office-gobmx/offapi/com/sun/star/embed/XEncryptionProtectedStorage.idl
Michael Stahl 2f512aaa6c tdf#105844 offapi,package,sfx2: use Argon2 for wholesome ODF encryption
https://www.rfc-editor.org/rfc/rfc9106.html

* add css::xml::crypto::KDFID constant group
* add "KeyDerivationFunction" to setEncryptionAlgorithms sequence
* Argon2 is used by default for wholesome ODF encryption, but
  $LO_ARGON2_DISABLE can be set to use PBKDF2
* extend various structs in package
* use 3 new ODF attributes "loext:argon2-iterations" "loext:argon2-memory"
  "loext:argon2-lanes" to store the arguments
* use this URL for now:
  "urn:org:documentfoundation:names:experimental🏢manifest:argon2id"
* use default arguments according to second recommendation from "7.4.
  Recommendations" of RFC9106; 64 MiB RAM should hopefully not be too
  much even for 32 bit builds

Change-Id: I683118cc5e0706bd6544db6fb909096768ac9920
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/161009
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
2023-12-20 18:29:36 +01:00

123 lines
4.9 KiB
Text

/* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
/*
* This file is part of the LibreOffice project.
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* This file incorporates work covered by the following license notice:
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed
* with this work for additional information regarding copyright
* ownership. The ASF licenses this file to you under the Apache
* License, Version 2.0 (the "License"); you may not use this file
* except in compliance with the License. You may obtain a copy of
* the License at http://www.apache.org/licenses/LICENSE-2.0 .
*/
module com { module sun { module star { module embed {
/** This interface allows to set a password for an object.
@since OOo 3.4
*/
interface XEncryptionProtectedStorage: XEncryptionProtectedSource2
{
/** allows to set the encryption algorithms for the object.
<p>
The algorithms will of course be used only for streams that have been
marked to be encrypted. If no stream in the storage is marked to be
encrypted, the algorithms-related information may have no effect to
the result package.
</p>
<p>
The following values could be part of the provided sequence:
</p>
<dl>
<dt>StartKeyGenerationAlgorithm</dt>
<dd>
specifies the algorithm that was used to generate
the EncryptionKey from the original password; in case
the contents should be decrypted, the algorithm might
be already known by the object; if a different one is
set an exception should be thrown to indicate the
error; it should take values from
com::sun::star::xml:crypto::DigestID.
</dd>
<dt>KeyDerivationFunction</dt>
<dd>
specifies the algorithm that was used to derive the
encryption key from the password; it is applied to
the result of the StartKeyGenerationAlgorithm;
it should take values from
com::sun::star::xml:crypto::KDFID.
</dd>
<dt>EncryptionAlgorithm</dt>
<dd>
specifies the algorithm that should be used to
encrypt/decrypt the contents; in case the contents
should be decrypted, the algorithm might be already
known by the object; if a different one is set
an exception should be thrown to indicate the error;
it should take values from
com::sun::star::xml:crypto::CipherID.
</dd>
<dt>ChecksumAlgorithm</dt>
<dd>
specifies the algorithm that was used to generate
the checksum of the encrypted data; in case
the contents should be decrypted, the algorithm might
be already known by the object; if a different one is
set an exception should be thrown to indicate the
error; it should take values from
com::sun::star::xml:crypto::DigestID.
</dd>
</dl>
*/
void setEncryptionAlgorithms( [in] sequence< ::com::sun::star::beans::NamedValue > aAlgorithms )
raises( ::com::sun::star::lang::IllegalArgumentException );
/** allows to get the encryption algorithms of the object.
*/
sequence< ::com::sun::star::beans::NamedValue > getEncryptionAlgorithms();
/** set OpenPGP-specific encryption properties
<p>
When provided, switch ODF package encryption to OpenPGP.
</p>
<p>
For each recipient, add one sequence of named values, each of
the same structure. The following values could be part of that
provided sequence:
</p>
<dl>
<dt>KeyId</dt>
<dd>
specifies OpenPGP key ID or fingerprint of the public
key used to encrypt this session key against
</dd>
<dt>KeyPacket</dt>
<dd>
(optional) public key packet of the key used to encrypt
</dd>
<dt>CipherValue</dt>
<dd>
OpenPGP-encrypted session key for this recipient
</dd>
</dl>
@since LibreOffice 6.0
*/
void setGpgProperties( [in] sequence< sequence< ::com::sun::star::beans::NamedValue > > aProps )
raises( ::com::sun::star::lang::IllegalArgumentException );
};
}; }; }; };
/* vim:set shiftwidth=4 softtabstop=4 expandtab: */