Keyshare encryption (#47)

Signed-off-by: Lauris Kaplinski <lauris@raulwalter.com>

Author: lauris71

CMakeLists.txt

@@ -4,7 +4,7 @@ if(POLICY CMP0167)
     cmake_policy(SET CMP0167 NEW)
 endif()
 
-project(libcdoc VERSION 0.1.5)
+project(libcdoc VERSION 0.1.6)
 
 macro(SET_ENV NAME DEF)
     if(DEFINED ENV{${NAME}})

cdoc/CDoc.cpp

@@ -71,32 +71,6 @@ getVersion()
     return VERSION_STR;
 }
 
-bool
-libcdoc::Configuration::getBoolean(std::string_view param, bool def_val) const
-{
-	std::string val = getValue(param);
-    if (val.empty()) return def_val;
-	return val == "true";
-}
-
-int
-libcdoc::Configuration::getInt(std::string_view param, int def_val) const
-{
-    std::string val = getValue(param);
-    if (val.empty()) return def_val;
-    return std::stoi(val);
-}
-
-#if LIBCDOC_TESTING
-int64_t
-libcdoc::Configuration::test(std::vector<uint8_t>& dst)
-{
-    LOG_TRACE("Configuration::test::Native superclass");
-    return OK;
-}
-#endif
-
-
 int
 libcdoc::CDocReader::getCDocFileVersion(DataSource *src)
 {
@@ -179,7 +153,6 @@ libcdoc::CDocReader::testConfig(std::vector<uint8_t>& dst)
     LOG_TRACE("CDocReader::testConfig::Native superclass");
     if (conf) {
         LOG_DBG("CDocReader::testConfig this={} conf={}", reinterpret_cast<void*>(this), reinterpret_cast<void*>(conf));
-        return conf->test(dst);
     }
     LOG_ERROR("CDocReader::testConfig::conf is null");
     return WORKFLOW_ERROR;

cdoc/CDoc2Reader.cpp

@@ -23,6 +23,7 @@
 #include "CryptoBackend.h"
 #include "CDoc2.h"
 #include "ILogger.h"
+#include "KeyShares.h"
 #include "Lock.h"
 #include "NetworkBackend.h"
 #include "Tar.h"
@@ -111,8 +112,10 @@ libcdoc::result_t
 CDoc2Reader::getLockForCert(const std::vector<uint8_t>& cert){
 	libcdoc::Certificate cc(cert);
 	std::vector<uint8_t> other_key = cc.getPublicKey();
+	LOG_DBG("Cert public key: {}", toHex(other_key));
     for (int lock_idx = 0; lock_idx < priv->locks.size(); lock_idx++) {
         const libcdoc::Lock *ll = priv->locks.at(lock_idx);
+		LOG_DBG("Lock {} type {}", lock_idx, (int) ll->type);
 		if (ll->hasTheSameKey(other_key)) {
             return lock_idx;
 		}
@@ -152,7 +155,7 @@ CDoc2Reader::getFMK(std::vector<uint8_t>& fmk, unsigned int lock_idx)
         LOG_TRACE_KEY("kek: {}", kek);
 
         if (kek.empty()) return libcdoc::CRYPTO_ERROR;
-	} else {
+	} else if ((lock.type == libcdoc::Lock::Type::PUBLIC_KEY) || (lock.type == libcdoc::Lock::Type::SERVER)) {
 		// Public/private key
 		std::vector<uint8_t> key_material;
 		if(lock.type == libcdoc::Lock::Type::SERVER) {
@@ -210,6 +213,88 @@ CDoc2Reader::getFMK(std::vector<uint8_t>& fmk, unsigned int lock_idx)
 
 			kek = libcdoc::Crypto::expand(kek_pm, std::vector<uint8_t>(info_str.cbegin(), info_str.cend()), libcdoc::CDoc2::KEY_LEN);
 		}
+	} else  if (lock.type == libcdoc::Lock::Type::SHARE_SERVER) {
+		/* SALT */
+		std::vector<uint8_t> salt = lock.getBytes(Lock::SALT);
+		/* RECIPIENT_ID */
+		std::string rcpt_id = lock.getString(Lock::RECIPIENT_ID);
+		/* SHARE_URLS */
+		/* url,share_id;url,share_id... */
+		std::string all = lock.getString(Lock::SHARE_URLS);
+		std::vector<std::string> strs = split(all, ';');
+		if (strs.empty()) return libcdoc::DATA_FORMAT_ERROR;
+		std::vector<ShareData> shares;
+		for (auto& str : strs) {
+			std::vector<std::string> parts = split(str, ',');
+			if (parts.size() != 2) return libcdoc::DATA_FORMAT_ERROR;
+			std::string url = parts[0];
+			std::string id = parts[1];
+			LOG_DBG("Share {} url {}", id, url);
+
+			std::vector<uint8_t> nonce;
+			int64_t result = network->fetchNonce(nonce, url, id);
+			if (result != libcdoc::OK) {
+				setLastError(t_("Cannot fetch nonce from server"));
+				LOG_ERROR("Cannot fetch nonce from server {}", url);
+				return result;
+			}
+			LOG_DBG("Nonce: {}", std::string(nonce.cbegin(), nonce.cend()));
+			ShareData acc(url, id, std::string(nonce.cbegin(), nonce.cend()));
+			shares.push_back(std::move(acc));
+		}
+		/* Create tickets from shares */
+		std::vector<std::string> tickets;
+		std::vector<uint8_t> cert;
+		result_t result = NOT_IMPLEMENTED;
+		if (conf->getValue(Configuration::SHARE_SIGNER) == "SMART_ID") {
+			// "https://sid.demo.sk.ee/smart-id-rp/v2"
+			std::string url = conf->getValue(Configuration::SID_DOMAIN, Configuration::BASE_URL);
+			// "00000000-0000-0000-0000-000000000000"
+			std::string relyingPartyUUID = conf->getValue(Configuration::SID_DOMAIN, Configuration::RP_UUID);
+			// "DEMO"
+			std::string relyingPartyName = conf->getValue(Configuration::SID_DOMAIN, Configuration::RP_NAME);
+			SIDSigner signer(url, relyingPartyUUID, relyingPartyName, rcpt_id, network);
+			result = signer.generateTickets(tickets, shares);
+			if (result == OK) cert = std::move(signer.cert);
+		} else if (conf->getValue(Configuration::SHARE_SIGNER) == "MOBILE_ID") {
+			// "https://sid.demo.sk.ee/smart-id-rp/v2"
+			std::string url = conf->getValue(Configuration::MID_DOMAIN, Configuration::BASE_URL);
+			// "00000000-0000-0000-0000-000000000000"
+			std::string relyingPartyUUID = conf->getValue(Configuration::MID_DOMAIN, Configuration::RP_UUID);
+			// "DEMO"
+			std::string relyingPartyName = conf->getValue(Configuration::MID_DOMAIN, Configuration::RP_NAME);
+			// "37200000566"
+			std::string phone = conf->getValue(Configuration::MID_DOMAIN, Configuration::PHONE_NUMBER);
+			MIDSigner signer(url, relyingPartyUUID, relyingPartyName, phone, rcpt_id, network);
+			result = signer.generateTickets(tickets, shares);
+			if (result == OK) cert = std::move(signer.cert);
+		} else {
+			setLastError(t_("Unknown or missing signer type"));
+			LOG_ERROR("Unknown or missing signer type");
+			return result;
+		}
+		if (result != libcdoc::OK) {
+			setLastError(t_("Cannot generate share tickets"));
+			LOG_ERROR("Cannot generate share tickets");
+			return result;
+		}
+		kek.resize(32);
+		std::fill(kek.begin(), kek.end(), 0);
+		for (unsigned int i = 0; i < tickets.size(); i++) {
+			NetworkBackend::ShareInfo share;
+			result = network->fetchShare(share, shares[i].base_url, shares[i].share_id, tickets[i], cert);
+			if (result != libcdoc::OK) {
+				setLastError(t_("Cannot fetch share"));
+				LOG_ERROR("Cannot fetch share {}", i);
+				return result;
+			}
+			Crypto::xor_data(kek, kek, share.share);
+		}
+		LOG_INFO("Fetched all shares");
+	} else {
+		setLastError(t_("Unknown lock type"));
+		LOG_ERROR("Unknown lock type: %d", (int) lock.type);
+		return libcdoc::UNSPECIFIED_ERROR;
 	}
 
     LOG_TRACE_KEY("KEK: {}", kek);
@@ -524,6 +609,40 @@ CDoc2Reader::CDoc2Reader(libcdoc::DataSource *src, bool take_ownership)
 				priv->locks.push_back(key);
 			}
 			break;
+		case Capsule::recipients_KeySharesCapsule:
+			if (const auto *capsule = recipient->capsule_as_recipients_KeySharesCapsule()) {
+				if (capsule->recipient_type() != cdoc20::recipients::KeyShareRecipientType::SID_MID) {
+					LOG_ERROR("Invalid keyshare recipient type: {}", (int) capsule->recipient_type());
+					continue;
+				}
+				if (capsule->shares_scheme() != cdoc20::recipients::SharesScheme::N_OF_N) {
+					LOG_ERROR("Invalid keyshare scheme type: {}", (int) capsule->shares_scheme());
+					continue;
+				}
+				/* url,share_id;url,share_id... */
+				std::vector<std::string> strs;
+				for (auto cshare = capsule->shares()->cbegin(); cshare != capsule->shares()->cend(); ++cshare) {
+					std::string id = cshare->share_id()->str();
+					std::string url = cshare->server_base_url()->str();
+					std::string str = url + "," + id;
+					LOG_DBG("Keyshare: {}", str);
+					strs.push_back(str);
+				}
+				std::string urls = join(strs, ";");
+				LOG_DBG("Keyshare urls: {}", urls);
+				std::vector<uint8_t> salt(capsule->salt()->cbegin(), capsule->salt()->cend());
+				LOG_DBG("Keyshare salt: {}", toHex(salt));
+				std::string recipient_id = capsule->recipient_id()->str();
+				LOG_DBG("Keyshare recipient id: {}", recipient_id);
+				libcdoc::Lock *lock = new libcdoc::Lock(libcdoc::Lock::SHARE_SERVER);
+				lock->label = recipient->key_label()->str();
+				lock->encrypted_fmk.assign(recipient->encrypted_fmk()->cbegin(), recipient->encrypted_fmk()->cend());
+				lock->setString(libcdoc::Lock::SHARE_URLS, urls);
+				lock->setBytes(libcdoc::Lock::SALT, salt);
+				lock->setString(libcdoc::Lock::RECIPIENT_ID, recipient_id);
+				priv->locks.push_back(std::move(lock));
+			}
+			break;
 		default:
             LOG_ERROR("Unsupported Key Details: skipping");
 		}

cdoc/CDoc2Writer.cpp

@@ -429,7 +429,7 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
                 return libcdoc::CONFIGURATION_ERROR;
             }
             LOG_DBG("Share servers: {}", url_list);
-            std::vector<std::string> urls = split(url_list, ',');
+            std::vector<std::string> urls = libcdoc::JsonToStringArray(url_list);
             if (urls.size() < 1) {
                 setLastError("No server URLs in " + rcpt.server_id);
                 LOG_ERROR("{}", last_error);
@@ -462,6 +462,13 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
             std::string info_str = std::string("CDOC2kek") + cdoc20::header::EnumNameFMKEncryptionMethod(cdoc20::header::FMKEncryptionMethod::XOR) + RecipientInfo_i;
             LOG_DBG("Info: {}", info_str);
             std::vector<uint8_t> kek = libcdoc::Crypto::expand(kek_pm, std::vector<uint8_t>(info_str.cbegin(), info_str.cend()));
+            LOG_TRACE_KEY("kek: {}", kek);
+            if (kek.empty()) return libcdoc::CRYPTO_ERROR;
+			if (libcdoc::Crypto::xor_data(xor_key, fmk, kek) != libcdoc::OK) {
+				setLastError("Internal error");
+                LOG_ERROR("{}", last_error);
+				return libcdoc::CRYPTO_ERROR;
+			}
 
             // # Splitting KEK_i into shares
             // for j in (2, 3, ..., n):
@@ -483,7 +490,7 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
             //   # gets corresponding Capsule_i_Share_j_ID for each KEK_i_share_j
             //   RecipientInfo_i = "etsi/PNOEE-48010010101"
             //   DistributedKEKInfo_i = {CSS_ID, Capsule_i_Share_j_ID}
-            std::vector<std::string> transaction_ids(N_SHARES);
+            std::vector<std::vector<uint8_t>> transaction_ids(N_SHARES);
             for (int i = 0; i < N_SHARES; i++) {
                 std::string send_url = urls[i];// + "key-shares";
                 LOG_DBG("Sending share: {} {} {}", i, send_url, libcdoc::toHex(kek_shares[i]));
@@ -495,11 +502,11 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
                     return libcdoc::IO_ERROR;
                 }
 #endif
-                LOG_DBG("Share {} Transaction Id: {}", i, transaction_ids[i]);
+                LOG_DBG("Share {} Transaction Id: {}", i, std::string((const char *) transaction_ids[i].data(), transaction_ids[i].size()));
             }
             std::vector<flatbuffers::Offset<cdoc20::recipients::KeyShare>> shares;
             for (int i = 0; i < N_SHARES; i++) {
-                auto share = cdoc20::recipients::CreateKeyShare(builder, builder.CreateString(urls[i]), builder.CreateString(transaction_ids[i]));
+                auto share = cdoc20::recipients::CreateKeyShare(builder, builder.CreateString(urls[i]), builder.CreateString(std::string((const char *)transaction_ids[i].data(), transaction_ids[i].size())));
                 shares.push_back(share);
             }
             auto fb_shares = builder.CreateVector(shares);

cdoc/CDocCipher.cpp

@@ -219,6 +219,7 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
                     LOG_ERROR("Certificate reading from SC card failed. Key label: {}", rcpt.key_label);
                     return 1;
                 }
+                LOG_DBG("Got certificate from P11 module");
                 label = Recipient::BuildLabelEID(cert_bytes);
                 break;
             }
@@ -394,11 +395,30 @@ int CDocCipher::Decrypt(ToolConf& conf, const std::string& label, const RcptInfo
     // Acquire the locks and get the labels according to the index
     int lock_idx = -1;
     const vector<Lock> locks(rdr->getLocks());
-    for (unsigned int i = 0; i < locks.size(); i++) {
-        if (locks[i].label == label) {
-            lock_idx = i;
-            break;
+    if (!label.empty()) {
+        LOG_DBG("Looking for lock by label");
+        for (unsigned int i = 0; i < locks.size(); i++) {
+            if (locks[i].label == label) {
+                lock_idx = i;
+                break;
+            }
+        }
+    } else if (crypto.p11) {
+        bool isRsa;
+        vector<uint8_t> cert_bytes;
+        ToolPKCS11* p11 = dynamic_cast<ToolPKCS11*>(crypto.p11.get());
+        int64_t result = p11->getCertificate(cert_bytes, isRsa, (int) recipient.slot, recipient.secret, recipient.key_id, recipient.key_label);
+        if (result != libcdoc::OK) {
+            LOG_ERROR("Certificate reading from SC card failed. Key label: {}", recipient.key_label);
+            return 1;
+        }
+        LOG_DBG("Got certificate from P11 module");
+        result = rdr->getLockForCert(cert_bytes);
+        if (result < 0) {
+            LOG_ERROR("No lock for certificate {}", recipient.key_label);
+            return 1;
         }
+        lock_idx = (int) result;
     }
     if (lock_idx < 0) {
         LOG_ERROR("Lock not found: {}", label);

cdoc/CMakeLists.txt

@@ -34,6 +34,7 @@ add_library(cdoc
     Io.cpp
     Recipient.cpp
     Lock.cpp
+    Configuration.cpp
     CryptoBackend.cpp
     NetworkBackend.cpp
     PKCS11Backend.cpp
@@ -51,6 +52,7 @@ add_library(cdoc
     CDoc2Writer.cpp CDoc2Writer.h
     DDocReader.cpp DDocReader.h
     DDocWriter.cpp DDocWriter.h
+    KeyShares.cpp KeyShares.h
     XmlReader.cpp XmlReader.h
     XmlWriter.cpp XmlWriter.h
     RcptInfo.h