diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-06 15:28:14 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-07 09:28:38 +0100 |
| commit | 3b347664b26d58d44f685a607a5e6d10dff89cd4 (patch) | |
| tree | 882d5793493bf14b65295773d0129811b9fcb51d /include | |
| parent | f6536f4db61b73cf7fd4a44bb5ba61eff61f8f91 (diff) | |
tdf#105844 package,sfx2: wholesome ODF package wrapping encryption
Redo the ODF encryption by storing an ODF package and wrapping it as a
stream "encrypted-package" in another ODF package, such that there is
only one encrypted stream - this requires only one KDF computation.
* This is only enabled in Experimental mode for now.
* Avoid storing unencrypted data in the pTempFile of SfxMedium, as it
is usually created in the same directory as the target file, which
may be on a network share or similar less trusted location.
* SfxMedium::SetEncryptionDataToStorage_Impl() should just set an
error status if it fails (how can it fail anyway)
* when loading a document, SfxDocPasswordVerifier extracts an encrypted
inner package (by calling SfxMedium::TryEncryptedInnerPackage())
* SfxMedium::GetStorage() automatically decrypts an encrypted inner
storage and sets it as the SfxMedium's xStorage
* when storing a document, SfxObjectShell::SaveTo_Impl() creates
the wrapped storages
* One challenge is to keep the macro/scripting signature working; this
can only be put in the inner storage, whereas the document signature
should continue to be on the outer storage; also it must use a Zip
storage, to see the "META-INF" directory. This needs a new
SfxMedium::GetScriptingStorageToSign_Impl() and changes in
SfxMedium::SignContents_Impl().
Change-Id: Ibfee36ce3a9cd030f2aa2ce1484b6d001cba2389
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160401
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'include')
| -rw-r--r-- | include/sfx2/docfile.hxx | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/include/sfx2/docfile.hxx b/include/sfx2/docfile.hxx index 377bab62830f..fb8039f6b8f1 100644 --- a/include/sfx2/docfile.hxx +++ b/include/sfx2/docfile.hxx @@ -70,7 +70,7 @@ class SFX2_DLLPUBLIC SfxMedium final : public SvRefBase SAL_DLLPRIVATE void CloseOutStream_Impl(); SAL_DLLPRIVATE void CloseStreams_Impl(bool bInDestruction = false); - SAL_DLLPRIVATE void SetEncryptionDataToStorage_Impl(); + SAL_DLLPRIVATE bool SetEncryptionDataToStorage_Impl(); public: @@ -218,10 +218,14 @@ public: SAL_DLLPRIVATE OUString const & GetBackup_Impl(); SAL_DLLPRIVATE css::uno::Reference< css::embed::XStorage > const & GetZipStorageToSign_Impl( bool bReadOnly = true ); + SAL_DLLPRIVATE css::uno::Reference<css::embed::XStorage> GetScriptingStorageToSign_Impl(); SAL_DLLPRIVATE void CloseZipStorage_Impl(); // the storage that will be returned by the medium on GetStorage request SAL_DLLPRIVATE void SetStorage_Impl( const css::uno::Reference< css::embed::XStorage >& xNewStorage ); + SAL_DLLPRIVATE void SetInnerStorage_Impl(const css::uno::Reference<css::embed::XStorage>& xStorage); + SAL_DLLPRIVATE css::uno::Reference<css::embed::XStorage> + TryEncryptedInnerPackage(css::uno::Reference<css::embed::XStorage> xStorage); SAL_DLLPRIVATE void CloseAndReleaseStreams_Impl(); SAL_DLLPRIVATE void AddVersion_Impl( css::util::RevisionTag& rVersion ); |