Fixed CDoc1 compilation

Author: Lauris Kaplinski

libcdoc/CDoc.cpp

@@ -103,11 +103,11 @@ libcdoc::NetworkBackend::test(std::vector<std::vector<uint8_t>> &dst)
 int
 libcdoc::CDocReader::getCDocFileVersion(DataSource *src)
 {
-    if (src->seek(0) != libcdoc::OK) return -1;
+    if (src->seek(0) != libcdoc::OK) return libcdoc::IO_ERROR;
     if (CDoc2Reader::isCDoc2File(src)) return 2;
     src->seek(0);
     if (CDoc1Reader::isCDoc1File(src)) return 1;
-    return -1;
+    return libcdoc::NOT_SUPPORTED;
 }
 
 int

libcdoc/CDoc1Reader.cpp

@@ -70,7 +70,7 @@ CDoc1Reader::getLocks()
 int
 CDoc1Reader::getLockForCert(const std::vector<uint8_t>& cert)
 {
-	if (!SUPPORTED_METHODS.contains(d->method)) return false;
+    if (!SUPPORTED_METHODS.contains(d->method)) return libcdoc::NOT_SUPPORTED;
 	libcdoc::Certificate cc(cert);
     for (size_t i = 0; i < d->locks.size(); i++) {
         const libcdoc::Lock *ll = d->locks.at(i);
@@ -81,12 +81,14 @@ CDoc1Reader::getLockForCert(const std::vector<uint8_t>& cert)
 			if (ll->getString(libcdoc::Lock::Params::METHOD) == libcdoc::Crypto::RSA_MTH) {
                 return i;
 			}
-		} else {
+        } else if(cc.getAlgorithm() == libcdoc::Certificate::ECC) {
 			std::vector<uint8_t> eph_key = ll->getBytes(libcdoc::Lock::Params::KEY_MATERIAL);
 			if(!eph_key.empty() && SUPPORTED_KWAES.contains(ll->getString(libcdoc::Lock::Params::METHOD))) {
                 return i;
 			}
-		}
+        } else {
+            return libcdoc::NOT_SUPPORTED;
+        }
 	}
     return libcdoc::NOT_FOUND;
 }
@@ -100,7 +102,7 @@ CDoc1Reader::getFMK(std::vector<uint8_t>& fmk, unsigned int lock_idx)
 		setLastError("Not a CDoc1 key");
 		return libcdoc::UNSPECIFIED_ERROR;
 	}
-	setLastError({});
+    setLastError({});
 	std::vector<uint8_t> decrypted_key;
     if (lock->isRSA()) {
         int result = crypto->decryptRSA(decrypted_key, lock->encrypted_fmk, false, lock_idx);
@@ -160,8 +162,25 @@ CDoc1Reader::decrypt(const std::vector<uint8_t>& fmk, libcdoc::MultiDataConsumer
     result = finishDecryption();
     return result;
 #else
+    if (fmk.empty()) {
+        setLastError("FMK is missing");
+        return libcdoc::WRONG_ARGUMENTS;
+    }
+    if (fmk.size() != 16 && fmk.size() != 24 && fmk.size() != 32) {
+        setLastError("FMK must be AES key with size 128, 192,2 56 bits");
+        return libcdoc::WRONG_ARGUMENTS;
+    }
+    if (!d->files.empty() || (d->f_pos != -1)) {
+        setLastError("Container is already parsed");
+        return libcdoc::WORKFLOW_ERROR;
+    }
     std::vector<uint8_t> data = this->decryptData(fmk);
-	std::string mime = d->mime;
+    if(data.empty()) {
+        setLastError("Failed to decrypt data, verify if FMK is correct");
+        return libcdoc::CRYPTO_ERROR;
+    }
+    setLastError({});
+    std::string mime = d->mime;
 	if (d->mime == MIME_ZLIB) {
 		libcdoc::VectorSource vsrc(data);
 		libcdoc::ZSource zsrc(&vsrc);
@@ -178,13 +197,11 @@ CDoc1Reader::decrypt(const std::vector<uint8_t>& fmk, libcdoc::MultiDataConsumer
 			setLastError("Failed to parse DDOC file");
 			return libcdoc::UNSPECIFIED_ERROR;
 		}
-		setLastError({});
         return libcdoc::OK;
 	}
 	dst->open(d->properties["Filename"], data.size());
 	dst->writeAll(vsrc);
 	dst->close();
-	setLastError({});
     return libcdoc::OK;
 #endif
 }

libcdoc/CDoc1Writer.cpp

@@ -247,6 +247,7 @@ CDoc1Writer::encrypt(libcdoc::MultiDataSource& src, const std::vector<libcdoc::R
 	d->_xml->writeEndElement(Private::DENC); // EncryptedData
 	d->_xml->close();
 	d->_xml.reset();
+    result = libcdoc::OK;
     if (owned) result = dst->close();
     return result;
 }

libcdoc/CDocReader.h

@@ -45,31 +45,70 @@ class CDOC_EXPORT CDocReader {
 	 */
     virtual const std::vector<Lock> getLocks() = 0;
 	/**
-	 * @brief Fetches the lock for certificate
+     * @brief Finds the lock index for given certificate
 	 *
 	 * Returns the first lock that can be opened by the private key of the certificate holder.
 	 * @param cert a x509 certificate (der)
      * @return lock index or error code
 	 */
     virtual int getLockForCert(const std::vector<uint8_t>& cert) = 0;
 	/**
-	 * @brief Fetches FMK from provided lock
+     * @brief Fetches FMK from given lock
 	 *
-	 * Fetches FMK (File Master Key) from the provided decryption lock. Depending on the lock type it uses a relevant CryptoBackend and/or
+     * Fetches FMK (File Master Key) from the lock with given index. Depending on the lock type it uses a relevant CryptoBackend and/or
 	 * NetworkBackend method to either fetch secret and derive key or perform external decryption of encrypted KEK.
 	 * @param fmk The FMK of the document
-	 * @param lock a lock (from document lock list)
+     * @param lock_idx the index of a lock (in the document lock list)
 	 * @return error code or OK
 	 */
     virtual int getFMK(std::vector<uint8_t>& fmk, unsigned int lock_idx) = 0;
 
 	// Pull interface
+    /**
+     * @brief beginDecryption start decrypting document
+     *
+     * Starts decryption of the document. This may involve parsing and decrypting headers, checking
+     * file and key integrity etc.
+     * @param fmk File Master Key of the document
+     * @return error code or OK
+     */
 	virtual int beginDecryption(const std::vector<uint8_t>& fmk) = 0;
+    /**
+     * @brief nextFile start decrypting the next file
+     *
+     * Begins decrypting the next file in document. On success the file name and size are filled and the
+     * method returns OK. If there are no more file in the document, END_OF_STREAM is returned.
+     * It is OK to call nextFile before reading the whole data from the previous one.
+     * @param name the name of the next file
+     * @param size the size of the next file
+     * @return error code, OK or END_OF_STREAM
+     */
 	virtual int nextFile(std::string& name, int64_t& size) = 0;
-    int nextFile(FileInfo& info) { return nextFile(info.name, info.size); }
+    /**
+     * @brief readData read data from the current file
+     *
+     * Read bytes from the current file into the buffer. The number of bytes read is always the
+     * requested number, unless end of file is reached or error occurs. Thus the end of file is marked
+     * by returning 0.
+     * @param dst destination byte buffer
+     * @param size the number of bytes to read
+     * @return the number of bytes actually read or error code
+     */
     virtual int64_t readData(uint8_t *dst, size_t size) = 0;
+    /**
+     * @brief finishDecryption finish decryption of file
+     *
+     * Finishes the decryption of file. This may onvolve releasing buffers, closing hardware keys etc.
+     * @return error code or OK
+     */
 	virtual int finishDecryption() = 0;
 
+    /**
+     * @brief nextFile start decrypting the next file
+     * @param info a FileInfo structure
+     * @return error code, OK or END_OF_STREAM
+     */
+    int nextFile(FileInfo& info) { return nextFile(info.name, info.size); }
 
 	// Push interface
 	/**
@@ -90,12 +129,40 @@ class CDOC_EXPORT CDocReader {
 	/**
 	 * @brief try to determine the cdoc file version
 	 * @param path a path to file
-	 * @return version, -1 if not a valid CDoc file
+     * @return version or error code if not a readable CDoc file
 	 */
 	static int getCDocFileVersion(const std::string& path);
+    /**
+     * @brief try to determine the cdoc file version
+     * @param src the container source
+     * @return version or error code if not a readable CDoc file
+     */
     static int getCDocFileVersion(DataSource *src);
 
+    /**
+     * @brief createReader create CDoc document reader
+     *
+     * Creates a new document reader if source is a valid CDoc container (either version 1 or 2).
+     * The network backend may be null if keyservers are not used.
+     * @param src the container source
+     * @param take_ownership if true the source is deleted in reader destructor
+     * @param conf a configuration object
+     * @param crypto a cryptographic backend implementation
+     * @param network a network backend implementation
+     * @return a new CDocReader or null
+     */
     static CDocReader *createReader(DataSource *src, bool take_ownership, Configuration *conf, CryptoBackend *crypto, NetworkBackend *network);
+    /**
+     * @brief createReader create CDoc document reader
+     *
+     * Creates a new document reader if file is a valid CDoc container (either version 1 or 2)
+     * The network backend may be null if keyservers are not used.
+     * @param path the path to file
+     * @param conf a configuration object
+     * @param crypto a cryptographic backend implementation
+     * @param network a network backend implementation
+     * @return a new CDocReader or null
+     */
     static CDocReader *createReader(const std::string& path, Configuration *conf, CryptoBackend *crypto, NetworkBackend *network);
 
 #if LIBCDOC_TESTING

libcdoc/Crypto.cpp

@@ -97,8 +97,9 @@ Crypto::Cipher::blockSize() const
 std::vector<uint8_t> Crypto::AESWrap(const std::vector<uint8_t> &key, const std::vector<uint8_t> &data, bool encrypt)
 {
 	AES_KEY aes;
-    if (encrypt && SSL_FAILED(AES_set_encrypt_key(key.data(), int(key.size()) * 8, &aes), "AES_set_encrypt_key") ||
-        !encrypt && SSL_FAILED(AES_set_decrypt_key(key.data(), int(key.size()) * 8, &aes), "AES_set_decrypt_key"))
+    // fixme: Fix SSL_FAILED, current solution is idiotic
+    if (encrypt && !SSL_FAILED(AES_set_encrypt_key(key.data(), int(key.size()) * 8, &aes), "AES_set_encrypt_key") ||
+        !encrypt && !SSL_FAILED(AES_set_decrypt_key(key.data(), int(key.size()) * 8, &aes), "AES_set_decrypt_key"))
         return {};
 
 	std::vector<uint8_t> result(data.size() + 8);

libcdoc/DDocReader.cpp

@@ -1,4 +1,5 @@
 #include "DDocReader.h"
+#include "CDoc.h"
 
 #include "XmlReader.h"
 
@@ -12,11 +13,14 @@ DDOCReader::parse(libcdoc::DataSource *src, libcdoc::MultiDataConsumer *dst)
 		if(!reader.isElement("DataFile")) continue;
 		std::string name = reader.attribute("Filename");
 		std::vector<uint8_t> content = reader.readBase64();
-		dst->open(name, content.size());
-		dst->write(content.data(), content.size());
-		dst->close();
-	}
-	return !dst->isError();
+        int result = dst->open(name, content.size());
+        if (result != libcdoc::OK) return result;
+        int64_t n_written = dst->write(content.data(), content.size());
+        if (n_written < 0) return (int) n_written;
+        result = dst->close();
+        if (result != libcdoc::OK) return result;
+    }
+    return (dst->isError()) ? libcdoc::IO_ERROR : libcdoc::OK;
 }
 
 struct FileListConsumer : public libcdoc::MultiDataConsumer {

libcdoc/Io.h

@@ -199,11 +199,15 @@ struct CDOC_EXPORT IStreamSource : public DataSource {
 	IStreamSource(std::istream *ifs, bool take_ownership = false) : _ifs(ifs), _owned(take_ownership) {}
 	IStreamSource(const std::string& path);
 	~IStreamSource() {
-		if (_owned) delete _ifs;
+        //if (_owned) delete _ifs;
 	}
 
 	int seek(size_t pos) {
+        if(_ifs->bad()) return INPUT_STREAM_ERROR;
+        _ifs->clear();
 		_ifs->seekg(pos);
+        //std::cerr << "Stream bad:" << _ifs->bad() << " eof:" << _ifs->eof() << " fail:" << _ifs->fail() << std::endl;
+        //std::cerr << "tell:" << _ifs->tellg() << std::endl;
         return bool(_ifs->bad()) ? INPUT_STREAM_ERROR : OK;
 	}
 

libcdoc/XmlReader.cpp

@@ -35,7 +35,10 @@ int
 XMLReader::Private::xmlInputReadCallback (void *context, char *buffer, int len)
 {
 	XMLReader *reader = reinterpret_cast<XMLReader *>(context);
-	return reader->d->_src->read((uint8_t *) buffer, len);
+    int64_t n_read = reader->d->_src->read((uint8_t *) buffer, len);
+    //std::string str(buffer, len);
+    //std::cerr << "XML read (" << n_read << "):" << str << std::endl;
+    return n_read;
 }
 
 int