Add always required keys and parse empty field

Signed-off-by: Raul Metsma <raul@metsma.ee>

Author: metsma

cdoc/CDoc.h

@@ -31,6 +31,21 @@ namespace libcdoc {
  */
 using result_t = int64_t;
 
+
+/**
+ * @brief The public key type
+ */
+enum class PKType : uint8_t {
+    /**
+     * Elliptic curve
+     */
+    ECC,
+    /**
+     * RSA
+     */
+    RSA
+};
+
 enum {
     /**
      * @brief Operation completed successfully

cdoc/CDoc1Reader.cpp

@@ -83,12 +83,12 @@ CDoc1Reader::getLockForCert(const std::vector<uint8_t>& cert)
             ll.encrypted_fmk.empty())
             continue;
         switch(cc.getAlgorithm()) {
-        case libcdoc::Certificate::RSA:
+        case libcdoc::PKType::RSA:
             if (ll.getString(Lock::Params::METHOD) == libcdoc::Crypto::RSA_MTH) {
                 return i;
             }
             break;
-        case libcdoc::Certificate::ECC:
+        case libcdoc::PKType::ECC:
             if(!ll.getBytes(Lock::Params::KEY_MATERIAL).empty() &&
                 std::find(SUPPORTED_KWAES.cbegin(), SUPPORTED_KWAES.cend(), ll.getString(Lock::Params::METHOD)) != SUPPORTED_KWAES.cend()) {
                 return i;
@@ -310,7 +310,7 @@ CDoc1Reader::CDoc1Reader(libcdoc::DataSource *src, bool delete_on_close)
                     Certificate ssl(cert);
                     key.setBytes(Lock::CERT, std::move(cert));
                     key.setBytes(Lock::RCPT_KEY, ssl.getPublicKey());
-                    key.pk_type = (ssl.getAlgorithm() == libcdoc::Certificate::RSA) ? Lock::RSA : Lock::ECC;
+                    key.pk_type = ssl.getAlgorithm();
                 }
 				// EncryptedData/KeyInfo/EncryptedKey/KeyInfo/CipherData/CipherValue
                 else if(reader.isElement("CipherValue"))

cdoc/CDoc2Reader.cpp

@@ -511,7 +511,7 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
         if(const auto *key = recipient.capsule_as_recipients_ECCPublicKeyCapsule()) {
             if(key->curve() == EllipticCurve::secp384r1) {
                 lock.type = Lock::Type::PUBLIC_KEY;
-                lock.pk_type = Lock::PKType::ECC;
+                lock.pk_type = PKType::ECC;
                 lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(key->recipient_public_key()));
                 lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(key->sender_public_key()));
                 LOG_DBG("Load PK: {}", toHex(lock.getBytes(Lock::Params::RCPT_KEY)));
@@ -524,7 +524,7 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
         if(const auto *key = recipient.capsule_as_recipients_RSAPublicKeyCapsule())
         {
             lock.type = Lock::Type::PUBLIC_KEY;
-            lock.pk_type = Lock::PKType::RSA;
+            lock.pk_type = PKType::RSA;
             lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(key->recipient_public_key()));
             lock.setBytes(Lock::Params::KEY_MATERIAL, toUint8Vector(key->encrypted_kek()));
         }
@@ -539,13 +539,13 @@ CDoc2Reader::Private::buildLock(Lock& lock, const cdoc20::header::RecipientRecor
                         LOG_ERROR("Unsupported elliptic curve key type");
                         return;
                     }
-                    lock.pk_type = Lock::PKType::ECC;
+                    lock.pk_type = PKType::ECC;
                     lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(eccDetails->recipient_public_key()));
                 }
                 break;
             case KeyDetailsUnion::RsaKeyDetails:
                 if(const RsaKeyDetails *rsaDetails = server->recipient_key_details_as_RsaKeyDetails()) {
-                    lock.pk_type = Lock::PKType::RSA;
+                    lock.pk_type = PKType::RSA;
                     lock.setBytes(Lock::Params::RCPT_KEY, toUint8Vector(rsaDetails->recipient_public_key()));
                 }
                 break;

cdoc/CDoc2Writer.cpp

@@ -222,7 +222,7 @@ CDoc2Writer::buildHeader(std::vector<uint8_t>& header, const std::vector<libcdoc
                     return libcdoc::CONFIGURATION_ERROR;
                 }
             }
-            if(rcpt.pk_type == libcdoc::Recipient::PKType::RSA) {
+            if(rcpt.pk_type == libcdoc::PKType::RSA) {
                 crypto->random(kek, libcdoc::CDoc2::KEY_LEN);
                 if (libcdoc::Crypto::xor_data(xor_key, fmk, kek) != libcdoc::OK) {
                     setLastError("Internal error");

cdoc/CDocCipher.cpp

@@ -280,7 +280,7 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
             LOG_DBG("Creating symmetric key:");
         } else if (rcpt.type == RcptInfo::Type::PKEY) {
             if (!conf.servers.empty()) {
-                key = libcdoc::Recipient::makeServer(label, rcpt.secret, libcdoc::Recipient::PKType::ECC, conf.servers[0].ID);
+                key = libcdoc::Recipient::makeServer(label, rcpt.secret, libcdoc::PKType::ECC, conf.servers[0].ID);
             } else {
                 const uint8_t *der = rcpt.secret.data();
                 EVP_PKEY *pkey = d2i_PUBKEY(nullptr, &der, rcpt.secret.size());
@@ -289,9 +289,9 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
                 uint8_t *p = d.data();
                 i2d_PublicKey(pkey, &p);
                 if (id == EVP_PKEY_EC) {
-                    key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::Recipient::PKType::ECC);
+                    key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::PKType::ECC);
                 } else if (id == EVP_PKEY_RSA) {
-                    key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::Recipient::PKType::RSA);
+                    key = libcdoc::Recipient::makePublicKey(label, rcpt.secret, libcdoc::PKType::RSA);
                 }
             }
             LOG_DBG("Creating public key:");
@@ -308,9 +308,9 @@ fill_recipients_from_rcpt_info(ToolConf& conf, ToolCrypto& crypto, std::vector<l
             }
             LOG_DBG("Public key ({}): {}", rsa ? "rsa" : "ecc", toHex(val));
             if (!conf.servers.empty()) {
-                key = libcdoc::Recipient::makeServer(label, val, rsa ? libcdoc::Recipient::PKType::RSA : libcdoc::Recipient::PKType::ECC, conf.servers[0].ID);
+                key = libcdoc::Recipient::makeServer(label, val, rsa ? libcdoc::PKType::RSA : libcdoc::PKType::ECC, conf.servers[0].ID);
             } else {
-                key = libcdoc::Recipient::makePublicKey(label, val, rsa ? libcdoc::Recipient::PKType::RSA : libcdoc::Recipient::PKType::ECC);
+                key = libcdoc::Recipient::makePublicKey(label, val, rsa ? libcdoc::PKType::RSA : libcdoc::PKType::ECC);
             }
         } else if (rcpt.type == RcptInfo::Type::PASSWORD) {
             LOG_DBG("Creating password key:");

cdoc/Certificate.cpp

@@ -148,7 +148,7 @@ Certificate::getPublicKey() const
     return {};
 }
 
-Certificate::Algorithm
+PKType
 Certificate::getAlgorithm() const
 {
     if(!cert)
@@ -157,7 +157,7 @@ Certificate::getAlgorithm() const
     EVP_PKEY *pkey = X509_get0_pubkey(cert.get());
 	int alg = EVP_PKEY_get_base_id(pkey);
 
-	return (alg == EVP_PKEY_RSA) ? Algorithm::RSA : Algorithm::ECC;
+    return (alg == EVP_PKEY_RSA) ? PKType::RSA : PKType::ECC;
 }
 
 std::vector<uint8_t> Certificate::getDigest() const

cdoc/Certificate.h

@@ -19,6 +19,7 @@
 #ifndef SSLCERTIFICATE_H
 #define SSLCERTIFICATE_H
 
+#include "CDoc.h"
 #include "utils/memory.h"
 
 #include <string>
@@ -30,11 +31,6 @@ namespace libcdoc {
 
 class Certificate {
 public:
-	enum Algorithm : unsigned char {
-		RSA,
-		ECC
-	};
-
     enum EIDType : unsigned char {
         Unknown,
         IDCard,
@@ -53,7 +49,7 @@ class Certificate {
     EIDType getEIDType() const;
 
 	std::vector<uint8_t> getPublicKey() const;
-    Algorithm getAlgorithm() const;
+    PKType getAlgorithm() const;
     time_t getNotAfter() const;
 
     std::vector<uint8_t> getDigest() const;

cdoc/Lock.cpp

@@ -23,6 +23,8 @@
 
 #include "json/base.h"
 
+#include <ranges>
+
 namespace libcdoc {
 
 std::string
@@ -59,50 +61,46 @@ Lock::parseLabel(const std::string& label)
 {
     std::map<std::string, std::string> parsed_label;
     // Check if provided label starts with the machine generated label prefix.
-    if (!label.starts_with(CDoc2::LABELPREFIX))
-    {
+    if (!label.starts_with(CDoc2::LABELPREFIX)) {
         return parsed_label;
     }
 
-    std::string label_wo_prefix(label.substr(CDoc2::LABELPREFIX.size()));
+    auto label_wo_prefix = std::string_view(label).substr(CDoc2::LABELPREFIX.size());
 
     // Label to be processed
-    std::string label_to_prcss;
+    std::string decodedBase64; // Strong ref
+    std::string_view label_to_prcss;
 
     // We ignore mediatype part
 
     // Check, if the label is Base64 encoded
-    auto base64IndPos = label_wo_prefix.find(CDoc2::LABELBASE64IND);
-    if (base64IndPos == std::string::npos)
-    {
-        if (label_wo_prefix.starts_with(",")) {
-            label_to_prcss = label_wo_prefix.substr(1);
-        } else {
-            label_to_prcss = std::move(label_wo_prefix);
-        }
-    }
-    else
+    if (auto base64IndPos = label_wo_prefix.find(CDoc2::LABELBASE64IND);
+        base64IndPos != std::string::npos)
     {
         std::string base64_label(label_wo_prefix.substr(base64IndPos + CDoc2::LABELBASE64IND.size()));
-        label_to_prcss = jwt::base::decode<jwt::alphabet::base64>(base64_label);
+        decodedBase64 = jwt::base::decode<jwt::alphabet::base64>(base64_label);
+        label_to_prcss = decodedBase64;
+    } else if (label_wo_prefix.starts_with(",")) {
+        label_to_prcss = label_wo_prefix.substr(1);
+    } else {
+        label_to_prcss = label_wo_prefix;
     }
 
-    auto label_parts(split(label_to_prcss, '&'));
-    for (auto& part : label_parts)
+    auto range_to_sv = [](auto range) constexpr {
+        return std::string_view(&*range.begin(), std::ranges::distance(range));
+    };
+    for (const auto &part : std::ranges::split_view(label_to_prcss, '&'))
     {
-        auto label_data_parts(split(part, '='));
-        if (label_data_parts.size() != 2)
-        {
-            // Invalid label data. We just ignore them.
+        auto label_data_parts = std::ranges::split_view(part, '=');
+        if (label_data_parts.empty()) {
             LOG_ERROR("The label '{}' is invalid", label);
+            continue;
         }
-        else
-        {
-            std::string key = urlDecode(label_data_parts[0]);
-            std::string value = urlDecode(label_data_parts[1]);
-            std::transform(key.begin(), key.end(), key.begin(), [](unsigned char c){ return std::tolower(c); });
-            parsed_label[key] = value;
-        }
+        auto it = label_data_parts.begin();
+        std::string key = urlDecode(range_to_sv(*it));
+        ++it;
+        std::string value = urlDecode(range_to_sv(*it));
+        parsed_label[std::move(key)] = std::move(value);
     }
 
     return parsed_label;

cdoc/Lock.h

@@ -19,7 +19,7 @@
 #ifndef __LOCK_H__
 #define __LOCK_H__
 
-#include <cdoc/Exports.h>
+#include "CDoc.h"
 
 #include <cstdint>
 #include <string>
@@ -74,20 +74,6 @@ struct CDOC_EXPORT Lock
         SHARE_SERVER
     };
 
-    /**
-     * @brief The public key type
-     */
-    enum PKType : unsigned char {
-        /**
-         * Elliptic curve
-         */
-        ECC,
-        /**
-         * RSA
-         */
-        RSA
-    };
-
     /**
      * @brief Extra parameters depending on key type
      */