tdf#105844 package,sfx2: remove checksum infoleak when using AEAD

AEAD provides the verification of the password automatically, by reading the entire stream the tag at the end will be verified. The existing attributes manifest:checksum-type/manifest:checksum leak information about the plain text. This was mitigated with the addChaffWhenEncryptedStorage() functions (see commit f57baefbd3c4c5d8e5ec28e8702c91d60ffc5de2) but a better solution that also works for non-XML streams is to simply omit the attributes; authenticated encryption provides better verification without any leak. * "ChecksumAlgorithm" property can be set to void now to remove the checksum * change a bunch of members in EncryptionData, ZipPackage, ZipPackageStream to optional * change ZipFile::checkValidPassword() to open the stream and return it Change-Id: Id95288d0c238c4f9940fc5a185df814e8edcbad3 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/160711 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
author: Michael Stahl <michael.stahl@allotropia.de> 2023-12-13 18:36:15 +0100
committer: Michael Stahl <michael.stahl@allotropia.de> 2023-12-13 22:02:52 +0100
commit: 09f23a3dc5cd571df347cba9b003195de35f3ddd (patch)
tree: 1aa23e7d6e12779bcfed5f99c3a759805947003f /package/source/manifest
parent: df23f570536c939ab4b44125ac8f62a8500e6f7c (diff)
2 files changed, 20 insertions, 17 deletions
diff --git a/package/source/manifest/ManifestExport.cxx b/package/source/manifest/ManifestExport.cxx
index 9921b1bad8c8..aa9e9aa2a32f 100644
--- a/package/source/manifest/ManifestExport.cxx
+++ b/package/source/manifest/ManifestExport.cxx
@@ -337,7 +337,7 @@ ManifestExport::ManifestExport( uno::Reference< xml::sax::XDocumentHandler > con
 
         xHandler->ignorableWhitespace ( sWhiteSpace );
         xHandler->startElement( ELEMENT_FILE_ENTRY , pAttrList);
-        if ( pVector && pSalt && pIterationCount && pDigest && pDigestAlg && pEncryptAlg && pStartKeyAlg && pDerivedKeySize )
+        if (pVector && pSalt && pIterationCount && pEncryptAlg && pStartKeyAlg && pDerivedKeySize)
         {
             // ==== Encryption Data
             rtl::Reference<::comphelper::AttributeList> pNewAttrList = new ::comphelper::AttributeList;
@@ -347,20 +347,23 @@ ManifestExport::ManifestExport( uno::Reference< xml::sax::XDocumentHandler > con
             xHandler->ignorableWhitespace ( sWhiteSpace );
 
             // ==== Digest
-            OUString sChecksumType;
-            sal_Int32 nDigestAlgID = 0;
-            *pDigestAlg >>= nDigestAlgID;
-            if ( nDigestAlgID == xml::crypto::DigestID::SHA256_1K )
-                sChecksumType = sSHA256_1k_URL;
-            else if ( nDigestAlgID == xml::crypto::DigestID::SHA1_1K )
-                sChecksumType = sSHA1_1k_Name;
-            else
-                throw uno::RuntimeException( THROW_WHERE "Unexpected digest algorithm is provided!" );
+            if (pDigest && pDigestAlg && pDigestAlg->hasValue())
+            {
+                OUString sChecksumType;
+                sal_Int32 nDigestAlgID = 0;
+                *pDigestAlg >>= nDigestAlgID;
+                if ( nDigestAlgID == xml::crypto::DigestID::SHA256_1K )
+                    sChecksumType = sSHA256_1k_URL;
+                else if ( nDigestAlgID == xml::crypto::DigestID::SHA1_1K )
+                    sChecksumType = sSHA1_1k_Name;
+                else
+                    throw uno::RuntimeException( THROW_WHERE "Unexpected digest algorithm is provided!" );
 
-            pNewAttrList->AddAttribute ( ATTRIBUTE_CHECKSUM_TYPE, sChecksumType );
-            *pDigest >>= aSequence;
-            ::comphelper::Base64::encode(aBuffer, aSequence);
-            pNewAttrList->AddAttribute ( ATTRIBUTE_CHECKSUM, aBuffer.makeStringAndClear() );
+                pNewAttrList->AddAttribute(ATTRIBUTE_CHECKSUM_TYPE, sChecksumType);
+                *pDigest >>= aSequence;
+                ::comphelper::Base64::encode(aBuffer, aSequence);
+                pNewAttrList->AddAttribute(ATTRIBUTE_CHECKSUM, aBuffer.makeStringAndClear());
+            }
 
             xHandler->startElement( ELEMENT_ENCRYPTION_DATA , pNewAttrList);
 
diff --git a/package/source/manifest/ManifestImport.cxx b/package/source/manifest/ManifestImport.cxx
index b7aa57f99ff1..0458eb9c4b8e 100644
--- a/package/source/manifest/ManifestImport.cxx
+++ b/package/source/manifest/ManifestImport.cxx
@@ -164,10 +164,10 @@ void ManifestImport::doEncryptionData(StringHashMap &rConvertedAttribs)
     } else if ( aString == SHA256_1K_URL ) {
         aSequence[PKG_MNFST_DIGESTALG].Name = gsDigestAlgProperty;
         aSequence[PKG_MNFST_DIGESTALG].Value <<= xml::crypto::DigestID::SHA256_1K;
-    } else
-        bIgnoreEncryptData = true;
+    }
+    // note: digest is now *optional* - expected not to be used with AEAD
 
-    if ( !bIgnoreEncryptData ) {
+    if (aSequence[PKG_MNFST_DIGESTALG].Value.hasValue()) {
         aString = rConvertedAttribs[ATTRIBUTE_CHECKSUM];
         uno::Sequence < sal_Int8 > aDecodeBuffer;
         ::comphelper::Base64::decode(aDecodeBuffer, aString);
author	Michael Stahl <michael.stahl@allotropia.de>	2023-12-13 18:36:15 +0100
committer	Michael Stahl <michael.stahl@allotropia.de>	2023-12-13 22:02:52 +0100
commit	09f23a3dc5cd571df347cba9b003195de35f3ddd (patch)
tree	1aa23e7d6e12779bcfed5f99c3a759805947003f /package/source/manifest
parent	df23f570536c939ab4b44125ac8f62a8500e6f7c (diff)