Grégory Soutadé
0e90b89382
* add common method signNode() and addNonde() * Try to auth to operator if not already set * Fix an error in ADEPT protocol : attributes must be hashed in alphabetical order, not in reverse one * Update DRMProcessorClient
405 lines
13 KiB
C++
405 lines
13 KiB
C++
/*
|
|
Copyright (c) 2021, Grégory Soutadé
|
|
|
|
All rights reserved.
|
|
Redistribution and use in source and binary forms, with or without
|
|
modification, are permitted provided that the following conditions are met:
|
|
|
|
* Redistributions of source code must retain the above copyright
|
|
notice, this list of conditions and the following disclaimer.
|
|
* Redistributions in binary form must reproduce the above copyright
|
|
notice, this list of conditions and the following disclaimer in the
|
|
documentation and/or other materials provided with the distribution.
|
|
* Neither the name of the copyright holder nor the
|
|
names of its contributors may be used to endorse or promote products
|
|
derived from this software without specific prior written permission.
|
|
|
|
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY
|
|
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
|
|
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
|
|
DISCLAIMED. IN NO EVENT SHALL THE REGENTS AND CONTRIBUTORS BE LIABLE FOR ANY
|
|
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
|
|
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
|
|
LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
|
|
ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
(INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
|
|
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <openssl/rand.h>
|
|
#include <openssl/pkcs12.h>
|
|
#include <openssl/evp.h>
|
|
#include <openssl/err.h>
|
|
|
|
#include <QCoreApplication>
|
|
#include <QNetworkReply>
|
|
#include <QNetworkRequest>
|
|
#include <QNetworkAccessManager>
|
|
#include <QFile>
|
|
|
|
#include <zip.h>
|
|
|
|
#include <libgourou_common.h>
|
|
#include <libgourou_log.h>
|
|
#include "drmprocessorclientimpl.h"
|
|
|
|
/* Digest interface */
|
|
void* DRMProcessorClientImpl::createDigest(const std::string& digestName)
|
|
{
|
|
EVP_MD_CTX *sha_ctx = EVP_MD_CTX_new();
|
|
const EVP_MD* md = EVP_get_digestbyname(digestName.c_str());
|
|
EVP_DigestInit(sha_ctx, md);
|
|
|
|
return sha_ctx;
|
|
}
|
|
|
|
int DRMProcessorClientImpl::digestUpdate(void* handler, unsigned char* data, unsigned int length)
|
|
{
|
|
return EVP_DigestUpdate((EVP_MD_CTX *)handler, data, length);
|
|
}
|
|
|
|
int DRMProcessorClientImpl::digestFinalize(void* handler, unsigned char* digestOut)
|
|
{
|
|
int res = EVP_DigestFinal((EVP_MD_CTX *)handler, digestOut, NULL);
|
|
EVP_MD_CTX_free((EVP_MD_CTX *)handler);
|
|
return res;
|
|
}
|
|
|
|
int DRMProcessorClientImpl::digest(const std::string& digestName, unsigned char* data, unsigned int length, unsigned char* digestOut)
|
|
{
|
|
void* handler = createDigest(digestName);
|
|
if (!handler)
|
|
return -1;
|
|
if (digestUpdate(handler, data, length))
|
|
return -1;
|
|
return digestFinalize(handler, digestOut);
|
|
}
|
|
|
|
/* Random interface */
|
|
void DRMProcessorClientImpl::randBytes(unsigned char* bytesOut, unsigned int length)
|
|
{
|
|
RAND_bytes(bytesOut, length);
|
|
}
|
|
|
|
/* HTTP interface */
|
|
std::string DRMProcessorClientImpl::sendHTTPRequest(const std::string& URL, const std::string& POSTData, const std::string& contentType)
|
|
{
|
|
QNetworkRequest request(QUrl(URL.c_str()));
|
|
QNetworkAccessManager networkManager;
|
|
QByteArray replyData;
|
|
|
|
GOUROU_LOG(gourou::INFO, "Send request to " << URL);
|
|
if (POSTData.size())
|
|
{
|
|
GOUROU_LOG(gourou::DEBUG, "<<< " << std::endl << POSTData);
|
|
}
|
|
|
|
request.setRawHeader("Accept", "*/*");
|
|
request.setRawHeader("User-Agent", "book2png");
|
|
if (contentType.size())
|
|
request.setRawHeader("Content-Type", contentType.c_str());
|
|
|
|
QNetworkReply* reply;
|
|
|
|
if (POSTData.size())
|
|
reply = networkManager.post(request, POSTData.c_str());
|
|
else
|
|
reply = networkManager.get(request);
|
|
|
|
QCoreApplication* app = QCoreApplication::instance();
|
|
networkManager.moveToThread(app->thread());
|
|
while (!reply->isFinished())
|
|
app->processEvents();
|
|
|
|
replyData = reply->readAll();
|
|
if (reply->rawHeader("Content-Type") == "application/vnd.adobe.adept+xml")
|
|
{
|
|
GOUROU_LOG(gourou::DEBUG, ">>> " << std::endl << replyData.data());
|
|
}
|
|
|
|
return std::string(replyData.data(), replyData.length());
|
|
}
|
|
|
|
void DRMProcessorClientImpl::RSAPrivateEncrypt(const unsigned char* RSAKey, unsigned int RSAKeyLength,
|
|
const RSA_KEY_TYPE keyType, const std::string& password,
|
|
const unsigned char* data, unsigned dataLength,
|
|
unsigned char* res)
|
|
{
|
|
PKCS12 * pkcs12;
|
|
EVP_PKEY* pkey;
|
|
X509* cert;
|
|
STACK_OF(X509)* ca;
|
|
RSA * rsa;
|
|
|
|
pkcs12 = d2i_PKCS12(NULL, &RSAKey, RSAKeyLength);
|
|
if (!pkcs12)
|
|
EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
|
|
PKCS12_parse(pkcs12, password.c_str(), &pkey, &cert, &ca);
|
|
rsa = EVP_PKEY_get1_RSA(pkey);
|
|
|
|
int ret = RSA_private_encrypt(dataLength, data, res, rsa, RSA_PKCS1_PADDING);
|
|
|
|
if (ret < 0)
|
|
EXCEPTION(gourou::CLIENT_RSA_ERROR, ERR_error_string(ERR_get_error(), NULL));
|
|
|
|
if (gourou::logLevel >= gourou::DEBUG)
|
|
{
|
|
printf("Sig : ");
|
|
for(int i=0; i<(int)sizeof(res); i++)
|
|
printf("%02x ", res[i]);
|
|
printf("\n");
|
|
}
|
|
}
|
|
|
|
void DRMProcessorClientImpl::RSAPublicEncrypt(const unsigned char* RSAKey, unsigned int RSAKeyLength,
|
|
const RSA_KEY_TYPE keyType,
|
|
const unsigned char* data, unsigned dataLength,
|
|
unsigned char* res)
|
|
{
|
|
X509 * x509 = d2i_X509(0, &RSAKey, RSAKeyLength);
|
|
if (!x509)
|
|
EXCEPTION(gourou::CLIENT_INVALID_CERTIFICATE, "Invalid certificate");
|
|
|
|
EVP_PKEY * evpKey = X509_get_pubkey(x509);
|
|
RSA* rsa = EVP_PKEY_get1_RSA(evpKey);
|
|
EVP_PKEY_free(evpKey);
|
|
|
|
if (!rsa)
|
|
EXCEPTION(gourou::CLIENT_NO_PRIV_KEY, "No private key in certificate");
|
|
|
|
int ret = RSA_public_encrypt(dataLength, data, res, rsa, RSA_PKCS1_PADDING);
|
|
if (ret < 0)
|
|
EXCEPTION(gourou::CLIENT_RSA_ERROR, ERR_error_string(ERR_get_error(), NULL));
|
|
}
|
|
|
|
void* DRMProcessorClientImpl::generateRSAKey(int keyLengthBits)
|
|
{
|
|
BIGNUM * bn = BN_new();
|
|
RSA * rsa = RSA_new();
|
|
BN_set_word(bn, 0x10001);
|
|
RSA_generate_key_ex(rsa, keyLengthBits, bn, 0);
|
|
BN_free(bn);
|
|
|
|
return rsa;
|
|
}
|
|
|
|
void DRMProcessorClientImpl::destroyRSAHandler(void* handler)
|
|
{
|
|
RSA_free((RSA*)handler);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::extractRSAPublicKey(void* handler, unsigned char** keyOut, unsigned int* keyOutLength)
|
|
{
|
|
EVP_PKEY * evpKey = EVP_PKEY_new();
|
|
EVP_PKEY_set1_RSA(evpKey, (RSA*)handler);
|
|
X509_PUBKEY *x509_pubkey = 0;
|
|
X509_PUBKEY_set(&x509_pubkey, evpKey);
|
|
|
|
*keyOutLength = i2d_X509_PUBKEY(x509_pubkey, keyOut);
|
|
|
|
X509_PUBKEY_free(x509_pubkey);
|
|
EVP_PKEY_free(evpKey);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::extractRSAPrivateKey(void* handler, unsigned char** keyOut, unsigned int* keyOutLength)
|
|
{
|
|
EVP_PKEY * evpKey = EVP_PKEY_new();
|
|
EVP_PKEY_set1_RSA(evpKey, (RSA*)handler);
|
|
PKCS8_PRIV_KEY_INFO * privKey = EVP_PKEY2PKCS8(evpKey);
|
|
|
|
*keyOutLength = i2d_PKCS8_PRIV_KEY_INFO(privKey, keyOut);
|
|
|
|
PKCS8_PRIV_KEY_INFO_free(privKey);
|
|
EVP_PKEY_free(evpKey);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::extractCertificate(const unsigned char* RSAKey, unsigned int RSAKeyLength,
|
|
const RSA_KEY_TYPE keyType, const std::string& password,
|
|
unsigned char** certOut, unsigned int* certOutLength)
|
|
{
|
|
PKCS12 * pkcs12;
|
|
EVP_PKEY* pkey = 0;
|
|
X509* cert = 0;
|
|
STACK_OF(X509)* ca;
|
|
|
|
pkcs12 = d2i_PKCS12(NULL, &RSAKey, RSAKeyLength);
|
|
if (!pkcs12)
|
|
EXCEPTION(gourou::CLIENT_INVALID_PKCS12, ERR_error_string(ERR_get_error(), NULL));
|
|
PKCS12_parse(pkcs12, password.c_str(), &pkey, &cert, &ca);
|
|
|
|
*certOutLength = i2d_X509(cert, certOut);
|
|
|
|
EVP_PKEY_free(pkey);
|
|
}
|
|
|
|
/* Crypto interface */
|
|
void DRMProcessorClientImpl::AESEncrypt(CHAINING_MODE chaining,
|
|
const unsigned char* key, unsigned int keyLength,
|
|
const unsigned char* iv, unsigned int ivLength,
|
|
const unsigned char* dataIn, unsigned int dataInLength,
|
|
unsigned char* dataOut, unsigned int* dataOutLength)
|
|
{
|
|
void* handler = AESEncryptInit(chaining, key, keyLength, iv, ivLength);
|
|
AESEncryptUpdate(handler, dataIn, dataInLength, dataOut, dataOutLength);
|
|
AESEncryptFinalize(handler, dataOut+*dataOutLength, dataOutLength);
|
|
}
|
|
|
|
void* DRMProcessorClientImpl::AESEncryptInit(CHAINING_MODE chaining,
|
|
const unsigned char* key, unsigned int keyLength,
|
|
const unsigned char* iv, unsigned int ivLength)
|
|
{
|
|
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
|
switch(keyLength)
|
|
{
|
|
case 16:
|
|
switch(chaining)
|
|
{
|
|
case CHAIN_ECB:
|
|
EVP_EncryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, iv);
|
|
break;
|
|
case CHAIN_CBC:
|
|
EVP_EncryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
|
break;
|
|
default:
|
|
EXCEPTION(gourou::CLIENT_BAD_CHAINING, "Unknown chaining mode " << chaining);
|
|
}
|
|
break;
|
|
default:
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
EXCEPTION(gourou::CLIENT_BAD_KEY_SIZE, "Invalid key size " << keyLength);
|
|
}
|
|
|
|
return ctx;
|
|
}
|
|
|
|
void* DRMProcessorClientImpl::AESDecryptInit(CHAINING_MODE chaining,
|
|
const unsigned char* key, unsigned int keyLength,
|
|
const unsigned char* iv, unsigned int ivLength)
|
|
{
|
|
EVP_CIPHER_CTX *ctx = EVP_CIPHER_CTX_new();
|
|
|
|
switch(keyLength)
|
|
{
|
|
case 16:
|
|
switch(chaining)
|
|
{
|
|
case CHAIN_ECB:
|
|
EVP_DecryptInit_ex(ctx, EVP_aes_128_ecb(), NULL, key, iv);
|
|
break;
|
|
case CHAIN_CBC:
|
|
EVP_DecryptInit_ex(ctx, EVP_aes_128_cbc(), NULL, key, iv);
|
|
break;
|
|
default:
|
|
EXCEPTION(gourou::CLIENT_BAD_CHAINING, "Unknown chaining mode " << chaining);
|
|
}
|
|
break;
|
|
default:
|
|
EVP_CIPHER_CTX_free(ctx);
|
|
EXCEPTION(gourou::CLIENT_BAD_KEY_SIZE, "Invalid key size " << keyLength);
|
|
}
|
|
|
|
return ctx;
|
|
}
|
|
|
|
void DRMProcessorClientImpl::AESEncryptUpdate(void* handler, const unsigned char* dataIn, unsigned int dataInLength,
|
|
unsigned char* dataOut, unsigned int* dataOutLength)
|
|
{
|
|
EVP_EncryptUpdate((EVP_CIPHER_CTX*)handler, dataOut, (int*)dataOutLength, dataIn, dataInLength);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::AESEncryptFinalize(void* handler,
|
|
unsigned char* dataOut, unsigned int* dataOutLength)
|
|
{
|
|
int len;
|
|
EVP_EncryptFinal_ex((EVP_CIPHER_CTX*)handler, dataOut, &len);
|
|
*dataOutLength += len;
|
|
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*)handler);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::AESDecrypt(CHAINING_MODE chaining,
|
|
const unsigned char* key, unsigned int keyLength,
|
|
const unsigned char* iv, unsigned int ivLength,
|
|
const unsigned char* dataIn, unsigned int dataInLength,
|
|
unsigned char* dataOut, unsigned int* dataOutLength)
|
|
{
|
|
void* handler = AESDecryptInit(chaining, key, keyLength, iv, ivLength);
|
|
AESDecryptUpdate(handler, dataIn, dataInLength, dataOut, dataOutLength);
|
|
AESDecryptFinalize(handler, dataOut+*dataOutLength, dataOutLength);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::AESDecryptUpdate(void* handler, const unsigned char* dataIn, unsigned int dataInLength,
|
|
unsigned char* dataOut, unsigned int* dataOutLength)
|
|
{
|
|
EVP_DecryptUpdate((EVP_CIPHER_CTX*)handler, dataOut, (int*)dataOutLength, dataIn, dataInLength);
|
|
}
|
|
|
|
void DRMProcessorClientImpl::AESDecryptFinalize(void* handler, unsigned char* dataOut, unsigned int* dataOutLength)
|
|
{
|
|
int len;
|
|
EVP_DecryptFinal_ex((EVP_CIPHER_CTX*)handler, dataOut, &len);
|
|
*dataOutLength += len;
|
|
EVP_CIPHER_CTX_free((EVP_CIPHER_CTX*)handler);
|
|
}
|
|
|
|
void* DRMProcessorClientImpl::zipOpen(const std::string& path)
|
|
{
|
|
zip_t* handler = zip_open(path.c_str(), 0, 0);
|
|
|
|
if (!handler)
|
|
EXCEPTION(gourou::CLIENT_BAD_ZIP_FILE, "Invalid zip file " << path);
|
|
|
|
return handler;
|
|
}
|
|
|
|
std::string DRMProcessorClientImpl::zipReadFile(void* handler, const std::string& path)
|
|
{
|
|
std::string res;
|
|
unsigned char* buffer;
|
|
zip_stat_t sb;
|
|
|
|
if (zip_stat((zip_t *)handler, path.c_str(), 0, &sb) < 0)
|
|
EXCEPTION(gourou::CLIENT_ZIP_ERROR, "Zip error " << zip_strerror((zip_t *)handler));
|
|
|
|
if (!(sb.valid & (ZIP_STAT_INDEX|ZIP_STAT_SIZE)))
|
|
EXCEPTION(gourou::CLIENT_ZIP_ERROR, "Required fields missing");
|
|
|
|
buffer = new unsigned char[sb.size];
|
|
|
|
zip_file_t *f = zip_fopen_index((zip_t *)handler, sb.index, ZIP_FL_COMPRESSED);
|
|
|
|
zip_fread(f, buffer, sb.size);
|
|
zip_fclose(f);
|
|
|
|
res = std::string((char*)buffer, sb.size);
|
|
delete[] buffer;
|
|
|
|
return res;
|
|
}
|
|
|
|
void DRMProcessorClientImpl::zipWriteFile(void* handler, const std::string& path, const std::string& content)
|
|
{
|
|
zip_source_t* s = zip_source_buffer((zip_t*)handler, content.c_str(), content.length(), 0);
|
|
if (zip_file_add((zip_t*)handler, path.c_str(), s, ZIP_FL_OVERWRITE|ZIP_FL_ENC_UTF_8) < 0)
|
|
{
|
|
zip_source_free(s);
|
|
EXCEPTION(gourou::CLIENT_ZIP_ERROR, "Zip error " << zip_strerror((zip_t *)handler));
|
|
}
|
|
}
|
|
|
|
void DRMProcessorClientImpl::zipDeleteFile(void* handler, const std::string& path)
|
|
{
|
|
zip_int64_t idx = zip_name_locate((zip_t*)handler, path.c_str(), 0);
|
|
|
|
if (idx < 0)
|
|
EXCEPTION(gourou::CLIENT_ZIP_ERROR, "No such file " << path.c_str());
|
|
|
|
if (zip_delete((zip_t*)handler, idx))
|
|
EXCEPTION(gourou::CLIENT_ZIP_ERROR, "Zip error " << zip_strerror((zip_t *)handler));
|
|
}
|
|
|
|
void DRMProcessorClientImpl::zipClose(void* handler)
|
|
{
|
|
zip_close((zip_t*)handler);
|
|
}
|