include/svl/cryptosign.hxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  */
   9
  10 #include <sal/types.h>
  11
  12 #include <utility>
  13 #include <vector>
  14
  15 #include <rtl/strbuf.hxx>
  16 #include <rtl/ustring.hxx>
  17
  18 #include <com/sun/star/uno/Reference.hxx>
  19
  20 #include <svl/svldllapi.h>
  21
  22 // Is this length truly the maximum possible, or just a number that
  23 // seemed large enough when the author tested this (with some type of
  24 // certificates)? I suspect the latter.
  25
  26 // Used to be 0x4000 = 16384, but a sample signed PDF (produced by
  27 // some other software) provided by the customer has a signature
  28 // content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
  29 // Adobe has one that is 21942 bytes. So let's be careful. Pity this
  30 // can't be dynamic, at least not without restructuring the code. Also
  31 // note that the checks in the code for this being too small
  32 // apparently are broken, if this overflows you end up with an invalid
  33 // PDF. Need to fix that.
  34
  35 #define MAX_SIGNATURE_CONTENT_LENGTH 50000
  36
  37 namespace com::sun::star::security { class XCertificate; }
  38 class SvStream;
  39 struct SignatureInformation;
  40
  41 namespace svl::crypto {
  42
  43 /// Converts a hex-encoded string into a byte array.
  44 SVL_DLLPUBLIC std::vector<unsigned char> DecodeHexString(std::string_view rHex);
  45
  46 /// Helper to cryptographically sign and verify
  47 /// arbitrary data blocks.
  48 class SVL_DLLPUBLIC Signing
  49 {
  50 public:
  51
  52     Signing(css::uno::Reference<css::security::XCertificate> xCertificate) :
  53         m_xCertificate(std::move(xCertificate))
  54     {
  55     }
  56
  57     /// Add a range to sign.
  58     /// Note: for efficiency this takes a naked pointer, which must remain valid
  59     /// until this object is discarded.
  60     void AddDataRange(const void* pData, sal_Int32 size)
  61     {
  62         m_dataBlocks.emplace_back(pData, size);
  63     }
  64
  65     void SetSignTSA(const OUString& tsa) { m_aSignTSA = tsa; }
  66     void SetSignPassword(const OUString& password) { m_aSignPassword = password; }
  67
  68     /// Signs one or more data blocks (as a single, contiguous, array).
  69     /// Returns the signature (in PKCS#7 format) as string (hex).
  70     bool Sign(OStringBuffer& rCMSHexBuffer);
  71
  72     /// Verify and get Signature Information given a byte array.
  73     static bool Verify(const std::vector<unsigned char>& aData,
  74                        const bool bNonDetached,
  75                        const std::vector<unsigned char>& aSignature,
  76                        SignatureInformation& rInformation);
  77
  78     /// Verify and get Signature Information given a signature and stream.
  79     static bool Verify(SvStream& rStream,
  80                        const std::vector<std::pair<size_t, size_t>>& aByteRanges,
  81                        const bool bNonDetached,
  82                        const std::vector<unsigned char>& aSignature,
  83                        SignatureInformation& rInformation);
  84
  85 private:
  86     /// The certificate to use for signing.
  87     const css::uno::Reference<css::security::XCertificate> m_xCertificate;
  88
  89     /// Data blocks (pointer-size pairs).
  90     std::vector<std::pair<const void*, sal_Int32>> m_dataBlocks;
  91     OUString m_aSignTSA;
  92     OUString m_aSignPassword;
  93 };
  94
  95 }
  96
  97 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
  98