Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 :
21 : #include <osl/diagnose.h>
22 : #include <osl/time.h>
23 : #include <rtl/random.h>
24 : #include <rtl/ref.hxx>
25 :
26 : #include "ciphercontext.hxx"
27 :
28 : using namespace ::com::sun::star;
29 :
30 36 : uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption, bool bW3CPadding )
31 : {
32 36 : ::rtl::Reference< OCipherContext > xResult = new OCipherContext;
33 :
34 36 : xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, NULL );
35 36 : if ( xResult->m_pSlot )
36 : {
37 36 : SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), sal::static_int_cast<unsigned>( aKey.getLength() ) };
38 36 : xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, NULL );
39 36 : if ( xResult->m_pSymKey )
40 : {
41 36 : SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), sal::static_int_cast<unsigned>( aInitializationVector.getLength() ) };
42 36 : xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem );
43 36 : if ( xResult->m_pSecParam )
44 : {
45 36 : xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam);
46 36 : if ( xResult->m_pContext )
47 : {
48 36 : xResult->m_bEncryption = bEncryption;
49 36 : xResult->m_bW3CPadding = bW3CPadding;
50 36 : xResult->m_bPadding = bW3CPadding || ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID );
51 36 : xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam );
52 36 : if ( xResult->m_nBlockSize <= SAL_MAX_INT8 )
53 36 : return xResult.get();
54 : }
55 : }
56 : }
57 : }
58 :
59 0 : return uno::Reference< xml::crypto::XCipherContext >();
60 : }
61 :
62 71 : void OCipherContext::Dispose()
63 : {
64 71 : ::osl::MutexGuard aGuard( m_aMutex );
65 :
66 71 : if ( m_pContext )
67 : {
68 36 : PK11_DestroyContext( m_pContext, PR_TRUE );
69 36 : m_pContext = NULL;
70 : }
71 :
72 71 : if ( m_pSecParam )
73 : {
74 36 : SECITEM_FreeItem( m_pSecParam, PR_TRUE );
75 36 : m_pSecParam = NULL;
76 : }
77 :
78 71 : if ( m_pSymKey )
79 : {
80 36 : PK11_FreeSymKey( m_pSymKey );
81 36 : m_pSymKey = NULL;
82 : }
83 :
84 71 : if ( m_pSlot )
85 : {
86 36 : PK11_FreeSlot( m_pSlot );
87 36 : m_pSlot = NULL;
88 : }
89 :
90 71 : m_bDisposed = true;
91 71 : }
92 :
93 35 : uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData )
94 : throw ( lang::IllegalArgumentException, lang::DisposedException, uno::RuntimeException, std::exception)
95 : {
96 35 : ::osl::MutexGuard aGuard( m_aMutex );
97 :
98 35 : if ( m_bBroken )
99 0 : throw uno::RuntimeException();
100 :
101 35 : if ( m_bDisposed )
102 0 : throw lang::DisposedException();
103 :
104 70 : uno::Sequence< sal_Int8 > aToConvert;
105 35 : if ( aData.getLength() )
106 : {
107 35 : sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength();
108 : OSL_ENSURE( nOldLastBlockLen <= m_nBlockSize, "Unexpected last block size!" );
109 :
110 35 : sal_Int32 nAvailableData = nOldLastBlockLen + aData.getLength();
111 35 : sal_Int32 nToConvertLen = nAvailableData;
112 35 : if ( m_bEncryption || !m_bW3CPadding )
113 : {
114 8 : if ( nAvailableData % m_nBlockSize == 0 )
115 0 : nToConvertLen = nAvailableData;
116 4 : else if ( nAvailableData < m_nBlockSize )
117 0 : nToConvertLen = 0;
118 : else
119 4 : nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize;
120 : }
121 : else
122 : {
123 : // decryption with W3C padding needs at least one block for finalizing
124 31 : if ( nAvailableData < m_nBlockSize * 2 )
125 0 : nToConvertLen = 0;
126 : else
127 31 : nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize - m_nBlockSize;
128 : }
129 :
130 35 : aToConvert.realloc( nToConvertLen );
131 35 : if ( nToConvertLen == 0 )
132 : {
133 0 : m_aLastBlock.realloc( nOldLastBlockLen + aData.getLength() );
134 0 : memcpy( m_aLastBlock.getArray() + nOldLastBlockLen, aData.getConstArray(), aData.getLength() );
135 : // aToConvert stays empty
136 : }
137 35 : else if ( nToConvertLen < nOldLastBlockLen )
138 : {
139 0 : memcpy( aToConvert.getArray(), m_aLastBlock.getConstArray(), nToConvertLen );
140 0 : memcpy( m_aLastBlock.getArray(), m_aLastBlock.getConstArray() + nToConvertLen, nOldLastBlockLen - nToConvertLen );
141 0 : m_aLastBlock.realloc( nOldLastBlockLen - nToConvertLen + aData.getLength() );
142 0 : memcpy( m_aLastBlock.getArray() + nOldLastBlockLen - nToConvertLen, aData.getConstArray(), aData.getLength() );
143 : }
144 : else
145 : {
146 35 : memcpy( aToConvert.getArray(), m_aLastBlock.getConstArray(), nOldLastBlockLen );
147 35 : if ( nToConvertLen > nOldLastBlockLen )
148 35 : memcpy( aToConvert.getArray() + nOldLastBlockLen, aData.getConstArray(), nToConvertLen - nOldLastBlockLen );
149 35 : m_aLastBlock.realloc( nAvailableData - nToConvertLen );
150 35 : memcpy( m_aLastBlock.getArray(), aData.getConstArray() + nToConvertLen - nOldLastBlockLen, nAvailableData - nToConvertLen );
151 : }
152 : }
153 :
154 35 : uno::Sequence< sal_Int8 > aResult;
155 : OSL_ENSURE( aToConvert.getLength() % m_nBlockSize == 0, "Unexpected size of the data to encrypt!" );
156 35 : if ( aToConvert.getLength() )
157 : {
158 35 : int nResultLen = 0;
159 35 : aResult.realloc( aToConvert.getLength() + m_nBlockSize );
160 35 : if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), reinterpret_cast< const unsigned char* >( aToConvert.getConstArray() ), aToConvert.getLength() ) != SECSuccess )
161 : {
162 0 : m_bBroken = true;
163 0 : Dispose();
164 0 : throw uno::RuntimeException();
165 : }
166 :
167 35 : m_nConverted += aToConvert.getLength();
168 35 : aResult.realloc( nResultLen );
169 : }
170 :
171 70 : return aResult;
172 : }
173 :
174 35 : uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose()
175 : throw (lang::DisposedException, uno::RuntimeException, std::exception)
176 : {
177 35 : ::osl::MutexGuard aGuard( m_aMutex );
178 :
179 35 : if ( m_bBroken )
180 0 : throw uno::RuntimeException();
181 :
182 35 : if ( m_bDisposed )
183 0 : throw lang::DisposedException();
184 :
185 : OSL_ENSURE( m_nBlockSize <= SAL_MAX_INT8, "Unexpected block size!" );
186 : OSL_ENSURE( m_nConverted % m_nBlockSize == 0, "Unexpected amount of bytes is already converted!" );
187 35 : sal_Int32 nSizeForPadding = ( m_nConverted + m_aLastBlock.getLength() ) % m_nBlockSize;
188 :
189 : // if it is decryption, the amount of data should be rounded to the block size even in case of padding
190 35 : if ( ( !m_bPadding || !m_bEncryption ) && nSizeForPadding )
191 0 : throw uno::RuntimeException("The data should contain complete blocks only." );
192 :
193 35 : if ( m_bW3CPadding && m_bEncryption )
194 : {
195 : // in this case the last block should be smaller than standtard block
196 : // it will be increased with the padding
197 : OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize, "Unexpected size of cashed incomplete last block!" );
198 :
199 : // W3CPadding handling for encryption
200 4 : sal_Int32 nPaddingSize = m_nBlockSize - nSizeForPadding;
201 4 : sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength();
202 4 : m_aLastBlock.realloc( nOldLastBlockLen + nPaddingSize );
203 :
204 4 : if ( nPaddingSize > 1 )
205 : {
206 : TimeValue aTime;
207 4 : osl_getSystemTime( &aTime );
208 4 : rtlRandomPool aRandomPool = rtl_random_createPool();
209 4 : rtl_random_addBytes( aRandomPool, &aTime, 8 );
210 4 : rtl_random_getBytes( aRandomPool, m_aLastBlock.getArray() + nOldLastBlockLen, nPaddingSize - 1 );
211 4 : rtl_random_destroyPool ( aRandomPool );
212 : }
213 4 : m_aLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize );
214 : }
215 :
216 : // finally should the last block be smaller than two standard blocks
217 : OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize * 2 , "Unexpected size of cashed incomplete last block!" );
218 :
219 35 : uno::Sequence< sal_Int8 > aResult;
220 35 : if ( m_aLastBlock.getLength() )
221 : {
222 35 : int nPrefResLen = 0;
223 35 : aResult.realloc( m_aLastBlock.getLength() + m_nBlockSize );
224 35 : if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nPrefResLen, aResult.getLength(), reinterpret_cast< const unsigned char* >( m_aLastBlock.getConstArray() ), m_aLastBlock.getLength() ) != SECSuccess )
225 : {
226 0 : m_bBroken = true;
227 0 : Dispose();
228 0 : throw uno::RuntimeException();
229 : }
230 :
231 35 : aResult.realloc( nPrefResLen );
232 35 : m_aLastBlock.realloc( 0 );
233 : }
234 :
235 35 : sal_Int32 nPrefixLen = aResult.getLength();
236 35 : aResult.realloc( nPrefixLen + m_nBlockSize * 2 );
237 35 : unsigned nFinalLen = 0;
238 35 : if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() + nPrefixLen ), &nFinalLen, aResult.getLength() - nPrefixLen ) != SECSuccess )
239 : {
240 0 : m_bBroken = true;
241 0 : Dispose();
242 0 : throw uno::RuntimeException();
243 : }
244 :
245 35 : aResult.realloc( nPrefixLen + nFinalLen );
246 :
247 35 : if ( m_bW3CPadding && !m_bEncryption )
248 : {
249 : // W3CPadding handling for decryption
250 : // aResult should have anough data, since we let m_aLastBlock be big enough in case of decryption
251 : OSL_ENSURE( aResult.getLength() >= m_nBlockSize, "Not enough data to handle the padding!" );
252 :
253 31 : sal_Int8 nBytesToRemove = aResult[aResult.getLength() - 1];
254 31 : if ( nBytesToRemove <= 0 || nBytesToRemove > aResult.getLength() )
255 : {
256 12 : m_bBroken = true;
257 12 : Dispose();
258 12 : throw uno::RuntimeException();
259 : }
260 :
261 19 : aResult.realloc( aResult.getLength() - nBytesToRemove );
262 : }
263 :
264 23 : Dispose();
265 :
266 35 : return aResult;
267 : }
268 :
269 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
