diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-13 18:36:15 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-14 09:09:57 +0100 |
| commit | 309558858d2b37cbad04b3000391ad9ba570708d (patch) | |
| tree | e3edfa89d99522af0ea962265bb05f4e39fbeb23 /package/inc/ZipPackageStream.hxx | |
| parent | 25d902054715bb89cad5ec3f82a81bacb8d4cf02 (diff) | |
tdf#105844 package,sfx2: remove checksum infoleak when using AEAD
AEAD provides the verification of the password automatically, by reading
the entire stream the tag at the end will be verified.
The existing attributes manifest:checksum-type/manifest:checksum leak
information about the plain text.
This was mitigated with the addChaffWhenEncryptedStorage() functions
(see commit f57baefbd3c4c5d8e5ec28e8702c91d60ffc5de2) but a better
solution that also works for non-XML streams is to simply omit the
attributes; authenticated encryption provides better verification
without any leak.
* "ChecksumAlgorithm" property can be set to void now to remove the
checksum
* change a bunch of members in EncryptionData, ZipPackage,
ZipPackageStream to optional
* change ZipFile::checkValidPassword() to open the stream and return it
Change-Id: Id95288d0c238c4f9940fc5a185df814e8edcbad3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160711
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 09f23a3dc5cd571df347cba9b003195de35f3ddd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160694
Diffstat (limited to 'package/inc/ZipPackageStream.hxx')
| -rw-r--r-- | package/inc/ZipPackageStream.hxx | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/package/inc/ZipPackageStream.hxx b/package/inc/ZipPackageStream.hxx index 91beaf276719..b39c59e633e9 100644 --- a/package/inc/ZipPackageStream.hxx +++ b/package/inc/ZipPackageStream.hxx @@ -29,6 +29,8 @@ #include "EncryptionData.hxx" +#include <optional> + #define PACKAGE_STREAM_NOTSET 0 #define PACKAGE_STREAM_PACKAGEMEMBER 1 #define PACKAGE_STREAM_DETECT 2 @@ -55,7 +57,7 @@ private: sal_Int32 m_nImportedStartKeyAlgorithm; sal_Int32 m_nImportedEncryptionAlgorithm; - sal_Int32 m_nImportedChecksumAlgorithm; + ::std::optional<sal_Int32> m_oImportedChecksumAlgorithm; sal_Int32 m_nImportedDerivedKeySize; sal_uInt8 m_nStreamMode; @@ -95,7 +97,7 @@ public: void SetIsEncrypted (bool bNewValue) { m_bIsEncrypted = bNewValue;} void SetImportedStartKeyAlgorithm( sal_Int32 nAlgorithm ) { m_nImportedStartKeyAlgorithm = nAlgorithm; } void SetImportedEncryptionAlgorithm( sal_Int32 nAlgorithm ) { m_nImportedEncryptionAlgorithm = nAlgorithm; } - void SetImportedChecksumAlgorithm( sal_Int32 nAlgorithm ) { m_nImportedChecksumAlgorithm = nAlgorithm; } + void SetImportedChecksumAlgorithm(::std::optional<sal_Int32> const& roAlgorithm) { m_oImportedChecksumAlgorithm = roAlgorithm; } void SetImportedDerivedKeySize( sal_Int32 nSize ) { m_nImportedDerivedKeySize = nSize; } void SetToBeEncrypted (bool bNewValue) { |