CryptoTools: add HMAC, move crypto impl. details to CryptoImpl

Change-Id: I8edb24ee5d9595ef54bd49526b631baf8a7415b1
Reviewed-on: https://gerrit.libreoffice.org/56970
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>

include/oox/crypto/CryptTools.hxx

@@ -21,26 +21,41 @@
 #define INCLUDED_OOX_CRYPTO_CRYPTTOOLS_HXX
 
 #include <config_oox.h>
-
-#if USE_TLS_OPENSSL
-#include <openssl/evp.h>
-#include <openssl/sha.h>
-#endif // USE_TLS_OPENSSL
-
-#if USE_TLS_NSS
-#include <nss.h>
-#include <pk11pub.h>
-#include <sechash.h>
-#endif // USE_TLS_NSS
+#include <oox/dllapi.h>
+#include <sal/types.h>
 
 #include <vector>
-
-#include <sal/types.h>
+#include <memory>
 
 namespace oox {
 namespace core {
 
-class Crypto
+/** Rounds up the input to the nearest multiple
+ *
+ *  For example:
+ *  input  1, multiple 16 = 16
+ *  input 16, multiple 16 = 16
+ *  input 17, multiple 16 = 32
+ *  input 31, multiple 16 = 32
+ */
+template<typename T>
+T roundUp(T input, T multiple)
+{
+    if (input % multiple == 0)
+        return input;
+    return ((input / multiple) * multiple) + multiple;
+}
+
+enum class CryptoHashType
+{
+    SHA1,
+    SHA256,
+    SHA512
+};
+
+struct CryptoImpl;
+
+class OOX_DLLPUBLIC Crypto
 {
 public:
     enum CryptoType
@@ -52,47 +67,24 @@ public:
     };
 
 protected:
-#if USE_TLS_OPENSSL
-    EVP_CIPHER_CTX mContext;
-#endif
-#if USE_TLS_NSS
-    PK11Context* mContext;
-    SECItem*     mSecParam;
-    PK11SymKey*  mSymKey;
-#endif
-
-#if USE_TLS_OPENSSL
-    const EVP_CIPHER* getCipher(CryptoType type);
-#endif
-#if USE_TLS_NSS
-    void setupContext(
-            std::vector<sal_uInt8>& key,
-            std::vector<sal_uInt8>& iv,
-            CryptoType type,
-            CK_ATTRIBUTE_TYPE operation);
-#endif
+    std::unique_ptr<CryptoImpl> mpImpl;
 
 protected:
     Crypto();
 
 public:
     virtual ~Crypto();
-
-    virtual sal_uInt32 update(
-                    std::vector<sal_uInt8>& output,
-                    std::vector<sal_uInt8>& input,
-                    sal_uInt32 inputLength = 0) = 0;
 };
 
-class Decrypt : public Crypto
+class OOX_DLLPUBLIC Decrypt : public Crypto
 {
 public:
     Decrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type);
 
-    virtual sal_uInt32 update(
+    sal_uInt32 update(
                     std::vector<sal_uInt8>& output,
                     std::vector<sal_uInt8>& input,
-                    sal_uInt32 inputLength = 0) override;
+                    sal_uInt32 inputLength = 0);
 
 
     static sal_uInt32 aes128ecb(
@@ -102,17 +94,27 @@ public:
 
 };
 
-class Encrypt : public Crypto
+class OOX_DLLPUBLIC Encrypt : public Crypto
 {
 public:
     Encrypt(std::vector<sal_uInt8>& key, std::vector<sal_uInt8>& iv, CryptoType type);
 
-    virtual sal_uInt32 update(
+    sal_uInt32 update(
                     std::vector<sal_uInt8>& output,
                     std::vector<sal_uInt8>& input,
-                    sal_uInt32 inputLength = 0) override;
+                    sal_uInt32 inputLength = 0);
+};
+
+class OOX_DLLPUBLIC CryptoHash : public Crypto
+{
+    sal_Int32 mnHashSize;
+public:
+    CryptoHash(std::vector<sal_uInt8>& rKey, CryptoHashType eType);
+    bool update(std::vector<sal_uInt8>& rInput, sal_uInt32 nInputLength = 0);
+    std::vector<sal_uInt8> finalize();
 };
 
+
 } // namespace core
 } // namespace oox
 

oox/CppunitTest_oox_crypto.mk

@@ -16,6 +16,20 @@ $(eval $(call gb_CppunitTest_add_exception_objects,oox_crypto,\
 
 $(eval $(call gb_CppunitTest_use_sdk_api,oox_crypto))
 
+ifeq ($(TLS),OPENSSL)
+$(eval $(call gb_CppunitTest_externals,oox_crypto,\
+	openssl \
+	openssl_headers \
+))
+else
+ifeq ($(TLS),NSS)
+$(eval $(call gb_CppunitTest_use_externals,oox_crypto,\
+       plc4 \
+       nss3 \
+))
+endif
+endif
+
 $(eval $(call gb_CppunitTest_use_libraries,oox_crypto,\
     basegfx \
     comphelper \
@@ -68,6 +82,7 @@ $(eval $(call gb_CppunitTest_use_components,oox_crypto,\
     unotools/util/utl \
     uui/util/uui \
     vcl/vcl.common \
+    sax/source/expatwrap/expwrap \
 ))
 
 

oox/qa/unit/CryptoTest.cxx

@@ -15,6 +15,7 @@
 #include <tools/stream.hxx>
 #include <unotools/streamwrap.hxx>
 
+#include <oox/crypto/CryptTools.hxx>
 #include <oox/crypto/Standard2007Engine.hxx>
 #include <oox/helper/binaryinputstream.hxx>
 #include <oox/helper/binaryoutputstream.hxx>
@@ -24,13 +25,77 @@ using namespace css;
 class CryptoTest : public CppUnit::TestFixture
 {
 public:
+    void testCryptoHash();
+    void testRoundUp();
     void testStandard2007();
 
     CPPUNIT_TEST_SUITE(CryptoTest);
+    CPPUNIT_TEST(testCryptoHash);
+    CPPUNIT_TEST(testRoundUp);
     CPPUNIT_TEST(testStandard2007);
     CPPUNIT_TEST_SUITE_END();
 };
 
+namespace
+{
+std::string toString(std::vector<sal_uInt8> const& aInput)
+{
+    std::stringstream aStream;
+    for (auto const& aValue : aInput)
+    {
+        aStream << std::setw(2) << std::setfill('0') << std::hex << static_cast<int>(aValue);
+    }
+
+    return aStream.str();
+}
+}
+
+void CryptoTest::testCryptoHash()
+{
+    // Check examples from Wikipedia (https://en.wikipedia.org/wiki/HMAC)
+    OString aContentString("The quick brown fox jumps over the lazy dog");
+    std::vector<sal_uInt8> aContent(aContentString.getStr(),
+                                    aContentString.getStr() + aContentString.getLength());
+    std::vector<sal_uInt8> aKey = { 'k', 'e', 'y' };
+    {
+        oox::core::CryptoHash aCryptoHash(aKey, oox::core::CryptoHashType::SHA1);
+        aCryptoHash.update(aContent);
+        std::vector<sal_uInt8> aHash = aCryptoHash.finalize();
+        CPPUNIT_ASSERT_EQUAL(std::string("de7c9b85b8b78aa6bc8a7a36f70a90701c9db4d9"),
+                             toString(aHash));
+    }
+
+    {
+        oox::core::CryptoHash aCryptoHash(aKey, oox::core::CryptoHashType::SHA256);
+        aCryptoHash.update(aContent);
+        std::vector<sal_uInt8> aHash = aCryptoHash.finalize();
+        CPPUNIT_ASSERT_EQUAL(
+            std::string("f7bc83f430538424b13298e6aa6fb143ef4d59a14946175997479dbc2d1a3cd8"),
+            toString(aHash));
+    }
+
+    {
+        oox::core::CryptoHash aCryptoHash(aKey, oox::core::CryptoHashType::SHA512);
+        aCryptoHash.update(aContent);
+        std::vector<sal_uInt8> aHash = aCryptoHash.finalize();
+        CPPUNIT_ASSERT_EQUAL(
+            std::string("b42af09057bac1e2d41708e48a902e09b5ff7f12ab428a4fe86653c73dd248fb82f948a549"
+                        "f7b791a5b41915ee4d1ec3935357e4e2317250d0372afa2ebeeb3a"),
+            toString(aHash));
+    }
+}
+
+void CryptoTest::testRoundUp()
+{
+    CPPUNIT_ASSERT_EQUAL(16, oox::core::roundUp(16, 16));
+    CPPUNIT_ASSERT_EQUAL(32, oox::core::roundUp(32, 16));
+    CPPUNIT_ASSERT_EQUAL(64, oox::core::roundUp(64, 16));
+
+    CPPUNIT_ASSERT_EQUAL(16, oox::core::roundUp(01, 16));
+    CPPUNIT_ASSERT_EQUAL(32, oox::core::roundUp(17, 16));
+    CPPUNIT_ASSERT_EQUAL(32, oox::core::roundUp(31, 16));
+}
+
 void CryptoTest::testStandard2007()
 {
     oox::core::Standard2007Engine aEngine;