Michael Meeks
7183a3d3de
spdx: improve machine and human readability of headers.
...
Change-Id: Ice934380029bf27054e830fffc07a5d037d1430f
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2023-11-14 19:36:31 +00:00
Michael Meeks
47b89b32ef
spdx: improve machine and human readability of headers.
...
Change-Id: I1b6dcd2ec1fbef6556d70b8af3ccfd5d6a95c59a
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
2023-10-31 10:33:07 +00:00
Andras Timar
fc946198d3
Rewrite coolwsd-generate-proof-key in C++
...
* simplified the tooling a bit: use coolconfig for creating
RSA key pairs for WOPI Proof headers.
* got rid of a dependency: ssh-keygen, towards leaner docker images
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Iaf468b5c8585d45027f512bb0a287ab77afb1ea9
2023-07-22 00:14:48 +02:00
Ashod Nakashian
5ff5aff95f
wsd: build fix with gcc 12
...
With gcc-12.1 the following error is observed:
In file included from /usr/include/c++/12/string:50,
from wsd/ProofKey.hpp:12,
from wsd/ProofKey.cpp:10:
In static member function ‘static _OI std::__copy_move<false, false,
std::random_access_iterator_tag>::__copy_m(_II, _II, _OI) [with _II =
std::reverse_iterator<const unsigned char*>; _OI =
unsigned char*]’,
inlined from ‘_OI std::__copy_move_a2(_II, _II, _OI) [with bool
_IsMove = false; _II = reverse_iterator<const unsigned char*>; _OI =
unsigned char*]’ at /usr/include/c++/12/bits/stl_algo
base.h:495:30,
inlined from ‘_OI std::__copy_move_a1(_II, _II, _OI) [with bool
_IsMove = false; _II = reverse_iterator<const unsigned char*>; _OI =
unsigned char*]’ at /usr/include/c++/12/bits/stl_algo
base.h:522:42,
inlined from ‘_OI std::__copy_move_a(_II, _II, _OI) [with bool
_IsMove = false; _II =
reverse_iterator<__gnu_cxx::__normal_iterator<const unsigned char*,
vector<unsigned char> > >; _OI =
__gnu_cxx::__normal_iterator<unsigned char*, vector<unsigned char> >]’
at /usr/include/c++/12/bits/stl_algobase.h:529:31,
inlined from ‘_OI std::copy(_II, _II, _OI) [with _II =
reverse_iterator<__gnu_cxx::__normal_iterator<const unsigned char*,
vector<unsigned char> > >; _OI = __gnu_cxx::__normal_iterator<u
nsigned char*, vector<unsigned char> >]’ at
/usr/include/c++/12/bits/stl_algobase.h:620:7,
inlined from ‘static std::vector<unsigned char>
Proof::RSA2CapiBlob(const std::vector<unsigned char>&, const
std::vector<unsigned char>&)’ at wsd/ProofKey.cpp:188:14:
/usr/include/c++/12/bits/stl_algobase.h:385:25: error: writing 16 bytes
into a region of size 4 [-Werror=stringop-overflow=]
385 | *__result = *__first;
| ~~~~~~~~~~^~~~~~~~~~
In file included from
/usr/include/c++/12/x86_64-generic-linux/bits/c++allocator.h:33,
from /usr/include/c++/12/bits/allocator.h:46,
from /usr/include/c++/12/string:41:
In member function ‘_Tp* std::__new_allocator<_Tp>::allocate(size_type,
const void*) [with _Tp = unsigned char]’,
inlined from ‘static _Tp*
std::allocator_traits<std::allocator<_CharT>
>::allocate(allocator_type&, size_type) [with _Tp = unsigned char]’ at
/usr/include/c++/12/bits/alloc_traits.h:464:
28,
inlined from ‘std::_Vector_base<_Tp, _Alloc>::pointer
std::_Vector_base<_Tp, _Alloc>::_M_allocate(std::size_t) [with _Tp =
unsigned char; _Alloc = std::allocator<unsigned char>]’ at /usr
/include/c++/12/bits/stl_vector.h:378:33,
inlined from ‘void std::_Vector_base<_Tp,
_Alloc>::_M_create_storage(std::size_t) [with _Tp = unsigned char;
_Alloc = std::allocator<unsigned char>]’ at
/usr/include/c++/12/bits/stl_vect
or.h:395:44,
inlined from ‘std::_Vector_base<_Tp,
_Alloc>::_Vector_base(std::size_t, const allocator_type&) [with _Tp =
unsigned char; _Alloc = std::allocator<unsigned char>]’ at
/usr/include/c++/12/
bits/stl_vector.h:332:26,
inlined from ‘std::vector<_Tp, _Alloc>::vector(size_type, const
allocator_type&) [with _Tp = unsigned char; _Alloc =
std::allocator<unsigned char>]’ at /usr/include/c++/12/bits/stl_vecto
r.h:552:47,
inlined from ‘static std::vector<unsigned char>
Proof::RSA2CapiBlob(const std::vector<unsigned char>&, const
std::vector<unsigned char>&)’ at wsd/ProofKey.cpp:187:46:
/usr/include/c++/12/bits/new_allocator.h:137:55: note: destination
object of size 4 allocated by ‘operator new’
137 | return static_cast<_Tp*>(_GLIBCXX_OPERATOR_NEW(__n *
sizeof(_Tp)));
| ^
cc1plus: all warnings being treated as errors
make[2]: *** [Makefile:2394: wsd/ProofKey.o] Error 1
Change-Id: I6e5c6ea8187a5a60b177f6642b8b728e60b04688
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2022-07-09 21:10:03 -04:00
Andras Timar
f07ff8c7e0
rename: remaining lool->cool changes
...
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: Ib7d4e804bebe52dead8d53b0e0bbaed0f08bf3d0
2021-11-18 14:14:11 +01:00
Andras Timar
bf5bce7669
rename: loolwsd-generate-proof-key -> coolwsd-generate-proof-key
...
Signed-off-by: Andras Timar <andras.timar@collabora.com>
Change-Id: I3aa30ce4e5f6df2068fa2e0788034e83cb0ae26b
2021-11-17 22:06:34 +01:00
Henry Castro
8d694bdf97
wsd: log warn if proof keys not found
...
"default installs currently don't use proof keys"
Change-Id: I43b6c5ed6633b35e58ec3e1b1cc222756a9a47d8
Signed-off-by: Henry Castro <hcastro@collabora.com>
2021-08-27 15:01:58 -04:00
Ashod Nakashian
1f978d9b50
wsd: cleanup Poco headers
...
Change-Id: I1eec2301576fc2f1cde40389b1f858f80b1204c0
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
2021-03-22 10:09:22 -04:00
Henry Castro
851c532508
wsd: revisit log messages misc files
...
LOG_FTL = abnormal, crash, denied service
LOG_ERR = load, save, session, connection, wrong parameters
other cases LOG_WRN, LOG_INF
Change-Id: Iaddfcf7f0853abfa96948fff28acda606cf88b55
Signed-off-by: Henry Castro <hcastro@collabora.com>
2021-02-23 23:48:19 -05:00
Andras Timar
0002fdfd6c
fix license headers
...
Change-Id: I8623770b32d278a45357dc7f757fabfadd2b4af7
2020-10-01 11:56:43 +02:00
Michael Meeks
cd98388653
Avoid contention on RSA Digest engine.
...
Change-Id: If9068371c7ab18083d432f8bc582d85c2f85e80e
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/101081
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-08-20 18:11:12 +02:00
Mike Kaganski
571ef16df8
Implement fake oldvalue/modulus/exponent and X-WOPI-ProofOld
...
... since these are required in proof-key element as per [MS-WOPI].
Change-Id: Ie770271ee911e3f7822375c00a83c6a32cd5f2fc
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88743
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Tested-by: Jenkins
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-07-28 14:46:02 +02:00
Damian
f160ccf80d
tdf#134041: reset engine before next digest computation
...
Change-Id: I68ef078f6f885bebaf29b37d5fd704a9c70c826a
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96899
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2020-06-23 12:32:19 +02:00
Michael Meeks
82fec145eb
RequestDetails - move into a single class & simplify flow.
...
Change-Id: Ic9148350e04fca7876ec1b5985b467524c6894e1
2020-05-12 15:29:07 +01:00
Andras Timar
25bc0a1088
Proof: add loolwsd-generate-proof-key helper script
...
Change-Id: Ibbd99b6431b1a2992c520d3fad5f52d0770905f6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92788
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-04-23 19:36:06 +02:00
Andras Timar
b0645a647c
Proof: SSH private key format matters
...
On openSUSE Leap 15.1 the ssh-keygen binary produced a private key
that caused Poco to throw an exception. Apparently Poco expects
the private key in PEM format. Apparently on most distros this is
the default format, but not on openSUSE Leap 15.1 where we need
to specify it explicitely.
Change-Id: Id142735b13887a1347895f121400ed6d5aecc1f4
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92736
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
2020-04-22 23:52:21 +02:00
Miklos Vajna
4992de990d
Proof: improve logging
...
Tell if the key loading happened due to a Poco vs std exception.
If we show the response headers, show the request headers as well.
Change-Id: Idb32e8c4d9cc5565647b99d6ddae27cd2faba46f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92518
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Miklos Vajna <vmiklos@collabora.com>
2020-04-20 09:22:59 +02:00
Michael Meeks
668007544b
Proof: generate our own key, and verify our own signatures.
...
Change-Id: If805c89a3b6618d6e34e7421b20077c4f0a48cb3
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91940
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-04-08 23:20:55 +02:00
Michael Meeks
f4f7b08d44
Proof: implement CAPI blob test.
...
Change-Id: Ifa4ddc3c5fa375606eedd932af029e4b30a740de
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91936
Tested-by: Michael Meeks <michael.meeks@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-04-08 22:19:51 +02:00
Michael Meeks
a2b9fc474a
Proof: re-factor - publicise some internals to make testing easier.
...
Also add dummy, run-every-build test to validate wopi like proofs.
Change-Id: Ic2dc647a8d61693ae87b6523aaa30632979fd5d6
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/91854
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-04-08 10:58:49 +02:00
Mike Kaganski
6eda59123a
Proof key: make sure public exponent is exactly 4 bytes
...
It seems that Poco returns 3-byte public exponent (0x010001) as
3-element vector, and MS CAPI blob must include 4-byte exponent
In Poco code (Crypto/src/RSAKeyImpl.cpp), its convertToByteVec
uses OpenSSL's BN_bn2bin, which returns big-endian byte order
(see OpenSSL's crypto/bn/bn_lib.c). That is returned from Poco's
RSAKey::modulus() and RSAKey::*Exponent() unchanged, so treat
them accordingly.
Change-Id: I37f5fb9a310d42c7f346429c39611b25dd5bba2f
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88989
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2020-02-19 10:19:55 +01:00
Mike Kaganski
99f0480460
Proof: URI must be absolute and converted to uppercase
...
Also access token is already passes decoded to GetProofHeaders,
so don't decode it second time.
Change-Id: I7c4404462a9dd9f53e4e82684b1fcae1aeecee73
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88736
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2020-02-18 17:30:19 +01:00
Mike Kaganski
25a1d35467
Read proof key from source directory in debug builds
...
Change-Id: I3de5ec1d6993fdba8430f40c6c93327e90a151c2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88672
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
2020-02-18 16:29:54 +01:00
Mike Kaganski
2504c88c43
Don't use Poco buffer when creating a proof
...
I need this to better control the byte order of values in the proof
Change-Id: I8a21c20af4cc3157c893d870f73cc2afa7910ff4
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88076
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
2020-02-06 20:21:31 +01:00
Mike Kaganski
aaa9443eae
Only warn on absent proof RSA key, don't log error
...
This reimplements commit bfb16d8831
Change-Id: I834a45ba4fcb939093b179f316176df790926c4e
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88096
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2020-02-06 16:05:40 +01:00
Mike Kaganski
bfb16d8831
Turn some errors to warnings, and drop unneeded stderr output
...
Change-Id: I63de580480f983e8179546fae6217641fa370135
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/88088
Reviewed-by: Andras Timar <andras.timar@collabora.com>
Tested-by: Andras Timar <andras.timar@collabora.com>
2020-02-06 12:36:55 +01:00
Mike Kaganski
0c0510cccf
Implement proper proof-key value attribute
...
Change-Id: I3f2ad960ce6d3dad4d0b064492355b5643f345c8
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/87148
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Reviewed-by: Michael Meeks <michael.meeks@collabora.com>
2020-01-21 19:28:32 +01:00
Michael Meeks
5d5fb42715
Typo fix.
...
Change-Id: I4698a00a8646366bcf30aabd997c31996a58d0e0
2019-12-14 16:19:48 +00:00
Mike Kaganski
c39645bed5
Fix comparison of integer expressions of different signedness
...
Change-Id: Idcbaf83cb5f953cb725e5b84c27bc00b2fc267d6
Reviewed-on: https://gerrit.libreoffice.org/83475
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
2019-11-22 13:03:38 +01:00
Mike Kaganski
a986aabeb1
Initial implementation of proof-key
...
Change-Id: I7ab79218ca2af268dd4573cb64c6353dc71b5f03
Reviewed-on: https://gerrit.libreoffice.org/82232
Reviewed-by: Mike Kaganski <mike.kaganski@collabora.com>
Tested-by: Mike Kaganski <mike.kaganski@collabora.com>
2019-11-21 12:56:53 +01:00