diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-19 19:13:00 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-12-20 22:23:20 +0100 |
| commit | 4995e0669da0e499743b21c60da1ca8b14a1c78c (patch) | |
| tree | 351323cc563eb6a1917d4457c24dcc02a9841cb1 /sfx2 | |
| parent | 39f21446c0f0e9872f8871ab88233f5cbaa5eacc (diff) | |
tdf#105844 offapi,package,sfx2: use Argon2 for wholesome ODF encryption
https://www.rfc-editor.org/rfc/rfc9106.html
* add css::xml::crypto::KDFID constant group
* add "KeyDerivationFunction" to setEncryptionAlgorithms sequence
* Argon2 is used by default for wholesome ODF encryption, but
$LO_ARGON2_DISABLE can be set to use PBKDF2
* extend various structs in package
* use 3 new ODF attributes "loext:argon2-iterations" "loext:argon2-memory"
"loext:argon2-lanes" to store the arguments
* use this URL for now:
"urn:org:documentfoundation:names:experimental:office:manifest:argon2id"
* use default arguments according to second recommendation from "7.4.
Recommendations" of RFC9106; 64 MiB RAM should hopefully not be too
much even for 32 bit builds
Change-Id: I683118cc5e0706bd6544db6fb909096768ac9920
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161009
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
(cherry picked from commit 2f512aaa6c39390a5a0eb1d1e37f070127d068a4)
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161024
Diffstat (limited to 'sfx2')
| -rw-r--r-- | sfx2/source/doc/objstor.cxx | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/sfx2/source/doc/objstor.cxx b/sfx2/source/doc/objstor.cxx index 40449b004713..ea1063ea81c1 100644 --- a/sfx2/source/doc/objstor.cxx +++ b/sfx2/source/doc/objstor.cxx @@ -58,6 +58,7 @@ #include <com/sun/star/text/XTextRange.hpp> #include <com/sun/star/xml/crypto/CipherID.hpp> #include <com/sun/star/xml/crypto/DigestID.hpp> +#include <com/sun/star/xml/crypto/KDFID.hpp> #include <com/sun/star/document/XDocumentProperties.hpp> #include <com/sun/star/document/XDocumentPropertiesSupplier.hpp> @@ -336,7 +337,8 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto { { "StartKeyGenerationAlgorithm", css::uno::Any(xml::crypto::DigestID::SHA1) }, { "EncryptionAlgorithm", css::uno::Any(xml::crypto::CipherID::BLOWFISH_CFB_8) }, - { "ChecksumAlgorithm", css::uno::Any(xml::crypto::DigestID::SHA1_1K) } + { "ChecksumAlgorithm", css::uno::Any(xml::crypto::DigestID::SHA1_1K) }, + { "KeyDerivationFunction", css::uno::Any(xml::crypto::KDFID::PBKDF2) }, }; if (nDefVersion >= SvtSaveOptions::ODFSVER_012) @@ -367,6 +369,10 @@ void SfxObjectShell::SetupStorage( const uno::Reference< embed::XStorage >& xSto { pEncryptionAlgs[1].Value <<= xml::crypto::CipherID::AES_GCM_W3C; pEncryptionAlgs[2].Value.clear(); + if (!getenv("LO_ARGON2_DISABLE")) + { + pEncryptionAlgs[3].Value <<= xml::crypto::KDFID::Argon2id; + } } else { |