Reuse DecryptionSource with CDoc2

Signed-off-by: Raul Metsma <[email protected]>

Author: metsma

cdoc/CDoc2Reader.cpp

@@ -83,11 +83,9 @@ struct CDoc2Reader::Private {
 
     std::vector<Lock> locks;
 
-    std::unique_ptr<libcdoc::Crypto::Cipher> cipher;
-    std::unique_ptr<TaggedSource> tgs;
+    std::unique_ptr<libcdoc::DecryptionSource> dec;
     std::unique_ptr<libcdoc::ZSource> zsrc;
     std::unique_ptr<libcdoc::TarSource> tar;
-
 };
 
 CDoc2Reader::~CDoc2Reader()
@@ -389,29 +387,19 @@ CDoc2Reader::beginDecryption(const std::vector<uint8_t>& fmk)
     }
     priv->_at_nonce = false;
     std::vector<uint8_t> cek = libcdoc::Crypto::expand(fmk, std::vector<uint8_t>(libcdoc::CDoc2::CEK.cbegin(), libcdoc::CDoc2::CEK.cend()));
-    std::vector<uint8_t> nonce(libcdoc::CDoc2::NONCE_LEN);
-    if (priv->_src->read(nonce.data(), libcdoc::CDoc2::NONCE_LEN) != libcdoc::CDoc2::NONCE_LEN) {
-        setLastError("Error reading nonce");
-        LOG_ERROR("{}", last_error);
-        return libcdoc::IO_ERROR;
-    }
-
     LOG_TRACE_KEY("cek: {}", cek);
-    LOG_TRACE_KEY("nonce: {}", nonce);
 
-    priv->cipher = std::make_unique<libcdoc::Crypto::Cipher>(EVP_chacha20_poly1305(), cek, nonce, false);
+    priv->dec = std::make_unique<libcdoc::DecryptionSource>(*priv->_src, EVP_chacha20_poly1305(), cek, libcdoc::CDoc2::NONCE_LEN);
     std::vector<uint8_t> aad(libcdoc::CDoc2::PAYLOAD.cbegin(), libcdoc::CDoc2::PAYLOAD.cend());
     aad.insert(aad.end(), priv->header_data.cbegin(), priv->header_data.cend());
     aad.insert(aad.end(), priv->headerHMAC.cbegin(), priv->headerHMAC.cend());
-    if(!priv->cipher->updateAAD(aad)) {
+    if(priv->dec->updateAAD(aad) != OK) {
         setLastError("Wrong decryption key (FMK)");
         LOG_ERROR("{}", last_error);
         return libcdoc::WRONG_KEY;
     }
 
-    priv->tgs = std::make_unique<TaggedSource>(priv->_src, false, 16);
-    libcdoc::CipherSource *csrc = new libcdoc::CipherSource(priv->tgs.get(), false, priv->cipher.get());
-    priv->zsrc = std::make_unique<libcdoc::ZSource>(csrc, true);
+    priv->zsrc = std::make_unique<libcdoc::ZSource>(priv->dec.get(), false);
     priv->tar = std::make_unique<libcdoc::TarSource>(priv->zsrc.get(), false);
 
     return libcdoc::OK;
@@ -455,21 +443,15 @@ CDoc2Reader::finishDecryption()
         LOG_WARN("{}", last_error);
     }
 
-    LOG_TRACE_KEY("tag: {}", priv->tgs->tag);
-
-    priv->cipher->setTag(priv->tgs->tag);
-    if (!priv->cipher->result()) {
-        setLastError("Stream tag is invalid");
-        LOG_ERROR("{}", last_error);
-        return HASH_MISMATCH;
-    }
     setLastError({});
-    priv->tgs.reset();
     priv->zsrc.reset();
     priv->tar.reset();
-    priv->cipher->clear();
-    priv->cipher.reset();
-    return OK;
+    auto rv = priv->dec->close();
+    priv->dec.reset();
+    if (rv != OK) {
+        setLastError("Crypto payload integrity check failed");
+    }
+    return rv;
 }
 
 CDoc2Reader::CDoc2Reader(libcdoc::DataSource *src, bool take_ownership)

cdoc/Crypto.cpp

@@ -54,60 +54,6 @@ constexpr auto d2i(const std::vector<uint8_t> &data, Args&&... args) noexcept
     return make_unique_ptr(F(std::forward<Args>(args)..., &p, long(data.size())), Free);
 }
 
-
-Crypto::Cipher::Cipher(const EVP_CIPHER *cipher, const std::vector<uint8_t> &key, const std::vector<uint8_t> &iv, bool encrypt)
-	: ctx(EVP_CIPHER_CTX_new())
-{
-	EVP_CIPHER_CTX_set_flags(ctx, EVP_CIPHER_CTX_FLAG_WRAP_ALLOW);
-	EVP_CipherInit_ex(ctx, cipher, nullptr, key.data(), iv.empty() ? nullptr : iv.data(), int(encrypt));
-}
-
-Crypto::Cipher::~Cipher()
-{
-	EVP_CIPHER_CTX_free(ctx);
-}
-
-bool Crypto::Cipher::updateAAD(const std::vector<uint8_t> &data) const
-{
-	int len = 0;
-    return !SSL_FAILED(EVP_CipherUpdate(ctx, nullptr, &len, data.data(), int(data.size())), "EVP_CipherUpdate");
-}
-
-bool
-Crypto::Cipher::update(uint8_t *data, int size) const
-{
-	int len = 0;
-    return !SSL_FAILED(EVP_CipherUpdate(ctx, data, &len, data, size), "EVP_CipherUpdate");
-}
-
-bool Crypto::Cipher::result() const
-{
-	std::vector<uint8_t> result(EVP_CIPHER_CTX_block_size(ctx), 0);
-	int len = int(result.size());
-    if(SSL_FAILED(EVP_CipherFinal(ctx, result.data(), &len), "EVP_CipherFinal"))
-        return false;
-    if(result.size() != len)
-        result.resize(len);
-	return true;
-}
-
-bool Crypto::Cipher::setTag(const std::vector<uint8_t> &data) const
-{
-    return !SSL_FAILED(EVP_CIPHER_CTX_ctrl(ctx, EVP_CTRL_AEAD_SET_TAG, int(data.size()), (void *) data.data()), "EVP_CIPHER_CTX_ctrl");
-}
-
-int
-Crypto::Cipher::blockSize() const
-{
-	return EVP_CIPHER_CTX_get_block_size(ctx);
-}
-
-void
-Crypto::Cipher::clear()
-{
-    EVP_CIPHER_CTX_reset(ctx);
-}
-
 std::vector<uint8_t> Crypto::AESWrap(const std::vector<uint8_t> &key, const std::vector<uint8_t> &data, bool encrypt)
 {
 	AES_KEY aes;

cdoc/Crypto.h

@@ -39,19 +39,6 @@ class Crypto
 public:
 	using EVP_PKEY_ptr = unique_free_t<EVP_PKEY>;
 
-	struct Cipher {
-		EVP_CIPHER_CTX *ctx;
-		Cipher(const EVP_CIPHER *cipher, const std::vector<uint8_t> &key, const std::vector<uint8_t> &iv, bool encrypt = true);
-		~Cipher();
-		bool updateAAD(const std::vector<uint8_t> &data) const;
-		bool update(uint8_t *data, int size) const;
-		bool result() const;
-		static constexpr int tagLen() { return 16; }
-		bool setTag(const std::vector<uint8_t> &data) const;
-		int blockSize() const;
-		void clear();
-	};
-
 	static constexpr std::string_view KWAES128_MTH = "http://www.w3.org/2001/04/xmlenc#kw-aes128";
 	static constexpr std::string_view KWAES192_MTH = "http://www.w3.org/2001/04/xmlenc#kw-aes192";
 	static constexpr std::string_view KWAES256_MTH = "http://www.w3.org/2001/04/xmlenc#kw-aes256";

cdoc/Utils.h

@@ -127,51 +127,4 @@ std::string urlDecode(const std::string &src);
 
 } // namespace libcdoc
 
-// A source implementation that always keeps last 16 bytes in tag
-
-struct TaggedSource : public libcdoc::DataSource {
-	std::vector<uint8_t> tag;
-	libcdoc::DataSource *_src;
-	bool _owned;
-
-	TaggedSource(libcdoc::DataSource *src, bool take_ownership, size_t tag_size) : tag(tag_size), _src(src), _owned(take_ownership) {
-		tag.resize(tag.size());
-		_src->read(tag.data(), tag.size());
-	}
-	~TaggedSource() {
-		if (_owned) delete(_src);
-	}
-
-    libcdoc::result_t seek(size_t pos) override final {
-        if (!_src->seek(pos)) return libcdoc::INPUT_STREAM_ERROR;
-        if (_src->read(tag.data(), tag.size()) != tag.size()) return libcdoc::INPUT_STREAM_ERROR;
-        return libcdoc::OK;
-	}
-
-    libcdoc::result_t read(uint8_t *dst, size_t size) override final {
-		std::vector<uint8_t> t(tag.size());
-		uint8_t *tmp = t.data();
-		size_t nread = _src->read(dst, size);
-		if (nread >= tag.size()) {
-			std::copy(dst + nread - tag.size(), dst + nread, tmp);
-			std::copy_backward(dst, dst + nread - tag.size(), dst + nread);
-			std::copy(tag.cbegin(), tag.cend(), dst);
-			std::copy(tmp, tmp + tag.size(), tag.begin());
-		} else {
-			std::copy(dst, dst + nread, tmp);
-			std::copy(tag.cbegin(), tag.cbegin() + nread, dst);
-			std::copy(tag.cbegin() + nread, tag.cend(), tag.begin());
-			std::copy(tmp, tmp + nread, tag.end() - nread);
-		}
-		return nread;
-	}
-
-	virtual bool isError() override final {
-		return _src->isError();
-	}
-	virtual bool isEof() override final {
-		return _src->isEof();
-	}
-};
-
 #endif // UTILS_H

cdoc/ZStream.h

@@ -28,30 +28,6 @@
 
 namespace libcdoc {
 
-struct CipherSource : public ChainedSource {
-	bool _fail = false;
-	libcdoc::Crypto::Cipher *_cipher;
-	uint32_t _block_size;
-	CipherSource(DataSource *src, bool take_ownership, libcdoc::Crypto::Cipher *cipher)
-		: ChainedSource(src, take_ownership), _cipher(cipher), _block_size(cipher->blockSize()) {}
-
-    libcdoc::result_t read(uint8_t *dst, size_t size) override final {
-		if (_fail) return INPUT_ERROR;
-		size_t n_read = _src->read(dst, _block_size * (size / _block_size));
-		if (n_read) {
-			if((n_read % _block_size) || !_cipher->update(dst, n_read)) {
-				_fail = true;
-				return INPUT_ERROR;
-			}
-		}
-		return n_read;
-	}
-
-	virtual bool isError() override final {
-		return _fail || ChainedSource::isError();
-	};
-};
-
 struct ZConsumer : public ChainedConsumer {
 	static constexpr uint64_t CHUNK = 16LL * 1024LL;
 	z_stream _s {};