comphelper/CppunitTest_comphelper_test.mk | 1 comphelper/Library_comphelper.mk | 1 comphelper/qa/unit/CryptoTest.cxx | 100 ++++++++++++++ comphelper/source/crypto/Crypto.cxx | 210 +++++++++++++++++------------- include/comphelper/crypto/Crypto.hxx | 99 ++++++++++++++ include/oox/crypto/AgileEngine.hxx | 11 - include/oox/crypto/CryptTools.hxx | 121 ----------------- oox/Library_oox.mk | 1 oox/qa/unit/CryptoTest.cxx | 93 +------------ oox/source/crypto/AgileEngine.cxx | 50 +++---- oox/source/crypto/Standard2007Engine.cxx | 16 +- solenv/clang-format/excludelist | 2 12 files changed, 375 insertions(+), 330 deletions(-)
New commits: commit 5be3d79837395fa1dbc7d6526e318afb69604c6e Author: Tomaž Vajngerl <[email protected]> AuthorDate: Fri Nov 1 12:48:10 2024 +0100 Commit: Miklos Vajna <[email protected]> CommitDate: Mon Nov 11 09:18:11 2024 +0100 move CryptTools from oox to comphelper so we can reuse it Also move the relevant tests and clean-up the names a bit to make it mroe consistent. Change-Id: I929ef9c13b954fd6a506471231d1bc41e4ef9980 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/175926 Tested-by: Jenkins CollaboraOffice <[email protected]> Reviewed-by: Miklos Vajna <[email protected]> diff --git a/comphelper/CppunitTest_comphelper_test.mk b/comphelper/CppunitTest_comphelper_test.mk index 17de701aca26..3fe7c53f746e 100644 --- a/comphelper/CppunitTest_comphelper_test.mk +++ b/comphelper/CppunitTest_comphelper_test.mk @@ -20,6 +20,7 @@ $(eval $(call gb_CppunitTest_add_exception_objects,comphelper_test, \ comphelper/qa/unit/types_test \ comphelper/qa/unit/test_guards \ comphelper/qa/unit/test_traceevent \ + comphelper/qa/unit/CryptoTest \ )) $(eval $(call gb_CppunitTest_use_ure,comphelper_test)) diff --git a/comphelper/Library_comphelper.mk b/comphelper/Library_comphelper.mk index d03dc06dd67f..c8eabde5065c 100644 --- a/comphelper/Library_comphelper.mk +++ b/comphelper/Library_comphelper.mk @@ -75,6 +75,7 @@ $(eval $(call gb_Library_add_exception_objects,comphelper,\ comphelper/source/container/enumerablemap \ comphelper/source/container/enumhelper \ comphelper/source/container/namecontainer \ + comphelper/source/crypto/Crypto \ comphelper/source/eventattachermgr/eventattachermgr \ comphelper/source/misc/accessiblecomponenthelper \ comphelper/source/misc/accessibleeventnotifier \ diff --git a/comphelper/qa/unit/CryptoTest.cxx b/comphelper/qa/unit/CryptoTest.cxx new file mode 100644 index 000000000000..2b0dac47416f --- /dev/null +++ b/comphelper/qa/unit/CryptoTest.cxx @@ -0,0 +1,100 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + */ + +#include <sal/config.h> +#include <config_oox.h> +#include <comphelper/crypto/Crypto.hxx> +#include <comphelper/hash.hxx> + +#include <rtl/ustring.hxx> + +#include <cppunit/TestFixture.h> +#include <cppunit/extensions/HelperMacros.h> + +#if USE_TLS_NSS +#include <nss.h> +#endif + +class CryptoTest : public CppUnit::TestFixture +{ +public: + virtual void tearDown() + { +#if USE_TLS_NSS + NSS_Shutdown(); +#endif + } + + void testCryptoHash(); + void testRoundUp(); + + CPPUNIT_TEST_SUITE(CryptoTest); + CPPUNIT_TEST(testCryptoHash); + CPPUNIT_TEST(testRoundUp); + CPPUNIT_TEST_SUITE_END(); +}; + +void CryptoTest::testCryptoHash() +{ + // Check examples from Wikipedia (https://en.wikipedia.org/wiki/HMAC) + OString aContentString("The quick brown fox jumps over the lazy dog"_ostr); + std::vector<sal_uInt8> aContent(aContentString.getStr(), + aContentString.getStr() + aContentString.getLength()); + std::vector<sal_uInt8> aKey = { 'k', 'e', 'y' }; + { + comphelper::CryptoHash aCryptoHash(aKey, comphelper::CryptoHashType::SHA1); + aCryptoHash.update(aContent); + std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); + CPPUNIT_ASSERT_EQUAL(std::string("de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"), + comphelper::hashToString(aHash)); + } + + { + comphelper::CryptoHash aCryptoHash(aKey, comphelper::CryptoHashType::SHA256); + aCryptoHash.update(aContent); + std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); + CPPUNIT_ASSERT_EQUAL( + std::string("f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"), + comphelper::hashToString(aHash)); + } + + { + comphelper::CryptoHash aCryptoHash(aKey, comphelper::CryptoHashType::SHA384); + aCryptoHash.update(aContent); + std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); + CPPUNIT_ASSERT_EQUAL(std::string("d7f4727e2c0b39ae0f1e40cc96f60242d5b7801841cea6fc592c5d3e1" + "ae50700582a96cf35e1e554995fe4e03381c237"), + comphelper::hashToString(aHash)); + } + + { + comphelper::CryptoHash aCryptoHash(aKey, comphelper::CryptoHashType::SHA512); + aCryptoHash.update(aContent); + std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); + CPPUNIT_ASSERT_EQUAL( + std::string("b42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549" + "f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a"), + comphelper::hashToString(aHash)); + } +} + +void CryptoTest::testRoundUp() +{ + CPPUNIT_ASSERT_EQUAL(16, comphelper::roundUp(16, 16)); + CPPUNIT_ASSERT_EQUAL(32, comphelper::roundUp(32, 16)); + CPPUNIT_ASSERT_EQUAL(64, comphelper::roundUp(64, 16)); + + CPPUNIT_ASSERT_EQUAL(16, comphelper::roundUp(01, 16)); + CPPUNIT_ASSERT_EQUAL(32, comphelper::roundUp(17, 16)); + CPPUNIT_ASSERT_EQUAL(32, comphelper::roundUp(31, 16)); +} + +CPPUNIT_TEST_SUITE_REGISTRATION(CryptoTest); + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/oox/source/crypto/CryptTools.cxx b/comphelper/source/crypto/Crypto.cxx similarity index 70% rename from oox/source/crypto/CryptTools.cxx rename to comphelper/source/crypto/Crypto.cxx index 1244dcb0cb74..414de410d930 100644 --- a/oox/source/crypto/CryptTools.cxx +++ b/comphelper/source/crypto/Crypto.cxx @@ -8,7 +8,7 @@ * */ -#include <oox/crypto/CryptTools.hxx> +#include <comphelper/crypto/Crypto.hxx> #include <com/sun/star/uno/RuntimeException.hpp> #include <sal/types.h> @@ -26,20 +26,20 @@ #include <pk11pub.h> #endif // USE_TLS_NSS -namespace oox::crypto { - +namespace comphelper +{ #if USE_TLS_OPENSSL #if (OPENSSL_VERSION_NUMBER < 0x10100000L) -static HMAC_CTX *HMAC_CTX_new(void) +static HMAC_CTX* HMAC_CTX_new(void) { - HMAC_CTX *pContext = new HMAC_CTX; - HMAC_CTX_init(pContext); - return pContext; + HMAC_CTX* pContext = new HMAC_CTX; + HMAC_CTX_init(pContext); + return pContext; } -static void HMAC_CTX_free(HMAC_CTX *pContext) +static void HMAC_CTX_free(HMAC_CTX* pContext) { HMAC_CTX_cleanup(pContext); delete pContext; @@ -48,17 +48,21 @@ static void HMAC_CTX_free(HMAC_CTX *pContext) namespace { - struct cipher_delete - { - void operator()(EVP_CIPHER_CTX* p) { EVP_CIPHER_CTX_free(p); } - }; +struct cipher_delete +{ + void operator()(EVP_CIPHER_CTX* p) { EVP_CIPHER_CTX_free(p); } +}; - struct hmac_delete +struct hmac_delete +{ + SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_CTX_free' is deprecated + void + operator()(HMAC_CTX* p) { -SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_CTX_free' is deprecated - void operator()(HMAC_CTX* p) { HMAC_CTX_free(p); } -SAL_WNODEPRECATED_DECLARATIONS_POP - }; + HMAC_CTX_free(p); + } + SAL_WNODEPRECATED_DECLARATIONS_POP +}; } struct CryptoImpl @@ -68,7 +72,8 @@ struct CryptoImpl CryptoImpl() = default; - void setupEncryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType eType) + void setupEncryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, + Crypto::CryptoType eType) { mpContext.reset(EVP_CIPHER_CTX_new()); EVP_CIPHER_CTX_init(mpContext.get()); @@ -84,7 +89,8 @@ struct CryptoImpl EVP_CIPHER_CTX_set_padding(mpContext.get(), 0); } - void setupDecryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType eType) + void setupDecryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, + Crypto::CryptoType eType) { mpContext.reset(EVP_CIPHER_CTX_new()); EVP_CIPHER_CTX_init(mpContext.get()); @@ -112,24 +118,28 @@ struct CryptoImpl void setupCryptoHashContext(std::vector<sal_uInt8>& rKey, CryptoHashType eType) { -SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_CTX_new' is deprecated - mpHmacContext.reset(HMAC_CTX_new()); -SAL_WNODEPRECATED_DECLARATIONS_POP + SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_CTX_new' is deprecated + mpHmacContext.reset(HMAC_CTX_new()); + SAL_WNODEPRECATED_DECLARATIONS_POP const EVP_MD* aEvpMd = nullptr; switch (eType) { case CryptoHashType::SHA1: - aEvpMd = EVP_sha1(); break; + aEvpMd = EVP_sha1(); + break; case CryptoHashType::SHA256: - aEvpMd = EVP_sha256(); break; + aEvpMd = EVP_sha256(); + break; case CryptoHashType::SHA384: - aEvpMd = EVP_sha384(); break; + aEvpMd = EVP_sha384(); + break; case CryptoHashType::SHA512: - aEvpMd = EVP_sha512(); break; + aEvpMd = EVP_sha512(); + break; } -SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Init_ex' is deprecated - HMAC_Init_ex(mpHmacContext.get(), rKey.data(), rKey.size(), aEvpMd, nullptr); -SAL_WNODEPRECATED_DECLARATIONS_POP + SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Init_ex' is deprecated + HMAC_Init_ex(mpHmacContext.get(), rKey.data(), rKey.size(), aEvpMd, nullptr); + SAL_WNODEPRECATED_DECLARATIONS_POP } ~CryptoImpl() @@ -140,7 +150,7 @@ SAL_WNODEPRECATED_DECLARATIONS_POP static const EVP_CIPHER* getCipher(Crypto::CryptoType type) { - switch(type) + switch (type) { case Crypto::CryptoType::AES_128_ECB: return EVP_aes_128_ecb(); @@ -163,10 +173,10 @@ struct CryptoImpl { PK11SlotInfo* mSlot; PK11Context* mContext; - SECItem* mSecParam; - PK11SymKey* mSymKey; + SECItem* mSecParam; + PK11SymKey* mSymKey; PK11Context* mWrapKeyContext; - PK11SymKey* mWrapKey; + PK11SymKey* mWrapKey; CryptoImpl() : mSlot(nullptr) @@ -184,7 +194,10 @@ struct CryptoImpl { PRErrorCode error = PR_GetError(); const char* errorText = PR_ErrorToName(error); - throw css::uno::RuntimeException("NSS_NoDB_Init failed with " + OUString(errorText, strlen(errorText), RTL_TEXTENCODING_UTF8) + " (" + OUString::number(static_cast<int>(error)) + ")"); + throw css::uno::RuntimeException( + "NSS_NoDB_Init failed with " + + OUString(errorText, strlen(errorText), RTL_TEXTENCODING_UTF8) + " (" + + OUString::number(static_cast<int>(error)) + ")"); } } } @@ -227,7 +240,8 @@ struct CryptoImpl int wrap_key_len = PK11_GetBestKeyLength(mSlot, wrap_mechanism); mWrapKey = PK11_KeyGen(mSlot, wrap_mechanism, nullptr, wrap_key_len, nullptr); if (!mWrapKey) - throw css::uno::RuntimeException("PK11_KeyGen SymKey failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("PK11_KeyGen SymKey failure", + css::uno::Reference<css::uno::XInterface>()); /* * Encrypt authkey with wrapping key @@ -237,21 +251,26 @@ struct CryptoImpl * Initialization of IV is not needed because PK11_GetBestWrapMechanism should return ECB mode */ SECItem tmp_sec_item = {}; - mWrapKeyContext = PK11_CreateContextBySymKey(wrap_mechanism, CKA_ENCRYPT, mWrapKey, &tmp_sec_item); + mWrapKeyContext + = PK11_CreateContextBySymKey(wrap_mechanism, CKA_ENCRYPT, mWrapKey, &tmp_sec_item); if (!mWrapKeyContext) - throw css::uno::RuntimeException("PK11_CreateContextBySymKey failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("PK11_CreateContextBySymKey failure", + css::uno::Reference<css::uno::XInterface>()); unsigned char wrapped_key_data[MAX_WRAPPED_KEY_LEN]; int wrapped_key_len = sizeof(wrapped_key_data); if (PK11_CipherOp(mWrapKeyContext, wrapped_key_data, &wrapped_key_len, - sizeof(wrapped_key_data), key->data, key->len) != SECSuccess) + sizeof(wrapped_key_data), key->data, key->len) + != SECSuccess) { - throw css::uno::RuntimeException("PK11_CipherOp failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("PK11_CipherOp failure", + css::uno::Reference<css::uno::XInterface>()); } if (PK11_Finalize(mWrapKeyContext) != SECSuccess) - throw css::uno::RuntimeException("PK11_Finalize failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("PK11_Finalize failure", + css::uno::Reference<css::uno::XInterface>()); /* * Finally unwrap sym key @@ -261,28 +280,31 @@ struct CryptoImpl wrapped_key.len = wrapped_key_len; mSymKey = PK11_UnwrapSymKey(mWrapKey, wrap_mechanism, &tmp_sec_item, &wrapped_key, - mechanism, operation, key->len); + mechanism, operation, key->len); } return mSymKey; } - void setupEncryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType type) + void setupEncryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, + CryptoType type) { setupCryptoContext(key, iv, type, CKA_ENCRYPT); } - void setupDecryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType type) + void setupDecryptContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, + CryptoType type) { setupCryptoContext(key, iv, type, CKA_DECRYPT); } - void setupCryptoContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto::CryptoType type, CK_ATTRIBUTE_TYPE operation) + void setupCryptoContext(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, + CryptoType type, CK_ATTRIBUTE_TYPE operation) { CK_MECHANISM_TYPE mechanism = static_cast<CK_ULONG>(-1); SECItem ivItem; ivItem.type = siBuffer; - if(iv.empty()) + if (iv.empty()) ivItem.data = nullptr; else ivItem.data = iv.data(); @@ -290,16 +312,16 @@ struct CryptoImpl SECItem* pIvItem = nullptr; - switch(type) + switch (type) { - case Crypto::CryptoType::AES_128_ECB: + case CryptoType::AES_128_ECB: mechanism = CKM_AES_ECB; break; - case Crypto::CryptoType::AES_128_CBC: + case CryptoType::AES_128_CBC: mechanism = CKM_AES_CBC; pIvItem = &ivItem; break; - case Crypto::CryptoType::AES_256_CBC: + case CryptoType::AES_256_CBC: mechanism = CKM_AES_CBC; pIvItem = &ivItem; break; @@ -310,16 +332,18 @@ struct CryptoImpl mSlot = PK11_GetBestSlot(mechanism, nullptr); if (!mSlot) - throw css::uno::RuntimeException("NSS Slot failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("NSS Slot failure", + css::uno::Reference<css::uno::XInterface>()); SECItem keyItem; keyItem.type = siBuffer; keyItem.data = key.data(); - keyItem.len = key.size(); + keyItem.len = key.size(); mSymKey = ImportSymKey(mechanism, CKA_ENCRYPT, &keyItem); if (!mSymKey) - throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("NSS SymKey failure", + css::uno::Reference<css::uno::XInterface>()); mSecParam = PK11_ParamFromIV(mechanism, pIvItem); mContext = PK11_CreateContextBySymKey(mechanism, operation, mSymKey, mSecParam); @@ -329,7 +353,7 @@ struct CryptoImpl { CK_MECHANISM_TYPE aMechanism = static_cast<CK_ULONG>(-1); - switch(eType) + switch (eType) { case CryptoHashType::SHA1: aMechanism = CKM_SHA_1_HMAC; @@ -348,15 +372,17 @@ struct CryptoImpl mSlot = PK11_GetBestSlot(aMechanism, nullptr); if (!mSlot) - throw css::uno::RuntimeException("NSS Slot failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("NSS Slot failure", + css::uno::Reference<css::uno::XInterface>()); SECItem aKeyItem; aKeyItem.data = rKey.data(); - aKeyItem.len = rKey.size(); + aKeyItem.len = rKey.size(); mSymKey = ImportSymKey(aMechanism, CKA_SIGN, &aKeyItem); if (!mSymKey) - throw css::uno::RuntimeException("NSS SymKey failure", css::uno::Reference<css::uno::XInterface>()); + throw css::uno::RuntimeException("NSS SymKey failure", + css::uno::Reference<css::uno::XInterface>()); SECItem param; param.data = nullptr; @@ -366,7 +392,8 @@ struct CryptoImpl }; #else struct CryptoImpl -{}; +{ +}; #endif Crypto::Crypto() @@ -374,9 +401,7 @@ Crypto::Crypto() { } -Crypto::~Crypto() -{ -} +Crypto::~Crypto() {} // DECRYPT @@ -391,12 +416,14 @@ Decrypt::Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto #endif } -sal_uInt32 Decrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, sal_uInt32 inputLength) +sal_uInt32 Decrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, + sal_uInt32 inputLength) { int outputLength = 0; #if USE_TLS_OPENSSL + USE_TLS_NSS > 0 - sal_uInt32 actualInputLength = inputLength == 0 || inputLength > input.size() ? input.size() : inputLength; + sal_uInt32 actualInputLength + = inputLength == 0 || inputLength > input.size() ? input.size() : inputLength; #else (void)output; (void)input; @@ -404,23 +431,26 @@ sal_uInt32 Decrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8 #endif #if USE_TLS_OPENSSL - (void)EVP_DecryptUpdate(mpImpl->mpContext.get(), output.data(), &outputLength, input.data(), actualInputLength); + (void)EVP_DecryptUpdate(mpImpl->mpContext.get(), output.data(), &outputLength, input.data(), + actualInputLength); #endif // USE_TLS_OPENSSL #if USE_TLS_NSS if (!mpImpl->mContext) return 0; - (void)PK11_CipherOp(mpImpl->mContext, output.data(), &outputLength, actualInputLength, input.data(), actualInputLength); + (void)PK11_CipherOp(mpImpl->mContext, output.data(), &outputLength, actualInputLength, + input.data(), actualInputLength); #endif // USE_TLS_NSS return static_cast<sal_uInt32>(outputLength); } -sal_uInt32 Decrypt::aes128ecb(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, std::vector<sal_uInt8>& key) +sal_uInt32 Decrypt::aes128ecb(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, + std::vector<sal_uInt8>& key) { sal_uInt32 outputLength = 0; std::vector<sal_uInt8> iv; - Decrypt crypto(key, iv, Crypto::AES_128_ECB); + Decrypt crypto(key, iv, CryptoType::AES_128_ECB); outputLength = crypto.update(output, input); return outputLength; } @@ -438,12 +468,14 @@ Encrypt::Encrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, Crypto #endif } -sal_uInt32 Encrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, sal_uInt32 inputLength) +sal_uInt32 Encrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, + sal_uInt32 inputLength) { int outputLength = 0; #if USE_TLS_OPENSSL + USE_TLS_NSS > 0 - sal_uInt32 actualInputLength = inputLength == 0 || inputLength > input.size() ? input.size() : inputLength; + sal_uInt32 actualInputLength + = inputLength == 0 || inputLength > input.size() ? input.size() : inputLength; #else (void)output; (void)input; @@ -451,11 +483,13 @@ sal_uInt32 Encrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8 #endif #if USE_TLS_OPENSSL - (void)EVP_EncryptUpdate(mpImpl->mpContext.get(), output.data(), &outputLength, input.data(), actualInputLength); + (void)EVP_EncryptUpdate(mpImpl->mpContext.get(), output.data(), &outputLength, input.data(), + actualInputLength); #endif // USE_TLS_OPENSSL #if USE_TLS_NSS - (void)PK11_CipherOp(mpImpl->mContext, output.data(), &outputLength, actualInputLength, input.data(), actualInputLength); + (void)PK11_CipherOp(mpImpl->mContext, output.data(), &outputLength, actualInputLength, + input.data(), actualInputLength); #endif // USE_TLS_NSS return static_cast<sal_uInt32>(outputLength); @@ -465,15 +499,18 @@ sal_uInt32 Encrypt::update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8 namespace { - sal_Int32 getSizeForHashType(CryptoHashType eType) { switch (eType) { - case CryptoHashType::SHA1: return 20; - case CryptoHashType::SHA256: return 32; - case CryptoHashType::SHA384: return 48; - case CryptoHashType::SHA512: return 64; + case CryptoHashType::SHA1: + return 20; + case CryptoHashType::SHA256: + return 32; + case CryptoHashType::SHA384: + return 48; + case CryptoHashType::SHA512: + return 64; } return 0; } @@ -498,16 +535,18 @@ CryptoHash::CryptoHash(std::vector<sal_uInt8>& rKey, CryptoHashType eType) bool CryptoHash::update(std::vector<sal_uInt8>& rInput, sal_uInt32 nInputLength) { #if USE_TLS_OPENSSL + USE_TLS_NSS > 0 - sal_uInt32 nActualInputLength = (nInputLength == 0 || nInputLength > rInput.size()) ? rInput.size() : nInputLength; + sal_uInt32 nActualInputLength + = (nInputLength == 0 || nInputLength > rInput.size()) ? rInput.size() : nInputLength; #else (void)rInput; (void)nInputLength; #endif #if USE_TLS_OPENSSL -SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Update' is deprecated - return HMAC_Update(mpImpl->mpHmacContext.get(), rInput.data(), nActualInputLength) != 0; -SAL_WNODEPRECATED_DECLARATIONS_POP + SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Update' is deprecated + return HMAC_Update(mpImpl->mpHmacContext.get(), rInput.data(), nActualInputLength) + != 0; + SAL_WNODEPRECATED_DECLARATIONS_POP #elif USE_TLS_NSS return PK11_DigestOp(mpImpl->mContext, rInput.data(), nActualInputLength) == SECSuccess; #else @@ -518,19 +557,18 @@ SAL_WNODEPRECATED_DECLARATIONS_POP std::vector<sal_uInt8> CryptoHash::finalize() { std::vector<sal_uInt8> aHash(mnHashSize, 0); - unsigned int nSizeWritten; #if USE_TLS_OPENSSL -SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Final' is deprecated - (void) HMAC_Final(mpImpl->mpHmacContext.get(), aHash.data(), &nSizeWritten); -SAL_WNODEPRECATED_DECLARATIONS_POP + unsigned int nSizeWritten = 0; + SAL_WNODEPRECATED_DECLARATIONS_PUSH // 'HMAC_Final' is deprecated + (void) HMAC_Final(mpImpl->mpHmacContext.get(), aHash.data(), &nSizeWritten); + SAL_WNODEPRECATED_DECLARATIONS_POP #elif USE_TLS_NSS + unsigned int nSizeWritten = 0; PK11_DigestFinal(mpImpl->mContext, aHash.data(), &nSizeWritten, aHash.size()); #endif - (void)nSizeWritten; - return aHash; } -} // namespace oox::crypto +} // namespace comphelper /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/include/comphelper/crypto/Crypto.hxx b/include/comphelper/crypto/Crypto.hxx new file mode 100644 index 000000000000..aba89642652a --- /dev/null +++ b/include/comphelper/crypto/Crypto.hxx @@ -0,0 +1,99 @@ +/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ +/* + * This file is part of the LibreOffice project. + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + */ + +#pragma once + +#include <comphelper/comphelperdllapi.h> +#include <sal/types.h> + +#include <vector> +#include <memory> + +namespace comphelper +{ +/** Rounds up the input to the nearest multiple + * + * For example: + * input 1, multiple 16 = 16 + * input 16, multiple 16 = 16 + * input 17, multiple 16 = 32 + * input 31, multiple 16 = 32 + */ +template <typename T> T roundUp(T input, T multiple) +{ + if (input % multiple == 0) + return input; + return ((input / multiple) * multiple) + multiple; +} + +enum class CryptoHashType +{ + SHA1, + SHA256, + SHA384, + SHA512 +}; + +enum class CryptoType +{ + UNKNOWN, + AES_128_ECB, + AES_128_CBC, + AES_256_CBC, +}; + +struct CryptoImpl; + +class COMPHELPER_DLLPUBLIC Crypto +{ +protected: + std::unique_ptr<CryptoImpl> mpImpl; + +protected: + Crypto(); + +public: + virtual ~Crypto(); +}; + +class COMPHELPER_DLLPUBLIC Decrypt final : public Crypto +{ +public: + Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type); + + sal_uInt32 update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, + sal_uInt32 inputLength = 0); + + static sal_uInt32 aes128ecb(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, + std::vector<sal_uInt8>& key); +}; + +class COMPHELPER_DLLPUBLIC Encrypt final : public Crypto +{ +public: + Encrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type); + + sal_uInt32 update(std::vector<sal_uInt8>& output, std::vector<sal_uInt8>& input, + sal_uInt32 inputLength = 0); +}; + +class COMPHELPER_DLLPUBLIC CryptoHash final : public Crypto +{ + sal_Int32 mnHashSize; + +public: + CryptoHash(std::vector<sal_uInt8>& rKey, CryptoHashType eType); + bool update(std::vector<sal_uInt8>& rInput, sal_uInt32 nInputLength = 0); + std::vector<sal_uInt8> finalize(); +}; + +} // namespace comphelper + +/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/include/oox/crypto/AgileEngine.hxx b/include/oox/crypto/AgileEngine.hxx index 07ce3cb5eeb1..bccb30eaef3e 100644 --- a/include/oox/crypto/AgileEngine.hxx +++ b/include/oox/crypto/AgileEngine.hxx @@ -8,16 +8,15 @@ * */ -#ifndef INCLUDED_OOX_CRYPTO_AGILEENGINE_HXX -#define INCLUDED_OOX_CRYPTO_AGILEENGINE_HXX +#pragma once #include <vector> #include <oox/dllapi.h> -#include <oox/crypto/CryptTools.hxx> #include <oox/crypto/CryptoEngine.hxx> #include <rtl/ustring.hxx> #include <sal/types.h> +#include <comphelper/crypto/Crypto.hxx> namespace oox { class BinaryXInputStream; @@ -94,7 +93,7 @@ private: std::vector<sal_uInt8>& rInput, std::vector<sal_uInt8>& rOutput); - static Crypto::CryptoType cryptoType(const AgileEncryptionInfo& rInfo); + static comphelper::CryptoType cryptoType(const AgileEncryptionInfo& rInfo); public: AgileEngine(); @@ -141,8 +140,6 @@ public: bool setupEncryptionKey(OUString const & rPassword); }; -} // namespace oox::crypto - -#endif +} // namespace comphelper::crypto /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/include/oox/crypto/CryptTools.hxx b/include/oox/crypto/CryptTools.hxx deleted file mode 100644 index 10382b979380..000000000000 --- a/include/oox/crypto/CryptTools.hxx +++ /dev/null @@ -1,121 +0,0 @@ -/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */ -/* - * This file is part of the LibreOffice project. - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * This file incorporates work covered by the following license notice: - * - * Licensed to the Apache Software Foundation (ASF) under one or more - * contributor license agreements. See the NOTICE file distributed - * with this work for additional information regarding copyright - * ownership. The ASF licenses this file to you under the Apache - * License, Version 2.0 (the "License"); you may not use this file - * except in compliance with the License. You may obtain a copy of - * the License at http://www.apache.org/licenses/LICENSE-2.0 . - */ - -#ifndef INCLUDED_OOX_CRYPTO_CRYPTTOOLS_HXX -#define INCLUDED_OOX_CRYPTO_CRYPTTOOLS_HXX - -#include <oox/dllapi.h> -#include <sal/types.h> - -#include <vector> -#include <memory> - -namespace oox::crypto { - -/** Rounds up the input to the nearest multiple - * - * For example: - * input 1, multiple 16 = 16 - * input 16, multiple 16 = 16 - * input 17, multiple 16 = 32 - * input 31, multiple 16 = 32 - */ -template<typename T> -T roundUp(T input, T multiple) -{ - if (input % multiple == 0) - return input; - return ((input / multiple) * multiple) + multiple; -} - -enum class CryptoHashType -{ - SHA1, - SHA256, - SHA384, - SHA512 -}; - -struct CryptoImpl; - -class OOX_DLLPUBLIC Crypto -{ -public: - enum CryptoType - { - UNKNOWN, - AES_128_ECB, - AES_128_CBC, - AES_256_CBC, - }; - -protected: - std::unique_ptr<CryptoImpl> mpImpl; - -protected: - Crypto(); - -public: - virtual ~Crypto(); -}; - -class Decrypt final : public Crypto -{ -public: - Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type); - - sal_uInt32 update( - std::vector<sal_uInt8>& output, - std::vector<sal_uInt8>& input, - sal_uInt32 inputLength = 0); - - - static sal_uInt32 aes128ecb( - std::vector<sal_uInt8>& output, - std::vector<sal_uInt8>& input, - std::vector<sal_uInt8>& key ); - -}; - -class Encrypt final : public Crypto -{ -public: - Encrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type); - - sal_uInt32 update( - std::vector<sal_uInt8>& output, - std::vector<sal_uInt8>& input, - sal_uInt32 inputLength = 0); -}; - -class OOX_DLLPUBLIC CryptoHash final : public Crypto -{ - sal_Int32 mnHashSize; -public: - CryptoHash(std::vector<sal_uInt8>& rKey, CryptoHashType eType); - bool update(std::vector<sal_uInt8>& rInput, sal_uInt32 nInputLength = 0); - std::vector<sal_uInt8> finalize(); -}; - - -} // namespace oox::crypto - -#endif - -/* vim:set shiftwidth=4 softtabstop=4 expandtab: */ diff --git a/oox/Library_oox.mk b/oox/Library_oox.mk index 3043d7345f3d..42c679e43d56 100644 --- a/oox/Library_oox.mk +++ b/oox/Library_oox.mk @@ -135,7 +135,6 @@ $(eval $(call gb_Library_add_exception_objects,oox,\ oox/source/core/relationshandler \ oox/source/core/xmlfilterbase \ oox/source/crypto/AgileEngine \ - oox/source/crypto/CryptTools \ oox/source/crypto/DocumentEncryption \ oox/source/crypto/DocumentDecryption \ oox/source/crypto/Standard2007Engine \ diff --git a/oox/qa/unit/CryptoTest.cxx b/oox/qa/unit/CryptoTest.cxx index be04c928045e..b3f0f5d5e3c6 100644 --- a/oox/qa/unit/CryptoTest.cxx +++ b/oox/qa/unit/CryptoTest.cxx @@ -31,8 +31,7 @@ class CryptoTest : public CppUnit::TestFixture { public: virtual ~CryptoTest() override; - void testCryptoHash(); - void testRoundUp(); + void testStandard2007(); void testAgileEncryptionVerifier(); void testAgileEncryptionInfoWritingAndParsing(); @@ -40,8 +39,6 @@ public: void testAgileEncryptingAndDecrypting(); CPPUNIT_TEST_SUITE(CryptoTest); - CPPUNIT_TEST(testCryptoHash); - CPPUNIT_TEST(testRoundUp); CPPUNIT_TEST(testStandard2007); CPPUNIT_TEST(testAgileEncryptionVerifier); CPPUNIT_TEST(testAgileEncryptionInfoWritingAndParsing); @@ -50,20 +47,6 @@ public: CPPUNIT_TEST_SUITE_END(); }; -namespace -{ -std::string toString(std::vector<sal_uInt8> const& aInput) -{ - std::stringstream aStream; - for (auto const& aValue : aInput) - { - aStream << std::setw(2) << std::setfill('0') << std::hex << static_cast<int>(aValue); - } - - return aStream.str(); -} -} - CryptoTest::~CryptoTest() { #if USE_TLS_NSS @@ -71,61 +54,6 @@ CryptoTest::~CryptoTest() #endif } -void CryptoTest::testCryptoHash() -{ - // Check examples from Wikipedia (https://en.wikipedia.org/wiki/HMAC) - OString aContentString("The quick brown fox jumps over the lazy dog"_ostr); - std::vector<sal_uInt8> aContent(aContentString.getStr(), - aContentString.getStr() + aContentString.getLength()); - std::vector<sal_uInt8> aKey = { 'k', 'e', 'y' }; - { - oox::crypto::CryptoHash aCryptoHash(aKey, oox::crypto::CryptoHashType::SHA1); - aCryptoHash.update(aContent); - std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); - CPPUNIT_ASSERT_EQUAL(std::string("de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"), - toString(aHash)); - } - - { - oox::crypto::CryptoHash aCryptoHash(aKey, oox::crypto::CryptoHashType::SHA256); - aCryptoHash.update(aContent); - std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); - CPPUNIT_ASSERT_EQUAL( - std::string("f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"), - toString(aHash)); - } - - { - oox::crypto::CryptoHash aCryptoHash(aKey, oox::crypto::CryptoHashType::SHA384); - aCryptoHash.update(aContent); - std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); - CPPUNIT_ASSERT_EQUAL(std::string("d7f4727e2c0b39ae0f1e40cc96f60242d5b7801841cea6fc592c5d3e1" - "ae50700582a96cf35e1e554995fe4e03381c237"), - toString(aHash)); - } - - { - oox::crypto::CryptoHash aCryptoHash(aKey, oox::crypto::CryptoHashType::SHA512); - aCryptoHash.update(aContent); - std::vector<sal_uInt8> aHash = aCryptoHash.finalize(); - CPPUNIT_ASSERT_EQUAL( - std::string("b42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549" - "f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a"), - toString(aHash)); - } -} - -void CryptoTest::testRoundUp() -{ - CPPUNIT_ASSERT_EQUAL(16, oox::crypto::roundUp(16, 16)); - CPPUNIT_ASSERT_EQUAL(32, oox::crypto::roundUp(32, 16)); - CPPUNIT_ASSERT_EQUAL(64, oox::crypto::roundUp(64, 16)); - - CPPUNIT_ASSERT_EQUAL(16, oox::crypto::roundUp(01, 16)); - CPPUNIT_ASSERT_EQUAL(32, oox::crypto::roundUp(17, 16)); - CPPUNIT_ASSERT_EQUAL(32, oox::crypto::roundUp(31, 16)); -} - void CryptoTest::testStandard2007() { oox::crypto::Standard2007Engine aEngine; @@ -265,7 +193,8 @@ void CryptoTest::testAgileEncryptionInfoWritingAndParsing() CPPUNIT_ASSERT_EQUAL(OUString("AES"), rInfo.cipherAlgorithm); CPPUNIT_ASSERT_EQUAL(OUString("ChainingModeCBC"), rInfo.cipherChaining); CPPUNIT_ASSERT_EQUAL(OUString("SHA1"), rInfo.hashAlgorithm); - CPPUNIT_ASSERT_EQUAL(toString(aKeyDataSalt), toString(rInfo.keyDataSalt)); + CPPUNIT_ASSERT_EQUAL(comphelper::hashToString(aKeyDataSalt), + comphelper::hashToString(rInfo.keyDataSalt)); CPPUNIT_ASSERT_EQUAL(false, aEngine.decryptAndCheckVerifierHash("Wrong")); CPPUNIT_ASSERT_EQUAL(true, aEngine.decryptAndCheckVerifierHash(aPassword)); @@ -311,7 +240,8 @@ void CryptoTest::testAgileEncryptionInfoWritingAndParsing() CPPUNIT_ASSERT_EQUAL(OUString("AES"), rInfo.cipherAlgorithm); CPPUNIT_ASSERT_EQUAL(OUString("ChainingModeCBC"), rInfo.cipherChaining); CPPUNIT_ASSERT_EQUAL(OUString("SHA384"), rInfo.hashAlgorithm); - CPPUNIT_ASSERT_EQUAL(toString(aKeyDataSalt), toString(rInfo.keyDataSalt)); + CPPUNIT_ASSERT_EQUAL(comphelper::hashToString(aKeyDataSalt), + comphelper::hashToString(rInfo.keyDataSalt)); CPPUNIT_ASSERT_EQUAL(false, aEngine.decryptAndCheckVerifierHash("Wrong")); CPPUNIT_ASSERT_EQUAL(true, aEngine.decryptAndCheckVerifierHash(aPassword)); @@ -357,7 +287,8 @@ void CryptoTest::testAgileEncryptionInfoWritingAndParsing() CPPUNIT_ASSERT_EQUAL(OUString("AES"), rInfo.cipherAlgorithm); CPPUNIT_ASSERT_EQUAL(OUString("ChainingModeCBC"), rInfo.cipherChaining); CPPUNIT_ASSERT_EQUAL(OUString("SHA512"), rInfo.hashAlgorithm); - CPPUNIT_ASSERT_EQUAL(toString(aKeyDataSalt), toString(rInfo.keyDataSalt)); + CPPUNIT_ASSERT_EQUAL(comphelper::hashToString(aKeyDataSalt), + comphelper::hashToString(rInfo.keyDataSalt)); CPPUNIT_ASSERT_EQUAL(false, aEngine.decryptAndCheckVerifierHash("Wrong")); CPPUNIT_ASSERT_EQUAL(true, aEngine.decryptAndCheckVerifierHash(aPassword)); @@ -401,13 +332,15 @@ void CryptoTest::testAgileDataIntegrityHmacKey() CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream)); CPPUNIT_ASSERT(aEngine.generateEncryptionKey(aPassword)); - CPPUNIT_ASSERT_EQUAL(toString(aKeyDataSalt), toString(aEngine.getInfo().keyDataSalt)); + CPPUNIT_ASSERT_EQUAL(comphelper::hashToString(aKeyDataSalt), + comphelper::hashToString(aEngine.getInfo().keyDataSalt)); - CPPUNIT_ASSERT_EQUAL(toString(aHmacEncryptedKey), - toString(aEngine.getInfo().hmacEncryptedKey)); + CPPUNIT_ASSERT_EQUAL(comphelper::hashToString(aHmacEncryptedKey), + comphelper::hashToString(aEngine.getInfo().hmacEncryptedKey)); CPPUNIT_ASSERT_EQUAL(size_t(64), aHmacKey.size()); - CPPUNIT_ASSERT_EQUAL(toString(aHmacKey), toString(aEngine.getInfo().hmacKey)); + CPPUNIT_ASSERT_EQUAL(comphelper::hashToString(aHmacKey), + comphelper::hashToString(aEngine.getInfo().hmacKey)); } } diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx index 36fda7002b7d..f52376c15e45 100644 --- a/oox/source/crypto/AgileEngine.cxx +++ b/oox/source/crypto/AgileEngine.cxx @@ -221,14 +221,14 @@ bool hashCalc(std::vector<sal_uInt8>& output, return false; } -CryptoHashType cryptoHashTypeFromString(std::u16string_view sAlgorithm) +comphelper::CryptoHashType cryptoHashTypeFromString(std::u16string_view sAlgorithm) { if (sAlgorithm == u"SHA512") - return CryptoHashType::SHA512; + return comphelper::CryptoHashType::SHA512; else if (sAlgorithm == u"SHA384") - return CryptoHashType::SHA384; + return comphelper::CryptoHashType::SHA384; else - return CryptoHashType::SHA1; + return comphelper::CryptoHashType::SHA1; } } // namespace @@ -237,13 +237,13 @@ AgileEngine::AgileEngine() : meEncryptionPreset(AgileEncryptionPreset::AES_256_SHA512) {} -Crypto::CryptoType AgileEngine::cryptoType(const AgileEncryptionInfo& rInfo) +comphelper::CryptoType AgileEngine::cryptoType(const AgileEncryptionInfo& rInfo) { if (rInfo.keyBits == 128 && rInfo.cipherAlgorithm == "AES" && rInfo.cipherChaining == "ChainingModeCBC") - return Crypto::AES_128_CBC; + return comphelper::CryptoType::AES_128_CBC; else if (rInfo.keyBits == 256 && rInfo.cipherAlgorithm == "AES" && rInfo.cipherChaining == "ChainingModeCBC") - return Crypto::AES_256_CBC; - return Crypto::UNKNOWN; + return comphelper::CryptoType::AES_256_CBC; + return comphelper::CryptoType::UNKNOWN; } static std::vector<sal_uInt8> calculateIV(comphelper::HashType eType, @@ -255,7 +255,7 @@ static std::vector<sal_uInt8> calculateIV(comphelper::HashType eType, aHasher.update(rSalt.data(), rSalt.size()); aHasher.update(rBlock.data(), rBlock.size()); std::vector<sal_uInt8> aIV = aHasher.finalize(); - aIV.resize(roundUp(sal_Int32(aIV.size()), nCipherBlockSize), 0x36); + aIV.resize(comphelper::roundUp(sal_Int32(aIV.size()), nCipherBlockSize), 0x36); return aIV; } @@ -277,7 +277,7 @@ void AgileEngine::calculateBlock( std::copy(hash.begin(), hash.begin() + keySize, key.begin()); - Decrypt aDecryptor(key, mInfo.saltValue, cryptoType(mInfo)); + comphelper::Decrypt aDecryptor(key, mInfo.saltValue, cryptoType(mInfo)); aDecryptor.update(rOutput, rInput); } @@ -299,7 +299,7 @@ void AgileEngine::encryptBlock( std::copy(hash.begin(), hash.begin() + keySize, key.begin()); - Encrypt aEncryptor(key, mInfo.saltValue, cryptoType(mInfo)); + comphelper::Encrypt aEncryptor(key, mInfo.saltValue, cryptoType(mInfo)); aEncryptor.update(rOutput, rInput); } @@ -341,7 +341,7 @@ bool AgileEngine::decryptAndCheckVerifierHash(OUString const & rPassword) std::vector<sal_uInt8>& encryptedHashInput = mInfo.encryptedVerifierHashInput; // SALT - needs to be a multiple of block size (?) - sal_uInt32 nSaltSize = roundUp(mInfo.saltSize, mInfo.blockSize); + sal_uInt32 nSaltSize = comphelper::roundUp(mInfo.saltSize, mInfo.blockSize); if (nSaltSize < encryptedHashInput.size()) return false; std::vector<sal_uInt8> hashInput(nSaltSize, 0); @@ -403,7 +403,7 @@ bool AgileEngine::decryptHmacKey() std::vector<sal_uInt8> iv = calculateIV(eType, mInfo.keyDataSalt, constBlockHmac1, mInfo.blockSize); // Decrypt without key, calculated iv - Decrypt aDecrypt(mKey, iv, cryptoType(mInfo)); + comphelper::Decrypt aDecrypt(mKey, iv, cryptoType(mInfo)); aDecrypt.update(mInfo.hmacKey, mInfo.hmacEncryptedKey); mInfo.hmacKey.resize(mInfo.hashSize, 0); @@ -430,7 +430,7 @@ bool AgileEngine::decryptHmacValue() std::vector<sal_uInt8> iv = calculateIV(eType, mInfo.keyDataSalt, constBlockHmac2, mInfo.blockSize); // Decrypt without key, calculated iv - Decrypt aDecrypt(mKey, iv, cryptoType(mInfo)); + comphelper::Decrypt aDecrypt(mKey, iv, cryptoType(mInfo)); aDecrypt.update(mInfo.hmacHash, mInfo.hmacEncryptedValue); mInfo.hmacHash.resize(mInfo.hashSize, 0); @@ -449,7 +449,7 @@ bool AgileEngine::checkDataIntegrity() bool AgileEngine::decrypt(BinaryXInputStream& aInputStream, BinaryXOutputStream& aOutputStream) { - CryptoHash aCryptoHash(mInfo.hmacKey, cryptoHashTypeFromString(mInfo.hashAlgorithm)); + comphelper::CryptoHash aCryptoHash(mInfo.hmacKey, cryptoHashTypeFromString(mInfo.hashAlgorithm)); sal_uInt32 totalSize = aInputStream.readuInt32(); // Document unencrypted size - 4 bytes // account for size in HMAC @@ -495,7 +495,7 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream, // Only if hash > keySize std::copy(hash.begin(), hash.begin() + keySize, iv.begin()); - Decrypt aDecryptor(mKey, iv, AgileEngine::cryptoType(mInfo)); + comphelper::Decrypt aDecryptor(mKey, iv, cryptoType(mInfo)); outputLength = aDecryptor.update(outputBuffer, inputBuffer, inputLength); sal_uInt32 writeLength = std::min(outputLength, remaining); @@ -596,7 +596,7 @@ bool AgileEngine::generateAndEncryptVerifierHash(OUString const & rPassword) return false; // HASH - needs to be modified to be multiple of block size - sal_Int32 nVerifierHash = roundUp(mInfo.hashSize, mInfo.blockSize); + sal_Int32 nVerifierHash = comphelper::roundUp(mInfo.hashSize, mInfo.blockSize); std::vector<sal_uInt8> unencryptedVerifierHashValue; if (!hashCalc(unencryptedVerifierHashValue, unencryptedVerifierHashInput, mInfo.hashAlgorithm)) return false; @@ -622,7 +622,7 @@ bool AgileEngine::encryptHmacKey() return false; // Encrypted salt must be multiple of block size - sal_Int32 nEncryptedSaltSize = oox::crypto::roundUp(mInfo.hashSize, mInfo.blockSize); + sal_Int32 nEncryptedSaltSize = comphelper::roundUp(mInfo.hashSize, mInfo.blockSize); // We need to extend hmacSalt to multiple of block size, padding with 0x36 std::vector<sal_uInt8> extendedSalt(mInfo.hmacKey); @@ -646,7 +646,7 @@ bool AgileEngine::encryptHmacKey() std::vector<sal_uInt8> iv = calculateIV(eType, mInfo.keyDataSalt, constBlockHmac1, mInfo.blockSize); // Encrypt without key, calculated iv - Encrypt aEncryptor(mKey, iv, cryptoType(mInfo)); + comphelper::Encrypt aEncryptor(mKey, iv, cryptoType(mInfo)); aEncryptor.update(mInfo.hmacEncryptedKey, extendedSalt); return true; @@ -654,7 +654,7 @@ bool AgileEngine::encryptHmacKey() bool AgileEngine::encryptHmacValue() { - sal_Int32 nEncryptedValueSize = roundUp(mInfo.hashSize, mInfo.blockSize); + sal_Int32 nEncryptedValueSize = comphelper::roundUp(mInfo.hashSize, mInfo.blockSize); mInfo.hmacEncryptedValue.clear(); mInfo.hmacEncryptedValue.resize(nEncryptedValueSize, 0); @@ -675,7 +675,7 @@ bool AgileEngine::encryptHmacValue() std::vector<sal_uInt8> iv = calculateIV(eType, mInfo.keyDataSalt, constBlockHmac2, mInfo.blockSize); // Encrypt without key, calculated iv - Encrypt aEncryptor(mKey, iv, cryptoType(mInfo)); + comphelper::Encrypt aEncryptor(mKey, iv, cryptoType(mInfo)); aEncryptor.update(mInfo.hmacEncryptedValue, extendedHash); return true; @@ -729,7 +729,7 @@ void AgileEngine::setupEncryptionParameters(AgileEncryptionParameters const & rA mInfo.keyDataSalt.resize(mInfo.saltSize); mInfo.saltValue.resize(mInfo.saltSize); mInfo.encryptedVerifierHashInput.resize(mInfo.saltSize); - mInfo.encryptedVerifierHashValue.resize(roundUp(mInfo.hashSize, mInfo.blockSize), 0); + mInfo.encryptedVerifierHashValue.resize(comphelper::roundUp(mInfo.hashSize, mInfo.blockSize), 0); } bool AgileEngine::setupEncryptionKey(OUString const & rPassword) @@ -806,7 +806,7 @@ void AgileEngine::encrypt(const css::uno::Reference<css::io::XInputStream> & rx css::uno::Reference<css::io::XOutputStream> & rxOutputStream, sal_uInt32 nSize) { - CryptoHash aCryptoHash(mInfo.hmacKey, cryptoHashTypeFromString(mInfo.hashAlgorithm)); + comphelper::CryptoHash aCryptoHash(mInfo.hmacKey, cryptoHashTypeFromString(mInfo.hashAlgorithm)); BinaryXOutputStream aBinaryOutputStream(rxOutputStream, false); BinaryXInputStream aBinaryInputStream(rxInputStream, false); @@ -842,7 +842,7 @@ void AgileEngine::encrypt(const css::uno::Reference<css::io::XInputStream> & rx while ((inputLength = aBinaryInputStream.readMemory(inputBuffer.data(), inputBuffer.size())) > 0) { sal_uInt32 correctedInputLength = inputLength % mInfo.blockSize == 0 ? - inputLength : oox::crypto::roundUp(inputLength, sal_uInt32(mInfo.blockSize)); + inputLength : comphelper::roundUp(inputLength, sal_uInt32(mInfo.blockSize)); // Update Key auto p = saltWithBlockKey.begin() + saltSize; @@ -856,7 +856,7 @@ void AgileEngine::encrypt(const css::uno::Reference<css::io::XInputStream> & rx // Only if hash > keySize std::copy(hash.begin(), hash.begin() + keySize, iv.begin()); - Encrypt aEncryptor(mKey, iv, AgileEngine::cryptoType(mInfo)); + comphelper::Encrypt aEncryptor(mKey, iv, AgileEngine::cryptoType(mInfo)); outputLength = aEncryptor.update(outputBuffer, inputBuffer, correctedInputLength); aBinaryOutputStream.writeMemory(outputBuffer.data(), outputLength); aCryptoHash.update(outputBuffer, outputLength); diff --git a/oox/source/crypto/Standard2007Engine.cxx b/oox/source/crypto/Standard2007Engine.cxx index bcc3dc558ff3..01b89aadd51e 100644 --- a/oox/source/crypto/Standard2007Engine.cxx +++ b/oox/source/crypto/Standard2007Engine.cxx @@ -10,11 +10,11 @@ #include <oox/crypto/Standard2007Engine.hxx> -#include <oox/crypto/CryptTools.hxx> #include <oox/helper/binaryinputstream.hxx> #include <oox/helper/binaryoutputstream.hxx> #include <rtl/random.h> +#include <comphelper/crypto/Crypto.hxx> #include <comphelper/hash.hxx> namespace oox::crypto { @@ -50,7 +50,7 @@ bool Standard2007Engine::generateVerifier() lclRandomGenerateValues(verifier.data(), verifier.size()); std::vector<sal_uInt8> iv; - Encrypt aEncryptorVerifier(mKey, iv, Crypto::AES_128_ECB); + comphelper::Encrypt aEncryptorVerifier(mKey, iv, comphelper::CryptoType::AES_128_ECB); if (aEncryptorVerifier.update(encryptedVerifier, verifier) != msfilter::ENCRYPTED_VERIFIER_LENGTH) return false; std::copy(encryptedVerifier.begin(), encryptedVerifier.end(), mInfo.verifier.encryptedVerifier); @@ -61,7 +61,7 @@ bool Standard2007Engine::generateVerifier() std::vector<sal_uInt8> encryptedHash(comphelper::SHA256_HASH_LENGTH, 0); - Encrypt aEncryptorHash(mKey, iv, Crypto::AES_128_ECB); + comphelper::Encrypt aEncryptorHash(mKey, iv, comphelper::CryptoType::AES_128_ECB); aEncryptorHash.update(encryptedHash, hash, hash.size()); std::copy(encryptedHash.begin(), encryptedHash.end(), mInfo.verifier.encryptedVerifierHash); @@ -148,10 +148,10 @@ bool Standard2007Engine::generateEncryptionKey(const OUString& password) encryptedHash.begin()); std::vector<sal_uInt8> verifier(encryptedVerifier.size(), 0); - Decrypt::aes128ecb(verifier, encryptedVerifier, mKey); + comphelper::Decrypt::aes128ecb(verifier, encryptedVerifier, mKey); std::vector<sal_uInt8> verifierHash(encryptedHash.size(), 0); - Decrypt::aes128ecb(verifierHash, encryptedHash, mKey); + comphelper::Decrypt::aes128ecb(verifierHash, encryptedHash, mKey); std::vector<sal_uInt8> hash = comphelper::Hash::calculateHash(verifier.data(), verifier.size(), comphelper::HashType::SHA1); @@ -165,7 +165,7 @@ bool Standard2007Engine::decrypt(BinaryXInputStream& aInputStream, aInputStream.skip(4); // Reserved 4 Bytes std::vector<sal_uInt8> iv; - Decrypt aDecryptor(mKey, iv, Crypto::AES_128_ECB); + comphelper::Decrypt aDecryptor(mKey, iv, comphelper::CryptoType::AES_128_ECB); std::vector<sal_uInt8> inputBuffer (4096); std::vector<sal_uInt8> outputBuffer(4096); sal_uInt32 inputLength; @@ -261,13 +261,13 @@ void Standard2007Engine::encrypt(const css::uno::Reference<css::io::XInputStream sal_uInt32 outputLength; std::vector<sal_uInt8> iv; - Encrypt aEncryptor(mKey, iv, Crypto::AES_128_ECB); + comphelper::Encrypt aEncryptor(mKey, iv, comphelper::CryptoType::AES_128_ECB); while ((inputLength = aBinaryInputStream.readMemory(inputBuffer.data(), inputBuffer.size())) > 0) { // increase size to multiple of 16 (size of mKey) if necessary inputLength = inputLength % AES128Size == 0 ? - inputLength : roundUp(inputLength, AES128Size); + inputLength : comphelper::roundUp(inputLength, AES128Size); outputLength = aEncryptor.update(outputBuffer, inputBuffer, inputLength); aBinaryOutputStream.writeMemory(outputBuffer.data(), outputLength); } diff --git a/solenv/clang-format/excludelist b/solenv/clang-format/excludelist index 5124958345d1..32eb3c84f21e 100644 --- a/solenv/clang-format/excludelist +++ b/solenv/clang-format/excludelist @@ -5316,7 +5316,6 @@ include/oox/core/relations.hxx include/oox/core/relationshandler.hxx include/oox/core/xmlfilterbase.hxx include/oox/crypto/AgileEngine.hxx -include/oox/crypto/CryptTools.hxx include/oox/crypto/CryptoEngine.hxx include/oox/crypto/DocumentDecryption.hxx include/oox/crypto/DocumentEncryption.hxx @@ -6965,7 +6964,6 @@ oox/source/core/relations.cxx oox/source/core/relationshandler.cxx oox/source/core/xmlfilterbase.cxx oox/source/crypto/AgileEngine.cxx -oox/source/crypto/CryptTools.cxx oox/source/crypto/DocumentEncryption.cxx oox/source/crypto/Standard2007Engine.cxx oox/source/docprop/docprophandler.cxx
