2f512aaa6c
https://www.rfc-editor.org/rfc/rfc9106.html * add css::xml::crypto::KDFID constant group * add "KeyDerivationFunction" to setEncryptionAlgorithms sequence * Argon2 is used by default for wholesome ODF encryption, but $LO_ARGON2_DISABLE can be set to use PBKDF2 * extend various structs in package * use 3 new ODF attributes "loext:argon2-iterations" "loext:argon2-memory" "loext:argon2-lanes" to store the arguments * use this URL for now: "urn:org:documentfoundation:names:experimental🏢manifest:argon2id" * use default arguments according to second recommendation from "7.4. Recommendations" of RFC9106; 64 MiB RAM should hopefully not be too much even for 32 bit builds Change-Id: I683118cc5e0706bd6544db6fb909096768ac9920 Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161009 Tested-by: Jenkins Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
123 lines
4.9 KiB
Text
123 lines
4.9 KiB
Text
/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
|
|
/*
|
|
* This file is part of the LibreOffice project.
|
|
*
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
|
*
|
|
* This file incorporates work covered by the following license notice:
|
|
*
|
|
* Licensed to the Apache Software Foundation (ASF) under one or more
|
|
* contributor license agreements. See the NOTICE file distributed
|
|
* with this work for additional information regarding copyright
|
|
* ownership. The ASF licenses this file to you under the Apache
|
|
* License, Version 2.0 (the "License"); you may not use this file
|
|
* except in compliance with the License. You may obtain a copy of
|
|
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
|
|
*/
|
|
|
|
|
|
module com { module sun { module star { module embed {
|
|
|
|
/** This interface allows to set a password for an object.
|
|
|
|
@since OOo 3.4
|
|
*/
|
|
interface XEncryptionProtectedStorage: XEncryptionProtectedSource2
|
|
{
|
|
/** allows to set the encryption algorithms for the object.
|
|
<p>
|
|
The algorithms will of course be used only for streams that have been
|
|
marked to be encrypted. If no stream in the storage is marked to be
|
|
encrypted, the algorithms-related information may have no effect to
|
|
the result package.
|
|
</p>
|
|
|
|
<p>
|
|
The following values could be part of the provided sequence:
|
|
</p>
|
|
<dl>
|
|
<dt>StartKeyGenerationAlgorithm</dt>
|
|
<dd>
|
|
specifies the algorithm that was used to generate
|
|
the EncryptionKey from the original password; in case
|
|
the contents should be decrypted, the algorithm might
|
|
be already known by the object; if a different one is
|
|
set an exception should be thrown to indicate the
|
|
error; it should take values from
|
|
com::sun::star::xml:crypto::DigestID.
|
|
</dd>
|
|
<dt>KeyDerivationFunction</dt>
|
|
<dd>
|
|
specifies the algorithm that was used to derive the
|
|
encryption key from the password; it is applied to
|
|
the result of the StartKeyGenerationAlgorithm;
|
|
it should take values from
|
|
com::sun::star::xml:crypto::KDFID.
|
|
</dd>
|
|
<dt>EncryptionAlgorithm</dt>
|
|
<dd>
|
|
specifies the algorithm that should be used to
|
|
encrypt/decrypt the contents; in case the contents
|
|
should be decrypted, the algorithm might be already
|
|
known by the object; if a different one is set
|
|
an exception should be thrown to indicate the error;
|
|
it should take values from
|
|
com::sun::star::xml:crypto::CipherID.
|
|
</dd>
|
|
<dt>ChecksumAlgorithm</dt>
|
|
<dd>
|
|
specifies the algorithm that was used to generate
|
|
the checksum of the encrypted data; in case
|
|
the contents should be decrypted, the algorithm might
|
|
be already known by the object; if a different one is
|
|
set an exception should be thrown to indicate the
|
|
error; it should take values from
|
|
com::sun::star::xml:crypto::DigestID.
|
|
</dd>
|
|
</dl>
|
|
*/
|
|
void setEncryptionAlgorithms( [in] sequence< ::com::sun::star::beans::NamedValue > aAlgorithms )
|
|
raises( ::com::sun::star::lang::IllegalArgumentException );
|
|
|
|
/** allows to get the encryption algorithms of the object.
|
|
*/
|
|
sequence< ::com::sun::star::beans::NamedValue > getEncryptionAlgorithms();
|
|
|
|
/** set OpenPGP-specific encryption properties
|
|
|
|
<p>
|
|
When provided, switch ODF package encryption to OpenPGP.
|
|
</p>
|
|
<p>
|
|
For each recipient, add one sequence of named values, each of
|
|
the same structure. The following values could be part of that
|
|
provided sequence:
|
|
</p>
|
|
<dl>
|
|
<dt>KeyId</dt>
|
|
<dd>
|
|
specifies OpenPGP key ID or fingerprint of the public
|
|
key used to encrypt this session key against
|
|
</dd>
|
|
<dt>KeyPacket</dt>
|
|
<dd>
|
|
(optional) public key packet of the key used to encrypt
|
|
</dd>
|
|
<dt>CipherValue</dt>
|
|
<dd>
|
|
OpenPGP-encrypted session key for this recipient
|
|
</dd>
|
|
</dl>
|
|
|
|
@since LibreOffice 6.0
|
|
*/
|
|
void setGpgProperties( [in] sequence< sequence< ::com::sun::star::beans::NamedValue > > aProps )
|
|
raises( ::com::sun::star::lang::IllegalArgumentException );
|
|
};
|
|
|
|
|
|
}; }; }; };
|
|
|
|
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|