include/filter/msfilter/mscodec.hxx | 2 + include/oox/crypto/DocumentEncryption.hxx | 1 oox/qa/unit/CryptoTest.cxx | 4 -- oox/source/crypto/AgileEngine.cxx | 12 +++++++- oox/source/crypto/DocumentDecryption.cxx | 1 sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx |binary sw/qa/extras/ooxmlexport/ooxmlencryption.cxx | 16 ++++++++--- 7 files changed, 26 insertions(+), 10 deletions(-)
New commits: commit 526a6baff85ae1f891c5d9af4e2e20b5b0e547d1 Author: Tomaž Vajngerl <[email protected]> Date: Sat Jul 7 15:30:25 2018 +0200 Use agile encryption with AES256 and SHA512 by default Change-Id: I4dcf05a7018f8e15063a20512f4c0b673a62f1de Reviewed-on: https://gerrit.libreoffice.org/57141 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <[email protected]> diff --git a/include/oox/crypto/DocumentEncryption.hxx b/include/oox/crypto/DocumentEncryption.hxx index 287e7db9e434..f3ae37ea099b 100644 --- a/include/oox/crypto/DocumentEncryption.hxx +++ b/include/oox/crypto/DocumentEncryption.hxx @@ -15,6 +15,7 @@ #include <com/sun/star/uno/Reference.hxx> #include <oox/crypto/Standard2007Engine.hxx> +#include <oox/crypto/AgileEngine.hxx> #include <rtl/ustring.hxx> namespace com { namespace sun { namespace star { commit 7ba835ff5837290598d0b27c90a8abcfedf5b210 Author: Tomaž Vajngerl <[email protected]> Date: Sat Jul 7 15:22:36 2018 +0200 oox: Handle agile encryption info "reserved" field correctly The "reserved" filed is written fter the version number major, minor which is used to identify the encryption as agile. The "reserved" field must always have the value 0x00000040. This change writes the reserved filed correctly and when encryption and when decrypting it checks the value an potentially bails out if it desn't contain the expected value. Change-Id: I2045dc64e0c6bbb3318384e25deef2ba8f41b94c Reviewed-on: https://gerrit.libreoffice.org/57140 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <[email protected]> diff --git a/include/filter/msfilter/mscodec.hxx b/include/filter/msfilter/mscodec.hxx index aa38f6e9fc00..bc0240ae20eb 100644 --- a/include/filter/msfilter/mscodec.hxx +++ b/include/filter/msfilter/mscodec.hxx @@ -438,6 +438,8 @@ const sal_uInt32 VERSION_INFO_2007_FORMAT_SP2 = 0x00020004; // version of encryption info - agile (major = 4, minor = 4) const sal_uInt32 VERSION_INFO_AGILE = 0x00040004; +const sal_uInt32 AGILE_ENCRYPTION_RESERVED = 0x00000040; + const sal_uInt32 SALT_LENGTH = 16; const sal_uInt32 ENCRYPTED_VERIFIER_LENGTH = 16; const sal_uInt32 SHA1_HASH_LENGTH = RTL_DIGEST_LENGTH_SHA1; // 20 diff --git a/oox/qa/unit/CryptoTest.cxx b/oox/qa/unit/CryptoTest.cxx index e17f3cc91e9a..47d567fab34b 100644 --- a/oox/qa/unit/CryptoTest.cxx +++ b/oox/qa/unit/CryptoTest.cxx @@ -224,7 +224,6 @@ void CryptoTest::testAgileEncrpytionInfoWritingAndParsing() new utl::OSeekableInputStreamWrapper(aEncryptionInfo)); xInputStream->skipBytes(4); // Encryption type -> Agile - xInputStream->skipBytes(4); // Reserved CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream)); @@ -271,7 +270,6 @@ void CryptoTest::testAgileEncrpytionInfoWritingAndParsing() new utl::OSeekableInputStreamWrapper(aEncryptionInfo)); xInputStream->skipBytes(4); // Encryption type -> Agile - xInputStream->skipBytes(4); // Reserved CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream)); @@ -324,7 +322,6 @@ void CryptoTest::testAgileDataIntegrityHmacKey() new utl::OSeekableInputStreamWrapper(aEncryptionInfo)); xInputStream->skipBytes(4); // Encryption type -> Agile - xInputStream->skipBytes(4); // Reserved CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream)); CPPUNIT_ASSERT(aEngine.generateEncryptionKey(aPassword)); @@ -391,7 +388,6 @@ void CryptoTest::testAgileEncryptingAndDecrypting() new utl::OSeekableInputStreamWrapper(aEncryptionInfo)); xEncryptionInfo->skipBytes(4); // Encryption type -> Agile - xEncryptionInfo->skipBytes(4); // Reserved CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xEncryptionInfo)); diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx index a4fa8c476c74..299ba2802bfe 100644 --- a/oox/source/crypto/AgileEngine.cxx +++ b/oox/source/crypto/AgileEngine.cxx @@ -486,6 +486,16 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream, bool AgileEngine::readEncryptionInfo(uno::Reference<io::XInputStream> & rxInputStream) { + // Check reserved value + std::vector<sal_uInt8> aExpectedReservedBytes(sizeof(sal_uInt32)); + ByteOrderConverter::writeLittleEndian(aExpectedReservedBytes.data(), msfilter::AGILE_ENCRYPTION_RESERVED); + + uno::Sequence<sal_Int8> aReadReservedBytes(sizeof(sal_uInt32)); + rxInputStream->readBytes(aReadReservedBytes, aReadReservedBytes.getLength()); + + if (!std::equal(aReadReservedBytes.begin(), aReadReservedBytes.end(), aExpectedReservedBytes.begin())) + return false; + mInfo.spinCount = 0; mInfo.saltSize = 0; mInfo.keyBits = 0; @@ -695,7 +705,7 @@ bool AgileEngine::setupEncryptionKey(OUString const & rPassword) void AgileEngine::writeEncryptionInfo(BinaryXOutputStream & rStream) { rStream.WriteUInt32(msfilter::VERSION_INFO_AGILE); - rStream.WriteUInt32(0); // reserved + rStream.WriteUInt32(msfilter::AGILE_ENCRYPTION_RESERVED); SvMemoryStream aMemStream; tools::XmlWriter aXmlWriter(&aMemStream); diff --git a/oox/source/crypto/DocumentDecryption.cxx b/oox/source/crypto/DocumentDecryption.cxx index b68882ad6b03..16cc29551b21 100644 --- a/oox/source/crypto/DocumentDecryption.cxx +++ b/oox/source/crypto/DocumentDecryption.cxx @@ -58,7 +58,6 @@ bool DocumentDecryption::readEncryptionInfo() break; case msfilter::VERSION_INFO_AGILE: mCryptoType = AGILE; // Set encryption info format - xEncryptionInfo->skipBytes(4); mEngine.reset(new AgileEngine); break; default: commit 8efeb81537726445954b10314ebbd770d266ac20 Author: Tomaž Vajngerl <[email protected]> Date: Sat Jul 7 15:21:12 2018 +0200 Add LO standard encryption to the ooxml encryption tests Change-Id: I199ed40d409dc4baf9102480eadffde9a7c26a78 Reviewed-on: https://gerrit.libreoffice.org/57139 Tested-by: Jenkins Reviewed-by: Tomaž Vajngerl <[email protected]> diff --git a/sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx b/sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx new file mode 100644 index 000000000000..c35aaf12ad2c Binary files /dev/null and b/sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx differ diff --git a/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx b/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx index 66ae8f1754ac..7ec52f34d0e9 100644 --- a/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx +++ b/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx @@ -16,32 +16,40 @@ public: Test() : SwModelTestBase("/sw/qa/extras/ooxmlexport/data/", "Office Open XML Text") {} protected: - bool mustTestImportOf(const char* filename) const override { + bool mustTestImportOf(const char* filename) const override + { return OString(filename).endsWith(".docx"); } }; -DECLARE_SW_ROUNDTRIP_TEST(testPassword2007, "Encrypted_MSO2007_abc.docx", "abc", Test) +DECLARE_SW_ROUNDTRIP_TEST(testPasswordMSO2007, "Encrypted_MSO2007_abc.docx", "abc", Test) { // Standard encryption format, AES 128, SHA1 uno::Reference<text::XTextRange> xParagraph(getParagraph(1)); CPPUNIT_ASSERT_EQUAL(OUString("abc"), xParagraph->getString()); } -DECLARE_SW_ROUNDTRIP_TEST(testPassword2010, "Encrypted_MSO2010_abc.docx", "abc", Test) +DECLARE_SW_ROUNDTRIP_TEST(testPasswordMSO2010, "Encrypted_MSO2010_abc.docx", "abc", Test) { // Agile encryption format, AES 128, CBC, SHA1 uno::Reference<text::XTextRange> xParagraph(getParagraph(1)); CPPUNIT_ASSERT_EQUAL(OUString("abc"), xParagraph->getString()); } -DECLARE_SW_ROUNDTRIP_TEST(testPassword2013, "Encrypted_MSO2013_abc.docx", "abc", Test) +DECLARE_SW_ROUNDTRIP_TEST(testPasswordMSO2013, "Encrypted_MSO2013_abc.docx", "abc", Test) { // Agile encryption format, AES 256, CBC, SHA512 uno::Reference<text::XTextRange> xParagraph(getParagraph(1)); CPPUNIT_ASSERT_EQUAL(OUString("ABC"), xParagraph->getString()); } +DECLARE_SW_ROUNDTRIP_TEST(testPasswordLOStandard, "Encrypted_LO_Standard_abc.docx", "abc", Test) +{ + // Standard encryption format, AES 128, SHA1 + uno::Reference<text::XTextRange> xParagraph(getParagraph(1)); + CPPUNIT_ASSERT_EQUAL(OUString("ABC"), xParagraph->getString()); +} + CPPUNIT_PLUGIN_IMPLEMENT(); /* vim:set shiftwidth=4 softtabstop=4 expandtab: */ _______________________________________________ Libreoffice-commits mailing list [email protected] https://lists.freedesktop.org/mailman/listinfo/libreoffice-commits
