package/source/manifest/ManifestDefines.hxx | 9 ++++++--- package/source/manifest/ManifestImport.cxx | 25 ++++++++++++++++++++++--- package/source/manifest/ManifestImport.hxx | 1 + package/source/zippackage/ZipPackage.cxx | 12 ++++++++++++ 4 files changed, 41 insertions(+), 6 deletions(-)
New commits: commit b955e86071e91c7f6d0047f383f225881db7b417 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Wed Jan 10 20:28:41 2024 +0100 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Sat Jan 20 17:38:48 2024 +0100 tdf#105844 package: ODF wholesome encryption: use package version ... to init the Version property. The problem is that the outer storage loaded from a wholesome ODF encrypted document doesn't have a Version, because it doesn't (directly) contain a document and has no "/" file-entry. Extract the root element's package version attribute and use it. The Storage API doesn't distinguish much between the package version and the root document's (i.e. root folder's) version. Change-Id: I0fd5f999e9adee674d73fc542402512d0e204897 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161897 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit f1117fbfcd931d4ea2fccfb56f154aa6186d384b) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161865 Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> diff --git a/package/source/manifest/ManifestImport.cxx b/package/source/manifest/ManifestImport.cxx index 0218ac07a5d2..77f795efdc59 100644 --- a/package/source/manifest/ManifestImport.cxx +++ b/package/source/manifest/ManifestImport.cxx @@ -327,6 +327,7 @@ void SAL_CALL ManifestImport::startElement( const OUString& aName, const uno::Re switch (nLevel) { case 1: { + m_PackageVersion = aConvertedAttribs[ATTRIBUTE_VERSION]; if (aConvertedName != ELEMENT_MANIFEST) //manifest:manifest aStack.back().m_bValid = false; break; @@ -451,6 +452,18 @@ void SAL_CALL ManifestImport::endElement( const OUString& aName ) return; if ( aConvertedName == ELEMENT_FILE_ENTRY && aStack.back().m_bValid ) { + // required for wholesome encryption: if there is no document and hence + // no file-entry with a version attribute, send the package's version + // with the first file-entry. + // (note: the only case when a valid ODF document has no "/" entry with + // a version is when it is ODF 1.0/1.1 and then it doesn't have the + // package version either) + if (rManVector.empty() && !m_PackageVersion.isEmpty() + && !aSequence[PKG_MNFST_VERSION].Value.hasValue()) + { + aSequence[PKG_MNFST_VERSION].Name = u"Version"_ustr; + aSequence[PKG_MNFST_VERSION].Value <<= m_PackageVersion; + } // the first entry gets KeyInfo element if any, for PGP encryption if (!bIgnoreEncryptData && !aKeys.empty() && rManVector.empty()) { diff --git a/package/source/manifest/ManifestImport.hxx b/package/source/manifest/ManifestImport.hxx index fd86e02e4f5a..883f1de62387 100644 --- a/package/source/manifest/ManifestImport.hxx +++ b/package/source/manifest/ManifestImport.hxx @@ -61,6 +61,7 @@ class ManifestImport final : public cppu::WeakImplHelper < css::xml::sax::XDocum bool bPgpEncryption; sal_Int32 nDerivedKeySize; ::std::vector < css::uno::Sequence < css::beans::PropertyValue > > & rManVector; + OUString m_PackageVersion; // on root element OUString PushNameAndNamespaces( const OUString& aName, diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx index 02f7cf71e8af..c4de219f80de 100644 --- a/package/source/zippackage/ZipPackage.cxx +++ b/package/source/zippackage/ZipPackage.cxx @@ -171,6 +171,7 @@ void ZipPackage::parseManifest() return; bool bManifestParsed = false; + ::std::optional<OUString> oFirstVersion; static constexpr OUString sMeta (u"META-INF"_ustr); if ( m_xRootFolder->hasByName( sMeta ) ) { @@ -216,7 +217,13 @@ void ZipPackage::parseManifest() if ( rValue.Name == sPropFullPath ) rValue.Value >>= sPath; else if ( rValue.Name == sPropVersion ) + { rValue.Value >>= sVersion; + if (!oFirstVersion) + { + oFirstVersion.emplace(sVersion); + } + } else if ( rValue.Name == sPropMediaType ) rValue.Value >>= sMediaType; else if ( rValue.Name == sPropSalt ) @@ -457,6 +464,11 @@ void ZipPackage::parseManifest() { // accept only types that look similar to own mediatypes m_xRootFolder->SetMediaType( aPackageMediatype ); + // also set version explicitly + if (oFirstVersion && m_xRootFolder->GetVersion().isEmpty()) + { + m_xRootFolder->SetVersion(*oFirstVersion); + } // if there is an encrypted inner package, there is no root // document, because instead there is a package, and it is not // an error commit 8f5c108297fb4816318172f4c7240438f956bb60 Author: Michael Stahl <michael.st...@allotropia.de> AuthorDate: Fri Jan 5 21:43:19 2024 +0100 Commit: Caolán McNamara <caolan.mcnam...@collabora.com> CommitDate: Sat Jan 20 17:38:35 2024 +0100 tdf#105844 package: ManifestImport: handle argon2 attributes in ... ... standard namespace too. Change-Id: I46804795da2009dfd8bb95b9286933728a132e5b Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161785 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.st...@allotropia.de> (cherry picked from commit bac43054e2997235ce98432bc9cb6c434120e4b2) Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161764 Reviewed-by: Caolán McNamara <caolan.mcnam...@collabora.com> diff --git a/package/source/manifest/ManifestDefines.hxx b/package/source/manifest/ManifestDefines.hxx index dbe7b985b8c0..c2f5e2778a30 100644 --- a/package/source/manifest/ManifestDefines.hxx +++ b/package/source/manifest/ManifestDefines.hxx @@ -70,9 +70,12 @@ inline constexpr OUString ELEMENT_KEY_DERIVATION = u"manifest:key-derivation"_us inline constexpr OUString ATTRIBUTE_KEY_DERIVATION_NAME = u"manifest:key-derivation-name"_ustr; inline constexpr OUString ATTRIBUTE_SALT = u"manifest:salt"_ustr; inline constexpr OUString ATTRIBUTE_ITERATION_COUNT = u"manifest:iteration-count"_ustr; -inline constexpr OUString ATTRIBUTE_ARGON2_T_LO= u"loext:argon2-iterations"_ustr; -inline constexpr OUString ATTRIBUTE_ARGON2_M_LO= u"loext:argon2-memory"_ustr; -inline constexpr OUString ATTRIBUTE_ARGON2_P_LO= u"loext:argon2-lanes"_ustr; +inline constexpr OUString ATTRIBUTE_ARGON2_T = u"manifest:argon2-iterations"_ustr; +inline constexpr OUString ATTRIBUTE_ARGON2_M = u"manifest:argon2-memory"_ustr; +inline constexpr OUString ATTRIBUTE_ARGON2_P = u"manifest:argon2-lanes"_ustr; +inline constexpr OUString ATTRIBUTE_ARGON2_T_LO = u"loext:argon2-iterations"_ustr; +inline constexpr OUString ATTRIBUTE_ARGON2_M_LO = u"loext:argon2-memory"_ustr; +inline constexpr OUString ATTRIBUTE_ARGON2_P_LO = u"loext:argon2-lanes"_ustr; /// OFFICE-3708: wrong URL cited in ODF 1.2 and used since OOo 3.4 beta inline constexpr OUString SHA256_URL_ODF12 = u"http://www.w3.org/2000/09/xmldsig#sha256"_ustr; diff --git a/package/source/manifest/ManifestImport.cxx b/package/source/manifest/ManifestImport.cxx index f6f4ce36f4a2..0218ac07a5d2 100644 --- a/package/source/manifest/ManifestImport.cxx +++ b/package/source/manifest/ManifestImport.cxx @@ -242,11 +242,17 @@ void ManifestImport::doKeyDerivation(StringHashMap &rConvertedAttribs) { aSequence[PKG_MNFST_KDF].Value <<= xml::crypto::KDFID::Argon2id; - aString = rConvertedAttribs[ATTRIBUTE_ARGON2_T_LO]; + aString = rConvertedAttribs.find(ATTRIBUTE_ARGON2_T) != rConvertedAttribs.end() + ? rConvertedAttribs[ATTRIBUTE_ARGON2_T] + : rConvertedAttribs[ATTRIBUTE_ARGON2_T_LO]; sal_Int32 const t(aString.toInt32()); - aString = rConvertedAttribs[ATTRIBUTE_ARGON2_M_LO]; + aString = rConvertedAttribs.find(ATTRIBUTE_ARGON2_M) != rConvertedAttribs.end() + ? rConvertedAttribs[ATTRIBUTE_ARGON2_M] + : rConvertedAttribs[ATTRIBUTE_ARGON2_M_LO]; sal_Int32 const m(aString.toInt32()); - aString = rConvertedAttribs[ATTRIBUTE_ARGON2_P_LO]; + aString = rConvertedAttribs.find(ATTRIBUTE_ARGON2_P) != rConvertedAttribs.end() + ? rConvertedAttribs[ATTRIBUTE_ARGON2_P] + : rConvertedAttribs[ATTRIBUTE_ARGON2_P_LO]; sal_Int32 const p(aString.toInt32()); if (0 < t && 0 < m && 0 < p) {