Streaming decryption for CDoc1

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

.github/workflows/build.yml

@@ -14,7 +14,7 @@ jobs:
     container: ubuntu:${{ matrix.container }}
     strategy:
       matrix:
-        container: ['22.04', '24.04', '25.04']
+        container: ['22.04', '24.04', '25.10']
         arch: ['amd64', 'arm64']
     env:
       DEBIAN_FRONTEND: noninteractive
@@ -24,7 +24,7 @@ jobs:
     - name: Install dependencies
       run: apt update -qq && apt install --no-install-recommends -y lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-17-jdk-headless libpython3-dev python3-setuptools libboost-test-dev
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Setup changelog
       run: |
         export VERSION=$(grep project CMakeLists.txt | egrep -o "([0-9]{1,}\.)+[0-9]{1,}")
@@ -37,7 +37,7 @@ jobs:
     - name: Lintian
       run: lintian *.deb;
     - name: Archive artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: ubuntu_${{ matrix.container }}_${{ matrix.arch }}
         path: libcdoc*.*
@@ -55,7 +55,7 @@ jobs:
           triplet: x64-android
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Expose Android NDK env
       shell: bash
       run: |
@@ -65,7 +65,7 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/vcpkg_cache
-        key: vcpkg-${{ matrix.target }}-${{ hashFiles('.github/workflows/*', 'vcpkg.json', 'CMakeLists.txt', '**/CMakeLists.txt', 'CMakePresets.json') }}
+        key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json') }}
     - name: Prepare vcpkg
       uses: lukka/run-vcpkg@v11
       with:
@@ -80,7 +80,7 @@ jobs:
         cmake --build --preset ${{ matrix.target }}
         cmake --build --preset ${{ matrix.target }} --target install/strip
     - name: Archive artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: ${{ matrix.target }}
         path: |
@@ -100,7 +100,7 @@ jobs:
       DEST: ${{ github.workspace }}/${{ matrix.target }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Install dependencies
       run: |
         brew update
@@ -110,7 +110,7 @@ jobs:
       uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/vcpkg_cache
-        key: vcpkg-${{ matrix.target }}-${{ hashFiles('.github/workflows/*', 'vcpkg.json', 'CMakeLists.txt', '**/CMakeLists.txt', 'CMakePresets.json') }}
+        key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json') }}
     - name: Prepare vcpkg
       if: matrix.target != 'macos'
       uses: lukka/run-vcpkg@v11
@@ -130,7 +130,7 @@ jobs:
     - name: Install
       run: cmake --build --preset ${{ matrix.target }} --target install/strip
     - name: Archive artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: ${{ matrix.target }}
         path: ${{ env.DEST }}
@@ -147,12 +147,12 @@ jobs:
       VCPKG_DEFAULT_TRIPLET: ${{ matrix.platform }}-windows-static-md
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Cache vcpkg
       uses: actions/cache@v4
       with:
         path: ${{ github.workspace }}/vcpkg_cache
-        key: vcpkg-${{ matrix.image }}-${{ matrix.platform }}-${{ hashFiles('.github/workflows/*', 'vcpkg.json', 'CMakeLists.txt', '**/CMakeLists.txt', 'CMakePresets.json') }}
+        key: vcpkg-${{ matrix.image }}-${{ matrix.platform }}-${{ hashFiles('vcpkg.json') }}
     - name: Prepare vcpkg
       uses: lukka/run-vcpkg@v11
       with:
@@ -181,7 +181,7 @@ jobs:
         ctest -V -C RelWithDebInfo --test-dir build
         cmake --install build --config RelWithDebInfo --prefix ${{ env.DEST }}
     - name: Archive artifacts
-      uses: actions/upload-artifact@v4
+      uses: actions/upload-artifact@v5
       with:
         name: ${{ matrix.image }}_${{ matrix.platform }}
         path: ${{ env.DEST }}
@@ -193,7 +193,7 @@ jobs:
       contents: write
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Install dependencies
       run: sudo apt update -qq && sudo apt install --no-install-recommends -y doxygen ${UBUNTU_DEPS}
     - name: Build docs
@@ -215,7 +215,7 @@ jobs:
       PROJECTNAME: ${{ github.repository }}
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Install dependencies
       run: sudo apt update -qq && sudo apt install --no-install-recommends -y curl ca-certificates ${UBUNTU_DEPS}
     - name: Download Coverity Build Tool
@@ -250,7 +250,7 @@ jobs:
       security-events: write
     steps:
     - name: Checkout
-      uses: actions/checkout@v4
+      uses: actions/checkout@v5
     - name: Install dependencies
       run: sudo apt update -qq && sudo apt install --no-install-recommends -y ${UBUNTU_DEPS}
     - name: Initialize CodeQL

cdoc/CDoc1Reader.cpp

@@ -384,6 +384,7 @@ result_t CDoc1Reader::decryptData(const std::vector<uint8_t>& fmk, std::string&
         return result;
     }
 
+    std::vector<unsigned char> b64;
     XMLReader reader(d->dsrc, false);
     int skipKeyInfo = 0;
     while (reader.read()) {
@@ -397,26 +398,31 @@ result_t CDoc1Reader::decryptData(const std::vector<uint8_t>& fmk, std::string&
         // EncryptedData/CipherData/CipherValue
         else if(reader.isElement("CipherValue"))
         {
-            data = libcdoc::Crypto::decrypt(d->method, fmk, reader.readBase64());
+            b64 = reader.readBase64();
             break;
         }
     }
 
-    if(data.empty()) {
+    if(b64.empty()) {
+        setLastError("Failed to decode base64 data");
+        return libcdoc::IO_ERROR;
+    }
+    VectorSource src(b64);
+    libcdoc::DecryptionSource dec(src, d->method, fmk);
+    if(dec.isError()) {
         setLastError("Failed to decrypt data, verify if FMK is correct");
-        return libcdoc::CRYPTO_ERROR;
+        return CRYPTO_ERROR;
     }
+    libcdoc::VectorConsumer out(data);
     setLastError({});
     if (d->mime == MIME_ZLIB) {
-        libcdoc::VectorSource vsrc(data);
-        libcdoc::ZSource zsrc(&vsrc);
-        std::vector<uint8_t> tmp;
-        libcdoc::VectorConsumer vcons(tmp);
-        vcons.writeAll(zsrc);
-        data = std::move(tmp);
+        libcdoc::ZSource zsrc(&dec);
+        out.writeAll(zsrc);
         mime = d->properties["OriginalMimeType"];
     }
-    else
+    else {
         mime = d->mime;
-    return libcdoc::OK;
+        out.writeAll(dec);
+    }
+    return dec.close();
 }