package/inc/PackageConstants.hxx | 3 ++-
package/source/manifest/ManifestExport.cxx | 13 +++++++------
package/source/manifest/ManifestImport.cxx | 8 ++++----
3 files changed, 13 insertions(+), 11 deletions(-)
New commits:
commit 4cba1d7cdf89e885353db7a806cc39b415b80008
Author: Michael Stahl <michael.st...@allotropia.de>
AuthorDate: Wed Dec 20 12:28:49 2023 +0100
Commit: Michael Stahl <michael.st...@allotropia.de>
CommitDate: Thu Dec 21 10:40:59 2023 +0100
package: ODF encryption: fix 2 GPG problems
1. ManifestImport should attach KeyInfo to the first file-entry, not to
a "/" entry which may not exist or may be preceded by another
file-entry which requires the KeyInfo to decrypt
(regression from commit 91f35f22f0447769c08ca89e27a39b40df18fffa)
2. manifest:key-size on manifest:key-derivation is unfortunately
specified to have a default value of 16, but with AES256 the actual
size is 32, and for GPG the ManifestExport forgot to export it
Change-Id: I05dd2c9e219ba7f20ba33bf0b35d47a9e3df74cc
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161072
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.st...@allotropia.de>
(cherry picked from commit 2c0f520c03941f6ec09c8a52bd2b2bd38ba2b9a4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161025
diff --git a/package/inc/PackageConstants.hxx b/package/inc/PackageConstants.hxx
index ce89204b4348..15cc4d3ee9b0 100644
--- a/package/inc/PackageConstants.hxx
+++ b/package/inc/PackageConstants.hxx
@@ -47,9 +47,10 @@ const sal_Int32 n_ConstDigestDecrypt = 1056; // 1024 + 32
#define PKG_MNFST_DERKEYSIZE 11 //DerivedKeySize
#define PKG_MNFST_KDF 12 // KeyDerivationFunction
#define PKG_MNFST_ARGON2ARGS 13 // Argon2 arguments
+#define PKG_MNFST_KEYINFO 14 // PGP KeyInfo
#define PKG_SIZE_NOENCR_MNFST 3
-#define PKG_SIZE_ENCR_MNFST 14 // max size
+#define PKG_SIZE_ENCR_MNFST 15 // max size
// the properties related constants
inline constexpr OUString ENCRYPTION_KEY_PROPERTY = u"EncryptionKey"_ustr;
diff --git a/package/source/manifest/ManifestExport.cxx
b/package/source/manifest/ManifestExport.cxx
index ba6dd79b5dd0..1d51e223e43b 100644
--- a/package/source/manifest/ManifestExport.cxx
+++ b/package/source/manifest/ManifestExport.cxx
@@ -527,17 +527,18 @@ ManifestExport::ManifestExport( uno::Reference<
xml::sax::XDocumentHandler > con
pNewAttrList->AddAttribute(ATTRIBUTE_ITERATION_COUNT,
aBuffer.makeStringAndClear());
}
- if (bStoreStartKeyGeneration)
- {
- aBuffer.append(nDerivedKeySize);
- pNewAttrList->AddAttribute ( ATTRIBUTE_KEY_SIZE,
aBuffer.makeStringAndClear() );
- }
-
*pSalt >>= aSequence;
::comphelper::Base64::encode(aBuffer, aSequence);
pNewAttrList->AddAttribute ( ATTRIBUTE_SALT,
aBuffer.makeStringAndClear() );
}
+ // ODF 1.3 specifies the default as 16 so have to write it for PGP
+ if (bStoreStartKeyGeneration || pKeyInfoProperty)
+ {
+ aBuffer.append(nDerivedKeySize);
+ pNewAttrList->AddAttribute(ATTRIBUTE_KEY_SIZE,
aBuffer.makeStringAndClear());
+ }
+
xHandler->ignorableWhitespace(sWhiteSpace);
xHandler->startElement(ELEMENT_KEY_DERIVATION, pNewAttrList);
xHandler->ignorableWhitespace(sWhiteSpace);
diff --git a/package/source/manifest/ManifestImport.cxx
b/package/source/manifest/ManifestImport.cxx
index f0f2b8841a5e..f6f4ce36f4a2 100644
--- a/package/source/manifest/ManifestImport.cxx
+++ b/package/source/manifest/ManifestImport.cxx
@@ -445,11 +445,11 @@ void SAL_CALL ManifestImport::endElement( const OUString&
aName )
return;
if ( aConvertedName == ELEMENT_FILE_ENTRY && aStack.back().m_bValid ) {
- // root folder gets KeyInfo entry if any, for PGP encryption
- if (!bIgnoreEncryptData && !aKeys.empty() &&
aSequence[PKG_MNFST_FULLPATH].Value.get<OUString>() == "/" )
+ // the first entry gets KeyInfo element if any, for PGP encryption
+ if (!bIgnoreEncryptData && !aKeys.empty() && rManVector.empty())
{
- aSequence[PKG_SIZE_NOENCR_MNFST].Name = "KeyInfo";
- aSequence[PKG_SIZE_NOENCR_MNFST].Value <<=
comphelper::containerToSequence(aKeys);
+ aSequence[PKG_MNFST_KEYINFO].Name = "KeyInfo";
+ aSequence[PKG_MNFST_KEYINFO].Value <<=
comphelper::containerToSequence(aKeys);
}
std::erase_if(aSequence, isEmpty);
