LibreOffice Module xmlsecurity (master) 1
ciphercontext.cxx
Go to the documentation of this file.
1/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2/*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20#include <sal/config.h>
21
22#include <com/sun/star/lang/DisposedException.hpp>
23#include <osl/diagnose.h>
24#include <rtl/random.h>
25#include <rtl/ref.hxx>
26
27#include "ciphercontext.hxx"
28#include <pk11pub.h>
29
30using namespace ::com::sun::star;
31
32uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption, bool bW3CPadding )
33{
34 ::rtl::Reference< OCipherContext > xResult = new OCipherContext;
35
36 xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, nullptr );
37 if ( xResult->m_pSlot )
38 {
39 SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), sal::static_int_cast<unsigned>( aKey.getLength() ) };
40 xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, nullptr );
41 if ( xResult->m_pSymKey )
42 {
43 SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), sal::static_int_cast<unsigned>( aInitializationVector.getLength() ) };
44 xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem );
45 if ( xResult->m_pSecParam )
46 {
47 xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam);
48 if ( xResult->m_pContext )
49 {
50 xResult->m_bEncryption = bEncryption;
51 xResult->m_bW3CPadding = bW3CPadding;
52 xResult->m_bPadding = bW3CPadding || ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID );
53 xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam );
54 if ( xResult->m_nBlockSize <= SAL_MAX_INT8 )
55 return xResult;
56 }
57 }
58 }
59 }
60
61 return uno::Reference< xml::crypto::XCipherContext >();
62}
63
64void OCipherContext::Dispose()
65{
66 if ( m_pContext )
67 {
68 PK11_DestroyContext( m_pContext, PR_TRUE );
69 m_pContext = nullptr;
70 }
71
72 if ( m_pSecParam )
73 {
74 SECITEM_FreeItem( m_pSecParam, PR_TRUE );
75 m_pSecParam = nullptr;
76 }
77
78 if ( m_pSymKey )
79 {
80 PK11_FreeSymKey( m_pSymKey );
81 m_pSymKey = nullptr;
82 }
83
84 if ( m_pSlot )
85 {
86 PK11_FreeSlot( m_pSlot );
87 m_pSlot = nullptr;
88 }
89
90 m_bDisposed = true;
91}
92
93uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData )
94{
95 std::unique_lock aGuard( m_aMutex );
96
97 if ( m_bBroken )
98 throw uno::RuntimeException();
99
100 if ( m_bDisposed )
101 throw lang::DisposedException();
102
103 uno::Sequence< sal_Int8 > aToConvert;
104 if ( aData.hasElements() )
105 {
106 sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength();
107 OSL_ENSURE( nOldLastBlockLen <= m_nBlockSize, "Unexpected last block size!" );
108
109 sal_Int32 nAvailableData = nOldLastBlockLen + aData.getLength();
110 sal_Int32 nToConvertLen;
111 if ( m_bEncryption || !m_bW3CPadding )
112 {
113 if ( nAvailableData % m_nBlockSize == 0 )
114 nToConvertLen = nAvailableData;
115 else if ( nAvailableData < m_nBlockSize )
116 nToConvertLen = 0;
117 else
118 nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize;
119 }
120 else
121 {
122 // decryption with W3C padding needs at least one block for finalizing
123 if ( nAvailableData < m_nBlockSize * 2 )
124 nToConvertLen = 0;
125 else
126 nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize - m_nBlockSize;
127 }
128
129 aToConvert.realloc( nToConvertLen );
130 if ( nToConvertLen == 0 )
131 {
132 m_aLastBlock.realloc( nOldLastBlockLen + aData.getLength() );
133 memcpy( m_aLastBlock.getArray() + nOldLastBlockLen, aData.getConstArray(), aData.getLength() );
134 // aToConvert stays empty
135 }
136 else if ( nToConvertLen < nOldLastBlockLen )
137 {
138 memcpy( aToConvert.getArray(), m_aLastBlock.getConstArray(), nToConvertLen );
139 memcpy( m_aLastBlock.getArray(), m_aLastBlock.getConstArray() + nToConvertLen, nOldLastBlockLen - nToConvertLen );
140 m_aLastBlock.realloc( nOldLastBlockLen - nToConvertLen + aData.getLength() );
141 memcpy( m_aLastBlock.getArray() + nOldLastBlockLen - nToConvertLen, aData.getConstArray(), aData.getLength() );
142 }
143 else
144 {
145 memcpy( aToConvert.getArray(), m_aLastBlock.getConstArray(), nOldLastBlockLen );
146 if ( nToConvertLen > nOldLastBlockLen )
147 memcpy( aToConvert.getArray() + nOldLastBlockLen, aData.getConstArray(), nToConvertLen - nOldLastBlockLen );
148 m_aLastBlock.realloc( nAvailableData - nToConvertLen );
149 memcpy( m_aLastBlock.getArray(), aData.getConstArray() + nToConvertLen - nOldLastBlockLen, nAvailableData - nToConvertLen );
150 }
151 }
152
153 uno::Sequence< sal_Int8 > aResult;
154 OSL_ENSURE( aToConvert.getLength() % m_nBlockSize == 0, "Unexpected size of the data to encrypt!" );
155 if ( aToConvert.hasElements() )
156 {
157 int nResultLen = 0;
158 aResult.realloc( aToConvert.getLength() + m_nBlockSize );
159 if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), reinterpret_cast< const unsigned char* >( aToConvert.getConstArray() ), aToConvert.getLength() ) != SECSuccess )
160 {
161 m_bBroken = true;
162 Dispose();
163 throw uno::RuntimeException();
164 }
165
166 m_nConverted += aToConvert.getLength();
167 aResult.realloc( nResultLen );
168 }
169
170 return aResult;
171}
172
173uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose()
174{
175 std::unique_lock aGuard( m_aMutex );
176
177 if ( m_bBroken )
178 throw uno::RuntimeException();
179
180 if ( m_bDisposed )
181 throw lang::DisposedException();
182
183 OSL_ENSURE( m_nBlockSize <= SAL_MAX_INT8, "Unexpected block size!" );
184 OSL_ENSURE( m_nConverted % m_nBlockSize == 0, "Unexpected amount of bytes is already converted!" );
185 sal_Int32 nSizeForPadding = ( m_nConverted + m_aLastBlock.getLength() ) % m_nBlockSize;
186
187 // if it is decryption, the amount of data should be rounded to the block size even in case of padding
188 if ( ( !m_bPadding || !m_bEncryption ) && nSizeForPadding )
189 throw uno::RuntimeException("The data should contain complete blocks only." );
190
191 if ( m_bW3CPadding && m_bEncryption )
192 {
193 // in this case the last block should be smaller than standard block
194 // it will be increased with the padding
195 OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize, "Unexpected size of cashed incomplete last block!" );
196
197 // W3CPadding handling for encryption
198 sal_Int32 nPaddingSize = m_nBlockSize - nSizeForPadding;
199 sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength();
200 m_aLastBlock.realloc( nOldLastBlockLen + nPaddingSize );
201 auto pLastBlock = m_aLastBlock.getArray();
202
203 if ( nPaddingSize > 1 )
204 {
205 rtlRandomPool aRandomPool = rtl_random_createPool();
206 rtl_random_getBytes( aRandomPool, pLastBlock + nOldLastBlockLen, nPaddingSize - 1 );
207 rtl_random_destroyPool ( aRandomPool );
208 }
209 pLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize );
210 }
211
212 // finally should the last block be smaller than two standard blocks
213 OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize * 2 , "Unexpected size of cashed incomplete last block!" );
214
215 uno::Sequence< sal_Int8 > aResult;
216 if ( m_aLastBlock.hasElements() )
217 {
218 int nPrefResLen = 0;
219 aResult.realloc( m_aLastBlock.getLength() + m_nBlockSize );
220 if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nPrefResLen, aResult.getLength(), reinterpret_cast< const unsigned char* >( m_aLastBlock.getConstArray() ), m_aLastBlock.getLength() ) != SECSuccess )
221 {
222 m_bBroken = true;
223 Dispose();
224 throw uno::RuntimeException();
225 }
226
227 aResult.realloc( nPrefResLen );
228 m_aLastBlock.realloc( 0 );
229 }
230
231 sal_Int32 nPrefixLen = aResult.getLength();
232 aResult.realloc( nPrefixLen + m_nBlockSize * 2 );
233 unsigned nFinalLen = 0;
234 if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() + nPrefixLen ), &nFinalLen, aResult.getLength() - nPrefixLen ) != SECSuccess )
235 {
236 m_bBroken = true;
237 Dispose();
238 throw uno::RuntimeException();
239 }
240
241 aResult.realloc( nPrefixLen + nFinalLen );
242
243 if ( m_bW3CPadding && !m_bEncryption )
244 {
245 // W3CPadding handling for decryption
246 // aResult should have enough data, since we let m_aLastBlock be big enough in case of decryption
247 OSL_ENSURE( aResult.getLength() >= m_nBlockSize, "Not enough data to handle the padding!" );
248
249 sal_Int8 nBytesToRemove = aResult[aResult.getLength() - 1];
250 if ( nBytesToRemove <= 0 || nBytesToRemove > aResult.getLength() )
251 {
252 m_bBroken = true;
253 Dispose();
254 throw uno::RuntimeException();
255 }
256
257 aResult.realloc( aResult.getLength() - nBytesToRemove );
258 }
259
260 Dispose();
261
262 return aResult;
263}
264
265/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
rtlRandomPool
void * rtlRandomPool
OCipherContext::Create
static css::uno::Reference< css::xml::crypto::XCipherContext > Create(CK_MECHANISM_TYPE nNSSCipherID, const css::uno::Sequence< ::sal_Int8 > &aKey, const css::uno::Sequence< ::sal_Int8 > &aInitializationVector, bool bEncryption, bool bW3CPadding)
Definition: ciphercontext.cxx:32
OCipherContext::m_aMutex
std::mutex m_aMutex
Definition: ciphercontext.hxx:32
OCipherContext::m_nBlockSize
sal_Int32 m_nBlockSize
Definition: ciphercontext.hxx:39
OCipherContext::m_nConverted
sal_Int64 m_nConverted
Definition: ciphercontext.hxx:45
OCipherContext::convertWithCipherContext
virtual css::uno::Sequence< ::sal_Int8 > SAL_CALL convertWithCipherContext(const css::uno::Sequence< ::sal_Int8 > &aData) override
Definition: ciphercontext.cxx:93
OCipherContext::m_pSymKey
PK11SymKey * m_pSymKey
Definition: ciphercontext.hxx:35
OCipherContext::finalizeCipherContextAndDispose
virtual css::uno::Sequence< ::sal_Int8 > SAL_CALL finalizeCipherContextAndDispose() override
Definition: ciphercontext.cxx:173
OCipherContext::m_pContext
PK11Context * m_pContext
Definition: ciphercontext.hxx:37
OCipherContext::m_aLastBlock
css::uno::Sequence< sal_Int8 > m_aLastBlock
Definition: ciphercontext.hxx:40
OCipherContext::m_pSecParam
SECItem * m_pSecParam
Definition: ciphercontext.hxx:36
OCipherContext::m_pSlot
PK11SlotInfo * m_pSlot
Definition: ciphercontext.hxx:34
aData
constexpr OUStringLiteral aData
SAL_MAX_INT8
#define SAL_MAX_INT8
sal_Int8
signed char sal_Int8
Generated on Sun Jul 30 2023 04:29:54 for LibreOffice Module xmlsecurity (master) by doxygen 1.9.3