oox: Agile encryption and data integrity verification

Desktop / LibreOffice - Tomaž Vajngerl [collabora.co.uk] - 6 July 2018 16:27 EDT

This adds agile encryption for OOXML documents. Previously we always used the standard encryption used in MSO 2007 for max. compatibility, but new MSO versions (2010+) use the agile encryption, which allows more strong encryption methods (AES256 with SHA512). With this change we can now use do AES128 with SHA1 or AES256 with SHA512 encryption.

In addition the agile encryption has data verification with HMAC hashing. With this change we also now write the data verification hash into the encrypted document and in addition also do data
verification when opening / decrypting a document, so to make sure the document is not corrupted.

Change-Id: Ib45d397df228c355941eefb76d51e5d6f8925470 Reviewed-on: https://gerrit.libreoffice.org/56974

ce560ee99ebf oox: Agile encryption and data integrity verification
include/oox/crypto/AgileEngine.hxx | 88 +++++-
include/oox/crypto/CryptoEngine.hxx | 19 +-
include/oox/crypto/Standard2007Engine.hxx | 18 +-
oox/qa/unit/CryptoTest.cxx | 281 ++++++++++++++++-
oox/source/core/filterdetect.cxx | 21 +-
oox/source/crypto/AgileEngine.cxx | 481 ++++++++++++++++++++++++++++--
oox/source/crypto/DocumentDecryption.cxx | 3 +
oox/source/crypto/DocumentEncryption.cxx | 31 +-
oox/source/crypto/Standard2007Engine.cxx | 39 ++-
9 files changed, 885 insertions(+), 96 deletions(-)

Upstream: cgit.freedesktop.org


  • Share