			`return signature;`
			`}`

more work 2018-04-29 05:14:27 +00:00			`bool`
pairing works 2018-04-29 08:48:41 +00:00			`NvPairingManager::verifySignature(QByteArray data, QByteArray signature, QByteArray serverCertificate)`
more work 2018-04-29 05:14:27 +00:00			`{`
pairing works 2018-04-29 08:48:41 +00:00			`BIO* bio = BIO_new_mem_buf(serverCertificate.data(), -1);`
			`THROW_BAD_ALLOC_IF_NULL(bio);`

			`X509* cert = PEM_read_bio_X509(bio, nullptr, nullptr, nullptr);`
			`BIO_free_all(bio);`

			`EVP_PKEY* pubKey = X509_get_pubkey(cert);`
more work 2018-04-29 05:14:27 +00:00			`THROW_BAD_ALLOC_IF_NULL(pubKey);`

			`EVP_MD_CTX* mdctx = EVP_MD_CTX_create();`
			`THROW_BAD_ALLOC_IF_NULL(mdctx);`

			`EVP_DigestVerifyInit(mdctx, nullptr, EVP_sha256(), nullptr, pubKey);`
			`EVP_DigestVerifyUpdate(mdctx, data.data(), data.length());`
			`int result = EVP_DigestVerifyFinal(mdctx, reinterpret_cast<unsigned char*>(signature.data()), signature.length());`

			`EVP_PKEY_free(pubKey);`
			`EVP_MD_CTX_destroy(mdctx);`
pairing works 2018-04-29 08:48:41 +00:00			`X509_free(cert);`
more work 2018-04-29 05:14:27 +00:00
			`return result > 0;`
			`}`

			`QByteArray`
			`NvPairingManager::signMessage(QByteArray message)`
			`{`
			`EVP_MD_CTX *ctx = EVP_MD_CTX_create();`
			`THROW_BAD_ALLOC_IF_NULL(ctx);`

			`const EVP_MD *md = EVP_get_digestbyname("SHA256");`
			`THROW_BAD_ALLOC_IF_NULL(md);`

			`EVP_DigestInit_ex(ctx, md, NULL);`
			`EVP_DigestSignInit(ctx, NULL, md, NULL, m_PrivateKey);`
			`EVP_DigestSignUpdate(ctx, reinterpret_cast<unsigned char*>(message.data()), message.length());`

			`size_t signatureLength = 0;`
			`EVP_DigestSignFinal(ctx, NULL, &signatureLength);`

			`QByteArray signature(signatureLength, 0);`
			`EVP_DigestSignFinal(ctx, reinterpret_cast<unsigned char*>(signature.data()), &signatureLength);`

			`EVP_MD_CTX_destroy(ctx);`

			`return signature;`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`

			`QByteArray`
			`NvPairingManager::saltPin(QByteArray salt, QString pin)`
			`{`
more work 2018-04-29 05:14:27 +00:00			`return QByteArray().append(salt).append(pin.toLatin1());`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`

			`NvPairingManager::PairState`
			`NvPairingManager::pair(QString serverInfo, QString pin)`
			`{`
			`int serverMajorVersion = m_Http.getServerVersionQuad(serverInfo).at(0);`
			`qDebug() << "Pairing with server generation: " << serverMajorVersion;`

			`QCryptographicHash::Algorithm hashAlgo;`
more work 2018-04-29 05:14:27 +00:00			`int hashLength;`
pairing stuff 2018-04-29 02:01:00 +00:00			`if (serverMajorVersion >= 7)`
			`{`
			`// Gen 7+ uses SHA-256 hashing`
			`hashAlgo = QCryptographicHash::Sha256;`
more work 2018-04-29 05:14:27 +00:00			`hashLength = 32;`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`
			`else`
			`{`
			`// Prior to Gen 7 uses SHA-1 hashing`
			`hashAlgo = QCryptographicHash::Sha1;`
more work 2018-04-29 05:14:27 +00:00			`hashLength = 20;`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`

			`QByteArray salt = generateRandomBytes(16);`
			`QByteArray saltedPin = saltPin(salt, pin);`

			`AES_KEY encKey, decKey;`
more work 2018-04-29 05:14:27 +00:00			`AES_set_decrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &decKey);`
			`AES_set_encrypt_key(reinterpret_cast<const unsigned char*>(QCryptographicHash::hash(saltedPin, hashAlgo).data()), 128, &encKey);`
pairing stuff 2018-04-29 02:01:00 +00:00
			`QString getCert = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,`
			`"pair",`
more work 2018-04-29 05:14:27 +00:00			`"devicename=roth&updateState=1&phrase=getservercert&salt=" +`
			`salt.toHex() + "&clientcert=" + m_Im.getCertificate().toHex(),`
			`false);`
fix XML processing 2018-04-29 07:55:18 +00:00			`m_Http.verifyResponseStatus(getCert);`
more work 2018-04-29 05:14:27 +00:00			`if (m_Http.getXmlString(getCert, "paired") != "1")`
			`{`
			`qDebug() << "Failed pairing at stage #1";`
			`return PairState::FAILED;`
			`}`

pairing works 2018-04-29 08:48:41 +00:00			`QByteArray serverCert = m_Http.getXmlStringFromHex(getCert, "plaincert");`
			`if (serverCert == nullptr)`
			`{`
			`qDebug() << "Server likely already pairing";`
			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
			`return PairState::ALREADY_IN_PROGRESS;`
			`}`

			`QByteArray randomChallenge = generateRandomBytes(16);`
			`QByteArray encryptedChallenge = encrypt(randomChallenge, &encKey);`
more work 2018-04-29 05:14:27 +00:00			`QString challengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,`
			`"pair",`
			`"devicename=roth&updateState=1&clientchallenge=" +`
			`encryptedChallenge.toHex(),`
			`true);`
fix XML processing 2018-04-29 07:55:18 +00:00			`m_Http.verifyResponseStatus(challengeXml);`
more work 2018-04-29 05:14:27 +00:00			`if (m_Http.getXmlString(challengeXml, "paired") != "1")`
			`{`
			`qDebug() << "Failed pairing at stage #2";`
pairing works 2018-04-29 08:48:41 +00:00			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
more work 2018-04-29 05:14:27 +00:00			`return PairState::FAILED;`
			`}`

pairing works 2018-04-29 08:48:41 +00:00			`QByteArray challengeResponseData = decrypt(m_Http.getXmlStringFromHex(challengeXml, "challengeresponse"), &decKey);`
more work 2018-04-29 05:14:27 +00:00			`QByteArray clientSecretData = generateRandomBytes(16);`
			`QByteArray challengeResponse;`
pairing works 2018-04-29 08:48:41 +00:00			`QByteArray serverResponse(challengeResponseData.data(), hashLength);`
more work 2018-04-29 05:14:27 +00:00
Fix build with Clang 2018-04-30 01:44:34 +00:00			`ASN1_BIT_STRING* asnSignature;`
more work 2018-04-29 05:14:27 +00:00			`X509_get0_signature(&asnSignature, NULL, m_Cert);`

			`challengeResponse.append(challengeResponseData.data() + hashLength, 16);`
pairing works 2018-04-29 08:48:41 +00:00			`challengeResponse.append(reinterpret_cast<char*>(asnSignature->data), asnSignature->length);`
more work 2018-04-29 05:14:27 +00:00			`challengeResponse.append(clientSecretData);`

			`QByteArray encryptedChallengeResponseHash = encrypt(QCryptographicHash::hash(challengeResponse, hashAlgo), &encKey);`
			`QString respXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,`
			`"pair",`
			`"devicename=roth&updateState=1&serverchallengeresp=" +`
			`encryptedChallengeResponseHash.toHex(),`
			`true);`
fix XML processing 2018-04-29 07:55:18 +00:00			`m_Http.verifyResponseStatus(respXml);`
more work 2018-04-29 05:14:27 +00:00			`if (m_Http.getXmlString(respXml, "paired") != "1")`
			`{`
			`qDebug() << "Failed pairing at stage #3";`
pairing works 2018-04-29 08:48:41 +00:00			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
more work 2018-04-29 05:14:27 +00:00			`return PairState::FAILED;`
			`}`

pairing works 2018-04-29 08:48:41 +00:00			`QByteArray pairingSecret = m_Http.getXmlStringFromHex(respXml, "pairingsecret");`
			`QByteArray serverSecret = QByteArray(pairingSecret.data(), 16);`
			`QByteArray serverSignature = QByteArray(&pairingSecret.data()[16], 256);`
more work 2018-04-29 05:14:27 +00:00
pairing works 2018-04-29 08:48:41 +00:00			`if (!verifySignature(serverSecret,`
			`serverSignature,`
			`serverCert))`
more work 2018-04-29 05:14:27 +00:00			`{`
			`qDebug() << "MITM detected";`
pairing works 2018-04-29 08:48:41 +00:00			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
more work 2018-04-29 05:14:27 +00:00			`return PairState::FAILED;`
			`}`

pairing works 2018-04-29 08:48:41 +00:00			`QByteArray expectedResponseData;`
			`expectedResponseData.append(randomChallenge);`
			`expectedResponseData.append(getSignatureFromPemCert(serverCert));`
			`expectedResponseData.append(serverSecret);`
			`if (QCryptographicHash::hash(expectedResponseData, hashAlgo) != serverResponse)`
			`{`
			`qDebug() << "Incorrect PIN";`
			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
			`return PairState::PIN_WRONG;`
			`}`

more work 2018-04-29 05:14:27 +00:00			`QByteArray clientPairingSecret;`
			`clientPairingSecret.append(clientSecretData);`
			`clientPairingSecret.append(signMessage(clientSecretData));`

			`QString secretRespXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttp,`
			`"pair",`
			`"devicename=roth&updateState=1&clientpairingsecret=" +`
			`clientPairingSecret.toHex(),`
			`true);`
fix XML processing 2018-04-29 07:55:18 +00:00			`m_Http.verifyResponseStatus(secretRespXml);`
more work 2018-04-29 05:14:27 +00:00			`if (m_Http.getXmlString(secretRespXml, "paired") != "1")`
			`{`
			`qDebug() << "Failed pairing at stage #4";`
pairing works 2018-04-29 08:48:41 +00:00			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
more work 2018-04-29 05:14:27 +00:00			`return PairState::FAILED;`
			`}`

			`QString pairChallengeXml = m_Http.openConnectionToString(m_Http.m_BaseUrlHttps,`
			`"pair",`
			`"devicename=roth&updateState=1&phase=pairchallenge",`
			`true);`
fix XML processing 2018-04-29 07:55:18 +00:00			`m_Http.verifyResponseStatus(pairChallengeXml);`
more work 2018-04-29 05:14:27 +00:00			`if (m_Http.getXmlString(pairChallengeXml, "paired") != "1")`
			`{`
			`qDebug() << "Failed pairing at stage #5";`
pairing works 2018-04-29 08:48:41 +00:00			`m_Http.openConnectionToString(m_Http.m_BaseUrlHttp, "unpair", nullptr, true);`
more work 2018-04-29 05:14:27 +00:00			`return PairState::FAILED;`
			`}`

			`return PairState::PAIRED;`
pairing stuff 2018-04-29 02:01:00 +00:00			`}`