tdf#114939 package,comphelper: Try both real SHA1 and StarOffice SHA1

... when importing ODF documents.

In CreatePackageEncryptionData(), add a 3rd SHA1 password hash,
PackageSHA1CorrectEncryptionKey, to EncryptionData.

Use it in ZipPackageStream::getDataStream(), which has 3 fall-backs
for SHA1 bugs now.

Also add a CorrectSHA1DigestContext, to be used together with
PackageSHA1CorrectEncryptionKey, and rename the existing one to
StarOfficeSHA1DigestContext, to be used together with the existing
2 PackageSHA1{UTF8,MS1252}EncryptionKey.

The fallback won't be used very often anyway: for the password SHA1
to be wrong, you need a password between 52 and 55 bytes long,
and for the SHA1/1K checksum to be wrong, you need a file
smaller than 1K with compressed size mod 64 between 52 and 55;
all XML files have enough random "chaff" added to be too large.

Test that we can read both correct SHA1 and StarOffice SHA1.

Change-Id: I988fa489b5e40c7657f404f18538f637d54d28f1
(cherry picked from commit 9188ea83c346fdc2f668178ae7538665a1b09c02)
Reviewed-on: https://gerrit.libreoffice.org/48001
Tested-by: Jenkins <ci@libreoffice.org>
Reviewed-by: Caolán McNamara <caolanm@redhat.com>
Tested-by: Caolán McNamara <caolanm@redhat.com>

4 files changed, 22 insertions, 5 deletions

diff --git a/sw/qa/extras/inc/swmodeltestbase.hxx b/sw/qa/extras/inc/swmodeltestbase.hxx
index 4d5ff8dae901..3b5427fd7089 100644
--- a/sw/qa/extras/inc/swmodeltestbase.hxx
+++ b/sw/qa/extras/inc/swmodeltestbase.hxx
@@ -688,11 +688,18 @@ protected:
             aMediaDescriptor["FilterOptions"] <<= maFilterOptions;
         if (pPassword)
         {
-            OUString sPassword = OUString::createFromAscii(pPassword);
-            css::uno::Sequence<css::beans::NamedValue> aEncryptionData {
-                { "OOXPassword", css::uno::makeAny(sPassword) }
-            };
-            aMediaDescriptor[utl::MediaDescriptor::PROP_ENCRYPTIONDATA()] <<= aEncryptionData;
+            if (strcmp(pFilter, "Office Open XML Text"))
+            {
+                aMediaDescriptor["Password"] <<= OUString::createFromAscii(pPassword);
+            }
+            else
+            {
+                OUString sPassword = OUString::createFromAscii(pPassword);
+                css::uno::Sequence<css::beans::NamedValue> aEncryptionData {
+                    { "OOXPassword", css::uno::makeAny(sPassword) }
+                };
+                aMediaDescriptor[utl::MediaDescriptor::PROP_ENCRYPTIONDATA()] <<= aEncryptionData;
+            }
         }
         xStorable->storeToURL(maTempFile.GetURL(), aMediaDescriptor.getAsConstPropertyValueList());
         uno::Reference<lang::XComponent> xComponent(xStorable, uno::UNO_QUERY);
diff --git a/sw/qa/extras/odfexport/data/sha1_correct.odt b/sw/qa/extras/odfexport/data/sha1_correct.odt
new file mode 100644
index 000000000000..01cbb0a073b2
--- /dev/null
+++ b/sw/qa/extras/odfexport/data/sha1_correct.odt
diff --git a/sw/qa/extras/odfexport/data/sha1_wrong.odt b/sw/qa/extras/odfexport/data/sha1_wrong.odt
new file mode 100644
index 000000000000..94032025b3d9
--- /dev/null
+++ b/sw/qa/extras/odfexport/data/sha1_wrong.odt
diff --git a/sw/qa/extras/odfexport/odfexport.cxx b/sw/qa/extras/odfexport/odfexport.cxx
index 60a1ceef489f..1e7b1badbe06 100644
--- a/sw/qa/extras/odfexport/odfexport.cxx
+++ b/sw/qa/extras/odfexport/odfexport.cxx
@@ -276,6 +276,16 @@ DECLARE_ODFEXPORT_TEST(testFramebackgrounds, "framebackgrounds.odt")
     }
 }
 
+DECLARE_SW_ROUNDTRIP_TEST(testSHA1Correct, "sha1_correct.odt", "1012345678901234567890123456789012345678901234567890", Test)
+{   // tdf#114939 this has both an affected password as well as content.xml
+    getParagraph(1, "012");
+}
+
+DECLARE_SW_ROUNDTRIP_TEST(testSHA1Wrong, "sha1_wrong.odt", "1012345678901234567890123456789012345678901234567890", Test)
+{   // tdf#114939 this has both an affected password as well as content.xml
+    getParagraph(1, "012");
+}
+
 DECLARE_ODFEXPORT_TEST(testOOoxmlEmbedded, "oooxml_embedded.sxw")
 {
     uno::Reference<text::XTextEmbeddedObjectsSupplier> xTEOSupplier(mxComponent, uno::UNO_QUERY);