summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorThorsten Behrens <Thorsten.Behrens@CIB.de>2018-01-11 23:47:24 +0100
committerThorsten Behrens <Thorsten.Behrens@CIB.de>2018-01-13 14:36:27 +0100
commit39805f65189cd0085fe8f1071ae75cdec450c65e (patch)
treea3561e72a034aa6a92949de9a790617a1c972af0
parent6df0c7bc230a424f5aefe583b591df70c6273b6f (diff)
tdf#114550 don't use PBKDF2 in package for gpg encryption
No need to derive password-based key, simply skip rtl_digest_PBKDF2 for the gpg4libre case. Also pass down PBKDF2 iteration count from ZipPackage, which knows about GPG encryption, instead of just always setting it in package stream. We otherwise needlessly iterate session key also for gpg encrypted storages. Change-Id: Ic96b2193f8541bbd109795fb9c0212a0a10c7344 Reviewed-on: https://gerrit.libreoffice.org/47783 Tested-by: Jenkins <ci@libreoffice.org> Reviewed-by: Thorsten Behrens <Thorsten.Behrens@CIB.de>
-rw-r--r--package/inc/ZipPackageEntry.hxx1
-rw-r--r--package/inc/ZipPackageFolder.hxx2
-rw-r--r--package/inc/ZipPackageStream.hxx1
-rw-r--r--package/source/zipapi/ZipFile.cxx9
-rw-r--r--package/source/zippackage/ZipPackage.cxx7
-rw-r--r--package/source/zippackage/ZipPackageFolder.cxx10
-rw-r--r--package/source/zippackage/ZipPackageStream.cxx3
7 files changed, 24 insertions, 9 deletions
diff --git a/package/inc/ZipPackageEntry.hxx b/package/inc/ZipPackageEntry.hxx
index 300b5f25ea67..5e0064f9bf7e 100644
--- a/package/inc/ZipPackageEntry.hxx
+++ b/package/inc/ZipPackageEntry.hxx
@@ -69,6 +69,7 @@ public:
std::vector < css::uno::Sequence < css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) = 0;
void clearParent()
diff --git a/package/inc/ZipPackageFolder.hxx b/package/inc/ZipPackageFolder.hxx
index 0fad51f72ba2..1f65b2ca297e 100644
--- a/package/inc/ZipPackageFolder.hxx
+++ b/package/inc/ZipPackageFolder.hxx
@@ -73,6 +73,7 @@ public:
std::vector < css::uno::Sequence < css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) override;
// Recursive functions
@@ -82,6 +83,7 @@ public:
std::vector < css::uno::Sequence < css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence< sal_Int8 > &rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool & rRandomPool) const;
// XNameContainer
diff --git a/package/inc/ZipPackageStream.hxx b/package/inc/ZipPackageStream.hxx
index b691370bf7e0..014898115517 100644
--- a/package/inc/ZipPackageStream.hxx
+++ b/package/inc/ZipPackageStream.hxx
@@ -133,6 +133,7 @@ public:
std::vector < css::uno::Sequence < css::beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const css::uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) override;
void setZipEntryOnLoading( const ZipEntry &rInEntry);
diff --git a/package/source/zipapi/ZipFile.cxx b/package/source/zipapi/ZipFile.cxx
index 3d4abb65a8f9..1d10a56aaf9c 100644
--- a/package/source/zipapi/ZipFile.cxx
+++ b/package/source/zipapi/ZipFile.cxx
@@ -170,7 +170,14 @@ uno::Reference< xml::crypto::XCipherContext > ZipFile::StaticGetCipher( const un
}
uno::Sequence< sal_Int8 > aDerivedKey( xEncryptionData->m_nDerivedKeySize );
- if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),
+ if ( !xEncryptionData->m_nIterationCount &&
+ xEncryptionData->m_nDerivedKeySize == xEncryptionData->m_aKey.getLength() )
+ {
+ // gpg4libre: no need to derive key, m_aKey is already
+ // usable as symmetric session key
+ aDerivedKey = xEncryptionData->m_aKey;
+ }
+ else if ( rtl_Digest_E_None != rtl_digest_PBKDF2( reinterpret_cast< sal_uInt8* >( aDerivedKey.getArray() ),
aDerivedKey.getLength(),
reinterpret_cast< const sal_uInt8 * > (xEncryptionData->m_aKey.getConstArray() ),
xEncryptionData->m_aKey.getLength(),
diff --git a/package/source/zippackage/ZipPackage.cxx b/package/source/zippackage/ZipPackage.cxx
index 967e0eded056..2a918c8df630 100644
--- a/package/source/zippackage/ZipPackage.cxx
+++ b/package/source/zippackage/ZipPackage.cxx
@@ -287,6 +287,7 @@ void ZipPackage::parseManifest()
pStream->SetToBeCompressed ( true );
pStream->SetToBeEncrypted ( true );
pStream->SetIsEncrypted ( true );
+ pStream->setIterationCount(0);
// clamp to default SHA256 start key magic value,
// c.f. ZipPackageStream::GetEncryptionKey()
@@ -1249,10 +1250,10 @@ uno::Reference< io::XInputStream > ZipPackage::writeTempFile()
const OUString sMediaType ("MediaType");
const OUString sVersion ("Version");
const OUString sFullPath ("FullPath");
+ const bool bIsGpgEncrypt = m_aGpgProps.hasElements();
if ( m_nFormat == embed::StorageFormats::PACKAGE )
{
- bool bIsGpgEncrypt = m_aGpgProps.hasElements();
uno::Sequence < PropertyValue > aPropSeq(
bIsGpgEncrypt ? PKG_SIZE_NOENCR_MNFST+1 : PKG_SIZE_NOENCR_MNFST );
aPropSeq [PKG_MNFST_MEDIATYPE].Name = sMediaType;
@@ -1275,8 +1276,10 @@ uno::Reference< io::XInputStream > ZipPackage::writeTempFile()
// for encrypted streams
RandomPool aRandomPool;
+ sal_Int32 const nPBKDF2IterationCount = 100000;
+
// call saveContents ( it will recursively save sub-directories
- m_xRootFolder->saveContents("", aManList, aZipOut, GetEncryptionKey(), aRandomPool.get());
+ m_xRootFolder->saveContents("", aManList, aZipOut, GetEncryptionKey(), bIsGpgEncrypt ? 0 : nPBKDF2IterationCount, aRandomPool.get());
}
if( m_nFormat == embed::StorageFormats::PACKAGE )
diff --git a/package/source/zippackage/ZipPackageFolder.cxx b/package/source/zippackage/ZipPackageFolder.cxx
index e76381826fe3..8d9556069d95 100644
--- a/package/source/zippackage/ZipPackageFolder.cxx
+++ b/package/source/zippackage/ZipPackageFolder.cxx
@@ -257,6 +257,7 @@ bool ZipPackageFolder::saveChild(
std::vector < uno::Sequence < PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool)
{
const OUString sMediaTypeProperty ("MediaType");
@@ -278,7 +279,7 @@ bool ZipPackageFolder::saveChild(
else
aPropSet.realloc( 0 );
- saveContents( sTempName, rManList, rZipOut, rEncryptionKey, rRandomPool);
+ saveContents( sTempName, rManList, rZipOut, rEncryptionKey, nPBKDF2IterationCount, rRandomPool);
// folder can have a mediatype only in package format
if ( aPropSet.getLength() && ( m_nFormat == embed::StorageFormats::PACKAGE ) )
@@ -292,6 +293,7 @@ void ZipPackageFolder::saveContents(
std::vector < uno::Sequence < PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool ) const
{
bool bWritingFailed = false;
@@ -330,7 +332,7 @@ void ZipPackageFolder::saveContents(
{
bMimeTypeStreamStored = true;
bWritingFailed = !aIter->second->pStream->saveChild(
- rPath + aIter->first, rManList, rZipOut, rEncryptionKey, rRandomPool );
+ rPath + aIter->first, rManList, rZipOut, rEncryptionKey, nPBKDF2IterationCount, rRandomPool );
}
}
@@ -346,12 +348,12 @@ void ZipPackageFolder::saveContents(
if (rInfo.bFolder)
{
bWritingFailed = !rInfo.pFolder->saveChild(
- rPath + rShortName, rManList, rZipOut, rEncryptionKey, rRandomPool );
+ rPath + rShortName, rManList, rZipOut, rEncryptionKey, nPBKDF2IterationCount, rRandomPool );
}
else
{
bWritingFailed = !rInfo.pStream->saveChild(
- rPath + rShortName, rManList, rZipOut, rEncryptionKey, rRandomPool );
+ rPath + rShortName, rManList, rZipOut, rEncryptionKey, nPBKDF2IterationCount, rRandomPool );
}
}
}
diff --git a/package/source/zippackage/ZipPackageStream.cxx b/package/source/zippackage/ZipPackageStream.cxx
index 55ebae82ee48..ec9c4e6a8c5d 100644
--- a/package/source/zippackage/ZipPackageStream.cxx
+++ b/package/source/zippackage/ZipPackageStream.cxx
@@ -507,6 +507,7 @@ bool ZipPackageStream::saveChild(
std::vector < uno::Sequence < beans::PropertyValue > > &rManList,
ZipOutputStream & rZipOut,
const uno::Sequence < sal_Int8 >& rEncryptionKey,
+ sal_Int32 nPBKDF2IterationCount,
const rtlRandomPool &rRandomPool)
{
bool bSuccess = true;
@@ -652,8 +653,6 @@ bool ZipPackageStream::saveChild(
uno::Sequence < sal_Int8 > aSalt( 16 ), aVector( GetBlockSize() );
rtl_random_getBytes ( rRandomPool, aSalt.getArray(), 16 );
rtl_random_getBytes ( rRandomPool, aVector.getArray(), aVector.getLength() );
- sal_Int32 const nPBKDF2IterationCount = 100000;
-
if ( !m_bHaveOwnKey )
{
m_aEncryptionKey = rEncryptionKey;