d4/d5a/lecmaccalculator_8cpp_source.html

// Copyright (C) 2016 The Qt Company Ltd.

// SPDX-License-Identifier: LicenseRef-Qt-Commercial OR LGPL-3.0-only OR GPL-2.0-only OR GPL-3.0-only

// Qt-Security score:critical reason:uses-kernel-cryptography

#include "lecmaccalculator_p.h"


#include "bluez/bluez_data_p.h"


#include <QtCore/qbytearray.h>

#include <QtCore/qloggingcategory.h>

#include <QtCore/private/qcore_unix_p.h>


#include <cstring>

#include <sys/socket.h>

#include <sys/types.h>

#include <unistd.h>


#ifdef CONFIG_LINUX_CRYPTO_API

#include <linux/if_alg.h>

#endif


QT_BEGIN_NAMESPACE


Q_DECLARE_LOGGING_CATEGORY(QT_BT_BLUEZ)


LeCmacCalculator::LeCmacCalculator()

{

#ifdef CONFIG_LINUX_CRYPTO_API

    m_baseSocket = socket(AF_ALG, SOCK_SEQPACKET, 0);

    if (m_baseSocket == -1) {

        qCWarning(QT_BT_BLUEZ) << "failed to create first level crypto socket:"

                               << strerror(errno);

        return;

    }

    sockaddr_alg sa;

    using namespace std;

    memset(&sa, 0, sizeof sa);

    sa.salg_family = AF_ALG;

    strcpy(reinterpret_cast<char *>(sa.salg_type), "hash");

    strcpy(reinterpret_cast<char *>(sa.salg_name), "cmac(aes)");

    if (::bind(m_baseSocket, reinterpret_cast<sockaddr *>(&sa), sizeof sa) == -1) {

        qCWarning(QT_BT_BLUEZ) << "bind() failed for crypto socket:" << strerror(errno);

        return;

    }

#else // CONFIG_LINUX_CRYPTO_API

    qCWarning(QT_BT_BLUEZ) << "Linux crypto API not present, CMAC verification will fail.";

#endif

}


LeCmacCalculator::~LeCmacCalculator()

{

    if (m_baseSocket != -1)

        close(m_baseSocket);

}


QByteArray LeCmacCalculator::createFullMessage(const QByteArray &message, quint32 signCounter)

{

    // Spec v4.2, Vol 3, Part H, 2.4.5

    QByteArray fullMessage = message;

    fullMessage.resize(fullMessage.size() + sizeof signCounter);

    putBtData(signCounter, fullMessage.data() + message.size());

    return fullMessage;

}


quint64 LeCmacCalculator::calculateMac(const QByteArray &message, QUuid::Id128Bytes csrk) const

{

#ifdef CONFIG_LINUX_CRYPTO_API

    if (m_baseSocket == -1)

        return false;

    QUuid::Id128Bytes csrkMsb;

    std::reverse_copy(std::begin(csrk.data), std::end(csrk.data), std::begin(csrkMsb.data));

    qCDebug(QT_BT_BLUEZ) << "CSRK (MSB):" << QByteArray(reinterpret_cast<char *>(csrkMsb.data),

                                                        sizeof csrkMsb).toHex();

    if (setsockopt(m_baseSocket, 279 /* SOL_ALG */, ALG_SET_KEY, csrkMsb.data, sizeof csrkMsb) == -1) {

        qCWarning(QT_BT_BLUEZ) << "setsockopt() failed for crypto socket:" << strerror(errno);

        return 0;

    }


    class SocketWrapper

    {

    public:

        SocketWrapper(int socket) : m_socket(socket) {}

        ~SocketWrapper() {

            if (m_socket != -1)

                close(m_socket);

        }


        int value() const { return m_socket; }

    private:

        int m_socket;

    };

    SocketWrapper cryptoSocket(accept(m_baseSocket, nullptr, nullptr));

    if (cryptoSocket.value() == -1) {

        qCWarning(QT_BT_BLUEZ) << "accept() failed for crypto socket:" << strerror(errno);

        return 0;

    }


    QByteArray messageSwapped(message.size(), Qt::Uninitialized);

    std::reverse_copy(message.begin(), message.end(), messageSwapped.begin());

    qint64 totalBytesWritten = 0;

    do {

        const qint64 bytesWritten = qt_safe_write(cryptoSocket.value(),

                                                  messageSwapped.constData() + totalBytesWritten,

                                                  messageSwapped.size() - totalBytesWritten);

        if (bytesWritten == -1) {

            qCWarning(QT_BT_BLUEZ) << "writing to crypto socket failed:" << strerror(errno);

            return 0;

        }

        totalBytesWritten += bytesWritten;

    } while (totalBytesWritten < messageSwapped.size());

    quint64 mac;

    quint8 * const macPtr = reinterpret_cast<quint8 *>(&mac);

    qint64 totalBytesRead = 0;

    do {

        const qint64 bytesRead = qt_safe_read(cryptoSocket.value(), macPtr + totalBytesRead,

                                              sizeof mac - totalBytesRead);

        if (bytesRead == -1) {

            qCWarning(QT_BT_BLUEZ) << "reading from crypto socket failed:" << strerror(errno);

            return 0;

        }

        totalBytesRead += bytesRead;

    } while (totalBytesRead < qint64(sizeof mac));

    return qFromBigEndian(mac);

#else // CONFIG_LINUX_CRYPTO_API

    Q_UNUSED(message);

    Q_UNUSED(csrk);

    qCWarning(QT_BT_BLUEZ) << "CMAC calculation failed due to missing Linux crypto API.";

    return 0;

#endif

}


bool LeCmacCalculator::verify(const QByteArray &message, QUuid::Id128Bytes csrk,

                           quint64 expectedMac) const

{

#ifdef CONFIG_LINUX_CRYPTO_API

    const quint64 actualMac = calculateMac(message, csrk);

    if (actualMac != expectedMac) {

        qCWarning(QT_BT_BLUEZ) << Qt::hex << "signature verification failed: calculated mac:"

                               << actualMac << "expected mac:" << expectedMac;

        return false;

    }

    return true;

#else // CONFIG_LINUX_CRYPTO_API

    Q_UNUSED(message);

    Q_UNUSED(csrk);

    Q_UNUSED(expectedMac);

    qCWarning(QT_BT_BLUEZ) << "CMAC verification failed due to missing Linux crypto API.";

    return false;

#endif

}


QT_END_NAMESPACE