1*cdf0e10cSrcweir /************************************************************************* 2*cdf0e10cSrcweir * 3*cdf0e10cSrcweir * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4*cdf0e10cSrcweir * 5*cdf0e10cSrcweir * Copyright 2000, 2010 Oracle and/or its affiliates. 6*cdf0e10cSrcweir * 7*cdf0e10cSrcweir * OpenOffice.org - a multi-platform office productivity suite 8*cdf0e10cSrcweir * 9*cdf0e10cSrcweir * This file is part of OpenOffice.org. 10*cdf0e10cSrcweir * 11*cdf0e10cSrcweir * OpenOffice.org is free software: you can redistribute it and/or modify 12*cdf0e10cSrcweir * it under the terms of the GNU Lesser General Public License version 3 13*cdf0e10cSrcweir * only, as published by the Free Software Foundation. 14*cdf0e10cSrcweir * 15*cdf0e10cSrcweir * OpenOffice.org is distributed in the hope that it will be useful, 16*cdf0e10cSrcweir * but WITHOUT ANY WARRANTY; without even the implied warranty of 17*cdf0e10cSrcweir * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 18*cdf0e10cSrcweir * GNU Lesser General Public License version 3 for more details 19*cdf0e10cSrcweir * (a copy is included in the LICENSE file that accompanied this code). 20*cdf0e10cSrcweir * 21*cdf0e10cSrcweir * You should have received a copy of the GNU Lesser General Public License 22*cdf0e10cSrcweir * version 3 along with OpenOffice.org. If not, see 23*cdf0e10cSrcweir * <http://www.openoffice.org/license.html> 24*cdf0e10cSrcweir * for a copy of the LGPLv3 License. 25*cdf0e10cSrcweir * 26*cdf0e10cSrcweir ************************************************************************/ 27*cdf0e10cSrcweir 28*cdf0e10cSrcweir #include <precompiled_xmlsecurity.hxx> 29*cdf0e10cSrcweir 30*cdf0e10cSrcweir #include <osl/time.h> 31*cdf0e10cSrcweir #include <rtl/random.h> 32*cdf0e10cSrcweir #include <rtl/ref.hxx> 33*cdf0e10cSrcweir 34*cdf0e10cSrcweir #include "ciphercontext.hxx" 35*cdf0e10cSrcweir 36*cdf0e10cSrcweir using namespace ::com::sun::star; 37*cdf0e10cSrcweir 38*cdf0e10cSrcweir uno::Reference< xml::crypto::XCipherContext > OCipherContext::Create( CK_MECHANISM_TYPE nNSSCipherID, const uno::Sequence< ::sal_Int8 >& aKey, const uno::Sequence< ::sal_Int8 >& aInitializationVector, bool bEncryption, bool bW3CPadding ) 39*cdf0e10cSrcweir { 40*cdf0e10cSrcweir ::rtl::Reference< OCipherContext > xResult = new OCipherContext; 41*cdf0e10cSrcweir 42*cdf0e10cSrcweir xResult->m_pSlot = PK11_GetBestSlot( nNSSCipherID, NULL ); 43*cdf0e10cSrcweir if ( xResult->m_pSlot ) 44*cdf0e10cSrcweir { 45*cdf0e10cSrcweir SECItem aKeyItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aKey.getConstArray() ) ), aKey.getLength() }; 46*cdf0e10cSrcweir xResult->m_pSymKey = PK11_ImportSymKey( xResult->m_pSlot, nNSSCipherID, PK11_OriginDerive, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, &aKeyItem, NULL ); 47*cdf0e10cSrcweir if ( xResult->m_pSymKey ) 48*cdf0e10cSrcweir { 49*cdf0e10cSrcweir SECItem aIVItem = { siBuffer, const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aInitializationVector.getConstArray() ) ), aInitializationVector.getLength() }; 50*cdf0e10cSrcweir xResult->m_pSecParam = PK11_ParamFromIV( nNSSCipherID, &aIVItem ); 51*cdf0e10cSrcweir if ( xResult->m_pSecParam ) 52*cdf0e10cSrcweir { 53*cdf0e10cSrcweir xResult->m_pContext = PK11_CreateContextBySymKey( nNSSCipherID, bEncryption ? CKA_ENCRYPT : CKA_DECRYPT, xResult->m_pSymKey, xResult->m_pSecParam); 54*cdf0e10cSrcweir if ( xResult->m_pContext ) 55*cdf0e10cSrcweir { 56*cdf0e10cSrcweir xResult->m_bEncryption = bEncryption; 57*cdf0e10cSrcweir xResult->m_bW3CPadding = bW3CPadding; 58*cdf0e10cSrcweir xResult->m_bPadding = bW3CPadding || ( PK11_GetPadMechanism( nNSSCipherID ) == nNSSCipherID ); 59*cdf0e10cSrcweir xResult->m_nBlockSize = PK11_GetBlockSize( nNSSCipherID, xResult->m_pSecParam ); 60*cdf0e10cSrcweir if ( xResult->m_nBlockSize <= SAL_MAX_INT8 ) 61*cdf0e10cSrcweir return xResult.get(); 62*cdf0e10cSrcweir } 63*cdf0e10cSrcweir } 64*cdf0e10cSrcweir } 65*cdf0e10cSrcweir } 66*cdf0e10cSrcweir 67*cdf0e10cSrcweir return uno::Reference< xml::crypto::XCipherContext >(); 68*cdf0e10cSrcweir } 69*cdf0e10cSrcweir 70*cdf0e10cSrcweir void OCipherContext::Dispose() 71*cdf0e10cSrcweir { 72*cdf0e10cSrcweir ::osl::MutexGuard aGuard( m_aMutex ); 73*cdf0e10cSrcweir 74*cdf0e10cSrcweir if ( m_pContext ) 75*cdf0e10cSrcweir { 76*cdf0e10cSrcweir PK11_DestroyContext( m_pContext, PR_TRUE ); 77*cdf0e10cSrcweir m_pContext = NULL; 78*cdf0e10cSrcweir } 79*cdf0e10cSrcweir 80*cdf0e10cSrcweir if ( m_pSecParam ) 81*cdf0e10cSrcweir { 82*cdf0e10cSrcweir SECITEM_FreeItem( m_pSecParam, PR_TRUE ); 83*cdf0e10cSrcweir m_pSecParam = NULL; 84*cdf0e10cSrcweir } 85*cdf0e10cSrcweir 86*cdf0e10cSrcweir if ( m_pSymKey ) 87*cdf0e10cSrcweir { 88*cdf0e10cSrcweir PK11_FreeSymKey( m_pSymKey ); 89*cdf0e10cSrcweir m_pSymKey = NULL; 90*cdf0e10cSrcweir } 91*cdf0e10cSrcweir 92*cdf0e10cSrcweir if ( m_pSlot ) 93*cdf0e10cSrcweir { 94*cdf0e10cSrcweir PK11_FreeSlot( m_pSlot ); 95*cdf0e10cSrcweir m_pSlot = NULL; 96*cdf0e10cSrcweir } 97*cdf0e10cSrcweir 98*cdf0e10cSrcweir m_bDisposed = true; 99*cdf0e10cSrcweir } 100*cdf0e10cSrcweir 101*cdf0e10cSrcweir uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::convertWithCipherContext( const uno::Sequence< ::sal_Int8 >& aData ) 102*cdf0e10cSrcweir throw ( lang::IllegalArgumentException, lang::DisposedException, uno::RuntimeException) 103*cdf0e10cSrcweir { 104*cdf0e10cSrcweir ::osl::MutexGuard aGuard( m_aMutex ); 105*cdf0e10cSrcweir 106*cdf0e10cSrcweir if ( m_bBroken ) 107*cdf0e10cSrcweir throw uno::RuntimeException(); 108*cdf0e10cSrcweir 109*cdf0e10cSrcweir if ( m_bDisposed ) 110*cdf0e10cSrcweir throw lang::DisposedException(); 111*cdf0e10cSrcweir 112*cdf0e10cSrcweir uno::Sequence< sal_Int8 > aToConvert; 113*cdf0e10cSrcweir if ( aData.getLength() ) 114*cdf0e10cSrcweir { 115*cdf0e10cSrcweir sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength(); 116*cdf0e10cSrcweir OSL_ENSURE( nOldLastBlockLen <= m_nBlockSize, "Unexpected last block size!" ); 117*cdf0e10cSrcweir 118*cdf0e10cSrcweir sal_Int32 nAvailableData = nOldLastBlockLen + aData.getLength(); 119*cdf0e10cSrcweir sal_Int32 nToConvertLen = nAvailableData; 120*cdf0e10cSrcweir if ( m_bEncryption || !m_bW3CPadding ) 121*cdf0e10cSrcweir { 122*cdf0e10cSrcweir if ( nAvailableData % m_nBlockSize == 0 ) 123*cdf0e10cSrcweir nToConvertLen = nAvailableData; 124*cdf0e10cSrcweir else if ( nAvailableData < m_nBlockSize ) 125*cdf0e10cSrcweir nToConvertLen = 0; 126*cdf0e10cSrcweir else 127*cdf0e10cSrcweir nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize; 128*cdf0e10cSrcweir } 129*cdf0e10cSrcweir else 130*cdf0e10cSrcweir { 131*cdf0e10cSrcweir // decryption with W3C padding needs at least one block for finalizing 132*cdf0e10cSrcweir if ( nAvailableData < m_nBlockSize * 2 ) 133*cdf0e10cSrcweir nToConvertLen = 0; 134*cdf0e10cSrcweir else 135*cdf0e10cSrcweir nToConvertLen = nAvailableData - nAvailableData % m_nBlockSize - m_nBlockSize; 136*cdf0e10cSrcweir } 137*cdf0e10cSrcweir 138*cdf0e10cSrcweir aToConvert.realloc( nToConvertLen ); 139*cdf0e10cSrcweir if ( nToConvertLen == 0 ) 140*cdf0e10cSrcweir { 141*cdf0e10cSrcweir m_aLastBlock.realloc( nOldLastBlockLen + aData.getLength() ); 142*cdf0e10cSrcweir rtl_copyMemory( m_aLastBlock.getArray() + nOldLastBlockLen, aData.getConstArray(), aData.getLength() ); 143*cdf0e10cSrcweir // aToConvert stays empty 144*cdf0e10cSrcweir } 145*cdf0e10cSrcweir else if ( nToConvertLen < nOldLastBlockLen ) 146*cdf0e10cSrcweir { 147*cdf0e10cSrcweir rtl_copyMemory( aToConvert.getArray(), m_aLastBlock.getConstArray(), nToConvertLen ); 148*cdf0e10cSrcweir rtl_copyMemory( m_aLastBlock.getArray(), m_aLastBlock.getConstArray() + nToConvertLen, nOldLastBlockLen - nToConvertLen ); 149*cdf0e10cSrcweir m_aLastBlock.realloc( nOldLastBlockLen - nToConvertLen + aData.getLength() ); 150*cdf0e10cSrcweir rtl_copyMemory( m_aLastBlock.getArray() + nOldLastBlockLen - nToConvertLen, aData.getConstArray(), aData.getLength() ); 151*cdf0e10cSrcweir } 152*cdf0e10cSrcweir else 153*cdf0e10cSrcweir { 154*cdf0e10cSrcweir rtl_copyMemory( aToConvert.getArray(), m_aLastBlock.getConstArray(), nOldLastBlockLen ); 155*cdf0e10cSrcweir if ( nToConvertLen > nOldLastBlockLen ) 156*cdf0e10cSrcweir rtl_copyMemory( aToConvert.getArray() + nOldLastBlockLen, aData.getConstArray(), nToConvertLen - nOldLastBlockLen ); 157*cdf0e10cSrcweir m_aLastBlock.realloc( nAvailableData - nToConvertLen ); 158*cdf0e10cSrcweir rtl_copyMemory( m_aLastBlock.getArray(), aData.getConstArray() + nToConvertLen - nOldLastBlockLen, nAvailableData - nToConvertLen ); 159*cdf0e10cSrcweir } 160*cdf0e10cSrcweir } 161*cdf0e10cSrcweir 162*cdf0e10cSrcweir uno::Sequence< sal_Int8 > aResult; 163*cdf0e10cSrcweir OSL_ENSURE( aToConvert.getLength() % m_nBlockSize == 0, "Unexpected size of the data to encrypt!" ); 164*cdf0e10cSrcweir if ( aToConvert.getLength() ) 165*cdf0e10cSrcweir { 166*cdf0e10cSrcweir int nResultLen = 0; 167*cdf0e10cSrcweir aResult.realloc( aToConvert.getLength() + m_nBlockSize ); 168*cdf0e10cSrcweir if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nResultLen, aResult.getLength(), const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( aToConvert.getConstArray() ) ), aToConvert.getLength() ) != SECSuccess ) 169*cdf0e10cSrcweir { 170*cdf0e10cSrcweir m_bBroken = true; 171*cdf0e10cSrcweir Dispose(); 172*cdf0e10cSrcweir throw uno::RuntimeException(); 173*cdf0e10cSrcweir } 174*cdf0e10cSrcweir 175*cdf0e10cSrcweir m_nConverted += aToConvert.getLength(); 176*cdf0e10cSrcweir aResult.realloc( nResultLen ); 177*cdf0e10cSrcweir } 178*cdf0e10cSrcweir 179*cdf0e10cSrcweir return aResult; 180*cdf0e10cSrcweir } 181*cdf0e10cSrcweir 182*cdf0e10cSrcweir uno::Sequence< ::sal_Int8 > SAL_CALL OCipherContext::finalizeCipherContextAndDispose() 183*cdf0e10cSrcweir throw (lang::DisposedException, uno::RuntimeException) 184*cdf0e10cSrcweir { 185*cdf0e10cSrcweir ::osl::MutexGuard aGuard( m_aMutex ); 186*cdf0e10cSrcweir 187*cdf0e10cSrcweir if ( m_bBroken ) 188*cdf0e10cSrcweir throw uno::RuntimeException(); 189*cdf0e10cSrcweir 190*cdf0e10cSrcweir if ( m_bDisposed ) 191*cdf0e10cSrcweir throw lang::DisposedException(); 192*cdf0e10cSrcweir 193*cdf0e10cSrcweir OSL_ENSURE( m_nBlockSize <= SAL_MAX_INT8, "Unexpected block size!" ); 194*cdf0e10cSrcweir OSL_ENSURE( m_nConverted % m_nBlockSize == 0, "Unexpected amount of bytes is already converted!" ); 195*cdf0e10cSrcweir sal_Int32 nSizeForPadding = ( m_nConverted + m_aLastBlock.getLength() ) % m_nBlockSize; 196*cdf0e10cSrcweir 197*cdf0e10cSrcweir // if it is decryption, the amount of data should be rounded to the block size even in case of padding 198*cdf0e10cSrcweir if ( ( !m_bPadding || !m_bEncryption ) && nSizeForPadding ) 199*cdf0e10cSrcweir throw uno::RuntimeException( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "The data should contain complete blocks only." ) ), uno::Reference< uno::XInterface >() ); 200*cdf0e10cSrcweir 201*cdf0e10cSrcweir if ( m_bW3CPadding && m_bEncryption ) 202*cdf0e10cSrcweir { 203*cdf0e10cSrcweir // in this case the last block should be smaller than standtard block 204*cdf0e10cSrcweir // it will be increased with the padding 205*cdf0e10cSrcweir OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize, "Unexpected size of cashed incomplete last block!" ); 206*cdf0e10cSrcweir 207*cdf0e10cSrcweir // W3CPadding handling for encryption 208*cdf0e10cSrcweir sal_Int32 nPaddingSize = m_nBlockSize - nSizeForPadding; 209*cdf0e10cSrcweir sal_Int32 nOldLastBlockLen = m_aLastBlock.getLength(); 210*cdf0e10cSrcweir m_aLastBlock.realloc( nOldLastBlockLen + nPaddingSize ); 211*cdf0e10cSrcweir 212*cdf0e10cSrcweir if ( nPaddingSize > 1 ) 213*cdf0e10cSrcweir { 214*cdf0e10cSrcweir TimeValue aTime; 215*cdf0e10cSrcweir osl_getSystemTime( &aTime ); 216*cdf0e10cSrcweir rtlRandomPool aRandomPool = rtl_random_createPool(); 217*cdf0e10cSrcweir rtl_random_addBytes( aRandomPool, &aTime, 8 ); 218*cdf0e10cSrcweir rtl_random_getBytes( aRandomPool, m_aLastBlock.getArray() + nOldLastBlockLen, nPaddingSize - 1 ); 219*cdf0e10cSrcweir rtl_random_destroyPool ( aRandomPool ); 220*cdf0e10cSrcweir } 221*cdf0e10cSrcweir m_aLastBlock[m_aLastBlock.getLength() - 1] = static_cast< sal_Int8 >( nPaddingSize ); 222*cdf0e10cSrcweir } 223*cdf0e10cSrcweir 224*cdf0e10cSrcweir // finally should the last block be smaller than two standard blocks 225*cdf0e10cSrcweir OSL_ENSURE( m_aLastBlock.getLength() < m_nBlockSize * 2 , "Unexpected size of cashed incomplete last block!" ); 226*cdf0e10cSrcweir 227*cdf0e10cSrcweir uno::Sequence< sal_Int8 > aResult; 228*cdf0e10cSrcweir if ( m_aLastBlock.getLength() ) 229*cdf0e10cSrcweir { 230*cdf0e10cSrcweir int nPrefResLen = 0; 231*cdf0e10cSrcweir aResult.realloc( m_aLastBlock.getLength() + m_nBlockSize ); 232*cdf0e10cSrcweir if ( PK11_CipherOp( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() ), &nPrefResLen, aResult.getLength(), const_cast< unsigned char* >( reinterpret_cast< const unsigned char* >( m_aLastBlock.getConstArray() ) ), m_aLastBlock.getLength() ) != SECSuccess ) 233*cdf0e10cSrcweir { 234*cdf0e10cSrcweir m_bBroken = true; 235*cdf0e10cSrcweir Dispose(); 236*cdf0e10cSrcweir throw uno::RuntimeException(); 237*cdf0e10cSrcweir } 238*cdf0e10cSrcweir 239*cdf0e10cSrcweir aResult.realloc( nPrefResLen ); 240*cdf0e10cSrcweir m_aLastBlock.realloc( 0 ); 241*cdf0e10cSrcweir } 242*cdf0e10cSrcweir 243*cdf0e10cSrcweir sal_Int32 nPrefixLen = aResult.getLength(); 244*cdf0e10cSrcweir aResult.realloc( nPrefixLen + m_nBlockSize * 2 ); 245*cdf0e10cSrcweir unsigned nFinalLen = 0; 246*cdf0e10cSrcweir if ( PK11_DigestFinal( m_pContext, reinterpret_cast< unsigned char* >( aResult.getArray() + nPrefixLen ), &nFinalLen, aResult.getLength() - nPrefixLen ) != SECSuccess ) 247*cdf0e10cSrcweir { 248*cdf0e10cSrcweir m_bBroken = true; 249*cdf0e10cSrcweir Dispose(); 250*cdf0e10cSrcweir throw uno::RuntimeException(); 251*cdf0e10cSrcweir } 252*cdf0e10cSrcweir 253*cdf0e10cSrcweir aResult.realloc( nPrefixLen + nFinalLen ); 254*cdf0e10cSrcweir 255*cdf0e10cSrcweir if ( m_bW3CPadding && !m_bEncryption ) 256*cdf0e10cSrcweir { 257*cdf0e10cSrcweir // W3CPadding handling for decryption 258*cdf0e10cSrcweir // aResult should have anough data, since we let m_aLastBlock be big enough in case of decryption 259*cdf0e10cSrcweir OSL_ENSURE( aResult.getLength() >= m_nBlockSize, "Not enough data to handle the padding!" ); 260*cdf0e10cSrcweir 261*cdf0e10cSrcweir sal_Int8 nBytesToRemove = aResult[aResult.getLength() - 1]; 262*cdf0e10cSrcweir if ( nBytesToRemove <= 0 || nBytesToRemove > aResult.getLength() ) 263*cdf0e10cSrcweir { 264*cdf0e10cSrcweir m_bBroken = true; 265*cdf0e10cSrcweir Dispose(); 266*cdf0e10cSrcweir throw uno::RuntimeException(); 267*cdf0e10cSrcweir } 268*cdf0e10cSrcweir 269*cdf0e10cSrcweir aResult.realloc( aResult.getLength() - nBytesToRemove ); 270*cdf0e10cSrcweir } 271*cdf0e10cSrcweir 272*cdf0e10cSrcweir Dispose(); 273*cdf0e10cSrcweir 274*cdf0e10cSrcweir return aResult; 275*cdf0e10cSrcweir } 276*cdf0e10cSrcweir 277