/* * Copyright (c) 2010-2017 OTClient * * Permission is hereby granted, free of charge, to any person obtaining a copy * of this software and associated documentation files (the "Software"), to deal * in the Software without restriction, including without limitation the rights * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell * copies of the Software, and to permit persons to whom the Software is * furnished to do so, subject to the following conditions: * * The above copyright notice and this permission notice shall be included in * all copies or substantial portions of the Software. * * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. */ #include "crypt.h" #include #include #include #include #include #include #include #include #include #include #include #include #include static const std::string base64_chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; static inline bool is_base64(unsigned char c) { return (isalnum(c) || (c == '+') || (c == '/')); } Crypt g_crypt; Crypt::Crypt() { m_rsa = RSA_new(); } Crypt::~Crypt() { RSA_free(m_rsa); } std::string Crypt::base64Encode(const std::string& decoded_string) { std::string ret; int i = 0; int j = 0; uint8 char_array_3[3]; uint8 char_array_4[4]; int pos = 0; int len = decoded_string.size(); while(len--) { char_array_3[i++] = decoded_string[pos++]; if(i == 3) { char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); char_array_4[3] = char_array_3[2] & 0x3f; for(i = 0; (i <4) ; i++) ret += base64_chars[char_array_4[i]]; i = 0; } } if(i) { for(j = i; j < 3; j++) char_array_3[j] = '\0'; char_array_4[0] = (char_array_3[0] & 0xfc) >> 2; char_array_4[1] = ((char_array_3[0] & 0x03) << 4) + ((char_array_3[1] & 0xf0) >> 4); char_array_4[2] = ((char_array_3[1] & 0x0f) << 2) + ((char_array_3[2] & 0xc0) >> 6); char_array_4[3] = char_array_3[2] & 0x3f; for(j = 0; (j < i + 1); j++) ret += base64_chars[char_array_4[j]]; while((i++ < 3)) ret += '='; } return ret; } std::string Crypt::base64Decode(const std::string& encoded_string) { int len = encoded_string.size(); int i = 0; int j = 0; int in_ = 0; uint8 char_array_4[4], char_array_3[3]; std::string ret; while(len-- && (encoded_string[in_] != '=') && is_base64(encoded_string[in_])) { char_array_4[i++] = encoded_string[in_]; in_++; if(i ==4) { for(i = 0; i <4; i++) char_array_4[i] = base64_chars.find(char_array_4[i]); char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; for(i = 0; (i < 3); i++) ret += char_array_3[i]; i = 0; } } if(i) { for(j = i; j <4; j++) char_array_4[j] = 0; for(j = 0; j <4; j++) char_array_4[j] = base64_chars.find(char_array_4[j]); char_array_3[0] = (char_array_4[0] << 2) + ((char_array_4[1] & 0x30) >> 4); char_array_3[1] = ((char_array_4[1] & 0xf) << 4) + ((char_array_4[2] & 0x3c) >> 2); char_array_3[2] = ((char_array_4[2] & 0x3) << 6) + char_array_4[3]; for(j = 0; (j < i - 1); j++) ret += char_array_3[j]; } return ret; } std::string Crypt::xorCrypt(const std::string& buffer, const std::string& key) { std::string out; out.resize(buffer.size()); size_t i, j=0; for(i=0;i= key.size()) j = 0; } return out; } std::string Crypt::genUUID() { boost::uuids::random_generator gen; boost::uuids::uuid u = gen(); return boost::uuids::to_string(u); } bool Crypt::setMachineUUID(std::string uuidstr) { if(uuidstr.empty()) return false; uuidstr = _decrypt(uuidstr, false); if(uuidstr.length() != 16) return false; std::copy(uuidstr.begin(), uuidstr.end(), m_machineUUID.begin()); return true; } std::string Crypt::getMachineUUID() { if(m_machineUUID.is_nil()) { boost::uuids::random_generator gen; m_machineUUID = gen(); } return _encrypt(std::string(m_machineUUID.begin(), m_machineUUID.end()), false); } std::string Crypt::getCryptKey(bool useMachineUUID) { boost::hash uuid_hasher; boost::uuids::uuid uuid; if(useMachineUUID) { uuid = m_machineUUID; } else { boost::uuids::nil_generator nilgen; uuid = nilgen(); } boost::uuids::name_generator namegen(uuid); boost::uuids::uuid u = namegen(g_app.getCompactName() + g_platform.getCPUName() + g_platform.getOSName() + g_resources.getUserDir()); std::size_t hash = uuid_hasher(u); std::string key; key.assign((const char *)&hash, sizeof(hash)); return key; } std::string Crypt::_encrypt(const std::string& decrypted_string, bool useMachineUUID) { std::string tmp = "0000" + decrypted_string; uint32 sum = stdext::adler32((const uint8*)decrypted_string.c_str(), decrypted_string.size()); stdext::writeULE32((uint8*)&tmp[0], sum); std::string encrypted = base64Encode(xorCrypt(tmp, getCryptKey(useMachineUUID))); return encrypted; } std::string Crypt::_decrypt(const std::string& encrypted_string, bool useMachineUUID) { std::string decoded = base64Decode(encrypted_string); std::string tmp = xorCrypt(decoded, getCryptKey(useMachineUUID)); if(tmp.length() >= 4) { uint32 readsum = stdext::readULE32((const uint8*)tmp.c_str()); std::string decrypted_string = tmp.substr(4); uint32 sum = stdext::adler32((const uint8*)decrypted_string.c_str(), decrypted_string.size()); if(readsum == sum) return decrypted_string; } return std::string(); } std::string Crypt::md5Encode(const std::string& decoded_string, bool upperCase) { MD5_CTX c; MD5_Init(&c); MD5_Update(&c, decoded_string.c_str(), decoded_string.length()); uint8_t md[MD5_DIGEST_LENGTH]; MD5_Final(md, &c); char output[(MD5_DIGEST_LENGTH << 1) + 1]; for(int32_t i = 0; i < (int32_t)sizeof(md); ++i) sprintf(output + (i << 1), "%.2X", md[i]); std::string result = output; if(upperCase) return result; std::transform(result.begin(), result.end(), result.begin(), tolower); return result; } std::string Crypt::sha1Encode(const std::string& decoded_string, bool upperCase) { SHA_CTX c; SHA1_Init(&c); SHA1_Update(&c, decoded_string.c_str(), decoded_string.length()); uint8_t md[SHA_DIGEST_LENGTH]; SHA1_Final(md, &c); char output[(SHA_DIGEST_LENGTH << 1) + 1]; for(int32_t i = 0; i < (int32_t)sizeof(md); ++i) sprintf(output + (i << 1), "%.2X", md[i]); std::string result = output; if(upperCase) return result; std::transform(result.begin(), result.end(), result.begin(), tolower); return result; } std::string Crypt::sha256Encode(const std::string& decoded_string, bool upperCase) { SHA256_CTX c; SHA256_Init(&c); SHA256_Update(&c, decoded_string.c_str(), decoded_string.length()); uint8_t md[SHA256_DIGEST_LENGTH]; SHA256_Final(md, &c); char output[(SHA256_DIGEST_LENGTH << 1) + 1]; for(int32_t i = 0; i < (int32_t)sizeof(md); ++i) sprintf(output + (i << 1), "%.2X", md[i]); std::string result = output; if(upperCase) return result; std::transform(result.begin(), result.end(), result.begin(), tolower); return result; } std::string Crypt::sha512Encode(const std::string& decoded_string, bool upperCase) { SHA512_CTX c; SHA512_Init(&c); SHA512_Update(&c, decoded_string.c_str(), decoded_string.length()); uint8_t md[SHA512_DIGEST_LENGTH]; SHA512_Final(md, &c); char output[(SHA512_DIGEST_LENGTH << 1) + 1]; for(int32_t i = 0; i < (int32_t)sizeof(md); ++i) sprintf(output + (i << 1), "%.2X", md[i]); std::string result = output; if(upperCase) return result; std::transform(result.begin(), result.end(), result.begin(), tolower); return result; } void Crypt::rsaGenerateKey(int bits, int e) { // disabled because new OpenSSL changes broke /* RSA *rsa = RSA_new(); BIGNUM *ebn = BN_new(); BN_set_word(ebn, e); RSA_generate_key_ex(rsa, bits, ebn, nullptr); g_logger.info(stdext::format("%d bits (%d bytes) RSA key generated", bits, bits / 8)); g_logger.info(std::string("p = ") + BN_bn2dec(m_rsa->p)); g_logger.info(std::string("q = ") + BN_bn2dec(m_rsa->q)); g_logger.info(std::string("d = ") + BN_bn2dec(m_rsa->d)); g_logger.info(std::string("n = ") + BN_bn2dec(m_rsa->n)); g_logger.info(std::string("e = ") + BN_bn2dec(m_rsa->e)); BN_clear_free(ebn); RSA_free(rsa); */ } void Crypt::rsaSetPublicKey(const std::string& n, const std::string& e) { #if OPENSSL_VERSION_NUMBER < 0x10100005L BN_dec2bn(&m_rsa->n, n.c_str()); BN_dec2bn(&m_rsa->e, e.c_str()); // clear rsa cache if (m_rsa->_method_mod_n) { BN_MONT_CTX_free(m_rsa->_method_mod_n); m_rsa->_method_mod_n = NULL; } #else { BIGNUM *bn=NULL; BIGNUM *be=NULL; BN_dec2bn(&bn, n.c_str()); BN_dec2bn(&be, e.c_str()); RSA_set0_key(m_rsa,bn,be,NULL); // note, not supposed to free bn/be here, that's m_rsa's destructor's job } #endif } void Crypt::rsaSetPrivateKey(const std::string& p, const std::string& q, const std::string& d) { #if OPENSSL_VERSION_NUMBER < 0x10100005L BN_dec2bn(&m_rsa->p, p.c_str()); BN_dec2bn(&m_rsa->q, q.c_str()); BN_dec2bn(&m_rsa->d, d.c_str()); // clear rsa cache if (m_rsa->_method_mod_p) { BN_MONT_CTX_free(m_rsa->_method_mod_p); m_rsa->_method_mod_p = NULL; } if (m_rsa->_method_mod_q) { BN_MONT_CTX_free(m_rsa->_method_mod_q); m_rsa->_method_mod_q = NULL; } #else { if(d.length()> 0) { BIGNUM *bd=NULL; BN_dec2bn(&bd, d.c_str()); RSA_set0_key(m_rsa,NULL,NULL,bd); } BIGNUM *bp=NULL; BIGNUM *bq=NULL; BN_dec2bn(&bp, p.c_str()); BN_dec2bn(&bq, q.c_str()); RSA_set0_factors(m_rsa,bp,bq); // note, not supposed to free bp/bq/bd here, that's m_rsa's destructor's job } #endif } bool Crypt::rsaCheckKey() { // only used by server, that sets both public and private if(RSA_check_key(m_rsa)) { BN_CTX *ctx = BN_CTX_new(); BN_CTX_start(ctx); BIGNUM *r1 = BN_CTX_get(ctx), *r2 = BN_CTX_get(ctx); #if OPENSSL_VERSION_NUMBER < 0x10100005L BN_mod(m_rsa->dmp1, m_rsa->d, r1, ctx); BN_mod(m_rsa->dmq1, m_rsa->d, r2, ctx); BN_mod_inverse(m_rsa->iqmp, m_rsa->q, m_rsa->p, ctx); #else { const BIGNUM *dmp1_c=NULL; const BIGNUM *d=NULL; const BIGNUM *dmq1_c=NULL; const BIGNUM *iqmp_c=NULL; const BIGNUM *q=NULL; const BIGNUM *p=NULL; RSA_get0_key(m_rsa,NULL, NULL, &d); RSA_get0_factors(m_rsa, &p, &q); RSA_get0_crt_params(m_rsa,&dmp1_c,&dmq1_c,&iqmp_c); BIGNUM *dmp1=BN_dup(dmp1_c); BIGNUM *dmq1=BN_dup(dmq1_c); BIGNUM *iqmp=BN_dup(iqmp_c); BN_mod(dmp1, d, r1, ctx); BN_mod(dmq1, d, r2, ctx); BN_mod_inverse(iqmp, q, p, ctx); RSA_set0_crt_params(m_rsa, dmp1, dmq1, iqmp); } #endif return true; } else { ERR_load_crypto_strings(); g_logger.error(stdext::format("RSA check failed - %s", ERR_error_string(ERR_get_error(), NULL))); return false; } } bool Crypt::rsaEncrypt(unsigned char *msg, int size) { if(size != RSA_size(m_rsa)) return false; return RSA_public_encrypt(size, msg, msg, m_rsa, RSA_NO_PADDING) != -1; } bool Crypt::rsaDecrypt(unsigned char *msg, int size) { if(size != RSA_size(m_rsa)) return false; return RSA_private_decrypt(size, msg, msg, m_rsa, RSA_NO_PADDING) != -1; } int Crypt::rsaGetSize() { return RSA_size(m_rsa); }