tdf#105844 package,sfx2: remove checksum infoleak when using AEAD

AEAD provides the verification of the password automatically, by reading
the entire stream the tag at the end will be verified.

The existing attributes manifest:checksum-type/manifest:checksum leak
information about the plain text.

This was mitigated with the addChaffWhenEncryptedStorage() functions
(see commit f57baefbd3c4c5d8e5ec28e8702c91d60ffc5de2) but a better
solution that also works for non-XML streams is to simply omit the
attributes; authenticated encryption provides better verification
without any leak.

* "ChecksumAlgorithm" property can be set to void now to remove the
checksum
* change a bunch of members in EncryptionData, ZipPackage,
ZipPackageStream to optional
* change ZipFile::checkValidPassword() to open the stream and return it

Change-Id: Id95288d0c238c4f9940fc5a185df814e8edcbad3
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160711
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 09f23a3dc5cd571df347cba9b003195de35f3ddd)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160694

4 files changed, 19 insertions, 9 deletions

diff --git a/package/inc/EncryptionData.hxx b/package/inc/EncryptionData.hxx
index 73408a090faf..f2d5c0b126b0 100644
--- a/package/inc/EncryptionData.hxx
+++ b/package/inc/EncryptionData.hxx
@@ -22,6 +22,8 @@
 #include <com/sun/star/uno/Sequence.hxx>
 #include <cppuhelper/weak.hxx>
 
+#include <optional>
+
 class BaseEncryptionData : public cppu::OWeakObject
 {
 public:
@@ -47,16 +49,20 @@ class EncryptionData final : public BaseEncryptionData
 public:
     css::uno::Sequence < sal_Int8 > m_aKey;
     sal_Int32 m_nEncAlg;
-    sal_Int32 m_nCheckAlg;
+    ::std::optional<sal_Int32> m_oCheckAlg;
     sal_Int32 m_nDerivedKeySize;
     sal_Int32 m_nStartKeyGenID;
     bool m_bTryWrongSHA1;
 
-    EncryptionData(const BaseEncryptionData& aData, const css::uno::Sequence< sal_Int8 >& aKey, sal_Int32 nEncAlg, sal_Int32 nCheckAlg, sal_Int32 nDerivedKeySize, sal_Int32 nStartKeyGenID, bool const bTryWrongSHA1)
+    EncryptionData(const BaseEncryptionData& aData,
+        const css::uno::Sequence<sal_Int8>& aKey, sal_Int32 const nEncAlg,
+        ::std::optional<sal_Int32> const oCheckAlg,
+        sal_Int32 const nDerivedKeySize, sal_Int32 const nStartKeyGenID,
+        bool const bTryWrongSHA1)
     : BaseEncryptionData( aData )
     , m_aKey( aKey )
     , m_nEncAlg( nEncAlg )
-    , m_nCheckAlg( nCheckAlg )
+    , m_oCheckAlg( oCheckAlg )
     , m_nDerivedKeySize( nDerivedKeySize )
     , m_nStartKeyGenID( nStartKeyGenID )
     , m_bTryWrongSHA1(bTryWrongSHA1)
@@ -66,7 +72,7 @@ public:
     : BaseEncryptionData( aData )
     , m_aKey( aData.m_aKey )
     , m_nEncAlg( aData.m_nEncAlg )
-    , m_nCheckAlg( aData.m_nCheckAlg )
+    , m_oCheckAlg( aData.m_oCheckAlg )
     , m_nDerivedKeySize( aData.m_nDerivedKeySize )
     , m_nStartKeyGenID( aData.m_nStartKeyGenID )
     , m_bTryWrongSHA1(aData.m_bTryWrongSHA1)
diff --git a/package/inc/ZipFile.hxx b/package/inc/ZipFile.hxx
index f6b184994729..2d42ed403136 100644
--- a/package/inc/ZipFile.hxx
+++ b/package/inc/ZipFile.hxx
@@ -70,7 +70,9 @@ class ZipFile
             const bool bUseBufferedStream = true,
             const OUString& aMediaType = OUString() );
 
-    bool hasValidPassword ( ZipEntry const & rEntry, const rtl::Reference < EncryptionData > &rData );
+    css::uno::Reference<css::io::XInputStream> checkValidPassword(
+            ZipEntry const& rEntry, rtl::Reference<EncryptionData> const& rData,
+            rtl::Reference<comphelper::RefCountedMutex> const& rMutexHolder);
 
     bool checkSizeAndCRC( const ZipEntry& aEntry );
 
diff --git a/package/inc/ZipPackage.hxx b/package/inc/ZipPackage.hxx
index 48067f39b6f7..5d196fe7cdaa 100644
--- a/package/inc/ZipPackage.hxx
+++ b/package/inc/ZipPackage.hxx
@@ -78,7 +78,7 @@ class ZipPackage final : public cppu::WeakImplHelper
     OUString   m_aURL;
 
     sal_Int32         m_nStartKeyGenerationID;
-    sal_Int32         m_nChecksumDigestID;
+    ::std::optional<sal_Int32> m_oChecksumDigestID;
     sal_Int32         m_nCommonEncryptionID;
     bool          m_bHasEncryptedEntries;
     bool          m_bHasNonEncryptedEntries;
@@ -124,7 +124,7 @@ public:
 
     sal_Int32 GetStartKeyGenID() const { return m_nStartKeyGenerationID; }
     sal_Int32 GetEncAlgID() const { return m_nCommonEncryptionID; }
-    sal_Int32 GetChecksumAlgID() const { return m_nChecksumDigestID; }
+    ::std::optional<sal_Int32> GetChecksumAlgID() const { return m_oChecksumDigestID; }
     sal_Int32 GetDefaultDerivedKeySize() const {
         switch (m_nCommonEncryptionID)
         {
diff --git a/package/inc/ZipPackageStream.hxx b/package/inc/ZipPackageStream.hxx
index 91beaf276719..b39c59e633e9 100644
--- a/package/inc/ZipPackageStream.hxx
+++ b/package/inc/ZipPackageStream.hxx
@@ -29,6 +29,8 @@
 
 #include "EncryptionData.hxx"
 
+#include <optional>
+
 #define PACKAGE_STREAM_NOTSET           0
 #define PACKAGE_STREAM_PACKAGEMEMBER    1
 #define PACKAGE_STREAM_DETECT           2
@@ -55,7 +57,7 @@ private:
 
     sal_Int32 m_nImportedStartKeyAlgorithm;
     sal_Int32 m_nImportedEncryptionAlgorithm;
-    sal_Int32 m_nImportedChecksumAlgorithm;
+    ::std::optional<sal_Int32> m_oImportedChecksumAlgorithm;
     sal_Int32 m_nImportedDerivedKeySize;
 
     sal_uInt8   m_nStreamMode;
@@ -95,7 +97,7 @@ public:
     void SetIsEncrypted (bool bNewValue) { m_bIsEncrypted = bNewValue;}
     void SetImportedStartKeyAlgorithm( sal_Int32 nAlgorithm ) { m_nImportedStartKeyAlgorithm = nAlgorithm; }
     void SetImportedEncryptionAlgorithm( sal_Int32 nAlgorithm ) { m_nImportedEncryptionAlgorithm = nAlgorithm; }
-    void SetImportedChecksumAlgorithm( sal_Int32 nAlgorithm ) { m_nImportedChecksumAlgorithm = nAlgorithm; }
+    void SetImportedChecksumAlgorithm(::std::optional<sal_Int32> const& roAlgorithm) { m_oImportedChecksumAlgorithm = roAlgorithm; }
     void SetImportedDerivedKeySize( sal_Int32 nSize ) { m_nImportedDerivedKeySize = nSize; }
     void SetToBeEncrypted (bool bNewValue)
     {