diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a24f583b..bce4b112 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -28,7 +28,7 @@ jobs: echo 'path-exclude=/usr/share/doc-base/*' >> /etc/dpkg/dpkg.cfg.d/99-nodocs apt update -qq && apt install --no-install-recommends -y lsb-release build-essential devscripts debhelper lintian pkg-config ${UBUNTU_DEPS} doxygen swig openjdk-17-jdk-headless libpython3-dev python3-setuptools libboost-test-dev - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Setup changelog run: | export VERSION=$(grep project CMakeLists.txt | egrep -o "([0-9]{1,}\.)+[0-9]{1,}") @@ -41,7 +41,7 @@ jobs: - name: Lintian run: lintian *.deb; - name: Archive artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: ubuntu_${{ matrix.container }}_${{ matrix.arch }} path: libcdoc*.* @@ -53,7 +53,7 @@ jobs: target: [androidarm, androidarm64, androidx86_64] steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Expose Android NDK env shell: bash run: | @@ -61,7 +61,7 @@ jobs: echo "ANDROID_NDK_ROOT=$ANDROID_NDK_LATEST_HOME" >> "$GITHUB_ENV" echo "VCPKG_ROOT=$VCPKG_INSTALLATION_ROOT" >> "$GITHUB_ENV" - name: Cache vcpkg - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ github.workspace }}/vcpkg_cache key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json') }} @@ -73,7 +73,7 @@ jobs: cmake --build --preset ${{ matrix.target }} cmake --build --preset ${{ matrix.target }} --target install/strip - name: Archive artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: ${{ matrix.target }} path: | @@ -88,14 +88,14 @@ jobs: DEST: ${{ github.workspace }}/${{ matrix.target }} steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install dependencies run: | brew update brew install --formula flatbuffers swig doxygen boost - name: Cache vcpkg if: matrix.target != 'macos' - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ github.workspace }}/vcpkg_cache key: vcpkg-${{ matrix.target }}-${{ hashFiles('vcpkg.json') }} @@ -112,7 +112,7 @@ jobs: - name: Install run: cmake --build --preset ${{ matrix.target }} --target install/strip - name: Archive artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: ${{ matrix.target }} path: ${{ env.DEST }} @@ -128,9 +128,9 @@ jobs: DEST: ${{ github.workspace }}/${{ matrix.image }}_${{ matrix.platform }} steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Cache vcpkg - uses: actions/cache@v4 + uses: actions/cache@v5 with: path: ${{ github.workspace }}/vcpkg_cache key: vcpkg-${{ matrix.image }}-${{ matrix.platform }}-${{ hashFiles('vcpkg.json') }} @@ -155,7 +155,7 @@ jobs: ctest -V -C RelWithDebInfo --test-dir build cmake --install build --config RelWithDebInfo --prefix ${{ env.DEST }} - name: Archive artifacts - uses: actions/upload-artifact@v5 + uses: actions/upload-artifact@v6 with: name: ${{ matrix.image }}_${{ matrix.platform }} path: ${{ env.DEST }} @@ -167,7 +167,7 @@ jobs: contents: write steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install dependencies run: sudo apt update -qq && sudo apt install --no-install-recommends -y doxygen ${UBUNTU_DEPS} - name: Build docs @@ -189,7 +189,7 @@ jobs: PROJECTNAME: ${{ github.repository }} steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install dependencies run: sudo apt update -qq && sudo apt install --no-install-recommends -y curl ca-certificates ${UBUNTU_DEPS} - name: Download Coverity Build Tool @@ -224,7 +224,7 @@ jobs: security-events: write steps: - name: Checkout - uses: actions/checkout@v5 + uses: actions/checkout@v6 - name: Install dependencies run: sudo apt update -qq && sudo apt install --no-install-recommends -y ${UBUNTU_DEPS} - name: Initialize CodeQL diff --git a/CMakePresets.json b/CMakePresets.json index 337ed240..70317f93 100644 --- a/CMakePresets.json +++ b/CMakePresets.json @@ -55,9 +55,8 @@ "cacheVariables": { "CMAKE_SYSTEM_NAME": "iOS", "CMAKE_OSX_SYSROOT": "${presetName}", - "CMAKE_OSX_DEPLOYMENT_TARGET": "15.0", - "CMAKE_DISABLE_FIND_PACKAGE_SWIG": "YES", - "CMAKE_CXX_FLAGS": "-D_LIBCPP_DISABLE_AVAILABILITY" + "CMAKE_OSX_DEPLOYMENT_TARGET": "16.3", + "CMAKE_DISABLE_FIND_PACKAGE_SWIG": "YES" } }, { diff --git a/cdoc/CDoc1Reader.cpp b/cdoc/CDoc1Reader.cpp index 237f5eb4..ef3c3569 100644 --- a/cdoc/CDoc1Reader.cpp +++ b/cdoc/CDoc1Reader.cpp @@ -327,7 +327,13 @@ CDoc1Reader::CDoc1Reader(libcdoc::DataSource *src, bool delete_on_close) key.setBytes(Lock::Params::KEY_MATERIAL, reader.readBase64()); // EncryptedData/KeyInfo/EncryptedKey/KeyInfo/X509Data/X509Certificate else if(reader.isElement("X509Certificate")) - key.setCertificate(reader.readBase64()); + { + auto cert = reader.readBase64(); + Certificate ssl(cert); + key.setBytes(Lock::CERT, std::move(cert)); + key.setBytes(Lock::RCPT_KEY, ssl.getPublicKey()); + key.pk_type = (ssl.getAlgorithm() == libcdoc::Certificate::RSA) ? Lock::RSA : Lock::ECC; + } // EncryptedData/KeyInfo/EncryptedKey/KeyInfo/CipherData/CipherValue else if(reader.isElement("CipherValue")) key.encrypted_fmk = reader.readBase64(); diff --git a/cdoc/CDoc2Reader.cpp b/cdoc/CDoc2Reader.cpp index 6b83dbc9..d10e6ac3 100644 --- a/cdoc/CDoc2Reader.cpp +++ b/cdoc/CDoc2Reader.cpp @@ -117,15 +117,17 @@ CDoc2Reader::getLocks() libcdoc::result_t CDoc2Reader::getLockForCert(const std::vector& cert){ - libcdoc::Certificate cc(cert); - std::vector other_key = cc.getPublicKey(); + std::vector other_key = libcdoc::Certificate(cert).getPublicKey(); + if (other_key.empty()) + return libcdoc::NOT_FOUND; LOG_DBG("Cert public key: {}", toHex(other_key)); - for (int lock_idx = 0; lock_idx < priv->locks.size(); lock_idx++) { - const Lock &ll = priv->locks.at(lock_idx); + int lock_idx = 0; + for (const Lock &ll : priv->locks) { LOG_DBG("Lock {} type {}", lock_idx, (int) ll.type); - if (ll.hasTheSameKey(other_key)) { + if (ll.isPKI() && ll.getBytes(libcdoc::Lock::RCPT_KEY) == other_key) { return lock_idx; } + ++lock_idx; } setLastError("No lock found with certificate key"); return libcdoc::NOT_FOUND; diff --git a/cdoc/Lock.cpp b/cdoc/Lock.cpp index cd5f0bb8..53d8affd 100644 --- a/cdoc/Lock.cpp +++ b/cdoc/Lock.cpp @@ -53,43 +53,5 @@ Lock::setInt(Params key, int32_t val) params[key] = std::move(bytes); } -bool -Lock::hasTheSameKey(const Lock& other) const -{ - if (!isPKI()) return false; - if (!other.isPKI()) return false; - if (!params.contains(Params::RCPT_KEY)) return false; - if (!other.params.contains(Params::RCPT_KEY)) return false; - std::vector pki = getBytes(Params::RCPT_KEY); - if (pki.empty()) return false; - std::vector other_pki = other.getBytes(Params::RCPT_KEY); - if (other_pki.empty()) return false; - return pki == other_pki; -} - -bool -Lock::hasTheSameKey(const std::vector& public_key) const -{ - if (!isPKI()) return false; - if (!params.contains(Params::RCPT_KEY)) return false; - if (public_key.empty()) return false; - std::vector pki = getBytes(Params::RCPT_KEY); - LOG_DBG("Lock key: {}", toHex(pki)); - if (pki.empty()) return false; - return pki == public_key; -} - -void -Lock::setCertificate(const std::vector &_cert) -{ - setBytes(Params::CERT, _cert); - Certificate ssl(_cert); - std::vector pkey = ssl.getPublicKey(); - Certificate::Algorithm algo = ssl.getAlgorithm(); - - setBytes(Params::RCPT_KEY, pkey); - pk_type = (algo == libcdoc::Certificate::RSA) ? PKType::RSA : PKType::ECC; -} - } // namespace libcdoc diff --git a/cdoc/Lock.h b/cdoc/Lock.h index 3011f871..250eeb85 100644 --- a/cdoc/Lock.h +++ b/cdoc/Lock.h @@ -42,7 +42,7 @@ struct CDOC_EXPORT Lock /** * @brief The lock type */ - enum Type : unsigned char { + enum Type : unsigned char { /** * @brief Valid capsule but not supported by this library version * @@ -51,7 +51,7 @@ struct CDOC_EXPORT Lock /** * @brief Symmetric AES key */ - SYMMETRIC_KEY, + SYMMETRIC_KEY, /** * @brief PBKDF key (derived from password) */ @@ -72,12 +72,12 @@ struct CDOC_EXPORT Lock * @brief Symmetric key distributed on several servers */ SHARE_SERVER - }; + }; /** * @brief The public key type */ - enum PKType : unsigned char { + enum PKType : unsigned char { /** * Elliptic curve */ @@ -85,13 +85,13 @@ struct CDOC_EXPORT Lock /** * RSA */ - RSA - }; + RSA + }; /** * @brief Extra parameters depending on key type */ - enum Params : unsigned int { + enum Params : unsigned int { /** * @brief HKDF salt (SYMMETRIC_KEY, PASSWORD and SHARE_SERVER) */ @@ -152,7 +152,7 @@ struct CDOC_EXPORT Lock * @brief CDoc1 specific */ PARTY_VINFO - }; + }; /** * @brief get lock parameter value @@ -176,20 +176,20 @@ struct CDOC_EXPORT Lock /** * @brief The lock type */ - Type type = Type::UNKNOWN; + Type type = Type::UNKNOWN; /** * @brief algorithm type for public key based locks */ - PKType pk_type = PKType::ECC; + PKType pk_type = PKType::ECC; /** * @brief the lock label */ - std::string label; + std::string label; /** * @brief encrypted FMK (File Master Key) */ - std::vector encrypted_fmk; + std::vector encrypted_fmk; /** * @brief check whether lock is valid @@ -206,11 +206,6 @@ struct CDOC_EXPORT Lock * @return true if type is CDOC1, PUBLIC_KEY or SERVER */ constexpr bool isPKI() const noexcept { return (type == Type::CDOC1) || (type == Type::PUBLIC_KEY) || (type == Type::SERVER); } - /** - * @brief check whether lock is based on certificate - * @return true if type is CDOC1 - */ - constexpr bool isCertificate() const noexcept { return (type == Type::CDOC1); } /** * @brief check whether lock is CDoc1 version * @return true if type is CDOC1 @@ -222,40 +217,21 @@ struct CDOC_EXPORT Lock */ constexpr bool isRSA() const noexcept { return pk_type == PKType::RSA; } - /** - * @brief check whether two locks have the same public key - * - * This convenience method checks whether both locks are public key based, and if they are, - * whether the RCPT_KEY parameters are identical (i.e. both can be decrypted by the same private key) - * @param other the other lock - * @return true if both have the same public key - */ - bool hasTheSameKey(const Lock &other) const; - /** - * @brief check whether lock has the given public key - * - * This convenience method checks whether lock is public key based, and if it is, - * whether the RCPT_KEY parameters is identical to ptovided key(i.e. it can be decrypted by the corresponding private key) - * @param public_key the public key (short format) - * @return true if lock has the same public key - */ - bool hasTheSameKey(const std::vector& public_key) const; - - Lock() noexcept = default; - Lock(Type _type) noexcept : type(_type) {}; + Lock() noexcept = default; + Lock(Type _type) noexcept : type(_type) {}; /** * @brief Set lock parameter value * @param param a parameter type * @param val the value */ - void setBytes(Params param, const std::vector& val) { params[param] = val; } + void setBytes(Params param, std::vector val) { params[param] = std::move(val); } /** * @brief Set lock parameter value from string * @param param a parameter type * @param val the value */ - void setString(Params param, const std::string& val) { params[param] = std::vector(val.cbegin(), val.cend()); } + void setString(Params param, const std::string& val) { setBytes(param, {val.cbegin(), val.cend()}); } /** * @brief Set lock parameter value from integer * @param param a parameter type @@ -263,16 +239,10 @@ struct CDOC_EXPORT Lock */ void setInt(Params param, int32_t val); - /** - * @brief A convenience method to initialize CERTIFICATE, RCPT_KEY and PK_TYPE values from given certificate - * @param cert the certificate (der-encoded) - */ - void setCertificate(const std::vector& cert); - - bool operator== (const Lock& other) const = default; + bool operator== (const Lock& other) const noexcept = default; private: - std::map> params; + std::map> params; }; } // namespace libcdoc diff --git a/libcdoc.i b/libcdoc.i index bb9d3db0..3b65a7cb 100644 --- a/libcdoc.i +++ b/libcdoc.i @@ -176,7 +176,6 @@ %ignore libcdoc::Lock::setBytes; %ignore libcdoc::Lock::setString; %ignore libcdoc::Lock::setInt; -%ignore libcdoc::Lock::setCertificate; %extend libcdoc::Lock { Type getType() { return $self->type; diff --git a/vcpkg.json b/vcpkg.json index 624a4109..eb6a1b94 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -21,8 +21,17 @@ "features": { "tests": { "description": "Build tests", "dependencies": ["boost-test"] } }, - "builtin-baseline": "34a03aca6ccf1e42ac0c7b35803b2566c2f15b2b", + "builtin-baseline": "425d0412a2c1d5f9a0071d77ccee88c96e0f70d0", "vcpkg-configuration": { - "overlay-triplets": ["./vcpkg-triplets"] + "overlay-triplets": ["./vcpkg-triplets"], + "registries": [ + { + "kind": "git", + "repository": "https://github.com/open-eid/vcpkg-ports", + "reference": "vcpkg-registry", + "baseline": "316f4d642f489b7d23d97891ed73431e7394d749", + "packages": ["openssl"] + } + ] } }