[Libreoffice-commits] core.git: 3 commits - include/filter include/oox oox/qa oox/source sw/qa

Tomaž Vajngerl tomaz.vajngerl at collabora.co.uk
Sat Jul 7 20:58:48 UTC 2018 

 include/filter/msfilter/mscodec.hxx                          |    2 +
 include/oox/crypto/DocumentEncryption.hxx                    |    1 
 oox/qa/unit/CryptoTest.cxx                                   |    4 --
 oox/source/crypto/AgileEngine.cxx                            |   12 +++++++-
 oox/source/crypto/DocumentDecryption.cxx                     |    1 
 sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx |binary
 sw/qa/extras/ooxmlexport/ooxmlencryption.cxx                 |   16 ++++++++---
 7 files changed, 26 insertions(+), 10 deletions(-)

New commits:
commit 526a6baff85ae1f891c5d9af4e2e20b5b0e547d1
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
Date:   Sat Jul 7 15:30:25 2018 +0200

    Use agile encryption with AES256 and SHA512 by default
    
    Change-Id: I4dcf05a7018f8e15063a20512f4c0b673a62f1de
    Reviewed-on: https://gerrit.libreoffice.org/57141
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>

diff --git a/include/oox/crypto/DocumentEncryption.hxx b/include/oox/crypto/DocumentEncryption.hxx
index 287e7db9e434..f3ae37ea099b 100644
--- a/include/oox/crypto/DocumentEncryption.hxx
+++ b/include/oox/crypto/DocumentEncryption.hxx
@@ -15,6 +15,7 @@
 
 #include <com/sun/star/uno/Reference.hxx>
 #include <oox/crypto/Standard2007Engine.hxx>
+#include <oox/crypto/AgileEngine.hxx>
 #include <rtl/ustring.hxx>
 
 namespace com { namespace sun { namespace star {
commit 7ba835ff5837290598d0b27c90a8abcfedf5b210
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
Date:   Sat Jul 7 15:22:36 2018 +0200

    oox: Handle agile encryption info "reserved" field correctly
    
    The "reserved" filed is written fter the version number major,
    minor which is used to identify the encryption as agile. The
    "reserved" field must always have the value 0x00000040. This
    change writes the reserved filed correctly and when encryption and
    when decrypting it checks the value an potentially bails out if
    it desn't contain the expected value.
    
    Change-Id: I2045dc64e0c6bbb3318384e25deef2ba8f41b94c
    Reviewed-on: https://gerrit.libreoffice.org/57140
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>

diff --git a/include/filter/msfilter/mscodec.hxx b/include/filter/msfilter/mscodec.hxx
index aa38f6e9fc00..bc0240ae20eb 100644
--- a/include/filter/msfilter/mscodec.hxx
+++ b/include/filter/msfilter/mscodec.hxx
@@ -438,6 +438,8 @@ const sal_uInt32 VERSION_INFO_2007_FORMAT_SP2   = 0x00020004;
 // version of encryption info - agile (major = 4, minor = 4)
 const sal_uInt32 VERSION_INFO_AGILE         = 0x00040004;
 
+const sal_uInt32 AGILE_ENCRYPTION_RESERVED  = 0x00000040;
+
 const sal_uInt32 SALT_LENGTH                    = 16;
 const sal_uInt32 ENCRYPTED_VERIFIER_LENGTH      = 16;
 const sal_uInt32 SHA1_HASH_LENGTH = RTL_DIGEST_LENGTH_SHA1; // 20
diff --git a/oox/qa/unit/CryptoTest.cxx b/oox/qa/unit/CryptoTest.cxx
index e17f3cc91e9a..47d567fab34b 100644
--- a/oox/qa/unit/CryptoTest.cxx
+++ b/oox/qa/unit/CryptoTest.cxx
@@ -224,7 +224,6 @@ void CryptoTest::testAgileEncrpytionInfoWritingAndParsing()
                 new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
             xInputStream->skipBytes(4); // Encryption type -> Agile
-            xInputStream->skipBytes(4); // Reserved
 
             CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream));
 
@@ -271,7 +270,6 @@ void CryptoTest::testAgileEncrpytionInfoWritingAndParsing()
                 new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
             xInputStream->skipBytes(4); // Encryption type -> Agile
-            xInputStream->skipBytes(4); // Reserved
 
             CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream));
 
@@ -324,7 +322,6 @@ void CryptoTest::testAgileDataIntegrityHmacKey()
             new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
         xInputStream->skipBytes(4); // Encryption type -> Agile
-        xInputStream->skipBytes(4); // Reserved
 
         CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream));
         CPPUNIT_ASSERT(aEngine.generateEncryptionKey(aPassword));
@@ -391,7 +388,6 @@ void CryptoTest::testAgileEncryptingAndDecrypting()
             new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
         xEncryptionInfo->skipBytes(4); // Encryption type -> Agile
-        xEncryptionInfo->skipBytes(4); // Reserved
 
         CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xEncryptionInfo));
 
diff --git a/oox/source/crypto/AgileEngine.cxx b/oox/source/crypto/AgileEngine.cxx
index a4fa8c476c74..299ba2802bfe 100644
--- a/oox/source/crypto/AgileEngine.cxx
+++ b/oox/source/crypto/AgileEngine.cxx
@@ -486,6 +486,16 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream,
 
 bool AgileEngine::readEncryptionInfo(uno::Reference<io::XInputStream> & rxInputStream)
 {
+    // Check reserved value
+    std::vector<sal_uInt8> aExpectedReservedBytes(sizeof(sal_uInt32));
+    ByteOrderConverter::writeLittleEndian(aExpectedReservedBytes.data(), msfilter::AGILE_ENCRYPTION_RESERVED);
+
+    uno::Sequence<sal_Int8> aReadReservedBytes(sizeof(sal_uInt32));
+    rxInputStream->readBytes(aReadReservedBytes, aReadReservedBytes.getLength());
+
+    if (!std::equal(aReadReservedBytes.begin(), aReadReservedBytes.end(), aExpectedReservedBytes.begin()))
+        return false;
+
     mInfo.spinCount = 0;
     mInfo.saltSize = 0;
     mInfo.keyBits = 0;
@@ -695,7 +705,7 @@ bool AgileEngine::setupEncryptionKey(OUString const & rPassword)
 void AgileEngine::writeEncryptionInfo(BinaryXOutputStream & rStream)
 {
     rStream.WriteUInt32(msfilter::VERSION_INFO_AGILE);
-    rStream.WriteUInt32(0); // reserved
+    rStream.WriteUInt32(msfilter::AGILE_ENCRYPTION_RESERVED);
 
     SvMemoryStream aMemStream;
     tools::XmlWriter aXmlWriter(&aMemStream);
diff --git a/oox/source/crypto/DocumentDecryption.cxx b/oox/source/crypto/DocumentDecryption.cxx
index b68882ad6b03..16cc29551b21 100644
--- a/oox/source/crypto/DocumentDecryption.cxx
+++ b/oox/source/crypto/DocumentDecryption.cxx
@@ -58,7 +58,6 @@ bool DocumentDecryption::readEncryptionInfo()
             break;
         case msfilter::VERSION_INFO_AGILE:
             mCryptoType = AGILE; // Set encryption info format
-            xEncryptionInfo->skipBytes(4);
             mEngine.reset(new AgileEngine);
             break;
         default:
commit 8efeb81537726445954b10314ebbd770d266ac20
Author: Tomaž Vajngerl <tomaz.vajngerl at collabora.co.uk>
Date:   Sat Jul 7 15:21:12 2018 +0200

    Add LO standard encryption to the ooxml encryption tests
    
    Change-Id: I199ed40d409dc4baf9102480eadffde9a7c26a78
    Reviewed-on: https://gerrit.libreoffice.org/57139
    Tested-by: Jenkins
    Reviewed-by: Tomaž Vajngerl <quikee at gmail.com>

diff --git a/sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx b/sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx
new file mode 100644
index 000000000000..c35aaf12ad2c
Binary files /dev/null and b/sw/qa/extras/ooxmlexport/data/Encrypted_LO_Standard_abc.docx differ
diff --git a/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx b/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx
index 66ae8f1754ac..7ec52f34d0e9 100644
--- a/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx
+++ b/sw/qa/extras/ooxmlexport/ooxmlencryption.cxx
@@ -16,32 +16,40 @@ public:
     Test() : SwModelTestBase("/sw/qa/extras/ooxmlexport/data/", "Office Open XML Text") {}
 
 protected:
-    bool mustTestImportOf(const char* filename) const override {
+    bool mustTestImportOf(const char* filename) const override
+    {
         return OString(filename).endsWith(".docx");
     }
 };
 
-DECLARE_SW_ROUNDTRIP_TEST(testPassword2007, "Encrypted_MSO2007_abc.docx", "abc", Test)
+DECLARE_SW_ROUNDTRIP_TEST(testPasswordMSO2007, "Encrypted_MSO2007_abc.docx", "abc", Test)
 {
     // Standard encryption format, AES 128, SHA1
     uno::Reference<text::XTextRange> xParagraph(getParagraph(1));
     CPPUNIT_ASSERT_EQUAL(OUString("abc"), xParagraph->getString());
 }
 
-DECLARE_SW_ROUNDTRIP_TEST(testPassword2010, "Encrypted_MSO2010_abc.docx", "abc", Test)
+DECLARE_SW_ROUNDTRIP_TEST(testPasswordMSO2010, "Encrypted_MSO2010_abc.docx", "abc", Test)
 {
     // Agile encryption format, AES 128, CBC, SHA1
     uno::Reference<text::XTextRange> xParagraph(getParagraph(1));
     CPPUNIT_ASSERT_EQUAL(OUString("abc"), xParagraph->getString());
 }
 
-DECLARE_SW_ROUNDTRIP_TEST(testPassword2013, "Encrypted_MSO2013_abc.docx", "abc", Test)
+DECLARE_SW_ROUNDTRIP_TEST(testPasswordMSO2013, "Encrypted_MSO2013_abc.docx", "abc", Test)
 {
     // Agile encryption format, AES 256, CBC, SHA512
     uno::Reference<text::XTextRange> xParagraph(getParagraph(1));
     CPPUNIT_ASSERT_EQUAL(OUString("ABC"), xParagraph->getString());
 }
 
+DECLARE_SW_ROUNDTRIP_TEST(testPasswordLOStandard, "Encrypted_LO_Standard_abc.docx", "abc", Test)
+{
+    // Standard encryption format, AES 128, SHA1
+    uno::Reference<text::XTextRange> xParagraph(getParagraph(1));
+    CPPUNIT_ASSERT_EQUAL(OUString("ABC"), xParagraph->getString());
+}
+
 CPPUNIT_PLUGIN_IMPLEMENT();
 
 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

More information about the Libreoffice-commits mailing list