From 47c84363b5dc631d0972f32b8ec9ac1028cf42fe Mon Sep 17 00:00:00 2001 From: Double Sine Date: Sun, 8 May 2022 00:11:02 +0800 Subject: [PATCH] make code compatible with openssl 3.x Signed-off-by: Double Sine --- CMakeLists.txt | 17 +- .../resource_traits/openssl/decoder_ctx.hpp | 21 ++ .../resource_traits/openssl/encoder_ctx.hpp | 21 ++ .../openssl/evp_cipher_ctx.hpp | 21 ++ common/resource_traits/openssl/evp_pkey.hpp | 21 ++ .../resource_traits/openssl/evp_pkey_ctx.hpp | 21 ++ common/rsa_cipher.cpp | 253 +++++++++++++++++- common/rsa_cipher.hpp | 28 ++ navicat-keygen/navicat_serial_generator.cpp | 40 ++- navicat-keygen/navicat_serial_generator.hpp | 12 +- 10 files changed, 437 insertions(+), 18 deletions(-) create mode 100644 common/resource_traits/openssl/decoder_ctx.hpp create mode 100644 common/resource_traits/openssl/encoder_ctx.hpp create mode 100644 common/resource_traits/openssl/evp_cipher_ctx.hpp create mode 100644 common/resource_traits/openssl/evp_pkey.hpp create mode 100644 common/resource_traits/openssl/evp_pkey_ctx.hpp diff --git a/CMakeLists.txt b/CMakeLists.txt index 2d9b965..366519b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -1,8 +1,12 @@ cmake_minimum_required(VERSION 3.18) -project(navicat_keygen) +project(navicat-keygen) set(CMAKE_CXX_STANDARD 17) +find_package(fmt REQUIRED) +find_package(RapidJSON REQUIRED) +find_package(OpenSSL REQUIRED) + include(FetchContent) set(KEYSTONE_BUILD_STATIC_RUNTIME ON CACHE BOOL "" FORCE) set(BUILD_LIBS_ONLY ON CACHE BOOL "" FORCE) @@ -38,6 +42,11 @@ set( ./common/resource_traits/openssl/bio.hpp ./common/resource_traits/openssl/bio_chain.hpp ./common/resource_traits/openssl/rsa.hpp + ./common/resource_traits/openssl/evp_pkey.hpp + ./common/resource_traits/openssl/evp_pkey_ctx.hpp + ./common/resource_traits/openssl/evp_cipher_ctx.hpp + ./common/resource_traits/openssl/encoder_ctx.hpp + ./common/resource_traits/openssl/decoder_ctx.hpp ./common/resource_traits/unicorn/unicorn_handle.hpp ./common/resource_traits/unicorn/unicorn_alloc.hpp ./common/resource_traits/unix_os/file_descriptor.hpp @@ -76,9 +85,9 @@ set( ) add_executable(navicat-keygen ${NKG_COMMON_SOURCE} ${NKG_KEYGEN_SOURCE}) -target_include_directories(navicat-keygen PRIVATE ./common) -target_link_libraries(navicat-keygen fmt crypto) +target_include_directories(navicat-keygen PRIVATE ./common ${RAPIDJSON_INCLUDE_DIRS}) +target_link_libraries(navicat-keygen fmt::fmt OpenSSL::Crypto) add_executable(navicat-patcher ${NKG_COMMON_SOURCE} ${NKG_PATCHER_SOURCE}) target_include_directories(navicat-patcher PRIVATE ./common ${keystone_SOURCE_DIR}/include) -target_link_libraries(navicat-patcher fmt crypto keystone unicorn pthread) +target_link_libraries(navicat-patcher fmt::fmt OpenSSL::Crypto keystone unicorn pthread) diff --git a/common/resource_traits/openssl/decoder_ctx.hpp b/common/resource_traits/openssl/decoder_ctx.hpp new file mode 100644 index 0000000..7bd7dd7 --- /dev/null +++ b/common/resource_traits/openssl/decoder_ctx.hpp @@ -0,0 +1,21 @@ +#pragma once +#include + +namespace nkg::resource_traits::openssl { + + struct decoder_ctx { + using handle_t = OSSL_DECODER_CTX*; + + static constexpr handle_t invalid_value = nullptr; + + [[nodiscard]] + static bool is_valid(const handle_t& handle) noexcept { + return handle != invalid_value; + } + + static void release(const handle_t& handle) noexcept { + OSSL_DECODER_CTX_free(handle); + } + }; + +} diff --git a/common/resource_traits/openssl/encoder_ctx.hpp b/common/resource_traits/openssl/encoder_ctx.hpp new file mode 100644 index 0000000..2d484dd --- /dev/null +++ b/common/resource_traits/openssl/encoder_ctx.hpp @@ -0,0 +1,21 @@ +#pragma once +#include + +namespace nkg::resource_traits::openssl { + + struct encoder_ctx { + using handle_t = OSSL_ENCODER_CTX*; + + static constexpr handle_t invalid_value = nullptr; + + [[nodiscard]] + static bool is_valid(const handle_t& handle) noexcept { + return handle != invalid_value; + } + + static void release(const handle_t& handle) noexcept { + OSSL_ENCODER_CTX_free(handle); + } + }; + +} diff --git a/common/resource_traits/openssl/evp_cipher_ctx.hpp b/common/resource_traits/openssl/evp_cipher_ctx.hpp new file mode 100644 index 0000000..b38c8c9 --- /dev/null +++ b/common/resource_traits/openssl/evp_cipher_ctx.hpp @@ -0,0 +1,21 @@ +#pragma once +#include + +namespace nkg::resource_traits::openssl { + + struct evp_cipher_ctx { + using handle_t = EVP_CIPHER_CTX*; + + static constexpr handle_t invalid_value = nullptr; + + [[nodiscard]] + static bool is_valid(const handle_t& handle) noexcept { + return handle != invalid_value; + } + + static void release(const handle_t& handle) noexcept { + EVP_CIPHER_CTX_free(handle); + } + }; + +} diff --git a/common/resource_traits/openssl/evp_pkey.hpp b/common/resource_traits/openssl/evp_pkey.hpp new file mode 100644 index 0000000..52d70e3 --- /dev/null +++ b/common/resource_traits/openssl/evp_pkey.hpp @@ -0,0 +1,21 @@ +#pragma once +#include + +namespace nkg::resource_traits::openssl { + + struct evp_pkey { + using handle_t = EVP_PKEY*; + + static constexpr handle_t invalid_value = nullptr; + + [[nodiscard]] + static bool is_valid(const handle_t& handle) noexcept { + return handle != invalid_value; + } + + static void release(const handle_t& handle) noexcept { + EVP_PKEY_free(handle); + } + }; + +} diff --git a/common/resource_traits/openssl/evp_pkey_ctx.hpp b/common/resource_traits/openssl/evp_pkey_ctx.hpp new file mode 100644 index 0000000..96c9f0d --- /dev/null +++ b/common/resource_traits/openssl/evp_pkey_ctx.hpp @@ -0,0 +1,21 @@ +#pragma once +#include + +namespace nkg::resource_traits::openssl { + + struct evp_pkey_ctx { + using handle_t = EVP_PKEY_CTX*; + + static constexpr handle_t invalid_value = nullptr; + + [[nodiscard]] + static bool is_valid(const handle_t& handle) noexcept { + return handle != invalid_value; + } + + static void release(const handle_t& handle) noexcept { + EVP_PKEY_CTX_free(handle); + } + }; + +} diff --git a/common/rsa_cipher.cpp b/common/rsa_cipher.cpp index 1fe4647..c56d382 100644 --- a/common/rsa_cipher.cpp +++ b/common/rsa_cipher.cpp @@ -5,11 +5,20 @@ #include "resource_traits/openssl/bio.hpp" #include "resource_traits/openssl/bignum.hpp" +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x +#include +#include +#include "resource_traits/openssl/encoder_ctx.hpp" +#include "resource_traits/openssl/decoder_ctx.hpp" +#endif + #define NKG_CURRENT_SOURCE_FILE() u8".\\common\\rsa_cipher.cpp" #define NKG_CURRENT_SOURCE_LINE() __LINE__ namespace nkg { +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 + [[nodiscard]] RSA* rsa_cipher::_read_private_key_from_bio(BIO* p_bio) { resource_wrapper new_rsa { resource_traits::openssl::rsa{}, PEM_read_bio_RSAPrivateKey(p_bio, nullptr, nullptr, nullptr) }; @@ -22,6 +31,7 @@ namespace nkg { } } + [[nodiscard]] RSA* rsa_cipher::_read_public_key_pem_from_bio(BIO* p_bio) { resource_wrapper new_rsa { resource_traits::openssl::rsa{}, PEM_read_bio_RSA_PUBKEY(p_bio, nullptr, nullptr, nullptr) }; @@ -34,6 +44,7 @@ namespace nkg { } } + [[nodiscard]] RSA* rsa_cipher::_read_public_key_pkcs1_from_bio(BIO* p_bio) { resource_wrapper new_rsa { resource_traits::openssl::rsa{}, PEM_read_bio_RSAPublicKey(p_bio, nullptr, nullptr, nullptr) }; @@ -67,24 +78,130 @@ namespace nkg { } } - rsa_cipher::rsa_cipher() : m_rsa(RSA_new()) { + rsa_cipher::rsa_cipher() : + m_rsa(RSA_new()) + { if (!m_rsa.is_valid()) { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), u8"RSA_new failed."); } } +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + [[nodiscard]] + EVP_PKEY* rsa_cipher::_read_private_key_from_bio(BIO* p_bio) { + resource_wrapper new_rsa{ resource_traits::openssl::evp_pkey{} }; + + resource_wrapper decoder_context + { resource_traits::openssl::decoder_ctx{}, OSSL_DECODER_CTX_new_for_pkey(new_rsa.unsafe_addressof(), "PEM", "pkcs1", "RSA", OSSL_KEYMGMT_SELECT_PRIVATE_KEY, nullptr, nullptr) }; + + if (!decoder_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_DECODER_CTX_new_for_pkey failed."); + } + + if (!OSSL_DECODER_from_bio(decoder_context.get(), p_bio)) { // 1 on success, 0 on failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_DECODER_from_bio failed."); + } + + return new_rsa.transfer(); + } + + [[nodiscard]] + EVP_PKEY* rsa_cipher::_read_public_key_pem_from_bio(BIO* p_bio) { + resource_wrapper new_rsa{ resource_traits::openssl::evp_pkey{} }; + + resource_wrapper decoder_context + { resource_traits::openssl::decoder_ctx{}, OSSL_DECODER_CTX_new_for_pkey(new_rsa.unsafe_addressof(), "PEM", "SubjectPublicKeyInfo", "RSA", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, nullptr, nullptr) }; + + if (!decoder_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_DECODER_CTX_new_for_pkey failed."); + } + + if (!OSSL_DECODER_from_bio(decoder_context.get(), p_bio)) { // 1 on success, 0 on failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_DECODER_from_bio failed."); + } + + return new_rsa.transfer(); + } + + [[nodiscard]] + EVP_PKEY* rsa_cipher::_read_public_key_pkcs1_from_bio(BIO* p_bio) { + resource_wrapper new_rsa{ resource_traits::openssl::evp_pkey{} }; + + resource_wrapper decoder_context + { resource_traits::openssl::decoder_ctx{}, OSSL_DECODER_CTX_new_for_pkey(new_rsa.unsafe_addressof(), "PEM", "pkcs1", "RSA", OSSL_KEYMGMT_SELECT_PUBLIC_KEY, nullptr, nullptr) }; + + if (!decoder_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_DECODER_CTX_new_for_pkey failed."); + } + + if (!OSSL_DECODER_from_bio(decoder_context.get(), p_bio)) { // 1 on success, 0 on failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_DECODER_from_bio failed."); + } + + return new_rsa.transfer(); + } + + void rsa_cipher::_write_private_key_to_bio(EVP_PKEY* p_rsa, BIO* p_bio) { + resource_wrapper encoder_context + { resource_traits::openssl::encoder_ctx{}, OSSL_ENCODER_CTX_new_for_pkey(p_rsa, OSSL_KEYMGMT_SELECT_PRIVATE_KEY, "PEM", "pkcs1", nullptr) }; + + if (!encoder_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_ENCODER_CTX_new_for_pkey failed."); + } + + if (!OSSL_ENCODER_to_bio(encoder_context.get(), p_bio)) { // 1 on success, 0 on failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_ENCODER_to_bio failed."); + } + } + + void rsa_cipher::_write_public_key_pem_to_bio(EVP_PKEY* p_rsa, BIO* p_bio) { + resource_wrapper encoder_context + { resource_traits::openssl::encoder_ctx{}, OSSL_ENCODER_CTX_new_for_pkey(p_rsa, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, "PEM", "SubjectPublicKeyInfo", nullptr) }; + + if (!encoder_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_ENCODER_CTX_new_for_pkey failed."); + } + + if (!OSSL_ENCODER_to_bio(encoder_context.get(), p_bio)) { // 1 on success, 0 on failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_ENCODER_to_bio failed."); + } + } + + void rsa_cipher::_write_public_key_pkcs1_to_bio(EVP_PKEY* p_rsa, BIO* p_bio) { + resource_wrapper encoder_context + { resource_traits::openssl::encoder_ctx{}, OSSL_ENCODER_CTX_new_for_pkey(p_rsa, OSSL_KEYMGMT_SELECT_PUBLIC_KEY, "PEM", "pkcs1", nullptr) }; + + if (!encoder_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_ENCODER_CTX_new_for_pkey failed."); + } + + if (!OSSL_ENCODER_to_bio(encoder_context.get(), p_bio)) { // 1 on success, 0 on failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_ENCODER_to_bio failed."); + } + } + + rsa_cipher::rsa_cipher() = default; +#else +#error "rsa_cipher.cpp: Unexpected OpenSSL version." +#endif [[nodiscard]] size_t rsa_cipher::bits() const { -#if (OPENSSL_VERSION_NUMBER & 0xffff0000) == 0x10000000 // openssl 1.0.x +#if (OPENSSL_VERSION_NUMBER & 0xfff00000) == 0x10000000 // openssl 1.0.x if (m_rsa->n) { return BN_num_bits(m_rsa->n); } else { - throw no_key_assigned_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"RSA modulus has not been set."); + throw no_key_assigned_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"RSA key has not been set yet."); } -#elif (OPENSSL_VERSION_NUMBER & 0xffff0000) == 0x10100000 // openssl 1.1.x +#elif (OPENSSL_VERSION_NUMBER & 0xfff00000) == 0x10100000 // openssl 1.1.x return RSA_bits(m_rsa.get()); +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // openssl 3.x.x + if (m_rsa.is_valid()) { + return EVP_PKEY_get_bits(m_rsa.get()); + } else { + throw no_key_assigned_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"RSA key has not been set yet."); + } #else -#error "rsa_cipher.cpp: uexpected OpenSSL version" +#error "rsa_cipher.cpp: Unexpected OpenSSL version." #endif } @@ -99,9 +216,38 @@ namespace nkg { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"BN_set_word failed."); } +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 if (RSA_generate_key_ex(m_rsa.get(), bits, bn_e.get(), nullptr) == 0) { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), ERR_get_error(), u8"RSA_generate_key_ex failed."); } +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + resource_wrapper evp_pkey_context{ resource_traits::openssl::evp_pkey_ctx{}, EVP_PKEY_CTX_new_id(EVP_PKEY_RSA, nullptr) }; + if (!evp_pkey_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_new_id failed."); + } + + if (EVP_PKEY_keygen_init(evp_pkey_context.get()) <= 0) { // 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_keygen_init failed."); + } + + if (EVP_PKEY_CTX_set_rsa_keygen_bits(evp_pkey_context.get(), bits) <= 0) { // return a positive value for success and 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_set_rsa_keygen_bits failed."); + } + + if (EVP_PKEY_CTX_set1_rsa_keygen_pubexp(evp_pkey_context.get(), bn_e.get()) <= 0) { // return a positive value for success and 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_set1_rsa_keygen_pubexp failed."); + } + + resource_wrapper new_rsa{ resource_traits::openssl::evp_pkey{} }; + + if (EVP_PKEY_keygen(evp_pkey_context.get(), new_rsa.unsafe_addressof()) <= 0) { // 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_keygen failed."); + } + + m_rsa = std::move(new_rsa); +#else +#error "rsa_cipher.cpp: Unexpected OpenSSL version." +#endif } void rsa_cipher::export_private_key_file(std::string_view file_path) const { @@ -261,6 +407,7 @@ namespace nkg { } size_t rsa_cipher::public_encrypt(const void* plaintext, size_t plaintext_size, void* ciphertext, int padding) const { +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 if (plaintext_size <= INT_MAX) { int bytes_written = RSA_public_encrypt(static_cast(plaintext_size), reinterpret_cast(plaintext), reinterpret_cast(ciphertext), m_rsa.get(), padding); @@ -273,9 +420,33 @@ namespace nkg { } else { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"plaintext_size > INT_MAX"); } +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + resource_wrapper evp_pkey_context{ resource_traits::openssl::evp_pkey_ctx{}, EVP_PKEY_CTX_new(m_rsa.get(), nullptr) }; + if (!evp_pkey_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_new failed."); + } + + if (EVP_PKEY_encrypt_init(evp_pkey_context.get()) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_encrypt_init failed."); + } + + if (EVP_PKEY_CTX_set_rsa_padding(evp_pkey_context.get(), padding) <= 0) { // return a positive value for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_set_rsa_padding failed."); + } + + size_t ciphertext_size = 0; + if (EVP_PKEY_encrypt(evp_pkey_context.get(), reinterpret_cast(ciphertext), &ciphertext_size, reinterpret_cast(plaintext), plaintext_size) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_encrypt failed."); + } + + return ciphertext_size; +#else +#error "rsa_cipher.cpp: Unexpected OpenSSL version." +#endif } size_t rsa_cipher::private_encrypt(const void* plaintext, size_t plaintext_size, void* ciphertext, int padding) const { +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 if (plaintext_size <= INT_MAX) { int bytes_written = RSA_private_encrypt(static_cast(plaintext_size), reinterpret_cast(plaintext), reinterpret_cast(ciphertext), m_rsa.get(), padding); @@ -288,9 +459,33 @@ namespace nkg { } else { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"plaintext_size > INT_MAX"); } +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + resource_wrapper evp_pkey_context{ resource_traits::openssl::evp_pkey_ctx{}, EVP_PKEY_CTX_new(m_rsa.get(), nullptr) }; + if (!evp_pkey_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_new failed."); + } + + if (EVP_PKEY_sign_init(evp_pkey_context.get()) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_sign_init failed."); + } + + if (EVP_PKEY_CTX_set_rsa_padding(evp_pkey_context.get(), padding) <= 0) { // return a positive value for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_set_rsa_padding failed."); + } + + size_t ciphertext_size = 0; + if (EVP_PKEY_sign(evp_pkey_context.get(), reinterpret_cast(ciphertext), &ciphertext_size, reinterpret_cast(plaintext), plaintext_size) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_sign failed."); + } + + return ciphertext_size; +#else +#error "rsa_cipher.cpp: Unexpected OpenSSL version." +#endif } size_t rsa_cipher::public_decrypt(const void* ciphertext, size_t ciphertext_size, void* plaintext, int padding) const { +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 if (ciphertext_size <= INT_MAX) { int bytes_written = RSA_public_decrypt(static_cast(ciphertext_size), reinterpret_cast(ciphertext), reinterpret_cast(plaintext), m_rsa.get(), padding); @@ -304,9 +499,33 @@ namespace nkg { } else { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"ciphertext_size > INT_MAX"); } +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + resource_wrapper evp_pkey_context{ resource_traits::openssl::evp_pkey_ctx{}, EVP_PKEY_CTX_new(m_rsa.get(), nullptr) }; + if (!evp_pkey_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_new failed."); + } + + if (EVP_PKEY_verify_recover_init(evp_pkey_context.get())) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_verify_recover_init failed."); + } + + if (EVP_PKEY_CTX_set_rsa_padding(evp_pkey_context.get(), padding) <= 0) { // return a positive value for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_set_rsa_padding failed."); + } + + size_t plaintext_size = 0; + if (EVP_PKEY_verify_recover(evp_pkey_context.get(), reinterpret_cast(plaintext), &plaintext_size, reinterpret_cast(ciphertext), ciphertext_size) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_verify_recover failed."); + } + + return plaintext_size; +#else +#error "rsa_cipher.cpp: Unexpected OpenSSL version." +#endif } size_t rsa_cipher::private_decrypt(const void* ciphertext, size_t ciphertext_size, void* plaintext, int padding) const { +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 if (ciphertext_size <= INT_MAX) { int bytes_written = RSA_private_decrypt(static_cast(ciphertext_size), reinterpret_cast(ciphertext), reinterpret_cast(plaintext), m_rsa.get(), padding); @@ -320,7 +539,31 @@ namespace nkg { } else { throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"ciphertext_size > INT_MAX"); } +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + resource_wrapper evp_pkey_context{ resource_traits::openssl::evp_pkey_ctx{}, EVP_PKEY_CTX_new(m_rsa.get(), nullptr) }; + if (!evp_pkey_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_new failed."); + } + + if (EVP_PKEY_decrypt_init(evp_pkey_context.get()) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_decrypt_init failed."); + } + + if (EVP_PKEY_CTX_set_rsa_padding(evp_pkey_context.get(), padding) <= 0) { // return a positive value for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_CTX_set_rsa_padding failed."); + } + + size_t plaintext_size = 0; + if (EVP_PKEY_decrypt(evp_pkey_context.get(), reinterpret_cast(plaintext), &plaintext_size, reinterpret_cast(ciphertext), ciphertext_size) <= 0) { // return 1 for success, 0 or a negative value for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_PKEY_decrypt failed."); + } + + return plaintext_size; +#else +#error "rsa_cipher.cpp: Unexpected OpenSSL version." +#endif } + } #undef NKG_CURRENT_SOURCE_FILE diff --git a/common/rsa_cipher.hpp b/common/rsa_cipher.hpp index df13e9d..922eb0a 100644 --- a/common/rsa_cipher.hpp +++ b/common/rsa_cipher.hpp @@ -6,7 +6,14 @@ #include #include "resource_wrapper.hpp" +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 #include "resource_traits/openssl/rsa.hpp" +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x +#include "resource_traits/openssl/evp_pkey_ctx.hpp" +#include "resource_traits/openssl/evp_pkey.hpp" +#else +#error "rsa_cipher.hpp: Unexpected OpenSSL version." +#endif #include "exception.hpp" @@ -21,6 +28,7 @@ namespace nkg { class no_key_assigned_error; private: +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) < 0x30000000 // for openssl < 3.0.0 resource_wrapper m_rsa; [[nodiscard]] @@ -37,6 +45,26 @@ namespace nkg { static void _write_public_key_pem_to_bio(RSA* p_rsa, BIO* p_bio); static void _write_public_key_pkcs1_to_bio(RSA* p_rsa, BIO* p_bio); +#elif (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + resource_wrapper m_rsa; + + [[nodiscard]] + static EVP_PKEY* _read_private_key_from_bio(BIO* p_bio); + + [[nodiscard]] + static EVP_PKEY* _read_public_key_pem_from_bio(BIO* p_bio); + + [[nodiscard]] + static EVP_PKEY* _read_public_key_pkcs1_from_bio(BIO* p_bio); + + static void _write_private_key_to_bio(EVP_PKEY* p_rsa, BIO* p_bio); + + static void _write_public_key_pem_to_bio(EVP_PKEY* p_rsa, BIO* p_bio); + + static void _write_public_key_pkcs1_to_bio(EVP_PKEY* p_rsa, BIO* p_bio); +#else +#error "rsa_cipher.hpp: Unexpected OpenSSL version." +#endif public: rsa_cipher(); diff --git a/navicat-keygen/navicat_serial_generator.cpp b/navicat-keygen/navicat_serial_generator.cpp index 1b939e9..45845c2 100644 --- a/navicat-keygen/navicat_serial_generator.cpp +++ b/navicat-keygen/navicat_serial_generator.cpp @@ -1,7 +1,14 @@ #include "navicat_serial_generator.hpp" -#include -#include #include + +#include +#include +#include + +#include "resource_wrapper.hpp" +#include "resource_traits/openssl/evp_cipher_ctx.hpp" + +#include #include "base32_rfc4648.hpp" #define NKG_CURRENT_SOURCE_FILE() u8".\\navicat-keygen\\navicat_serial_generator.cpp" @@ -121,9 +128,13 @@ namespace nkg { void navicat_serial_generator::set_software_version(int ver) { if (11 <= ver && ver < 16) { + static_assert(sizeof(m_des_key) == sizeof(s_des_key0)); + m_data[8] = static_cast((ver << 4) | (m_data[8] & 0x0f)); memcpy(m_des_key, s_des_key0, sizeof(s_des_key0)); } else if (16 <= ver && ver < 32) { + static_assert(sizeof(m_des_key) == sizeof(s_des_key1)); + m_data[8] = static_cast(((ver - 16) << 4) | (m_data[8] & 0x0f)); memcpy(m_des_key, s_des_key1, sizeof(s_des_key1)); } else { @@ -134,9 +145,28 @@ namespace nkg { void navicat_serial_generator::generate() { RAND_bytes(m_data + 2, 3); - DES_key_schedule schedule; - DES_set_key_unchecked(&m_des_key, &schedule); - DES_ecb_encrypt(reinterpret_cast(m_data + 2), reinterpret_cast(m_data + 2), &schedule, DES_ENCRYPT); +#if (OPENSSL_VERSION_NUMBER & 0xf0000000) == 0x30000000 // for openssl 3.x.x + if (!OSSL_PROVIDER_available(nullptr, "legacy")) { + if (OSSL_PROVIDER_load(nullptr, "legacy") == nullptr) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"OSSL_PROVIDER_load failed."); + } + } +#else +#error "navicat_serial_generator.cpp: Unexpected OpenSSL version." +#endif + + resource_wrapper evp_cipher_context{ resource_traits::openssl::evp_cipher_ctx{}, EVP_CIPHER_CTX_new() }; + if (!evp_cipher_context.is_valid()) { + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_CIPHER_CTX_new failed."); + } + + if (EVP_EncryptInit_ex(evp_cipher_context.get(), EVP_des_ecb(), nullptr, m_des_key, nullptr) <= 0) { // return 1 for success and 0 for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_EncryptInit failed."); + } + + if (int _; EVP_EncryptUpdate(evp_cipher_context.get(), m_data + 2, &_, m_data + 2, 8) <= 0) { // return 1 for success and 0 for failure + throw backend_error(NKG_CURRENT_SOURCE_FILE(), NKG_CURRENT_SOURCE_LINE(), u8"EVP_EncryptUpdate failed."); + } m_serial_number = base32_rfc4648::encode(m_data, sizeof(m_data)); std::transform(m_serial_number.begin(), m_serial_number.end(), m_serial_number.begin(), _replace_confusing_chars); diff --git a/navicat-keygen/navicat_serial_generator.hpp b/navicat-keygen/navicat_serial_generator.hpp index 75e6a06..5820ae6 100644 --- a/navicat-keygen/navicat_serial_generator.hpp +++ b/navicat-keygen/navicat_serial_generator.hpp @@ -1,7 +1,6 @@ #pragma once #include #include -#include #include "exception.hpp" namespace nkg { @@ -36,13 +35,14 @@ namespace nkg { class navicat_serial_generator { public: class version_error; + class backend_error; private: - static inline const DES_cblock s_des_key0 = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; - static inline const DES_cblock s_des_key1 = { 0xE9, 0x7F, 0xB0, 0x60, 0x77, 0x45, 0x90, 0xAE }; + static inline const uint8_t s_des_key0[8] = { 0x64, 0xAD, 0xF3, 0x2F, 0xAE, 0xF2, 0x1A, 0x27 }; + static inline const uint8_t s_des_key1[8] = { 0xE9, 0x7F, 0xB0, 0x60, 0x77, 0x45, 0x90, 0xAE }; uint8_t m_data[10]; - DES_cblock m_des_key; + uint8_t m_des_key[8]; std::string m_serial_number; std::string m_serial_number_formatted; @@ -72,4 +72,8 @@ namespace nkg { using ::nkg::exception::exception; }; + class navicat_serial_generator::backend_error : public ::nkg::exception { + using ::nkg::exception::exception; + }; + }