search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Bump version to 24.04.3.4
[LibreOffice.git] / oox / source / crypto / CryptTools.cxx
blob17729828ac428c28e11f7e0c3913113dd02a1ade
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 */
10
11 #include <oox/crypto/CryptTools.hxx>
12 #include <com/sun/star/uno/RuntimeException.hpp>
13 #include <sal/types.h>
14
15 #include <config_oox.h>
16
17 #if USE_TLS_OPENSSL
18 #include <openssl/evp.h>
19 #include <openssl/sha.h>
20 #include <openssl/hmac.h>
21 #endif // USE_TLS_OPENSSL
22
23 #if USE_TLS_NSS
24 #include <nss.h>
25 #include <nspr.h>
26 #include <pk11pub.h>
27 #endif // USE_TLS_NSS
28
29 namespace oox::crypto {
30
31 #if USE_TLS_OPENSSL
32
33 #if (OPENSSL_VERSION_NUMBER < 0x10100000L)
34
35 static HMAC_CTX *HMAC_CTX_new(void)
36 {
37 HMAC_CTX *pContext = new HMAC_CTX;
38 HMAC_CTX_init(pContext);
39 return pContext;
40 }
41
42 static void HMAC_CTX_free(HMAC_CTX *pContext)
43 {
44 HMAC_CTX_cleanup(pContext);
45 delete pContext;
46 }
47 #endif
48
49 namespace
50 {
51 struct cipher_delete
52 {
53 void operator()(EVP_CIPHER_CTX* p) { EVP_CIPHER_CTX_free(p); }
54 };
55
56 struct hmac_delete
57 {
58 SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_CTX_free' is deprecated
59 void operator()(HMAC_CTX* p) { HMAC_CTX_free(p); }
60 SAL_WNODEPRECATED_DECLARATIONS_POP
61 };
62 }
63
64 struct CryptoImpl
65 {
66 std::unique_ptr<EVP_CIPHER_CTX, cipher_delete> mpContext;
67 std::unique_ptr<HMAC_CTX, hmac_delete> mpHmacContext;
68
69 CryptoImpl() = default;
70
71 void setupEncryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType eType)
72 {
73 mpContext.reset(EVP_CIPHER_CTX_new());
74 EVP_CIPHER_CTX_init(mpContext.get());
75
76 const EVP_CIPHER* cipher = getCipher(eType);
77 if (cipher == nullptr)
78 return;
79
80 if (iv.empty())
81 EVP_EncryptInit_ex(mpContext.get(), cipher, nullptr, key.data(), nullptr);
82 else
83 EVP_EncryptInit_ex(mpContext.get(), cipher, nullptr, key.data(), iv.data());
84 EVP_CIPHER_CTX_set_padding(mpContext.get(), 0);
85 }
86
87 void setupDecryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType eType)
88 {
89 mpContext.reset(EVP_CIPHER_CTX_new());
90 EVP_CIPHER_CTX_init(mpContext.get());
91
92 const EVP_CIPHER* pCipher = getCipher(eType);
93 if (pCipher == nullptr)
94 return;
95
96 const size_t nMinKeySize = EVP_CIPHER_key_length(pCipher);
97 if (key.size() < nMinKeySize)
98 key.resize(nMinKeySize, 0);
99
100 if (iv.empty())
101 EVP_DecryptInit_ex(mpContext.get(), pCipher, nullptr, key.data(), nullptr);
102 else
103 {
104 const size_t nMinIVSize = EVP_CIPHER_iv_length(pCipher);
105 if (iv.size() < nMinIVSize)
106 iv.resize(nMinIVSize, 0);
107
108 EVP_DecryptInit_ex(mpContext.get(), pCipher, nullptr, key.data(), iv.data());
109 }
110 EVP_CIPHER_CTX_set_padding(mpContext.get(), 0);
111 }
112
113 void setupCryptoHashContext(std::vector<sal_uInt8>& rKey, CryptoHashType eType)
114 {
115 SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_CTX_new' is deprecated
116 mpHmacContext.reset(HMAC_CTX_new());
117 SAL_WNODEPRECATED_DECLARATIONS_POP
118 const EVP_MD* aEvpMd = nullptr;
119 switch (eType)
120 {
121 case CryptoHashType::SHA1:
122 aEvpMd = EVP_sha1(); break;
123 case CryptoHashType::SHA256:
124 aEvpMd = EVP_sha256(); break;
125 case CryptoHashType::SHA384:
126 aEvpMd = EVP_sha384(); break;
127 case CryptoHashType::SHA512:
128 aEvpMd = EVP_sha512(); break;
129 }
130 SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Init_ex' is deprecated
131 HMAC_Init_ex(mpHmacContext.get(), rKey.data(), rKey.size(), aEvpMd, nullptr);
132 SAL_WNODEPRECATED_DECLARATIONS_POP
133 }
134
135 ~CryptoImpl()
136 {
137 if (mpContext)
138 EVP_CIPHER_CTX_cleanup(mpContext.get());
139 }
140
141 static const EVP_CIPHER* getCipher(Crypto::CryptoType type)
142 {
143 switch(type)
144 {
145 case Crypto::CryptoType::AES_128_ECB:
146 return EVP_aes_128_ecb();
147 case Crypto::CryptoType::AES_128_CBC:
148 return EVP_aes_128_cbc();
149 case Crypto::CryptoType::AES_256_CBC:
150 return EVP_aes_256_cbc();
151 default:
152 break;
153 }
154 return nullptr;
155 }
156 };
157
158 #elif USE_TLS_NSS
159
160 #define MAX_WRAPPED_KEY_LEN 128
161
162 struct CryptoImpl
163 {
164 PK11SlotInfo* mSlot;
165 PK11Context* mContext;
166 SECItem* mSecParam;
167 PK11SymKey* mSymKey;
168 PK11Context* mWrapKeyContext;
169 PK11SymKey* mWrapKey;
170
171 CryptoImpl()
172 : mSlot(nullptr)
173 , mContext(nullptr)
174 , mSecParam(nullptr)
175 , mSymKey(nullptr)
176 , mWrapKeyContext(nullptr)
177 , mWrapKey(nullptr)
178 {
179 // Initialize NSS, database functions are not needed
180 if (!NSS_IsInitialized())
181 {
182 auto const e = NSS_NoDB_Init(nullptr);
183 if (e != SECSuccess)
184 {
185 PRErrorCode error = PR_GetError();
186 const char* errorText = PR_ErrorToName(error);
187 throw css::uno::RuntimeException("NSS_NoDB_Init failed with " + OUString(errorText, strlen(errorText), RTL_TEXTENCODING_UTF8) + " (" + OUString::number(static_cast<int>(error)) + ")");
188 }
189 }
190 }
191
192 ~CryptoImpl()
193 {
194 if (mContext)
195 PK11_DestroyContext(mContext, PR_TRUE);
196 if (mSecParam)
197 SECITEM_FreeItem(mSecParam, PR_TRUE);
198 if (mSymKey)
199 PK11_FreeSymKey(mSymKey);
200 if (mWrapKeyContext)
201 PK11_DestroyContext(mWrapKeyContext, PR_TRUE);
202 if (mWrapKey)
203 PK11_FreeSymKey(mWrapKey);
204 if (mSlot)
205 PK11_FreeSlot(mSlot);
206 }
207
208 PK11SymKey* ImportSymKey(CK_MECHANISM_TYPE mechanism, CK_ATTRIBUTE_TYPE operation, SECItem* key)
209 {
210 mSymKey = PK11_ImportSymKey(mSlot, mechanism, PK11_OriginUnwrap, operation, key, nullptr);
211 if (!mSymKey) //rhbz#1614419 maybe failed due to FIPS, use rhbz#1461450 style workaround
212 {
213 /*
214 * Without FIPS it would be possible to just use
215 * mSymKey = PK11_ImportSymKey( mSlot, mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &keyItem, nullptr );
216 * with FIPS NSS Level 2 certification has to be "workarounded" (so it becomes Level 1) by using
217 * following method:
218 * 1. Generate wrap key
219 * 2. Encrypt authkey with wrap key
220 * 3. Unwrap encrypted authkey using wrap key
221 */
222
223 /*
224 * Generate wrapping key
225 */
226 CK_MECHANISM_TYPE wrap_mechanism = PK11_GetBestWrapMechanism(mSlot);
227 int wrap_key_len = PK11_GetBestKeyLength(mSlot, wrap_mechanism);
228 mWrapKey = PK11_KeyGen(mSlot, wrap_mechanism, nullptr, wrap_key_len, nullptr);
229 if (!mWrapKey)
230 throw css::uno::RuntimeException("PK11_KeyGen SymKey failure", css::uno::Reference<css::uno::XInterface>());
231
232 /*
233 * Encrypt authkey with wrapping key
234 */
235
236 /*
237 * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode
238 */
239 SECItem tmp_sec_item = {};
240 mWrapKeyContext = PK11_CreateContextBySymKey(wrap_mechanism, CKA_ENCRYPT, mWrapKey, &tmp_sec_item);
241 if (!mWrapKeyContext)
242 throw css::uno::RuntimeException("PK11_CreateContextBySymKey failure", css::uno::Reference<css::uno::XInterface>());
243
244 unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN];
245 int wrapped_key_len = sizeof(wrapped_key_data);
246
247 if (PK11_CipherOp(mWrapKeyContext, wrapped_key_data, &wrapped_key_len,
248 sizeof(wrapped_key_data), key->data, key->len) != SECSuccess)
249 {
250 throw css::uno::RuntimeException("PK11_CipherOp failure", css::uno::Reference<css::uno::XInterface>());
251 }
252
253 if (PK11_Finalize(mWrapKeyContext) != SECSuccess)
254 throw css::uno::RuntimeException("PK11_Finalize failure", css::uno::Reference<css::uno::XInterface>());
255
256 /*
257 * Finally unwrap sym key
258 */
259 SECItem wrapped_key = {};
260 wrapped_key.data = wrapped_key_data;
261 wrapped_key.len = wrapped_key_len;
262
263 mSymKey = PK11_UnwrapSymKey(mWrapKey, wrap_mechanism, &tmp_sec_item, &wrapped_key,
264 mechanism, operation, key->len);
265 }
266 return mSymKey;
267 }
268
269 void setupCryptoContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType type, CK_ATTRIBUTE_TYPE operation)
270 {
271 CK_MECHANISM_TYPE mechanism = static_cast<CK_ULONG>(-1);
272
273 SECItem ivItem;
274 ivItem.type = siBuffer;
275 if(iv.empty())
276 ivItem.data = nullptr;
277 else
278 ivItem.data = iv.data();
279 ivItem.len = iv.size();
280
281 SECItem* pIvItem = nullptr;
282
283 switch(type)
284 {
285 case Crypto::CryptoType::AES_128_ECB:
286 mechanism = CKM_AES_ECB;
287 break;
288 case Crypto::CryptoType::AES_128_CBC:
289 mechanism = CKM_AES_CBC;
290 pIvItem = &ivItem;
291 break;
292 case Crypto::CryptoType::AES_256_CBC:
293 mechanism = CKM_AES_CBC;
294 pIvItem = &ivItem;
295 break;
296 default:
297 break;
298 }
299
300 mSlot = PK11_GetBestSlot(mechanism, nullptr);
301
302 if (!mSlot)
303 throw css::uno::RuntimeException("NSS Slot failure", css::uno::Reference<css::uno::XInterface>());
304
305 SECItem keyItem;
306 keyItem.type = siBuffer;
307 keyItem.data = key.data();
308 keyItem.len = key.size();
309
310 mSymKey = ImportSymKey(mechanism, CKA_ENCRYPT, &keyItem);
311 if (!mSymKey)
312 throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>());
313
314 mSecParam = PK11_ParamFromIV(mechanism, pIvItem);
315 mContext = PK11_CreateContextBySymKey(mechanism, operation, mSymKey, mSecParam);
316 }
317
318 void setupCryptoHashContext(std::vector<sal_uInt8>& rKey, CryptoHashType eType)
319 {
320 CK_MECHANISM_TYPE aMechanism = static_cast<CK_ULONG>(-1);
321
322 switch(eType)
323 {
324 case CryptoHashType::SHA1:
325 aMechanism = CKM_SHA_1_HMAC;
326 break;
327 case CryptoHashType::SHA256:
328 aMechanism = CKM_SHA256_HMAC;
329 break;
330 case CryptoHashType::SHA384:
331 aMechanism = CKM_SHA384_HMAC;
332 break;
333 case CryptoHashType::SHA512:
334 aMechanism = CKM_SHA512_HMAC;
335 break;
336 }
337
338 mSlot = PK11_GetBestSlot(aMechanism, nullptr);
339
340 if (!mSlot)
341 throw css::uno::RuntimeException("NSS Slot failure", css::uno::Reference<css::uno::XInterface>());
342
343 SECItem aKeyItem;
344 aKeyItem.data = rKey.data();
345 aKeyItem.len = rKey.size();
346
347 mSymKey = ImportSymKey(aMechanism, CKA_SIGN, &aKeyItem);
348 if (!mSymKey)
349 throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>());
350
351 SECItem param;
352 param.data = nullptr;
353 param.len = 0;
354 mContext = PK11_CreateContextBySymKey(aMechanism, CKA_SIGN, mSymKey, &param);
355 }
356 };
357 #else
358 struct CryptoImpl
359 {};
360 #endif
361
362 Crypto::Crypto()
363 : mpImpl(std::make_unique<CryptoImpl>())
364 {
365 }
366
367 Crypto::~Crypto()
368 {
369 }
370
371 // DECRYPT
372
373 Decrypt::Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type)
374 {
375 #if USE_TLS_OPENSSL + USE_TLS_NSS == 0
376 (void)key;
377 (void)iv;
378 (void)type;
379 #endif
380
381 #if USE_TLS_OPENSSL
382 mpImpl->setupDecryptContext(key, iv, type);
383 #endif
384
385 #if USE_TLS_NSS
386 mpImpl->setupCryptoContext(key, iv, type, CKA_DECRYPT);
387 #endif // USE_TLS_NSS
388 }
389
390 sal_uInt32 Decrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, sal_uInt32 inputLength)
391 {
392 int outputLength = 0;
393
394 #if USE_TLS_OPENSSL + USE_TLS_NSS > 0
395 sal_uInt32 actualInputLength = inputLength == 0 || inputLength > input.size() ? input.size() : inputLength;
396 #else
397 (void)output;
398 (void)input;
399 (void)inputLength;
400 #endif
401
402 #if USE_TLS_OPENSSL
403 (void)EVP_DecryptUpdate(mpImpl->mpContext.get(), output.data(), &outputLength, input.data(), actualInputLength);
404 #endif // USE_TLS_OPENSSL
405
406 #if USE_TLS_NSS
407 if (!mpImpl->mContext)
408 return 0;
409 (void)PK11_CipherOp(mpImpl->mContext, output.data(), &outputLength, actualInputLength, input.data(), actualInputLength);
410 #endif // USE_TLS_NSS
411
412 return static_cast<sal_uInt32>(outputLength);
413 }
414
415 sal_uInt32 Decrypt::aes128ecb(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, std::vector<sal_uInt8>& key)
416 {
417 sal_uInt32 outputLength = 0;
418 std::vector<sal_uInt8> iv;
419 Decrypt crypto(key, iv, Crypto::AES_128_ECB);
420 outputLength = crypto.update(output, input);
421 return outputLength;
422 }
423
424 // ENCRYPT
425
426 Encrypt::Encrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type)
427 {
428 #if USE_TLS_OPENSSL + USE_TLS_NSS == 0
429 (void)key;
430 (void)iv;
431 (void)type;
432 #endif
433
434 #if USE_TLS_OPENSSL
435 mpImpl->setupEncryptContext(key, iv, type);
436 #elif USE_TLS_NSS
437 mpImpl->setupCryptoContext(key, iv, type, CKA_ENCRYPT);
438 #endif // USE_TLS_NSS
439 }
440
441 sal_uInt32 Encrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, sal_uInt32 inputLength)
442 {
443 int outputLength = 0;
444
445 #if USE_TLS_OPENSSL + USE_TLS_NSS > 0
446 sal_uInt32 actualInputLength = inputLength == 0 || inputLength > input.size() ? input.size() : inputLength;
447 #else
448 (void)output;
449 (void)input;
450 (void)inputLength;
451 #endif
452
453 #if USE_TLS_OPENSSL
454 (void)EVP_EncryptUpdate(mpImpl->mpContext.get(), output.data(), &outputLength, input.data(), actualInputLength);
455 #endif // USE_TLS_OPENSSL
456
457 #if USE_TLS_NSS
458 (void)PK11_CipherOp(mpImpl->mContext, output.data(), &outputLength, actualInputLength, input.data(), actualInputLength);
459 #endif // USE_TLS_NSS
460
461 return static_cast<sal_uInt32>(outputLength);
462 }
463
464 // CryptoHash - HMAC
465
466 namespace
467 {
468
469 sal_Int32 getSizeForHashType(CryptoHashType eType)
470 {
471 switch (eType)
472 {
473 case CryptoHashType::SHA1: return 20;
474 case CryptoHashType::SHA256: return 32;
475 case CryptoHashType::SHA384: return 48;
476 case CryptoHashType::SHA512: return 64;
477 }
478 return 0;
479 }
480
481 } // end anonymous namespace
482
483 CryptoHash::CryptoHash(std::vector<sal_uInt8>& rKey, CryptoHashType eType)
484 : mnHashSize(getSizeForHashType(eType))
485 {
486 #if USE_TLS_OPENSSL
487 mpImpl->setupCryptoHashContext(rKey, eType);
488 #elif USE_TLS_NSS
489 mpImpl->setupCryptoHashContext(rKey, eType);
490 PK11_DigestBegin(mpImpl->mContext);
491 #else
492 (void)rKey;
493 #endif
494 }
495
496 bool CryptoHash::update(std::vector<sal_uInt8>& rInput, sal_uInt32 nInputLength)
497 {
498 #if USE_TLS_OPENSSL + USE_TLS_NSS > 0
499 sal_uInt32 nActualInputLength = (nInputLength == 0 || nInputLength > rInput.size()) ? rInput.size() : nInputLength;
500 #else
501 (void)rInput;
502 (void)nInputLength;
503 #endif
504
505 #if USE_TLS_OPENSSL
506 SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Update' is deprecated
507 return HMAC_Update(mpImpl->mpHmacContext.get(), rInput.data(), nActualInputLength) != 0;
508 SAL_WNODEPRECATED_DECLARATIONS_POP
509 #elif USE_TLS_NSS
510 return PK11_DigestOp(mpImpl->mContext, rInput.data(), nActualInputLength) == SECSuccess;
511 #else
512 return false; // ???
513 #endif
514 }
515
516 std::vector<sal_uInt8> CryptoHash::finalize()
517 {
518 std::vector<sal_uInt8> aHash(mnHashSize, 0);
519 unsigned int nSizeWritten;
520 #if USE_TLS_OPENSSL
521 SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Final' is deprecated
522 (void) HMAC_Final(mpImpl->mpHmacContext.get(), aHash.data(), &nSizeWritten);
523 SAL_WNODEPRECATED_DECLARATIONS_POP
524 #elif USE_TLS_NSS
525 PK11_DigestFinal(mpImpl->mContext, aHash.data(), &nSizeWritten, aHash.size());
526 #endif
527 (void)nSizeWritten;
528
529 return aHash;
530 }
531
532 } // namespace oox::crypto
533
534 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE