mirror of
https://codeberg.org/Freeyourgadget/Gadgetbridge
synced 2024-11-28 21:06:50 +01:00
[Huawei] Fix pin code encoding
This commit is contained in:
parent
8aaa766dcd
commit
2880297c51
@ -17,7 +17,9 @@
|
||||
package nodomain.freeyourgadget.gadgetbridge.devices.huawei;
|
||||
|
||||
import nodomain.freeyourgadget.gadgetbridge.util.CryptoUtils;
|
||||
import nodomain.freeyourgadget.gadgetbridge.util.GB;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
@ -100,13 +102,15 @@ public class HuaweiCrypto {
|
||||
}
|
||||
|
||||
private byte[] getDigestSecret() {
|
||||
byte[] digest;
|
||||
if (authVersion == 1) {
|
||||
return DIGEST_SECRET_v1;
|
||||
digest = DIGEST_SECRET_v1.clone();
|
||||
} else if (authVersion == 2) {
|
||||
return DIGEST_SECRET_v2;
|
||||
digest = DIGEST_SECRET_v2.clone();
|
||||
} else {
|
||||
return DIGEST_SECRET_v3;
|
||||
digest = DIGEST_SECRET_v3.clone();
|
||||
}
|
||||
return digest;
|
||||
}
|
||||
public byte[] computeDigest(byte[] message, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException {
|
||||
byte[] digestSecret = getDigestSecret();
|
||||
@ -118,9 +122,9 @@ public class HuaweiCrypto {
|
||||
return CryptoUtils.calcHmacSha256(digestStep1, nonce);
|
||||
}
|
||||
|
||||
public byte[] computeDigestHiChainLite(byte[] message, byte[] key, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
|
||||
public byte[] computeDigestHiChainLite(byte[] message, byte[] key, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException, UnsupportedEncodingException {
|
||||
byte[] digestStep1;
|
||||
byte[] hashKey = CryptoUtils.digest(key);
|
||||
byte[] hashKey = CryptoUtils.digest(GB.hexdump(key).getBytes("UTF-8"));
|
||||
byte[] digestSecret = getDigestSecret();
|
||||
for (int i = 0; i < digestSecret.length; i++) {
|
||||
digestSecret[i] = (byte) (((0xFF & hashKey[i]) ^ (digestSecret[i] & 0xFF)) & 0xFF);
|
||||
@ -130,14 +134,14 @@ public class HuaweiCrypto {
|
||||
.put(message)
|
||||
.array();
|
||||
if (authAlgo == 0x01) {
|
||||
digestStep1 = CryptoUtils.pbkdf2Sha256(msgToDigest, nonce, 0x3e8, 0x100);
|
||||
digestStep1 = CryptoUtils.pbkdf2Sha256(GB.hexdump(msgToDigest), GB.hexdump(nonce), 0x3e8, 0x100);
|
||||
} else {
|
||||
digestStep1 = CryptoUtils.calcHmacSha256(msgToDigest, nonce);
|
||||
}
|
||||
return CryptoUtils.calcHmacSha256(digestStep1, nonce);
|
||||
}
|
||||
|
||||
public byte[] digestChallenge(byte[] secretKey, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
|
||||
public byte[] digestChallenge(byte[] secretKey, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException, UnsupportedEncodingException {
|
||||
if (authMode == 0x02) {
|
||||
if (secretKey == null)
|
||||
return null;
|
||||
@ -153,7 +157,7 @@ public class HuaweiCrypto {
|
||||
return computeDigest(MESSAGE_CHALLENGE, nonce);
|
||||
}
|
||||
|
||||
public byte[] digestResponse(byte[] secretKey, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException {
|
||||
public byte[] digestResponse(byte[] secretKey, byte[] nonce) throws NoSuchAlgorithmException, InvalidKeyException, InvalidKeySpecException, UnsupportedEncodingException {
|
||||
if (authMode == 0x02) {
|
||||
if (secretKey == null)
|
||||
return null;
|
||||
@ -216,9 +220,11 @@ public class HuaweiCrypto {
|
||||
return CryptoUtils.decryptAES_CBC_Pad(data, encryptionKey, iv);
|
||||
}
|
||||
|
||||
public byte[] decryptPinCode(byte[] message, byte[] iv) throws CryptoException {
|
||||
public byte[] decryptPinCode(byte encryptMethod, byte[] message, byte[] iv) throws CryptoException {
|
||||
byte[] secretKey = getDigestSecret();
|
||||
try {
|
||||
if (encryptMethod == 0x1)
|
||||
return CryptoUtils.decryptAES_GCM_NoPad(message, secretKey, iv, null);
|
||||
return CryptoUtils.decryptAES_CBC_Pad(message, secretKey, iv);
|
||||
} catch (Exception e) {
|
||||
throw new CryptoException(e);
|
||||
|
@ -57,6 +57,7 @@ public class HuaweiPacket {
|
||||
|
||||
protected byte interval;
|
||||
protected byte authAlgo;
|
||||
protected byte encryptMethod;
|
||||
|
||||
public void setAuthVersion(byte authVersion) {
|
||||
this.authVersion = authVersion;
|
||||
@ -144,6 +145,14 @@ public class HuaweiPacket {
|
||||
public byte getAuthAlgo () {
|
||||
return this.authAlgo;
|
||||
}
|
||||
|
||||
public void setEncryptMethod(byte encryptMethod) {
|
||||
this.encryptMethod = encryptMethod;
|
||||
}
|
||||
|
||||
public byte getEncryptMethod () {
|
||||
return this.encryptMethod;
|
||||
}
|
||||
}
|
||||
|
||||
public static abstract class ParseException extends Exception {
|
||||
|
@ -78,6 +78,7 @@ public class DeviceConfig {
|
||||
public byte authAlgo = 0x00;
|
||||
public byte bondState = 0x00;
|
||||
public short interval = 0x0;
|
||||
public byte encryptMethod = 0x00;
|
||||
|
||||
public Response(ParamsProvider paramsProvider) {
|
||||
super(paramsProvider);
|
||||
@ -111,6 +112,9 @@ public class DeviceConfig {
|
||||
|
||||
if (this.tlv.contains(0x09))
|
||||
this.bondState = this.tlv.getByte(0x09);
|
||||
|
||||
if (this.tlv.contains(0x0C))
|
||||
this.encryptMethod = this.tlv.getByte(0x0C);
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1400,7 +1404,7 @@ public class DeviceConfig {
|
||||
|
||||
HuaweiCrypto huaweiCrypto = new HuaweiCrypto(paramsProvider.getAuthVersion());
|
||||
try {
|
||||
pinCode = huaweiCrypto.decryptPinCode(message, iv);
|
||||
pinCode = huaweiCrypto.decryptPinCode(paramsProvider.getEncryptMethod(), message, iv);
|
||||
} catch (HuaweiCrypto.CryptoException e) {
|
||||
throw new CryptoException("Could not decrypt pinCode", e);
|
||||
}
|
||||
@ -1487,7 +1491,7 @@ public class DeviceConfig {
|
||||
this.tlv = new HuaweiTLV()
|
||||
.put(0x01, authMode);
|
||||
if (authMode == 0x02 || authMode == 0x04)
|
||||
this.tlv.put(0x02, (byte)0x01);
|
||||
this.tlv.put(0x02, (byte)0x01); //force to not reconnected else 0x02
|
||||
this.tlv.put(0x05, deviceUUID)
|
||||
.put(0x03, (byte)0x01)
|
||||
.put(0x04, (byte)0x00);
|
||||
|
@ -331,6 +331,7 @@ public class HuaweiSupportProvider {
|
||||
initializeDeviceHiChainMode(linkParamsReq);
|
||||
} else if (securityNegoReq.authType == 0x01 || securityNegoReq.authType == 0x02) {
|
||||
LOG.debug("HiChain Lite mode");
|
||||
// Keep track the gadget is connected
|
||||
initializeDeviceHiChainLiteMode(linkParamsReq);
|
||||
}
|
||||
}
|
||||
|
@ -19,6 +19,7 @@ package nodomain.freeyourgadget.gadgetbridge.service.devices.huawei.requests;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.security.InvalidKeyException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
@ -30,6 +31,7 @@ import nodomain.freeyourgadget.gadgetbridge.devices.huawei.HuaweiCrypto;
|
||||
import nodomain.freeyourgadget.gadgetbridge.devices.huawei.HuaweiPacket;
|
||||
import nodomain.freeyourgadget.gadgetbridge.devices.huawei.packets.DeviceConfig;
|
||||
import nodomain.freeyourgadget.gadgetbridge.service.devices.huawei.HuaweiSupportProvider;
|
||||
import nodomain.freeyourgadget.gadgetbridge.util.GB;
|
||||
import nodomain.freeyourgadget.gadgetbridge.util.StringUtils;
|
||||
|
||||
public class GetAuthRequest extends Request {
|
||||
@ -73,12 +75,13 @@ public class GetAuthRequest extends Request {
|
||||
.put(clientNonce)
|
||||
.array();
|
||||
byte[] challenge = huaweiCrypto.digestChallenge(key, doubleNonce);
|
||||
LOG.debug("challenge: " + GB.hexdump(challenge));
|
||||
if (challenge == null)
|
||||
throw new RequestCreationException("Challenge null");
|
||||
return new DeviceConfig.Auth.Request(paramsProvider, challenge, nonce).serialize();
|
||||
} catch (HuaweiPacket.CryptoException e) {
|
||||
throw new RequestCreationException(e);
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException | InvalidKeySpecException e) {
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException | InvalidKeySpecException | UnsupportedEncodingException e) {
|
||||
throw new RequestCreationException("Digest exception", e);
|
||||
}
|
||||
}
|
||||
@ -102,7 +105,7 @@ public class GetAuthRequest extends Request {
|
||||
+ StringUtils.bytesToHex(expectedAnswer)
|
||||
);
|
||||
}
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException | InvalidKeySpecException e) {
|
||||
} catch (NoSuchAlgorithmException | InvalidKeyException | InvalidKeySpecException | UnsupportedEncodingException e) {
|
||||
throw new ResponseParseException("Challenge response digest exception");
|
||||
}
|
||||
}
|
||||
|
@ -84,5 +84,6 @@ public class GetLinkParamsRequest extends Request {
|
||||
this.bondState = ((LinkParams.Response) receivedPacket).bondState;
|
||||
|
||||
paramsProvider.setAuthAlgo(((LinkParams.Response) receivedPacket).authAlgo);
|
||||
paramsProvider.setEncryptMethod(((LinkParams.Response) receivedPacket).encryptMethod);
|
||||
}
|
||||
}
|
||||
|
@ -18,6 +18,7 @@ package nodomain.freeyourgadget.gadgetbridge.util;
|
||||
|
||||
import android.annotation.SuppressLint;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.nio.ByteBuffer;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
@ -133,10 +134,9 @@ public class CryptoUtils {
|
||||
return result;
|
||||
}
|
||||
|
||||
public static byte[] pbkdf2Sha256(byte[] key, byte[] iv, int count, int length) throws InvalidKeySpecException, NoSuchAlgorithmException {
|
||||
public static byte[] pbkdf2Sha256(String key, String iv, int count, int length) throws InvalidKeySpecException, NoSuchAlgorithmException, UnsupportedEncodingException {
|
||||
SecretKeyFactory secretKeyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
|
||||
String keyStr = new String(key, StandardCharsets.UTF_8);
|
||||
PBEKeySpec keySpec = new PBEKeySpec(keyStr.toCharArray(), iv, count, length);
|
||||
PBEKeySpec keySpec = new PBEKeySpec(key.toCharArray(), iv.getBytes("utf-8"), count, length);
|
||||
return secretKeyFactory.generateSecret(keySpec).getEncoded();
|
||||
}
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user