diff options
| author | Tomaž Vajngerl <tomaz.vajngerl@collabora.co.uk> | 2018-07-04 22:23:44 +0200 |
|---|---|---|
| committer | Tomaž Vajngerl <quikee@gmail.com> | 2018-07-06 18:27:47 +0200 |
| commit | ce560ee99ebf97fa44aecedd5110b29913cf77a5 (patch) | |
| tree | e228f26944151c51cafd81ca05654ceeeb624046 /include/oox | |
| parent | ce7fb7473bc72d8a672c4fdcd49474721c9a2784 (diff) | |
oox: Agile encryption and data integrity verification
This adds agile encryption for OOXML documents. Previously we
always used the standard encryption used in MSO 2007 for max.
compatibility, but new MSO versions (2010+) use the agile
encryption, which allows more strong encryption methods (AES256
with SHA512). With this change we can now use do AES128 with
SHA1 or AES256 with SHA512 encryption.
In addition the agile encryption has data verification with HMAC
hashing. With this change we also now write the data verification
hash into the encrypted document and in addition also do data
verification when opening / decrypting a document, so to make sure
the document is not corrupted.
Change-Id: Ib45d397df228c355941eefb76d51e5d6f8925470
Reviewed-on: https://gerrit.libreoffice.org/56974
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>
Diffstat (limited to 'include/oox')
| -rw-r--r-- | include/oox/crypto/AgileEngine.hxx | 88 | ||||
| -rw-r--r-- | include/oox/crypto/CryptoEngine.hxx | 19 | ||||
| -rw-r--r-- | include/oox/crypto/Standard2007Engine.hxx | 18 |
3 files changed, 97 insertions, 28 deletions
diff --git a/include/oox/crypto/AgileEngine.hxx b/include/oox/crypto/AgileEngine.hxx index dc7538fafde4..8d4183619f9c 100644 --- a/include/oox/crypto/AgileEngine.hxx +++ b/include/oox/crypto/AgileEngine.hxx @@ -13,6 +13,7 @@ #include <vector> +#include <oox/dllapi.h> #include <oox/crypto/CryptTools.hxx> #include <oox/crypto/CryptoEngine.hxx> #include <rtl/ustring.hxx> @@ -26,7 +27,7 @@ namespace oox { namespace oox { namespace core { -struct AgileEncryptionInfo +struct OOX_DLLPUBLIC AgileEncryptionInfo { sal_Int32 spinCount; sal_Int32 saltSize; @@ -39,15 +40,45 @@ struct AgileEncryptionInfo OUString hashAlgorithm; std::vector<sal_uInt8> keyDataSalt; + + // Key Encryptor std::vector<sal_uInt8> saltValue; std::vector<sal_uInt8> encryptedVerifierHashInput; std::vector<sal_uInt8> encryptedVerifierHashValue; std::vector<sal_uInt8> encryptedKeyValue; + + // HMAC + std::vector<sal_uInt8> hmacKey; + std::vector<sal_uInt8> hmacHash; + std::vector<sal_uInt8> hmacCalculatedHash; + std::vector<sal_uInt8> hmacEncryptedKey; // encrypted Key + std::vector<sal_uInt8> hmacEncryptedValue; // encrypted Hash +}; + +struct OOX_DLLPUBLIC AgileEncryptionParameters +{ + sal_Int32 spinCount; + sal_Int32 saltSize; + sal_Int32 keyBits; + sal_Int32 hashSize; + sal_Int32 blockSize; + + OUString cipherAlgorithm; + OUString cipherChaining; + OUString hashAlgorithm; }; -class AgileEngine : public CryptoEngine +enum class AgileEncryptionPreset { + AES_128_SHA1, + AES_256_SHA512, +}; + +class OOX_DLLPUBLIC AgileEngine : public CryptoEngine +{ +private: AgileEncryptionInfo mInfo; + AgileEncryptionPreset meEncryptionPreset; void calculateHashFinal(const OUString& rPassword, std::vector<sal_uInt8>& aHashFinal); @@ -57,28 +88,59 @@ class AgileEngine : public CryptoEngine std::vector<sal_uInt8>& rInput, std::vector<sal_uInt8>& rOutput); + void encryptBlock( + std::vector<sal_uInt8> const & rBlock, + std::vector<sal_uInt8>& rHashFinal, + std::vector<sal_uInt8>& rInput, + std::vector<sal_uInt8>& rOutput); + static Crypto::CryptoType cryptoType(const AgileEncryptionInfo& rInfo); + bool calculateDecryptionKey(const OUString& rPassword); + public: - AgileEngine() = default; + AgileEngine(); AgileEncryptionInfo& getInfo() { return mInfo;} - virtual void writeEncryptionInfo( - const OUString& rPassword, - BinaryXOutputStream& rStream) override; + void setPreset(AgileEncryptionPreset ePreset) + { + meEncryptionPreset = ePreset; + } - virtual bool generateEncryptionKey(const OUString& rPassword) override; + // Decryption - virtual bool decrypt( - BinaryXInputStream& aInputStream, - BinaryXOutputStream& aOutputStream) override; + bool decryptEncryptionKey(OUString const & rPassword); + bool decryptAndCheckVerifierHash(OUString const & rPassword); + bool generateEncryptionKey(OUString const & rPassword) override; bool readEncryptionInfo(css::uno::Reference<css::io::XInputStream> & rxInputStream) override; + bool decrypt(BinaryXInputStream& aInputStream, + BinaryXOutputStream& aOutputStream) override; + + bool checkDataIntegrity() override; + + bool decryptHmacKey(); + bool decryptHmacValue(); + + // Encryption + + void writeEncryptionInfo(BinaryXOutputStream& rStream) override; + + void encrypt(css::uno::Reference<css::io::XInputStream>& rxInputStream, + css::uno::Reference<css::io::XOutputStream>& rxOutputStream, + sal_uInt32 nSize) override; + + bool setupEncryption(OUString const & rPassword) override; + + bool generateAndEncryptVerifierHash(OUString const & rPassword); + + bool encryptHmacKey(); + bool encryptHmacValue(); - virtual void encrypt( - BinaryXInputStream& aInputStream, - BinaryXOutputStream& aOutputStream) override; + bool encryptEncryptionKey(OUString const & rPassword); + void setupEncryptionParameters(AgileEncryptionParameters const & rAgileEncryptionParameters); + bool setupEncryptionKey(OUString const & rPassword); }; } // namespace core diff --git a/include/oox/crypto/CryptoEngine.hxx b/include/oox/crypto/CryptoEngine.hxx index 0b6844671457..8a947f10d106 100644 --- a/include/oox/crypto/CryptoEngine.hxx +++ b/include/oox/crypto/CryptoEngine.hxx @@ -17,6 +17,7 @@ #include <sal/types.h> #include <com/sun/star/io/XInputStream.hpp> +#include <com/sun/star/io/XOutputStream.hpp> namespace oox { class BinaryXInputStream; @@ -38,9 +39,8 @@ public: virtual ~CryptoEngine() {} - virtual void writeEncryptionInfo( - const OUString& rPassword, - BinaryXOutputStream& rStream) = 0; + // Decryption + virtual bool readEncryptionInfo(css::uno::Reference<css::io::XInputStream> & rxInputStream) = 0; virtual bool generateEncryptionKey(const OUString& rPassword) = 0; @@ -48,11 +48,16 @@ public: BinaryXInputStream& aInputStream, BinaryXOutputStream& aOutputStream) = 0; - virtual bool readEncryptionInfo(css::uno::Reference<css::io::XInputStream> & rxInputStream) = 0; + // Encryption + virtual void writeEncryptionInfo(BinaryXOutputStream & rStream) = 0; - virtual void encrypt( - BinaryXInputStream& aInputStream, - BinaryXOutputStream& aOutputStream) = 0; + virtual bool setupEncryption(const OUString& rPassword) = 0; + + virtual void encrypt(css::uno::Reference<css::io::XInputStream> & rxInputStream, + css::uno::Reference<css::io::XOutputStream> & rxOutputStream, + sal_uInt32 nSize) = 0; + + virtual bool checkDataIntegrity() = 0; }; } // namespace core diff --git a/include/oox/crypto/Standard2007Engine.hxx b/include/oox/crypto/Standard2007Engine.hxx index 0ad7a21eec3b..996467ddde82 100644 --- a/include/oox/crypto/Standard2007Engine.hxx +++ b/include/oox/crypto/Standard2007Engine.hxx @@ -38,21 +38,23 @@ public: msfilter::StandardEncryptionInfo& getInfo() { return mInfo;} - virtual bool generateEncryptionKey(const OUString& rPassword) override; + bool readEncryptionInfo(css::uno::Reference<css::io::XInputStream> & rxInputStream) override; - virtual void writeEncryptionInfo( - const OUString& rPassword, - BinaryXOutputStream& rStream) override; + virtual bool generateEncryptionKey(OUString const & rPassword) override; virtual bool decrypt( BinaryXInputStream& aInputStream, BinaryXOutputStream& aOutputStream) override; - bool readEncryptionInfo(css::uno::Reference<css::io::XInputStream> & rxInputStream) override; + bool checkDataIntegrity() override; - virtual void encrypt( - BinaryXInputStream& aInputStream, - BinaryXOutputStream& aOutputStream) override; + void encrypt(css::uno::Reference<css::io::XInputStream>& rxInputStream, + css::uno::Reference<css::io::XOutputStream>& rxOutputStream, + sal_uInt32 nSize) override; + + virtual void writeEncryptionInfo(BinaryXOutputStream& rStream) override; + + virtual bool setupEncryption(OUString const & rPassword) override; }; |