package/inc/ZipPackageEntry.hxx | 1 +
package/inc/ZipPackageFolder.hxx | 2 ++
package/inc/ZipPackageStream.hxx | 1 +
package/source/zipapi/ZipFile.cxx | 9 ++++++++-
package/source/zippackage/ZipPackage.cxx | 7 +++++--
package/source/zippackage/ZipPackageFolder.cxx | 10 ++++++----
package/source/zippackage/ZipPackageStream.cxx | 3 +--
7 files changed, 24 insertions(+), 9 deletions(-)
New commits:
commit 39805f65189cd0085fe8f1071ae75cdec450c65e
Author: Thorsten Behrens <thorsten.behr...@cib.de>
Date: Thu Jan 11 23:47:24 2018 +0100
tdf#114550 don't use PBKDF2 in package for gpg encryption
No need to derive password-based key, simply skip rtl_digest_PBKDF2
for the gpg4libre case.
Also pass down PBKDF2 iteration count from ZipPackage, which knows
about GPG encryption, instead of just always setting it in package
stream.
We otherwise needlessly iterate session key also for gpg encrypted
storages.
Change-Id: Ic96b2193f8541bbd109795fb9c0212a0a10c7344
Reviewed-on: https://gerrit.libreoffice.org/47783
Tested-by: Jenkins <c...@libreoffice.org>
Reviewed-by: Thorsten Behrens <thorsten.behr...@cib.de>
diff --git a/package/inc/ZipPackageEntry.hxx b/package/inc/ZipPackageEntry.hxx
index 300b5f25ea67..5e0064f9bf7e 100644
--- a/package/inc/ZipPackageEntry.hxx
+++ b/package/inc/ZipPackageEntry.hxx
@@ -69,6 +69,7 @@ public:
std::vector < css::uno::Sequence <
css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence < sal_Int8 >&
rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) = 0;
void clearParent()
diff --git a/package/inc/ZipPackageFolder.hxx b/package/inc/ZipPackageFolder.hxx
index 0fad51f72ba2..1f65b2ca297e 100644
--- a/package/inc/ZipPackageFolder.hxx
+++ b/package/inc/ZipPackageFolder.hxx
@@ -73,6 +73,7 @@ public:
std::vector < css::uno::Sequence <
css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence < sal_Int8 >&
rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) override;
// Recursive functions
@@ -82,6 +83,7 @@ public:
std::vector < css::uno::Sequence < css::beans::PropertyValue > >
&rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence< sal_Int8 > &rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool & rRandomPool) const;
// XNameContainer
diff --git a/package/inc/ZipPackageStream.hxx b/package/inc/ZipPackageStream.hxx
index b691370bf7e0..014898115517 100644
--- a/package/inc/ZipPackageStream.hxx
+++ b/package/inc/ZipPackageStream.hxx
@@ -133,6 +133,7 @@ public:
std::vector < css::uno::Sequence <
css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence < sal_Int8 >&
rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) override;
void setZipEntryOnLoading( const ZipEntry &rInEntry);
diff --git a/package/source/zipapi/ZipFile.cxx
b/package/source/zipapi/ZipFile.cxx
index 3d4abb65a8f9..1d10a56aaf9c 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -170,7 +170,14 @@ uno::Reference< xml::crypto::XCipherContext >
ZipFile::StaticGetCipher( const un
}
uno::Sequence< sal_Int8 > aDerivedKey(
xEncryptionData->m_nDerivedKeySize );
- if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast<
sal_uInt8* >( aDerivedKey.getArray() ),
+ if ( !xEncryptionData->m_nIterationCount &&
+ xEncryptionData->m_nDerivedKeySize ==
xEncryptionData->m_aKey.getLength() )
+ {
+ // gpg4libre: no need to derive key, m_aKey is already
+ // usable as symmetric session key
+ aDerivedKey = xEncryptionData->m_aKey;
+ }
+ else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast<
sal_uInt8* >( aDerivedKey.getArray() ),
aDerivedKey.getLength(),
reinterpret_cast< const sal_uInt8 * >
(xEncryptionData->m_aKey.getConstArray() ),
xEncryptionData->m_aKey.getLength(),
diff --git a/package/source/zippackage/ZipPackage.cxx
b/package/source/zippackage/ZipPackage.cxx
index 967e0eded056..2a918c8df630 100644
--- a/package/source/zippackage/ZipPackage.cxx
+++ b/package/source/zippackage/ZipPackage.cxx
@@ -287,6 +287,7 @@ void ZipPackage::parseManifest()
pStream->SetToBeCompressed ( true );
pStream->SetToBeEncrypted ( true );
pStream->SetIsEncrypted ( true );
+ pStream->setIterationCount(0);
// clamp to default SHA256 start key
magic value,
// c.f.
ZipPackageStream::GetEncryptionKey()
@@ -1249,10 +1250,10 @@ uno::Reference< io::XInputStream >
ZipPackage::writeTempFile()
const OUString sMediaType ("MediaType");
const OUString sVersion ("Version");
const OUString sFullPath ("FullPath");
+ const bool bIsGpgEncrypt = m_aGpgProps.hasElements();
if ( m_nFormat == embed::StorageFormats::PACKAGE )
{
- bool bIsGpgEncrypt = m_aGpgProps.hasElements();
uno::Sequence < PropertyValue > aPropSeq(
bIsGpgEncrypt ? PKG_SIZE_NOENCR_MNFST+1 :
PKG_SIZE_NOENCR_MNFST );
aPropSeq [PKG_MNFST_MEDIATYPE].Name = sMediaType;
@@ -1275,8 +1276,10 @@ uno::Reference< io::XInputStream >
ZipPackage::writeTempFile()
// for encrypted streams
RandomPool aRandomPool;
+ sal_Int32 const nPBKDF2IterationCount = 100000;
+
// call saveContents ( it will recursively save sub-directories
- m_xRootFolder->saveContents("", aManList, aZipOut,
GetEncryptionKey(), aRandomPool.get());
+ m_xRootFolder->saveContents("", aManList, aZipOut,
GetEncryptionKey(), bIsGpgEncrypt ? 0 : nPBKDF2IterationCount,
aRandomPool.get());
}
if( m_nFormat == embed::StorageFormats::PACKAGE )
diff --git a/package/source/zippackage/ZipPackageFolder.cxx
b/package/source/zippackage/ZipPackageFolder.cxx
index e76381826fe3..8d9556069d95 100644
--- a/package/source/zippackage/ZipPackageFolder.cxx
+++ b/package/source/zippackage/ZipPackageFolder.cxx
@@ -257,6 +257,7 @@ bool ZipPackageFolder::saveChild(
std::vector < uno::Sequence < PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool)
{
const OUString sMediaTypeProperty ("MediaType");
@@ -278,7 +279,7 @@ bool ZipPackageFolder::saveChild(
else
aPropSet.realloc( 0 );
- saveContents( sTempName, rManList, rZipOut, rEncryptionKey, rRandomPool);
+ saveContents( sTempName, rManList, rZipOut, rEncryptionKey,
nPBKDF2IterationCount, rRandomPool);
// folder can have a mediatype only in package format
if ( aPropSet.getLength() && ( m_nFormat == embed::StorageFormats::PACKAGE
) )
@@ -292,6 +293,7 @@ void ZipPackageFolder::saveContents(
std::vector < uno::Sequence < PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) const
{
bool bWritingFailed = false;
@@ -330,7 +332,7 @@ void ZipPackageFolder::saveContents(
{
bMimeTypeStreamStored = true;
bWritingFailed = !aIter->second->pStream->saveChild(
- rPath + aIter->first, rManList, rZipOut, rEncryptionKey,
rRandomPool );
+ rPath + aIter->first, rManList, rZipOut, rEncryptionKey,
nPBKDF2IterationCount, rRandomPool );
}
}
@@ -346,12 +348,12 @@ void ZipPackageFolder::saveContents(
if (rInfo.bFolder)
{
bWritingFailed = !rInfo.pFolder->saveChild(
- rPath + rShortName, rManList, rZipOut, rEncryptionKey,
rRandomPool );
+ rPath + rShortName, rManList, rZipOut, rEncryptionKey,
nPBKDF2IterationCount, rRandomPool );
}
else
{
bWritingFailed = !rInfo.pStream->saveChild(
- rPath + rShortName, rManList, rZipOut, rEncryptionKey,
rRandomPool );
+ rPath + rShortName, rManList, rZipOut, rEncryptionKey,
nPBKDF2IterationCount, rRandomPool );
}
}
}
diff --git a/package/source/zippackage/ZipPackageStream.cxx
b/package/source/zippackage/ZipPackageStream.cxx
index 55ebae82ee48..ec9c4e6a8c5d 100644
--- a/package/source/zippackage/ZipPackageStream.cxx
+++ b/package/source/zippackage/ZipPackageStream.cxx
@@ -507,6 +507,7 @@ bool ZipPackageStream::saveChild(
std::vector < uno::Sequence < beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool)
{
bool bSuccess = true;
@@ -652,8 +653,6 @@ bool ZipPackageStream::saveChild(
uno::Sequence < sal_Int8 > aSalt( 16 ), aVector(
GetBlockSize() );
rtl_random_getBytes ( rRandomPool, aSalt.getArray(), 16 );
rtl_random_getBytes ( rRandomPool, aVector.getArray(),
aVector.getLength() );
- sal_Int32 const nPBKDF2IterationCount = 100000;
-
if ( !m_bHaveOwnKey )
{
m_aEncryptionKey = rEncryptionKey;
_______________________________________________
Libreoffice-commits mailing list
libreoffice-comm...@lists.freedesktop.org
https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
