xmlsecurity/source/xmlsec/nss/ciphercontext.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  * This file incorporates work covered by the following license notice:
  10  *
  11  *   Licensed to the Apache Software Foundation (ASF) under one or more
  12  *   contributor license agreements. See the NOTICE file distributed
  13  *   with this work for additional information regarding copyright
  14  *   ownership. The ASF licenses this file to you under the Apache
  15  *   License, Version 2.0 (the "License"); you may not use this file
  16  *   except in compliance with the License. You may obtain a copy of
  17  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
  18  */
  19
  20 #include <sal/config.h>
  21
  22 #include <com/sun/star/lang/DisposedException.hpp>
  23 #include <osl/diagnose.h>
  24 #include <rtl/random.h>
  25 #include <rtl/ref.hxx>
  26
  27 #include "ciphercontext.hxx"
  28 #include <pk11pub.h>
  29
  30 using namespace ::com::sun::star;
  31
  32 uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption, bool bW3CPadding )
  33 {
  34     ::rtl::Reference< OCipherContext > xResult = new OCipherContext;
  35
  36     xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, nullptr );
  37     if ( xResult->m_pSlot )
  38     {
  39         SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), sal::static_int_cast<unsigned>( aKey.getLength() ) };
  40         xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, nullptr );
  41         if ( xResult->m_pSymKey )
  42         {
  43             SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), sal::static_int_cast<unsigned>( aInitializationVector.getLength() ) };
  44             xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem );
  45             if ( xResult->m_pSecParam )
  46             {
  47                 xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam);
  48                 if ( xResult->m_pContext )
  49                 {
  50                     xResult->m_bEncryption = bEncryption;
  51                     xResult->m_bW3CPadding = bW3CPadding;
  52                     xResult->m_bPadding = bW3CPadding || ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID );
  53                     xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam );
  54                     if ( xResult->m_nBlockSize <= SAL_MAX_INT8 )
  55                         return xResult.get();
  56                 }
  57             }
  58         }
  59     }
  60
  61     return uno::Reference< xml::crypto::XCipherContext >();
  62 }
  63
  64 void OCipherContext::Dispose()
  65 {
  66     ::osl::MutexGuard aGuard( m_aMutex );
  67
  68     if ( m_pContext )
  69     {
  70         PK11_DestroyContext( m_pContext, PR_TRUE );
  71         m_pContext = nullptr;
  72     }
  73
  74     if ( m_pSecParam )
  75     {
  76         SECITEM_FreeItem( m_pSecParam, PR_TRUE );
  77         m_pSecParam = nullptr;
  78     }
  79
  80     if ( m_pSymKey )
  81     {
  82         PK11_FreeSymKey( m_pSymKey );
  83         m_pSymKey = nullptr;
  84     }
  85
  86     if ( m_pSlot )
  87     {
  88         PK11_FreeSlot( m_pSlot );
  89         m_pSlot = nullptr;
  90     }
  91
  92     m_bDisposed = true;
  93 }
  94
  95 uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData )
  96 {
  97     ::osl::MutexGuard aGuard( m_aMutex );
  98
  99     if ( m_bBroken )
 100         throw uno::RuntimeException();
 101
 102     if ( m_bDisposed )
 103         throw lang::DisposedException();
 104
 105     uno::Sequence< sal_Int8 > aToConvert;
 106     if ( aData.hasElements() )
 107     {
 108         sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength();
 109         OSL_ENSURE( nOldLastBlockLen <= m_nBlockSize, "Unexpected last block size!" );
 110
 111         sal_Int32 nAvailableData = nOldLastBlockLen + aData.getLength();
 112         sal_Int32 nToConvertLen;
 113         if ( m_bEncryption || !m_bW3CPadding )
 114         {
 115             if ( nAvailableData % m_nBlockSize == 0 )
 116                 nToConvertLen = nAvailableData;
 117             else if ( nAvailableData < m_nBlockSize )
 118                 nToConvertLen = 0;
 119             else
 120                 nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize;
 121         }
 122         else
 123         {
 124             // decryption with W3C padding needs at least one block for finalizing
 125             if ( nAvailableData < m_nBlockSize * 2 )
 126                 nToConvertLen = 0;
 127             else
 128                 nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize - m_nBlockSize;
 129         }
 130
 131         aToConvert.realloc( nToConvertLen );
 132         if ( nToConvertLen == 0 )
 133         {
 134             m_aLastBlock.realloc( nOldLastBlockLen + aData.getLength() );
 135             memcpy( m_aLastBlock.getArray() + nOldLastBlockLen, aData.getConstArray(), aData.getLength() );
 136             // aToConvert stays empty
 137         }
 138         else if ( nToConvertLen < nOldLastBlockLen )
 139         {
 140             memcpy( aToConvert.getArray(), m_aLastBlock.getConstArray(), nToConvertLen );
 141             memcpy( m_aLastBlock.getArray(), m_aLastBlock.getConstArray() + nToConvertLen, nOldLastBlockLen - nToConvertLen );
 142             m_aLastBlock.realloc( nOldLastBlockLen - nToConvertLen + aData.getLength() );
 143             memcpy( m_aLastBlock.getArray() + nOldLastBlockLen - nToConvertLen, aData.getConstArray(), aData.getLength() );
 144         }
 145         else
 146         {
 147             memcpy( aToConvert.getArray(), m_aLastBlock.getConstArray(), nOldLastBlockLen );
 148             if ( nToConvertLen > nOldLastBlockLen )
 149                 memcpy( aToConvert.getArray() + nOldLastBlockLen, aData.getConstArray(), nToConvertLen - nOldLastBlockLen );
 150             m_aLastBlock.realloc( nAvailableData - nToConvertLen );
 151             memcpy( m_aLastBlock.getArray(), aData.getConstArray() + nToConvertLen - nOldLastBlockLen, nAvailableData - nToConvertLen );
 152         }
 153     }
 154
 155     uno::Sequence< sal_Int8 > aResult;
 156     OSL_ENSURE( aToConvert.getLength() % m_nBlockSize == 0, "Unexpected size of the data to encrypt!" );
 157     if ( aToConvert.hasElements() )
 158     {
 159         int nResultLen = 0;
 160         aResult.realloc( aToConvert.getLength() + m_nBlockSize );
 161         if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), reinterpret_cast< const unsigned char* >( aToConvert.getConstArray() ), aToConvert.getLength() ) != SECSuccess )
 162         {
 163             m_bBroken = true;
 164             Dispose();
 165             throw uno::RuntimeException();
 166         }
 167
 168         m_nConverted += aToConvert.getLength();
 169         aResult.realloc( nResultLen );
 170     }
 171
 172     return aResult;
 173 }
 174
 175 uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose()
 176 {
 177     ::osl::MutexGuard aGuard( m_aMutex );
 178
 179     if ( m_bBroken )
 180         throw uno::RuntimeException();
 181
 182     if ( m_bDisposed )
 183         throw lang::DisposedException();
 184
 185     OSL_ENSURE( m_nBlockSize <= SAL_MAX_INT8, "Unexpected block size!" );
 186     OSL_ENSURE( m_nConverted % m_nBlockSize == 0, "Unexpected amount of bytes is already converted!" );
 187     sal_Int32 nSizeForPadding = ( m_nConverted + m_aLastBlock.getLength() ) % m_nBlockSize;
 188
 189     // if it is decryption, the amount of data should be rounded to the block size even in case of padding
 190     if ( ( !m_bPadding || !m_bEncryption ) && nSizeForPadding )
 191         throw uno::RuntimeException("The data should contain complete blocks only." );
 192
 193     if ( m_bW3CPadding && m_bEncryption )
 194     {
 195         // in this case the last block should be smaller than standard block
 196         // it will be increased with the padding
 197         OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize, "Unexpected size of cashed incomplete last block!" );
 198
 199         // W3CPadding handling for encryption
 200         sal_Int32 nPaddingSize = m_nBlockSize - nSizeForPadding;
 201         sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength();
 202         m_aLastBlock.realloc( nOldLastBlockLen + nPaddingSize );
 203
 204         if ( nPaddingSize > 1 )
 205         {
 206             rtlRandomPool aRandomPool = rtl_random_createPool();
 207             rtl_random_getBytes( aRandomPool, m_aLastBlock.getArray() + nOldLastBlockLen, nPaddingSize - 1 );
 208             rtl_random_destroyPool ( aRandomPool );
 209         }
 210         m_aLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize );
 211     }
 212
 213     // finally should the last block be smaller than two standard blocks
 214     OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize * 2 , "Unexpected size of cashed incomplete last block!" );
 215
 216     uno::Sequence< sal_Int8 > aResult;
 217     if ( m_aLastBlock.hasElements() )
 218     {
 219         int nPrefResLen = 0;
 220         aResult.realloc( m_aLastBlock.getLength() + m_nBlockSize );
 221         if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nPrefResLen, aResult.getLength(), reinterpret_cast< const unsigned char* >( m_aLastBlock.getConstArray() ), m_aLastBlock.getLength() ) != SECSuccess )
 222         {
 223             m_bBroken = true;
 224             Dispose();
 225             throw uno::RuntimeException();
 226         }
 227
 228         aResult.realloc( nPrefResLen );
 229         m_aLastBlock.realloc( 0 );
 230     }
 231
 232     sal_Int32 nPrefixLen = aResult.getLength();
 233     aResult.realloc( nPrefixLen + m_nBlockSize * 2 );
 234     unsigned nFinalLen = 0;
 235     if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() + nPrefixLen ), &nFinalLen, aResult.getLength() - nPrefixLen ) != SECSuccess )
 236     {
 237         m_bBroken = true;
 238         Dispose();
 239         throw uno::RuntimeException();
 240     }
 241
 242     aResult.realloc( nPrefixLen + nFinalLen );
 243
 244     if ( m_bW3CPadding && !m_bEncryption )
 245     {
 246         // W3CPadding handling for decryption
 247         // aResult should have enough data, since we let m_aLastBlock be big enough in case of decryption
 248         OSL_ENSURE( aResult.getLength() >= m_nBlockSize, "Not enough data to handle the padding!" );
 249
 250         sal_Int8 nBytesToRemove = aResult[aResult.getLength() - 1];
 251         if ( nBytesToRemove <= 0 || nBytesToRemove > aResult.getLength() )
 252         {
 253             m_bBroken = true;
 254             Dispose();
 255             throw uno::RuntimeException();
 256         }
 257
 258         aResult.realloc( aResult.getLength() - nBytesToRemove );
 259     }
 260
 261     Dispose();
 262
 263     return aResult;
 264 }
 265
 266 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */