Skip to content

Add always required keys and parse empty field #111

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lauris71 merged 1 commit into from
Mar 31, 2026
Merged

Add always required keys and parse empty field #111

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions cdoc/CDoc.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,6 +31,21 @@ namespace libcdoc {
*/
using result_t = int64_t;


/**
* @brief The public key type
*/
enum class PKType : uint8_t {
/**
* Elliptic curve
*/
ECC,
/**
* RSA
*/
RSA
};

enum {
/**
* @brief Operation completed successfully
Expand Down Expand Up @@ -215,6 +230,7 @@ namespace Label {
static constexpr std::string_view LAST_NAME = "last_name";
static constexpr std::string_view FIRST_NAME = "first_name";
static constexpr std::string_view CERT_SHA1 = "cert_sha1";
static constexpr const char* EXPIRY = "server_exp";
}
}

Expand Down
6 changes: 3 additions & 3 deletions cdoc/CDoc1Reader.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -83,12 +83,12 @@ CDoc1Reader::getLockForCert(const std::vector<uint8_t>& cert)
ll.encrypted_fmk.empty())
continue;
switch(cc.getAlgorithm()) {
case libcdoc::Certificate::RSA:
case libcdoc::PKType::RSA:
if (ll.getString(Lock::Params::METHOD) == libcdoc::Crypto::RSA_MTH) {
return i;
}
break;
case libcdoc::Certificate::ECC:
case libcdoc::PKType::ECC:
if(!ll.getBytes(Lock::Params::KEY_MATERIAL).empty() &&
std::find(SUPPORTED_KWAES.cbegin(), SUPPORTED_KWAES.cend(), ll.getString(Lock::Params::METHOD)) != SUPPORTED_KWAES.cend()) {
return i;
Expand Down Expand Up @@ -310,7 +310,7 @@ CDoc1Reader::CDoc1Reader(libcdoc::DataSource *src, bool delete_on_close)
Certificate ssl(cert);
key.setBytes(Lock::CERT, std::move(cert));
key.setBytes(Lock::RCPT_KEY, ssl.getPublicKey());
key.pk_type = (ssl.getAlgorithm() == libcdoc::Certificate::RSA) ? Lock::RSA : Lock::ECC;
key.pk_type = ssl.getAlgorithm();
}
// EncryptedData/KeyInfo/EncryptedKey/KeyInfo/CipherData/CipherValue
else if(reader.isElement("CipherValue"))
Expand Down
8 changes: 4 additions & 4 deletions cdoc/CDoc2Reader.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -511,7 +511,7 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
if(const auto *key = recipient.capsule_as_recipients_ECCPublicKeyCapsule()) {
if(key->curve() == EllipticCurve::secp384r1) {
lock.type = Lock::Type::PUBLIC_KEY;
lock.pk_type = Lock::PKType::ECC;
lock.pk_type = PKType::ECC;
lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(key->recipient_public_key()));
lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(key->sender_public_key()));
LOG_DBG("Load PK: {}", toHex(lock.getBytes(Lock::Params::RCPT_KEY)));
Expand All @@ -524,7 +524,7 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
if(const auto *key = recipient.capsule_as_recipients_RSAPublicKeyCapsule())
{
lock.type = Lock::Type::PUBLIC_KEY;
lock.pk_type = Lock::PKType::RSA;
lock.pk_type = PKType::RSA;
lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(key->recipient_public_key()));
lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(key->encrypted_kek()));
}
Expand All @@ -539,13 +539,13 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
LOG_ERROR("Unsupported elliptic curve key type");
return;
}
lock.pk_type = Lock::PKType::ECC;
lock.pk_type = PKType::ECC;
lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(eccDetails->recipient_public_key()));
}
break;
case KeyDetailsUnion::RsaKeyDetails:
if(const RsaKeyDetails *rsaDetails = server->recipient_key_details_as_RsaKeyDetails()) {
lock.pk_type = Lock::PKType::RSA;
lock.pk_type = PKType::RSA;
lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(rsaDetails->recipient_public_key()));
}
break;
Expand Down
10 changes: 5 additions & 5 deletions cdoc/CDoc2Writer.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ createRSACapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::Recipie
return cdoc20::header::CreateRecipientRecord(builder,
cdoc20::header::Capsule::recipients_RSAPublicKeyCapsule,
capsule.Union(),
builder.CreateString(rcpt.getLabel({{"server_exp", rcpt.expiry_ts == 0 ? std::string() : std::to_string(rcpt.expiry_ts)}})),
builder.CreateString(rcpt.getLabel({{CDoc2::Label::EXPIRY, rcpt.expiry_ts == 0 ? std::string() : std::to_string(rcpt.expiry_ts)}})),
builder.CreateVector(xor_key),
cdoc20::header::FMKEncryptionMethod::XOR);
}
Expand All @@ -123,7 +123,7 @@ createRSAServerCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::R
return cdoc20::header::CreateRecipientRecord(builder,
cdoc20::header::Capsule::recipients_KeyServerCapsule,
capsule.Union(),
builder.CreateString(rcpt.getLabel({{"server_exp", std::to_string(expiry_time)}})),
builder.CreateString(rcpt.getLabel({{CDoc2::Label::EXPIRY, std::to_string(expiry_time)}})),
builder.CreateVector(xor_key),
cdoc20::header::FMKEncryptionMethod::XOR);
}
Expand All @@ -138,7 +138,7 @@ createECCCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::Recipie
return cdoc20::header::CreateRecipientRecord(builder,
cdoc20::header::Capsule::recipients_ECCPublicKeyCapsule,
capsule.Union(),
builder.CreateString(rcpt.getLabel({{"server_exp", rcpt.expiry_ts == 0 ? std::string() : std::to_string(rcpt.expiry_ts)}})),
builder.CreateString(rcpt.getLabel({{CDoc2::Label::EXPIRY, rcpt.expiry_ts == 0 ? std::string() : std::to_string(rcpt.expiry_ts)}})),
builder.CreateVector(xor_key),
cdoc20::header::FMKEncryptionMethod::XOR);
}
Expand All @@ -158,7 +158,7 @@ createECCServerCapsule(flatbuffers::FlatBufferBuilder& builder, const libcdoc::R
return cdoc20::header::CreateRecipientRecord(builder,
cdoc20::header::Capsule::recipients_KeyServerCapsule,
capsule.Union(),
builder.CreateString(rcpt.getLabel({{"server_exp", std::to_string(expiry_time)}})),
builder.CreateString(rcpt.getLabel({{CDoc2::Label::EXPIRY, std::to_string(expiry_time)}})),
builder.CreateVector(xor_key),
cdoc20::header::FMKEncryptionMethod::XOR);
}
Expand Down Expand Up @@ -222,7 +222,7 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
return libcdoc::CONFIGURATION_ERROR;
}
}
if(rcpt.pk_type == libcdoc::Recipient::PKType::RSA) {
if(rcpt.pk_type == libcdoc::PKType::RSA) {
crypto->random(kek, libcdoc::CDoc2::KEY_LEN);
if (libcdoc::Crypto::xor_data(xor_key, fmk, kek) != libcdoc::OK) {
setLastError("Internal error");
Expand Down
10 changes: 5 additions & 5 deletions cdoc/CDocCipher.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -280,7 +280,7 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
LOG_DBG("Creating symmetric key:");
} else if (rcpt.type == RcptInfo::Type::PKEY) {
if (!conf.servers.empty()) {
key = libcdoc::Recipient::makeServer(label, rcpt.secret, libcdoc::Recipient::PKType::ECC, conf.servers[0].ID);
key = libcdoc::Recipient::makeServer(label, rcpt.secret, libcdoc::PKType::ECC, conf.servers[0].ID);
} else {
const uint8_t *der = rcpt.secret.data();
EVP_PKEY *pkey = d2i_PUBKEY(nullptr, &der, rcpt.secret.size());
Expand All @@ -289,9 +289,9 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
uint8_t *p = d.data();
i2d_PublicKey(pkey, &p);
if (id == EVP_PKEY_EC) {
key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::Recipient::PKType::ECC);
key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::PKType::ECC);
} else if (id == EVP_PKEY_RSA) {
key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::Recipient::PKType::RSA);
key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::PKType::RSA);
}
}
LOG_DBG("Creating public key:");
Expand All @@ -308,9 +308,9 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
}
LOG_DBG("Public key ({}): {}", rsa ? "rsa" : "ecc", toHex(val));
if (!conf.servers.empty()) {
key = libcdoc::Recipient::makeServer(label, val, rsa ? libcdoc::Recipient::PKType::RSA : libcdoc::Recipient::PKType::ECC, conf.servers[0].ID);
key = libcdoc::Recipient::makeServer(label, val, rsa ? libcdoc::PKType::RSA : libcdoc::PKType::ECC, conf.servers[0].ID);
} else {
key = libcdoc::Recipient::makePublicKey(label, val, rsa ? libcdoc::Recipient::PKType::RSA : libcdoc::Recipient::PKType::ECC);
key = libcdoc::Recipient::makePublicKey(label, val, rsa ? libcdoc::PKType::RSA : libcdoc::PKType::ECC);
}
} else if (rcpt.type == RcptInfo::Type::PASSWORD) {
LOG_DBG("Creating password key:");
Expand Down
4 changes: 2 additions & 2 deletions cdoc/Certificate.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -148,7 +148,7 @@ Certificate::getPublicKey() const
return {};
}

Certificate::Algorithm
PKType
Certificate::getAlgorithm() const
{
if(!cert)
Expand All @@ -157,7 +157,7 @@ Certificate::getAlgorithm() const
EVP_PKEY *pkey = X509_get0_pubkey(cert.get());
int alg = EVP_PKEY_get_base_id(pkey);

return (alg == EVP_PKEY_RSA) ? Algorithm::RSA : Algorithm::ECC;
return (alg == EVP_PKEY_RSA) ? PKType::RSA : PKType::ECC;
}

std::vector<uint8_t> Certificate::getDigest() const
Expand Down
8 changes: 2 additions & 6 deletions cdoc/Certificate.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,7 @@
#ifndef SSLCERTIFICATE_H
#define SSLCERTIFICATE_H

#include "CDoc.h"
#include "utils/memory.h"

#include <string>
Expand All @@ -30,11 +31,6 @@ namespace libcdoc {

class Certificate {
public:
enum Algorithm : unsigned char {
RSA,
ECC
};

enum EIDType : unsigned char {
Unknown,
IDCard,
Expand All @@ -53,7 +49,7 @@ class Certificate {
EIDType getEIDType() const;

std::vector<uint8_t> getPublicKey() const;
Algorithm getAlgorithm() const;
PKType getAlgorithm() const;
time_t getNotAfter() const;

std::vector<uint8_t> getDigest() const;
Expand Down
59 changes: 29 additions & 30 deletions cdoc/Lock.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,15 @@

#include "json/base.h"

#include <ranges>

namespace libcdoc {

std::string
Lock::getString(Params key) const
{
const std::vector<uint8_t>& bytes = params.at(key);
return std::string((const char *) bytes.data(), bytes.size());
const std::vector<uint8_t>& bytes = params.at(key);
return {(const char *) bytes.data(), bytes.size()};
}

int32_t
Expand Down Expand Up @@ -59,50 +61,47 @@ Lock::parseLabel(const std::string& label)
{
std::map<std::string, std::string> parsed_label;
// Check if provided label starts with the machine generated label prefix.
if (!label.starts_with(CDoc2::LABELPREFIX))
{
if (!label.starts_with(CDoc2::LABELPREFIX)) {
return parsed_label;
}

std::string label_wo_prefix(label.substr(CDoc2::LABELPREFIX.size()));
auto label_wo_prefix = std::string_view(label).substr(CDoc2::LABELPREFIX.size());

// Label to be processed
std::string label_to_prcss;
std::string decodedBase64; // Strong ref
std::string_view label_to_prcss;

// We ignore mediatype part

// Check, if the label is Base64 encoded
auto base64IndPos = label_wo_prefix.find(CDoc2::LABELBASE64IND);
if (base64IndPos == std::string::npos)
{
if (label_wo_prefix.starts_with(",")) {
label_to_prcss = label_wo_prefix.substr(1);
} else {
label_to_prcss = std::move(label_wo_prefix);
}
}
else
if (auto base64IndPos = label_wo_prefix.find(CDoc2::LABELBASE64IND);
base64IndPos != std::string::npos)
{
std::string base64_label(label_wo_prefix.substr(base64IndPos + CDoc2::LABELBASE64IND.size()));
label_to_prcss = jwt::base::decode<jwt::alphabet::base64>(base64_label);
decodedBase64 = jwt::base::decode<jwt::alphabet::base64>(base64_label);
label_to_prcss = decodedBase64;
} else if (label_wo_prefix.starts_with(",")) {
label_to_prcss = label_wo_prefix.substr(1);
} else {
label_to_prcss = label_wo_prefix;
}

auto label_parts(split(label_to_prcss, '&'));
for (auto& part : label_parts)
auto range_to_sv = [](auto range) constexpr {
return std::string_view(&*range.begin(), std::ranges::distance(range));
};
for (const auto &part : std::ranges::split_view(label_to_prcss, '&'))
{
auto label_data_parts(split(part, '='));
if (label_data_parts.size() != 2)
{
// Invalid label data. We just ignore them.
auto label_data_parts = std::ranges::split_view(part, '=');
if (label_data_parts.empty()) {
LOG_ERROR("The label '{}' is invalid", label);
continue;
}
else
{
std::string key = urlDecode(label_data_parts[0]);
std::string value = urlDecode(label_data_parts[1]);
std::transform(key.begin(), key.end(), key.begin(), [](unsigned char c){ return std::tolower(c); });
parsed_label[key] = value;
}
auto it = label_data_parts.begin();
std::string key = urlDecode(range_to_sv(*it));
std::ranges::transform(key, key.begin(), [](unsigned char c){ return std::tolower(c); });
++it;
std::string value = urlDecode(range_to_sv(*it));
parsed_label[std::move(key)] = std::move(value);
}

return parsed_label;
Expand Down
16 changes: 1 addition & 15 deletions cdoc/Lock.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
#ifndef __LOCK_H__
#define __LOCK_H__

#include <cdoc/Exports.h>
#include "CDoc.h"

#include <cstdint>
#include <string>
Expand Down Expand Up @@ -74,20 +74,6 @@ struct CDOC_EXPORT Lock
SHARE_SERVER
};

/**
* @brief The public key type
*/
enum PKType : unsigned char {
/**
* Elliptic curve
*/
ECC,
/**
* RSA
*/
RSA
};

/**
* @brief Extra parameters depending on key type
*/
Expand Down
Loading
Loading