Skip to content

Commit

Permalink
Fix whitespace issues and apply static code formating changes
Browse files Browse the repository at this point in the history 
Signed-off-by: Raul Metsma <[email protected]>
  • Loading branch information
@metsma
metsma committed Nov 11, 2024
1 parent deef68f commit ec4cae0
Show file tree
Hide file tree
Showing 13 changed files with 217 additions and 231 deletions.
38 changes: 19 additions & 19 deletions client/CDoc1.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -133,7 +133,7 @@ CDoc1::CDoc1(const QString &path)
//if(xml.name() == QLatin1String("KeyName"))
// key->name = xml.readElementText();
// EncryptedData/KeyInfo/EncryptedKey/EncryptionMethod
else if(xml.name() == QLatin1String("EncryptionMethod"))
if(xml.name() == QLatin1String("EncryptionMethod"))
key->method = xml.attributes().value(QLatin1String("Algorithm")).toString();
// EncryptedData/KeyInfo/EncryptedKey/KeyInfo/AgreementMethod
else if(xml.name() == QLatin1String("AgreementMethod")) {
Expand Down Expand Up @@ -310,16 +310,16 @@ std::shared_ptr<CKey> CDoc1::getDecryptionKey(const QSslCertificate &cert) const
std::shared_ptr<CKeyCDoc1> k = std::static_pointer_cast<CKeyCDoc1>(key);
if(!ENC_MTH.contains(method) ||
k->cert != cert ||
k->encrypted_fmk.isEmpty())
k->encrypted_fmk.isEmpty())
continue;
if(cert.publicKey().algorithm() == QSsl::Rsa &&
k->method == RSA_MTH)
return k;
if(cert.publicKey().algorithm() == QSsl::Ec &&
!k->publicKey.isEmpty() &&
KWAES_SIZE.contains(k->method) /* &&
KWAES_SIZE.contains(k->method) /* &&
k->derive == CONCATKDF_MTH &&
k->agreement == AGREEMENT_MTH*/ )
k->agreement == AGREEMENT_MTH*/ )
return k;
}
return {};
Expand Down Expand Up @@ -514,7 +514,7 @@ bool CDoc1::save(const QString &path)
default: concatDigest = SHA512_MTH; break;
}
QByteArray encryptionKey = Crypto::concatKDF(SHA_MTH[concatDigest], KWAES_SIZE[encryptionMethod],
sharedSecret, props.value(QStringLiteral("DocumentFormat")).toUtf8() + SsDer + ckey->cert.toDer());
sharedSecret, props.value(QStringLiteral("DocumentFormat")).toUtf8() + SsDer + ckey->cert.toDer());
#ifndef NDEBUG
qDebug() << "ENC Ss" << SsDer.toHex();
qDebug() << "ENC Ksr" << sharedSecret.toHex();
Expand All @@ -539,7 +539,7 @@ bool CDoc1::save(const QString &path)
writeElement(w, XENC11, QStringLiteral("ConcatKDFParams"), {
{QStringLiteral("AlgorithmID"), QStringLiteral("00") + props.value(QStringLiteral("DocumentFormat")).toUtf8().toHex()},
{QStringLiteral("PartyUInfo"), QStringLiteral("00") + SsDer.toHex()},
{QStringLiteral("PartyVInfo"), QStringLiteral("00") + ckey->cert.toDer().toHex()},
{QStringLiteral("PartyVInfo"), QStringLiteral("00") + ckey->cert.toDer().toHex()},
}, [&]{
writeElement(w, DS, QStringLiteral("DigestMethod"), {
{QStringLiteral("Algorithm"), concatDigest},
Expand Down Expand Up @@ -589,32 +589,32 @@ bool CDoc1::save(const QString &path)
return true;
}

QByteArray CDoc1::getFMK(const CKey &key, const QByteArray& secret)
QByteArray CDoc1::getFMK(const CKey &key, const QByteArray& /*secret*/)
{
if (key.type != CKey::Type::CDOC1) {
setLastError(QStringLiteral("Not a CDoc1 key"));
return {};
}
const CKeyCDoc1& ckey = static_cast<const CKeyCDoc1&>(key);
const auto& ckey = static_cast<const CKeyCDoc1&>(key);
setLastError({});
QByteArray decryptedKey = qApp->signer()->decrypt([&ckey](QCryptoBackend *backend) {
if(ckey.pk_type == CKey::PKType::RSA)
return backend->decrypt(ckey.encrypted_fmk, false);
return backend->decrypt(ckey.encrypted_fmk, false);
return backend->deriveConcatKDF(ckey.publicKey, SHA_MTH[ckey.concatDigest],
int(KWAES_SIZE[ckey.method]), ckey.AlgorithmID, ckey.PartyUInfo, ckey.PartyVInfo);
});
if(decryptedKey.isEmpty())
{
setLastError(QStringLiteral("Failed to decrypt/derive key"));
return {};
}
if(ckey.pk_type == CKey::PKType::RSA)
return decryptedKey;
});
if(decryptedKey.isEmpty())
{
setLastError(QStringLiteral("Failed to decrypt/derive key"));
return {};
}
if(ckey.pk_type == CKey::PKType::RSA)
return decryptedKey;
#ifndef NDEBUG
qDebug() << "DEC Ss" << ckey.publicKey.toHex();
qDebug() << "DEC Ss" << ckey.publicKey.toHex();
qDebug() << "DEC ConcatKDF" << decryptedKey.toHex();
#endif
return Crypto::aes_unwrap(decryptedKey, ckey.encrypted_fmk);
return Crypto::aes_unwrap(decryptedKey, ckey.encrypted_fmk);
}

int CDoc1::version()
Expand Down
138 changes: 69 additions & 69 deletions client/CDoc2.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -408,8 +408,8 @@ CDoc2::isCDoc2File(const QString& path)
return true;
}

CDoc2::CDoc2(const QString &_path)
: path(_path)
CDoc2::CDoc2(QString _path)
: path(std::move(_path))
/* : QFile(path) */
{
using namespace cdoc20::recipients;
Expand Down Expand Up @@ -558,15 +558,15 @@ CDoc2::CDoc2(const QString &_path)
std::unique_ptr<CDoc2>
CDoc2::load(const QString& path)
{
CDoc2 *cdoc = new CDoc2(path);
auto *cdoc = new CDoc2(path);
return std::unique_ptr<CDoc2>(cdoc);
}

CKey::DecryptionStatus
CDoc2::canDecrypt(const QSslCertificate &cert) const
{
CKey::DecryptionStatus status = CKey::DecryptionStatus::CANNOT_DECRYPT;
for (std::shared_ptr<CKey> key: keys) {
for (const std::shared_ptr<CKey> &key: keys) {
if (key->isTheSameRecipient(cert)) return CKey::CAN_DECRYPT;
if (key->isSymmetric()) status = CKey::DecryptionStatus::NEED_KEY;
}
Expand Down Expand Up @@ -638,19 +638,19 @@ bool CDoc2::save(const QString &_path)
return builder.CreateString(utf8.data(), size_t(utf8.length()));
};

auto sendToServer = [this] (const QString& keyserver_id, const QByteArray &recipient_id, const QByteArray &key_material, QLatin1String type) -> QString {
if(keyserver_id.isEmpty()) {
setLastError(QStringLiteral("keyserver_id cannot be empty"));
return {};
}
QNetworkRequest req = cdoc20::req(keyserver_id);
if(req.url().isEmpty()) {
setLastError(QStringLiteral("No valid config found for keyserver_id: %1").arg(keyserver_id));
return {};
}
if(!cdoc20::checkConnection()) {
return {};
}
auto sendToServer = [this] (const QString& keyserver_id, const QByteArray &recipient_id, const QByteArray &key_material, QLatin1String type) -> QString {
if(keyserver_id.isEmpty()) {
setLastError(QStringLiteral("keyserver_id cannot be empty"));
return {};
}
QNetworkRequest req = cdoc20::req(keyserver_id);
if(req.url().isEmpty()) {
setLastError(QStringLiteral("No valid config found for keyserver_id: %1").arg(keyserver_id));
return {};
}
if(!cdoc20::checkConnection()) {
return {};
}
QScopedPointer<QNetworkAccessManager,QScopedPointerDeleteLater> nam(CheckConnection::setupNAM(req, Settings::CDOC2_POST_CERT));
QEventLoop e;
QNetworkReply *reply = nam->post(req, QJsonDocument({
Expand All @@ -662,22 +662,22 @@ bool CDoc2::save(const QString &_path)
e.exec();
QString transaction_id;
if(reply->error() == QNetworkReply::NoError &&
reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt() == 201) {
transaction_id = QString::fromLatin1(reply->rawHeader("Location")).remove(QLatin1String("/key-capsules/"));
} else {
setLastError(reply->errorString());
return {};
}
if(transaction_id.isEmpty())
setLastError(QStringLiteral("Failed to post key capsule"));
return transaction_id;
reply->attribute(QNetworkRequest::HttpStatusCodeAttribute).toInt() == 201) {
transaction_id = QString::fromLatin1(reply->rawHeader("Location")).remove(QLatin1String("/key-capsules/"));
} else {
setLastError(reply->errorString());
return {};
}
if(transaction_id.isEmpty())
setLastError(QStringLiteral("Failed to post key capsule"));
return transaction_id;
};

for(std::shared_ptr<CKey> key: keys) {
for(const std::shared_ptr<CKey> &key: keys) {
if (!key->isPKI()) {
return setLastError(QStringLiteral("Invalid key type"));
}
const CKeyPKI& pki = static_cast<const CKeyPKI&>(*key);
const auto& pki = static_cast<const CKeyPKI&>(*key);
if(pki.pk_type == CKey::PKType::RSA) {
QByteArray kek = Crypto::random(fmk.size());
QByteArray xor_key = Crypto::xor_data(fmk, kek);
Expand All @@ -691,36 +691,36 @@ bool CDoc2::save(const QString &_path)
qDebug() << "xor" << xor_key.toHex();
qDebug() << "encrytpedKek" << encrytpedKek.toHex();
#endif
if(!Settings::CDOC2_USE_KEYSERVER) {
auto rsaPublicKey = cdoc20::recipients::CreateRSAPublicKeyCapsule(builder,
toVector(pki.rcpt_key), toVector(encrytpedKek));
auto offs = cdoc20::header::CreateRecipientRecord(builder,
cdoc20::recipients::Capsule::RSAPublicKeyCapsule, rsaPublicKey.Union(),
toString(pki.label), toVector(xor_key), cdoc20::header::FMKEncryptionMethod::XOR);
recipients.push_back(offs);
} else {
QString keyserver_id = Settings::CDOC2_DEFAULT_KEYSERVER;
QString transaction_id = sendToServer(keyserver_id, pki.rcpt_key, encrytpedKek, QLatin1String("rsa"));
if (transaction_id.isEmpty()) return false;
auto rsaKeyServer = cdoc20::recipients::CreateRsaKeyDetails(builder, toVector(pki.rcpt_key));
auto keyServer = cdoc20::recipients::CreateKeyServerCapsule(builder,
cdoc20::recipients::KeyDetailsUnion::RsaKeyDetails,
rsaKeyServer.Union(), toString(keyserver_id), toString(transaction_id));
auto offs = cdoc20::header::CreateRecipientRecord(builder,
cdoc20::recipients::Capsule::KeyServerCapsule, keyServer.Union(),
toString(pki.label), toVector(xor_key), cdoc20::header::FMKEncryptionMethod::XOR);
recipients.push_back(offs);
}
} else {
auto publicKey = Crypto::fromECPublicKeyDer(pki.rcpt_key, NID_secp384r1);
if(!publicKey) return false;
auto ephKey = Crypto::genECKey(publicKey.get());
QByteArray sharedSecret = Crypto::derive(ephKey.get(), publicKey.get());
QByteArray ephPublicKeyDer = Crypto::toPublicKeyDer(ephKey.get());
QByteArray kekPm = Crypto::extract(sharedSecret, KEKPREMASTER);
QByteArray info = KEK + cdoc20::header::EnumNameFMKEncryptionMethod(cdoc20::header::FMKEncryptionMethod::XOR) + pki.rcpt_key + ephPublicKeyDer;
QByteArray kek = Crypto::expand(kekPm, info, fmk.size());
QByteArray xor_key = Crypto::xor_data(fmk, kek);
if(!Settings::CDOC2_USE_KEYSERVER) {
auto rsaPublicKey = cdoc20::recipients::CreateRSAPublicKeyCapsule(builder,
toVector(pki.rcpt_key), toVector(encrytpedKek));
auto offs = cdoc20::header::CreateRecipientRecord(builder,
cdoc20::recipients::Capsule::RSAPublicKeyCapsule, rsaPublicKey.Union(),
toString(pki.label), toVector(xor_key), cdoc20::header::FMKEncryptionMethod::XOR);
recipients.push_back(offs);
} else {
QString keyserver_id = Settings::CDOC2_DEFAULT_KEYSERVER;
QString transaction_id = sendToServer(keyserver_id, pki.rcpt_key, encrytpedKek, QLatin1String("rsa"));
if (transaction_id.isEmpty()) return false;
auto rsaKeyServer = cdoc20::recipients::CreateRsaKeyDetails(builder, toVector(pki.rcpt_key));
auto keyServer = cdoc20::recipients::CreateKeyServerCapsule(builder,
cdoc20::recipients::KeyDetailsUnion::RsaKeyDetails,
rsaKeyServer.Union(), toString(keyserver_id), toString(transaction_id));
auto offs = cdoc20::header::CreateRecipientRecord(builder,
cdoc20::recipients::Capsule::KeyServerCapsule, keyServer.Union(),
toString(pki.label), toVector(xor_key), cdoc20::header::FMKEncryptionMethod::XOR);
recipients.push_back(offs);
}
} else {
auto publicKey = Crypto::fromECPublicKeyDer(pki.rcpt_key, NID_secp384r1);
if(!publicKey) return false;
auto ephKey = Crypto::genECKey(publicKey.get());
QByteArray sharedSecret = Crypto::derive(ephKey.get(), publicKey.get());
QByteArray ephPublicKeyDer = Crypto::toPublicKeyDer(ephKey.get());
QByteArray kekPm = Crypto::extract(sharedSecret, KEKPREMASTER);
QByteArray info = KEK + cdoc20::header::EnumNameFMKEncryptionMethod(cdoc20::header::FMKEncryptionMethod::XOR) + pki.rcpt_key + ephPublicKeyDer;
QByteArray kek = Crypto::expand(kekPm, info, fmk.size());
QByteArray xor_key = Crypto::xor_data(fmk, kek);
#ifndef NDEBUG
qDebug() << "publicKeyDer" << pki.rcpt_key.toHex();
qDebug() << "ephPublicKeyDer" << ephPublicKeyDer.toHex();
Expand Down Expand Up @@ -798,7 +798,7 @@ bool CDoc2::save(const QString &_path)
}

bool
CDoc2::save(QString _path, const std::vector<File>& files, const QString& label, const QByteArray& secret, unsigned int kdf_iter)
CDoc2::save(const QString& _path, const std::vector<File>& files, const QString& label, const QByteArray& secret, unsigned int kdf_iter)
{
QByteArray fmk = Crypto::extract(Crypto::random(KEY_LEN), SALT);
QByteArray cek = Crypto::expand(fmk, CEK);
Expand Down Expand Up @@ -939,7 +939,7 @@ QByteArray CDoc2::getFMK(const CKey &key, const QByteArray& secret)
QByteArray kek;
if (key.isSymmetric()) {
// Symmetric key
const CKeySymmetric &sk = static_cast<const CKeySymmetric&>(key);
const auto &sk = static_cast<const CKeySymmetric&>(key);
if (sk.kdf_iter > 0) {
#ifndef NDEBUG
qDebug() << "Password based symmetric key: " << key.label;
Expand All @@ -963,13 +963,13 @@ QByteArray CDoc2::getFMK(const CKey &key, const QByteArray& secret)
}
} else {
// Public/private key
const CKeyPKI &pki = static_cast<const CKeyPKI&>(key);
const auto &pki = static_cast<const CKeyPKI&>(key);
QByteArray key_material;
if(key.type == CKey::Type::SERVER) {
const CKeyServer &sk = static_cast<const CKeyServer&>(key);
const auto &sk = static_cast<const CKeyServer&>(key);
key_material = fetchKeyMaterial(sk);
} else if (key.type == CKey::PUBLIC_KEY) {
const CKeyPublicKey& pk = static_cast<const CKeyPublicKey&>(key);
const auto& pk = static_cast<const CKeyPublicKey&>(key);
key_material = pk.key_material;
}
#ifndef NDEBUG
Expand All @@ -984,7 +984,7 @@ QByteArray CDoc2::getFMK(const CKey &key, const QByteArray& secret)
kek = qApp->signer()->decrypt([&pki, &key_material](QCryptoBackend *backend) {
QByteArray kekPm = backend->deriveHMACExtract(key_material, KEKPREMASTER, KEY_LEN);
#ifndef NDEBUG
qDebug() << "kekPm" << kekPm.toHex();
qDebug() << "kekPm" << kekPm.toHex();
#endif
QByteArray info = KEK + cdoc20::header::EnumNameFMKEncryptionMethod(cdoc20::header::FMKEncryptionMethod::XOR) + pki.rcpt_key + key_material;
return Crypto::expand(kekPm, info, KEY_LEN);
Expand All @@ -1008,11 +1008,11 @@ QByteArray CDoc2::getFMK(const CKey &key, const QByteArray& secret)
qDebug() << "hhk" << hhk.toHex();
qDebug() << "hmac" << headerHMAC.toHex();
#endif
if(Crypto::sign_hmac(hhk, header_data) != headerHMAC) {
setLastError(QStringLiteral("CDoc 2.0 hash mismatch"));
return {};
}
return fmk;
if(Crypto::sign_hmac(hhk, header_data) != headerHMAC) {
setLastError(QStringLiteral("CDoc 2.0 hash mismatch"));
return {};
}
return fmk;
}

int CDoc2::version()
Expand Down
4 changes: 2 additions & 2 deletions client/CDoc2.h
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,15 +36,15 @@ class CDoc2 final: public CDoc, private QObject /*, private QFile */ {

bool save(const QString &path) final;
// Write payload encrypted with sinbgle symmetric key
static bool save(QString path, const std::vector<File>& files, const QString& label, const QByteArray& secret, unsigned int kdf_iter);
static bool save(const QString& path, const std::vector<File>& files, const QString& label, const QByteArray& secret, unsigned int kdf_iter);

QByteArray getFMK(const CKey &key, const QByteArray& secret) final;
int version() final;

static std::unique_ptr<CDoc2> load(const QString& _path);

private:
CDoc2(const QString &path);
CDoc2(QString path);

QString path;
QByteArray header_data, headerHMAC;
Expand Down
1 change: 0 additions & 1 deletion client/CMakeLists.txt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,7 +89,6 @@ add_executable(${PROJECT_NAME} WIN32 MACOSX_BUNDLE
TokenData.cpp
TokenData.h
Utils.h
dialogs/PasswordDialog.h dialogs/PasswordDialog.cpp dialogs/PasswordDialog.ui
)

target_link_libraries(${PROJECT_NAME}
Expand Down
14 changes: 7 additions & 7 deletions client/CryptoDoc.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ bool CDocumentModel::addFile(const QString &file, const QString &mime)
[&fileName](const auto &containerFile) { return containerFile.name == fileName; }))
{
WarningDialog::show(DocumentModel::tr("Cannot add the file to the envelope. File '%1' is already in container.")
.arg(FileDialog::normalized(fileName)));
.arg(FileDialog::normalized(fileName)));
return false;
}

Expand Down Expand Up @@ -231,11 +231,11 @@ CKey::isTheSameRecipient(const CKey& other) const
{
QByteArray this_key, other_key;
if (this->isCertificate()) {
const CKeyCert& ckc = static_cast<const CKeyCert&>(*this);
const auto& ckc = static_cast<const CKeyCert&>(*this);
this_key = ckc.cert.publicKey().toDer();
}
if (other.isCertificate()) {
const CKeyCert& ckc = static_cast<const CKeyCert&>(other);
const auto& ckc = static_cast<const CKeyCert&>(other);
other_key = ckc.cert.publicKey().toDer();
}
if (this_key.isEmpty() || other_key.isEmpty()) return false;
Expand All @@ -246,7 +246,7 @@ bool
CKey::isTheSameRecipient(const QSslCertificate &cert) const
{
if (!isPKI()) return false;
const CKeyPKI& pki = static_cast<const CKeyPKI&>(*this);
const auto& pki = static_cast<const CKeyPKI&>(*this);
QByteArray this_key = pki.rcpt_key;
QSslKey k = cert.publicKey();
QByteArray other_key = Crypto::toPublicKeyDer(k);
Expand Down Expand Up @@ -288,7 +288,7 @@ void CKeyCert::setCert(const QSslCertificate &c)
}

std::shared_ptr<CKeyServer>
CKeyServer::fromKey(QByteArray _key, PKType _pk_type) {
CKeyServer::fromKey(const QByteArray &_key, PKType _pk_type) {
return std::shared_ptr<CKeyServer>(new CKeyServer(_key, _pk_type));
}

Expand All @@ -308,11 +308,11 @@ CryptoDoc::supportsSymmetricKeys() const
return d->cdoc->version() >= 2;
}

bool CryptoDoc::addKey(std::shared_ptr<CKey> key )
bool CryptoDoc::addKey(const std::shared_ptr<CKey> &key)
{
if(d->isEncryptedWarning())
return false;
for (std::shared_ptr<CKey> k: d->cdoc->keys) {
for (const std::shared_ptr<CKey> &k: d->cdoc->keys) {
if (k->isTheSameRecipient(*key)) {
WarningDialog::show(tr("Key already exists"));
return false;
Expand Down
Loading

0 comments on commit ec4cae0

Please sign in to comment.