From bb427bd11774f47f553257cdc0693f77b559654d Mon Sep 17 00:00:00 2001 From: Jay Berkenbilt Date: Mon, 4 Nov 2019 09:55:43 -0500 Subject: [PATCH] SHA2: switch to pluggable crypto --- include/qpdf/QPDFCryptoImpl.hh | 15 ++- libqpdf/Pl_SHA2.cc | 92 +++++++++++++++++++ libqpdf/QPDFCrypto_native.cc | 24 +++++ libqpdf/SHA2_native.cc | 147 +++++++++--------------------- libqpdf/build.mk | 1 + libqpdf/qpdf/Pl_SHA2.hh | 43 +++++++++ libqpdf/qpdf/QPDFCrypto_native.hh | 7 ++ libqpdf/qpdf/SHA2_native.hh | 40 ++------ 8 files changed, 233 insertions(+), 136 deletions(-) create mode 100644 libqpdf/Pl_SHA2.cc create mode 100644 libqpdf/qpdf/Pl_SHA2.hh diff --git a/include/qpdf/QPDFCryptoImpl.hh b/include/qpdf/QPDFCryptoImpl.hh index b19f0112..09803a79 100644 --- a/include/qpdf/QPDFCryptoImpl.hh +++ b/include/qpdf/QPDFCryptoImpl.hh @@ -23,7 +23,7 @@ #define QPDFCRYPTOIMPL_HH #include -#include +#include // This class is part of qpdf's pluggable crypto provider support. // Most users won't need to know or care about this class, but you can @@ -41,6 +41,8 @@ class QPDF_DLL_CLASS QPDFCryptoImpl QPDF_DLL virtual ~QPDFCryptoImpl() = default; + // Hashing + typedef unsigned char MD5_Digest[16]; QPDF_DLL virtual void MD5_init() = 0; @@ -51,6 +53,17 @@ class QPDF_DLL_CLASS QPDFCryptoImpl QPDF_DLL virtual void MD5_digest(MD5_Digest) = 0; + QPDF_DLL + virtual void SHA2_init(int bits) = 0; + QPDF_DLL + virtual void SHA2_update(unsigned char const* data, size_t len) = 0; + QPDF_DLL + virtual void SHA2_finalize() = 0; + QPDF_DLL + virtual std::string SHA2_digest() = 0; + + // Encryption/Decryption + // key_len of -1 means treat key_data as a null-terminated string QPDF_DLL virtual void RC4_init(unsigned char const* key_data, int key_len = -1) = 0; diff --git a/libqpdf/Pl_SHA2.cc b/libqpdf/Pl_SHA2.cc new file mode 100644 index 00000000..3da78773 --- /dev/null +++ b/libqpdf/Pl_SHA2.cc @@ -0,0 +1,92 @@ +#include +#include +#include +#include +#include +#include + +Pl_SHA2::Pl_SHA2(int bits, Pipeline* next) : + Pipeline("sha2", next), + in_progress(false) +{ + if (bits) + { + resetBits(bits); + } +} + +Pl_SHA2::~Pl_SHA2() +{ +} + +void +Pl_SHA2::write(unsigned char* buf, size_t len) +{ + if (! this->in_progress) + { + this->in_progress = true; + } + + // Write in chunks in case len is too big to fit in an int. + // Assume int is at least 32 bits. + static size_t const max_bytes = 1 << 30; + size_t bytes_left = len; + unsigned char* data = buf; + while (bytes_left > 0) + { + size_t bytes = (bytes_left >= max_bytes ? max_bytes : bytes_left); + this->crypto->SHA2_update(data, bytes); + bytes_left -= bytes; + data += bytes; + } + + if (this->getNext(true)) + { + this->getNext()->write(buf, len); + } +} + +void +Pl_SHA2::finish() +{ + if (this->getNext(true)) + { + this->getNext()->finish(); + } + this->crypto->SHA2_finalize(); + this->in_progress = false; +} + +void +Pl_SHA2::resetBits(int bits) +{ + if (this->in_progress) + { + throw std::logic_error( + "bit reset requested for in-progress SHA2 Pipeline"); + } + this->crypto = QPDFCryptoProvider::getImpl(); + this->crypto->SHA2_init(bits); +} + +std::string +Pl_SHA2::getRawDigest() +{ + if (this->in_progress) + { + throw std::logic_error( + "digest requested for in-progress SHA2 Pipeline"); + } + return this->crypto->SHA2_digest(); +} + +std::string +Pl_SHA2::getHexDigest() +{ + if (this->in_progress) + { + throw std::logic_error( + "digest requested for in-progress SHA2 Pipeline"); + } + return QUtil::hex_encode(getRawDigest()); +} diff --git a/libqpdf/QPDFCrypto_native.cc b/libqpdf/QPDFCrypto_native.cc index a6ccee9b..b56c5373 100644 --- a/libqpdf/QPDFCrypto_native.cc +++ b/libqpdf/QPDFCrypto_native.cc @@ -42,3 +42,27 @@ void QPDFCrypto_native::RC4_finalize() { } + +void +QPDFCrypto_native::SHA2_init(int bits) +{ + this->sha2 = std::make_shared(bits); +} + +void +QPDFCrypto_native::SHA2_update(unsigned char const* data, size_t len) +{ + this->sha2->update(data, len); +} + +void +QPDFCrypto_native::SHA2_finalize() +{ + this->sha2->finalize(); +} + +std::string +QPDFCrypto_native::SHA2_digest() +{ + return this->sha2->getRawDigest(); +} diff --git a/libqpdf/SHA2_native.cc b/libqpdf/SHA2_native.cc index 17eff7e3..35c2bb05 100644 --- a/libqpdf/SHA2_native.cc +++ b/libqpdf/SHA2_native.cc @@ -1,93 +1,59 @@ -#include +#include #include #include #include #include -Pl_SHA2::Pl_SHA2(int bits, Pipeline* next) : - Pipeline("sha2", next), - in_progress(false), - bits(0) + +SHA2_native::SHA2_native(int bits) : + bits(bits) { - if (bits) + switch (bits) { - resetBits(bits); - } -} - -Pl_SHA2::~Pl_SHA2() -{ -} - -void -Pl_SHA2::badBits() -{ - throw std::logic_error("Pl_SHA2 has unexpected value for bits"); -} - -void -Pl_SHA2::write(unsigned char* buf, size_t len) -{ - if (! this->in_progress) - { - switch (bits) - { - case 256: - sph_sha256_init(&this->ctx256); - break; - case 384: - sph_sha384_init(&this->ctx384); - break; - case 512: - sph_sha512_init(&this->ctx512); - break; - default: - badBits(); - break; - } - this->in_progress = true; - } - - // Write in chunks in case len is too big to fit in an int. - // Assume int is at least 32 bits. - static size_t const max_bytes = 1 << 30; - size_t bytes_left = len; - unsigned char* data = buf; - while (bytes_left > 0) - { - size_t bytes = (bytes_left >= max_bytes ? max_bytes : bytes_left); - switch (bits) - { - case 256: - sph_sha256(&this->ctx256, data, bytes); - break; - case 384: - sph_sha384(&this->ctx384, data, bytes); - break; - case 512: - sph_sha512(&this->ctx512, data, bytes); - break; - default: - badBits(); - break; - } - bytes_left -= bytes; - data += bytes; - } - - if (this->getNext(true)) - { - this->getNext()->write(buf, len); + case 256: + sph_sha256_init(&this->ctx256); + break; + case 384: + sph_sha384_init(&this->ctx384); + break; + case 512: + sph_sha512_init(&this->ctx512); + break; + default: + badBits(); + break; } } void -Pl_SHA2::finish() +SHA2_native::badBits() { - if (this->getNext(true)) + throw std::logic_error("SHA2_native has bits != 256, 384, or 512"); +} + +void +SHA2_native::update(unsigned char const* buf, size_t len) +{ + switch (bits) { - this->getNext()->finish(); + case 256: + sph_sha256(&this->ctx256, buf, len); + break; + case 384: + sph_sha384(&this->ctx384, buf, len); + break; + case 512: + sph_sha512(&this->ctx512, buf, len); + break; + default: + badBits(); + break; } +} + +void +SHA2_native::finalize() +{ switch (bits) { case 256: @@ -103,26 +69,10 @@ Pl_SHA2::finish() badBits(); break; } - this->in_progress = false; -} - -void -Pl_SHA2::resetBits(int bits) -{ - if (this->in_progress) - { - throw std::logic_error( - "bit reset requested for in-progress SHA2 Pipeline"); - } - if (! ((bits == 256) || (bits == 384) || (bits == 512))) - { - throw std::logic_error("Pl_SHA2 called with bits != 256, 384, or 512"); - } - this->bits = bits; } std::string -Pl_SHA2::getRawDigest() +SHA2_native::getRawDigest() { std::string result; switch (bits) @@ -145,14 +95,3 @@ Pl_SHA2::getRawDigest() } return result; } - -std::string -Pl_SHA2::getHexDigest() -{ - if (this->in_progress) - { - throw std::logic_error( - "digest requested for in-progress SHA2 Pipeline"); - } - return QUtil::hex_encode(getRawDigest()); -} diff --git a/libqpdf/build.mk b/libqpdf/build.mk index 883132ae..d405e27c 100644 --- a/libqpdf/build.mk +++ b/libqpdf/build.mk @@ -79,6 +79,7 @@ SRCS_libqpdf = \ libqpdf/QUtil.cc \ libqpdf/RC4.cc \ libqpdf/RC4_native.cc \ + libqpdf/SHA2_native.cc \ libqpdf/SecureRandomDataProvider.cc \ libqpdf/SparseOHArray.cc \ libqpdf/qpdf-c.cc \ diff --git a/libqpdf/qpdf/Pl_SHA2.hh b/libqpdf/qpdf/Pl_SHA2.hh new file mode 100644 index 00000000..dea7141a --- /dev/null +++ b/libqpdf/qpdf/Pl_SHA2.hh @@ -0,0 +1,43 @@ +#ifndef PL_SHA2_HH +#define PL_SHA2_HH + +// Bits must be a supported number of bits, currently only 256, 384, +// or 512. Passing 0 as bits leaves the pipeline uncommitted, in +// which case resetBits must be called before the pipeline is used. +// If a next is provided, this pipeline sends its output to its +// successor unmodified. After calling finish, the SHA2 checksum of +// the data that passed through the pipeline is available. + +// This pipeline is reusable; i.e., it is safe to call write() after +// calling finish(). The first call to write() after a call to +// finish() initializes a new SHA2 object. resetBits may also be +// called between finish and the next call to write. + +#include +#include +#include + +class Pl_SHA2: public Pipeline +{ + public: + QPDF_DLL + Pl_SHA2(int bits = 0, Pipeline* next = 0); + QPDF_DLL + virtual ~Pl_SHA2(); + QPDF_DLL + virtual void write(unsigned char*, size_t); + QPDF_DLL + virtual void finish(); + QPDF_DLL + void resetBits(int bits); + QPDF_DLL + std::string getHexDigest(); + QPDF_DLL + std::string getRawDigest(); + + private: + bool in_progress; + std::shared_ptr crypto; +}; + +#endif // PL_SHA2_HH diff --git a/libqpdf/qpdf/QPDFCrypto_native.hh b/libqpdf/qpdf/QPDFCrypto_native.hh index 5cca0264..d015dc10 100644 --- a/libqpdf/qpdf/QPDFCrypto_native.hh +++ b/libqpdf/qpdf/QPDFCrypto_native.hh @@ -5,6 +5,7 @@ #include #include #include +#include #include class QPDFCrypto_native: public QPDFCryptoImpl @@ -25,9 +26,15 @@ class QPDFCrypto_native: public QPDFCryptoImpl unsigned char* out_data = 0); virtual void RC4_finalize(); + virtual void SHA2_init(int bits); + virtual void SHA2_update(unsigned char const* data, size_t len); + virtual void SHA2_finalize(); + virtual std::string SHA2_digest(); + private: std::shared_ptr md5; std::shared_ptr rc4; + std::shared_ptr sha2; }; #endif // QPDFCRYPTO_NATIVE_HH diff --git a/libqpdf/qpdf/SHA2_native.hh b/libqpdf/qpdf/SHA2_native.hh index 0748dd0b..17b77765 100644 --- a/libqpdf/qpdf/SHA2_native.hh +++ b/libqpdf/qpdf/SHA2_native.hh @@ -1,43 +1,21 @@ -#ifndef PL_SHA2_HH -#define PL_SHA2_HH +#ifndef SHA2_NATIVE_HH +#define SHA2_NATIVE_HH -// Bits must be a supported number of bits, currently only 256, 384, -// or 512. Passing 0 as bits leaves the pipeline uncommitted, in -// which case resetBits must be called before the pipeline is used. -// If a next is provided, this pipeline sends its output to its -// successor unmodified. After calling finish, the SHA2 checksum of -// the data that passed through the pipeline is available. - -// This pipeline is reusable; i.e., it is safe to call write() after -// calling finish(). The first call to write() after a call to -// finish() initializes a new SHA2 object. resetBits may also be -// called between finish and the next call to write. - -#include #include +#include -class Pl_SHA2: public Pipeline +class SHA2_native { public: - QPDF_DLL - Pl_SHA2(int bits = 0, Pipeline* next = 0); - QPDF_DLL - virtual ~Pl_SHA2(); - QPDF_DLL - virtual void write(unsigned char*, size_t); - QPDF_DLL - virtual void finish(); - QPDF_DLL - void resetBits(int bits); - QPDF_DLL - std::string getHexDigest(); - QPDF_DLL + SHA2_native(int bits); + ~SHA2_native() = default; + void update(unsigned char const* const, size_t); + void finalize(); std::string getRawDigest(); private: void badBits(); - bool in_progress; int bits; sph_sha256_context ctx256; sph_sha384_context ctx384; @@ -47,4 +25,4 @@ class Pl_SHA2: public Pipeline unsigned char sha512sum[64]; }; -#endif // PL_SHA2_HH +#endif // SHA2_NATIVE_HH