From b8ea5a835ec07d0f84cd8ec2d0dab976edcfcebe Mon Sep 17 00:00:00 2001 From: Tomaž Vajngerl Date: Thu, 21 Nov 2024 13:13:14 +0900 Subject: pdf: change encryption to use new random IV on each encrypt call MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This is how it's supposed to work - not to have same IV all the time we are encoding (that's why the IV is written to the stream). Change-Id: I17a1d98bd5cf6f06b830eaea04822b8793d4e0d7 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/176984 Reviewed-by: Miklos Vajna Tested-by: Jenkins CollaboraOffice Reviewed-on: https://gerrit.libreoffice.org/c/core/+/178761 Reviewed-by: Tomaž Vajngerl Tested-by: Jenkins --- vcl/source/pdf/PDFEncryptorR6.cxx | 33 +++++++++++++++------------------ 1 file changed, 15 insertions(+), 18 deletions(-) (limited to 'vcl/source') diff --git a/vcl/source/pdf/PDFEncryptorR6.cxx b/vcl/source/pdf/PDFEncryptorR6.cxx index c16d7cb1a276..d951b738246f 100644 --- a/vcl/source/pdf/PDFEncryptorR6.cxx +++ b/vcl/source/pdf/PDFEncryptorR6.cxx @@ -256,28 +256,25 @@ class VCL_DLLPUBLIC EncryptionContext { private: std::vector maKey; - std::vector maInitVector; public: - EncryptionContext(std::vector const& rKey, std::vector const& rIV) + EncryptionContext(std::vector const& rKey) : maKey(rKey) - , maInitVector(rIV) { } - /** Algorithm 1.A: Encryption of data using the AES algorithms - * - **/ - void encrypt(const void* pInput, sal_uInt64 nInputSize, std::vector& rOutput) + /** Algorithm 1.A: Encryption of data using the AES algorithms */ + void encrypt(const void* pInput, sal_uInt64 nInputSize, std::vector& rOutput, + std::vector& rIV) { - comphelper::Encrypt aEncrypt(maKey, maInitVector, comphelper::CryptoType::AES_256_CBC); + comphelper::Encrypt aEncrypt(maKey, rIV, comphelper::CryptoType::AES_256_CBC); const sal_uInt8* pInputBytes = static_cast(pInput); std::vector aInput(pInputBytes, pInputBytes + nInputSize); size_t nPaddedSize = addPaddingToVector(aInput, BLOCK_SIZE); std::vector aOutput(nPaddedSize); aEncrypt.update(aOutput, aInput); rOutput.resize(nPaddedSize + IV_SIZE); - std::copy(maInitVector.begin(), maInitVector.end(), rOutput.begin()); + std::copy(rIV.begin(), rIV.end(), rOutput.begin()); std::copy(aOutput.begin(), aOutput.end(), rOutput.begin() + IV_SIZE); } }; @@ -357,21 +354,21 @@ sal_uInt64 PDFEncryptorR6::calculateSizeIncludingHeader(sal_uInt64 nSize) void PDFEncryptorR6::setupEncryption(std::vector& rEncryptionKey, sal_Int32 /*nObject*/) { - std::vector aInitVector; - generateBytes(aInitVector, IV_SIZE); - m_pEncryptionContext = std::make_unique(rEncryptionKey, aInitVector); + m_pEncryptionContext = std::make_unique(rEncryptionKey); } -void PDFEncryptorR6::setupEncryptionWithIV(std::vector& rEncryptionKey, - std::vector& rInitvector) +void PDFEncryptorR6::encrypt(const void* pInput, sal_uInt64 nInputSize, + std::vector& rOutput, sal_uInt64 /*nOutputSize*/) { - m_pEncryptionContext = std::make_unique(rEncryptionKey, rInitvector); + std::vector aIV; + generateBytes(aIV, IV_SIZE); + m_pEncryptionContext->encrypt(pInput, nInputSize, rOutput, aIV); } -void PDFEncryptorR6::encrypt(const void* pInput, sal_uInt64 nInputSize, - std::vector& rOutput, sal_uInt64 /*nOutputSize*/) +void PDFEncryptorR6::encryptWithIV(const void* pInput, sal_uInt64 nInputSize, + std::vector& rOutput, std::vector& rIV) { - m_pEncryptionContext->encrypt(pInput, nInputSize, rOutput); + m_pEncryptionContext->encrypt(pInput, nInputSize, rOutput, rIV); } } // end vcl::pdf -- cgit