Skip to content

Preserve unsupported locks #92

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
metsma merged 8 commits into from
Feb 4, 2026
Merged

Preserve unsupported locks #92

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
25ab007
Tar and workflow fixes and tests
Jan 23, 2026
98224e6
Merge branch 'open-eid:master' into master
lauris71 Jan 26, 2026
b4a1736
Create locks even if capsule is not supported
Jan 30, 2026
414452e
Update cdoc/CDoc2Reader.cpp
lauris71 Feb 2, 2026
0854344
Use toUint8Vector helper
Feb 2, 2026
777700c
Removed some extra check from parsing
Feb 2, 2026
8cdc652
Remove INVALID lock type and rename UNSUPPORTED to UNKNOWN
Feb 3, 2026
5ef36d7
Return NULL from frontend if CDoc constructor fails
Feb 4, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
51 changes: 13 additions & 38 deletions cdoc/CDoc.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -103,20 +103,24 @@ libcdoc::CDocReader::createReader(DataSource *src, bool take_ownership, Configur
int version = getCDocFileVersion(src);
LOG_DBG("CDocReader::createReader: version {}", version);
if (src->seek(0) != libcdoc::OK) return nullptr;
CDocReader *reader;
CDocReader *reader = nullptr;
if (version == 1) {
reader = new CDoc1Reader(src, take_ownership);
} else if (version == 2) {
reader = new CDoc2Reader(src, take_ownership);
} else {
if(take_ownership)
delete src;
return nullptr;
}
reader->conf = conf;
reader->crypto = crypto;
return nullptr;
}
if (!reader->getLastErrorStr().empty()) {
delete reader;
return nullptr;
}
reader->conf = conf;
reader->crypto = crypto;
reader->network = network;
return reader;
return reader;
}

libcdoc::CDocReader *
Expand All @@ -125,43 +129,14 @@ libcdoc::CDocReader::createReader(const std::string& path, Configuration *conf,
if(path.empty())
return nullptr;
auto isrc = make_unique<IStreamSource>(path);
int version = getCDocFileVersion(isrc.get());
LOG_DBG("CDocReader::createReader: version {}", version);
if (isrc->seek(0) != libcdoc::OK)
return nullptr;
CDocReader *reader;
if (version == 1) {
reader = new CDoc1Reader(isrc.release(), true);
} else if (version == 2) {
reader = new CDoc2Reader(isrc.release(), true);
} else {
return nullptr;
}
reader->conf = conf;
reader->crypto = crypto;
reader->network = network;
return reader;
return createReader(isrc.release(), true, conf, crypto, network);
}

libcdoc::CDocReader *
libcdoc::CDocReader::createReader(std::istream& ifs, Configuration *conf, CryptoBackend *crypto, NetworkBackend *network)
{
libcdoc::IStreamSource *isrc = new libcdoc::IStreamSource(&ifs, false);
int version = getCDocFileVersion(isrc);
LOG_DBG("CDocReader::createReader: version {}", version);
CDocReader *reader;
if (version == 1) {
reader = new CDoc1Reader(isrc, true);
} else if (version == 2) {
reader = new CDoc2Reader(isrc, true);
} else {
delete isrc;
return nullptr;
}
reader->conf = conf;
reader->crypto = crypto;
reader->network = network;
return reader;
auto isrc = make_unique<IStreamSource>(&ifs, false);
return createReader(isrc.release(), true, conf, crypto, network);
}

#if LIBCDOC_TESTING
Expand Down
266 changes: 128 additions & 138 deletions cdoc/CDoc2Reader.cpp
View file
Open in desktop

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion cdoc/Crypto.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -621,6 +621,6 @@ result_t DecryptionSource::close()
int len = 0;
std::vector<uint8_t> buffer(EVP_CIPHER_CTX_block_size(ctx.get()), 0);
if (SSL_FAILED(EVP_CipherFinal_ex(ctx.get(), buffer.data(), &len), "EVP_CipherFinal_ex"))
return error = CRYPTO_ERROR;
return error = HASH_MISMATCH;
return OK;
}
4 changes: 2 additions & 2 deletions cdoc/CryptoBackend.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,8 +36,8 @@ struct Lock;
* - decryptRSA for RSA keys
* - getSecret for symmetric keys.
*
* ECC and symmetric keys have also frontend methods; implementing these allows the program to perform certain cryptographic procedures in controlled
* environment and (in case of symmetric keys) avoid exposing secret keys/passwords.
* ECC and symmetric keys have also frontend methods; implementing these allows the program to perform certain cryptographic procedures in secure
* environment and (in case of symmetric keys) avoid exposing secret keys/passwords to library code.
*/
struct CDOC_EXPORT CryptoBackend {
static constexpr int INVALID_PARAMS = -201;
Expand Down
2 changes: 0 additions & 2 deletions cdoc/Io.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,8 +259,6 @@ struct CDOC_EXPORT IStreamSource : public DataSource {
if(_ifs->bad()) return INPUT_STREAM_ERROR;
_ifs->clear();
_ifs->seekg(pos);
//std::cerr << "Stream bad:" << _ifs->bad() << " eof:" << _ifs->eof() << " fail:" << _ifs->fail() << std::endl;
//std::cerr << "tell:" << _ifs->tellg() << std::endl;
return bool(_ifs->bad()) ? INPUT_STREAM_ERROR : OK;
}

Expand Down
9 changes: 5 additions & 4 deletions cdoc/Lock.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -44,9 +44,10 @@ struct CDOC_EXPORT Lock
*/
enum Type : unsigned char {
/**
* @brief Invalid value
* @brief Valid capsule but not supported by this library version
*
*/
INVALID,
UNKNOWN,
/**
* @brief Symmetric AES key
*/
Expand Down Expand Up @@ -175,7 +176,7 @@ struct CDOC_EXPORT Lock
/**
* @brief The lock type
*/
Type type = Type::INVALID;
Type type = Type::UNKNOWN;
/**
* @brief algorithm type for public key based locks
*/
Expand All @@ -194,7 +195,7 @@ struct CDOC_EXPORT Lock
* @brief check whether lock is valid
* @return true if valid
*/
bool isValid() const noexcept { return (type != Type::INVALID) && !label.empty() && !encrypted_fmk.empty(); }
bool isValid() const noexcept { return (type != Type::UNKNOWN) && !label.empty() && !encrypted_fmk.empty(); }
/**
* @brief check whether lock is based on symmetric key
* @return true if type is SYMMETRIC_KEY or PASSWORD
Expand Down
5 changes: 2 additions & 3 deletions cdoc/NetworkBackend.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -397,8 +397,7 @@ libcdoc::NetworkBackend::fetchKey (std::vector<uint8_t>& dst, const std::string&
}
error = {};
std::string ks = v.get<std::string>();
std::vector<uint8_t> key_material = fromBase64(ks);
dst.assign(key_material.cbegin(), key_material.cend());
dst = fromBase64(ks);

return libcdoc::OK;
}
Expand Down Expand Up @@ -434,7 +433,7 @@ libcdoc::NetworkBackend::fetchNonce(std::vector<uint8_t>& dst, const std::string
return NETWORK_ERROR;
}
std::string nonce_str = v.get<std::string>();
dst.assign(nonce_str.cbegin(), nonce_str.cend());
dst = toUint8Vector(nonce_str);
return OK;
}

Expand Down
10 changes: 10 additions & 0 deletions cdoc/Utils.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -125,6 +125,16 @@ struct urlEncode {
friend std::ostream& operator<<(std::ostream& escaped, urlEncode src);
};

std::vector<uint8_t> toUint8Vector(const auto* data)
{
return {data->cbegin(), data->cend()};
}

std::vector<uint8_t> toUint8Vector(const auto& data)
{
return {data.cbegin(), data.cend()};
}

std::string urlDecode(const std::string &src);

} // namespace libcdoc
Expand Down
10 changes: 5 additions & 5 deletions test/libcdoc_boost.cpp
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -489,7 +489,7 @@ BOOST_FIXTURE_TEST_CASE_WITH_DECOR(CDoc2DecryptErrors, DecryptFixture,
BOOST_TEST(rdr->beginDecryption(fmk) == libcdoc::OK);
BOOST_TEST(rdr->nextFile(fi) == libcdoc::OK);
BOOST_TEST(rdr->nextFile(fi) == libcdoc::OK);
BOOST_TEST(rdr->finishDecryption() == libcdoc::CRYPTO_ERROR);
BOOST_TEST(rdr->finishDecryption() == libcdoc::HASH_MISMATCH);
delete rdr;

// Truncate file, should result zlib error
Expand All @@ -499,15 +499,15 @@ BOOST_FIXTURE_TEST_CASE_WITH_DECOR(CDoc2DecryptErrors, DecryptFixture,
BOOST_TEST(rdr->getFMK(fmk, 0) == libcdoc::OK);
BOOST_TEST(rdr->beginDecryption(fmk) == libcdoc::OK);
libcdoc::result_t rv = rdr->nextFile(fi);
BOOST_TEST(((rv == libcdoc::OK) || (rv == libcdoc::CRYPTO_ERROR)));
BOOST_TEST(((rv == libcdoc::OK) || (rv == libcdoc::HASH_MISMATCH)));
for (int i = 0; i < 4; i++) {
rv = rdr->readData(buf, 256);
BOOST_TEST(((rv == 256) || (rv == libcdoc::CRYPTO_ERROR)));
BOOST_TEST(((rv == 256) || (rv == libcdoc::HASH_MISMATCH)));
}
rv = rdr->nextFile(fi);
BOOST_TEST(((rv == libcdoc::OK) || (rv == libcdoc::CRYPTO_ERROR)));
BOOST_TEST(((rv == libcdoc::OK) || (rv == libcdoc::HASH_MISMATCH)));
rv = rdr->readData(buf, 256);
BOOST_TEST(((rv == 255) || (rv == libcdoc::CRYPTO_ERROR)));
BOOST_TEST(((rv == 255) || (rv == libcdoc::HASH_MISMATCH)));
BOOST_TEST(rdr->finishDecryption() == libcdoc::WORKFLOW_ERROR);
delete rdr;
}
Expand Down