diff options
| author | Michael Stahl <mstahl@redhat.com> | 2018-02-06 17:35:36 +0100 |
|---|---|---|
| committer | Michael Stahl <mstahl@redhat.com> | 2018-02-07 18:03:09 +0100 |
| commit | 398275ba9f4d65bebcc78864e70eee6212a84397 (patch) | |
| tree | e87b37608d18ea0af727961ee3b531851d2cf60e /include/svl | |
| parent | 9430abb0dcc9fb1facd498c88da44e3dbb9bd25b (diff) | |
tdf#115483 svl xmloff sc sw: verify all ODF 1.2 protection-key hashes
ODF 1.2 has added some mandatory requirements for protection-key hashes
which did not exist in ODF 1.1.
This affects sections and indexes in ODT documents, as well as
spreadsheets and sheets in ODS documents.
1. Accept the following hashed passwords:
* UTF16 LE/BE encoded StarOffice-SHA1, OOo legacy and allowed by ODF 1.1
* UTF8 encoded proper SHA1, as required by ODF 1.2
* UTF8 encoded SHA256, as required by ODF 1.2
- specified either with the wrong URL used in the ODF 1.2 spec
or the correct URL from the W3C spec, see OFFICE-3702
* Excel+SHA1 double-hash, only in Calc, see OFFICE-2112
2. Round-trip any of the above as-is
* for SHA256 only write the URL from the ODF 1.2 spec
3. Generate only UTF16 LE encoded SHA1 for now, so that older LO
releases can still verify the password
* some time in the future, switch to generating some valid ODF 1.2 hash
More changes are necessary in Calc, which can actually preserve
different hashes for the same passwords in its runtime data model,
whereas Writer just has a single buffer without even any metadata.
For the Calc unit tests we need one document per hash because the
protection-key attribute can be set on the entire spreadsheet, which
is an unique element in the document.
There are further uses of SvlPasswordHelper for change-tracking passwords,
but apparently those are stored in settings.xml, so ODF has no
requirements for them, so let's leave that as it is.
Change-Id: Icb720b14ae9c0d9c04d2e082769ae2b74e3af8aa
Reviewed-on: https://gerrit.libreoffice.org/49352
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Michael Stahl <mstahl@redhat.com>
Diffstat (limited to 'include/svl')
| -rw-r--r-- | include/svl/PasswordHelper.hxx | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/include/svl/PasswordHelper.hxx b/include/svl/PasswordHelper.hxx index ca048ed85924..a71f2ca7c172 100644 --- a/include/svl/PasswordHelper.hxx +++ b/include/svl/PasswordHelper.hxx @@ -33,10 +33,15 @@ public: SVL_DLLPUBLIC static void GetHashPassword(css::uno::Sequence <sal_Int8>& rPassHash, const sal_Char* pPass, sal_uInt32 nLen); SVL_DLLPUBLIC static void GetHashPassword(css::uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass); + SVL_DLLPUBLIC static void GetHashPasswordSHA1UTF8(css::uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass); + SVL_DLLPUBLIC static void GetHashPasswordSHA256(css::uno::Sequence<sal_Int8>& rPassHash, const OUString& sPass); /** Use this method to compare a given string with another given Hash value. This is necessary, because in older versions exists different hashes of the same string. They were endian dependent. - We need this to handle old files. This method will compare against big and little endian. See #101326# + We need this to handle old files. This method will compare against big and + little endian UTF-16. + tdf#115483: also check 2 different new ways of hashing that were added in + ODF 1.2, requiring UTF-8 encoding. */ SVL_DLLPUBLIC static bool CompareHashPassword(const css::uno::Sequence<sal_Int8>& rOldPassHash, const OUString& sNewPass); }; |