include/svl/cryptosign.hxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  */
   9
  10 #include <sal/types.h>
  11
  12 #include <vector>
  13
  14 #include <rtl/strbuf.hxx>
  15 #include <rtl/ustring.hxx>
  16
  17 #include <com/sun/star/uno/Reference.hxx>
  18
  19 #include <svl/svldllapi.h>
  20
  21 // Is this length truly the maximum possible, or just a number that
  22 // seemed large enough when the author tested this (with some type of
  23 // certificates)? I suspect the latter.
  24
  25 // Used to be 0x4000 = 16384, but a sample signed PDF (produced by
  26 // some other software) provided by the customer has a signature
  27 // content that is 30000 bytes. The SampleSignedPDFDocument.pdf from
  28 // Adobe has one that is 21942 bytes. So let's be careful. Pity this
  29 // can't be dynamic, at least not without restructuring the code. Also
  30 // note that the checks in the code for this being too small
  31 // apparently are broken, if this overflows you end up with an invalid
  32 // PDF. Need to fix that.
  33
  34 #define MAX_SIGNATURE_CONTENT_LENGTH 50000
  35
  36 namespace com::sun::star::security { class XCertificate; }
  37 class SvStream;
  38 struct SignatureInformation;
  39
  40 namespace svl::crypto {
  41
  42 /// Converts a hex-encoded string into a byte array.
  43 SVL_DLLPUBLIC std::vector<unsigned char> DecodeHexString(const OString& rHex);
  44
  45 /// Helper to cryptographically sign and verify
  46 /// arbitrary data blocks.
  47 class SVL_DLLPUBLIC Signing
  48 {
  49 public:
  50
  51     Signing(const css::uno::Reference<css::security::XCertificate>& xCertificate) :
  52         m_xCertificate(xCertificate)
  53     {
  54     }
  55
  56     /// Add a range to sign.
  57     /// Note: for efficiency this takes a naked pointer, which must remain valid
  58     /// until this object is discarded.
  59     void AddDataRange(const void* pData, sal_Int32 size)
  60     {
  61         m_dataBlocks.emplace_back(pData, size);
  62     }
  63
  64     void SetSignTSA(const OUString& tsa) { m_aSignTSA = tsa; }
  65     void SetSignPassword(const OUString& password) { m_aSignPassword = password; }
  66
  67     /// Signs one or more data blocks (as a single, contiguous, array).
  68     /// Returns the signature (in PKCS#7 format) as string (hex).
  69     bool Sign(OStringBuffer& rCMSHexBuffer);
  70
  71     /// Verify and get Signature Information given a byte array.
  72     static bool Verify(const std::vector<unsigned char>& aData,
  73                        const bool bNonDetached,
  74                        const std::vector<unsigned char>& aSignature,
  75                        SignatureInformation& rInformation);
  76
  77     /// Verify and get Signature Information given a signature and stream.
  78     static bool Verify(SvStream& rStream,
  79                        const std::vector<std::pair<size_t, size_t>>& aByteRanges,
  80                        const bool bNonDetached,
  81                        const std::vector<unsigned char>& aSignature,
  82                        SignatureInformation& rInformation);
  83
  84 private:
  85     /// The certificate to use for signing.
  86     const css::uno::Reference<css::security::XCertificate> m_xCertificate;
  87
  88     /// Data blocks (pointer-size pairs).
  89     std::vector<std::pair<const void*, sal_Int32>> m_dataBlocks;
  90     OUString m_aSignTSA;
  91     OUString m_aSignPassword;
  92 };
  93
  94 }
  95
  96 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
  97