diff options
| author | Tünde Tóth <toth.tunde@nisz.hu> | 2021-09-01 15:47:40 +0200 |
|---|---|---|
| committer | László Németh <nemeth@numbertext.org> | 2021-09-16 15:54:57 +0200 |
| commit | 40f38fd16dad4374543d4a7a109b3264837ce8d1 (patch) | |
| tree | e7d7691f45b9fb0edade4ce6c3bca6739cbed43d /comphelper | |
| parent | 522905a0674992fe2ab52afc1415c46ad33cf7f0 (diff) | |
tdf#115933 XLSX import: fix permission for editing
The passwords for editing in XLSX documents
created with Excel weren't asked and verified.
Note: LibreOffice supports only a subset of the hashing
algorithms specified in MS-OE376, according to
DocPasswordHelper::GetOoxHashAsVector() and
https://docs.microsoft.com/en-us/openspecs/office_standards/ms-oe376/f70a4140-340b-4e94-a604-dff25b9846b1.
Also the documents encrypted with unsupported algorithms
got edit protection now, but it's not possible to add
permission to edit them (copy of these documents are still
editable).
Change-Id: Iabc90f6bba4ed071dd2c60e9dea905481816964b
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/121497
Tested-by: László Németh <nemeth@numbertext.org>
Reviewed-by: László Németh <nemeth@numbertext.org>
Diffstat (limited to 'comphelper')
| -rw-r--r-- | comphelper/source/misc/docpasswordhelper.cxx | 40 |
1 files changed, 31 insertions, 9 deletions
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx index cd7090944dc0..980faff14698 100644 --- a/comphelper/source/misc/docpasswordhelper.cxx +++ b/comphelper/source/misc/docpasswordhelper.cxx @@ -116,8 +116,7 @@ bool DocPasswordHelper::IsModifyPasswordCorrect( std::u16string_view aPassword, if ( !aPassword.empty() && aInfo.hasElements() ) { OUString sAlgorithm; - uno::Sequence< sal_Int8 > aSalt; - uno::Sequence< sal_Int8 > aHash; + uno::Any aSalt, aHash; sal_Int32 nCount = 0; for ( const auto & prop : aInfo ) @@ -125,20 +124,43 @@ bool DocPasswordHelper::IsModifyPasswordCorrect( std::u16string_view aPassword, if ( prop.Name == "algorithm-name" ) prop.Value >>= sAlgorithm; else if ( prop.Name == "salt" ) - prop.Value >>= aSalt; + aSalt = prop.Value; else if ( prop.Name == "iteration-count" ) prop.Value >>= nCount; else if ( prop.Name == "hash" ) - prop.Value >>= aHash; + aHash = prop.Value; } - if ( sAlgorithm == "PBKDF2" && aSalt.hasElements() && nCount > 0 && aHash.hasElements() ) + if ( sAlgorithm == "PBKDF2" ) { - uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, aHash.getLength() ); - for ( sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aHash.getLength() && aNewHash[nInd] == aHash[nInd]; nInd ++ ) + uno::Sequence<sal_Int8> aIntSalt, aIntHash; + aSalt >>= aIntSalt; + aHash >>= aIntHash; + if (aIntSalt.hasElements() && nCount > 0 && aIntHash.hasElements()) { - if ( nInd == aNewHash.getLength() - 1 && nInd == aHash.getLength() - 1 ) - bResult = true; + uno::Sequence<sal_Int8> aNewHash + = GeneratePBKDF2Hash(aPassword, aIntSalt, nCount, aIntHash.getLength()); + for (sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aIntHash.getLength() + && aNewHash[nInd] == aIntHash[nInd]; + nInd++) + { + if (nInd == aNewHash.getLength() - 1 && nInd == aIntHash.getLength() - 1) + bResult = true; + } + } + } + else if (nCount > 0) + { + OUString sSalt, sHash; + aSalt >>= sSalt; + aHash >>= sHash; + if (!sSalt.isEmpty() && !sHash.isEmpty()) + { + const OUString aNewHash(GetOoxHashAsBase64(OUString(aPassword), sSalt, nCount, + comphelper::Hash::IterCount::APPEND, + sAlgorithm)); + if (!aNewHash.isEmpty()) + bResult = aNewHash == sHash; } } } |