oox: Handle agile encryption info "reserved" field correctly

The "reserved" filed is written fter the version number major,
minor which is used to identify the encryption as agile. The
"reserved" field must always have the value 0x00000040. This
change writes the reserved filed correctly and when encryption and
when decrypting it checks the value an potentially bails out if
it desn't contain the expected value.

Change-Id: I2045dc64e0c6bbb3318384e25deef2ba8f41b94c
Reviewed-on: https://gerrit.libreoffice.org/57140
Tested-by: Jenkins
Reviewed-by: Tomaž Vajngerl <quikee@gmail.com>

include/filter/msfilter/mscodec.hxx

@@ -438,6 +438,8 @@ const sal_uInt32 VERSION_INFO_2007_FORMAT_SP2   = 0x00020004;
 // version of encryption info - agile (major = 4, minor = 4)
 const sal_uInt32 VERSION_INFO_AGILE         = 0x00040004;
 
+const sal_uInt32 AGILE_ENCRYPTION_RESERVED  = 0x00000040;
+
 const sal_uInt32 SALT_LENGTH                    = 16;
 const sal_uInt32 ENCRYPTED_VERIFIER_LENGTH      = 16;
 const sal_uInt32 SHA1_HASH_LENGTH = RTL_DIGEST_LENGTH_SHA1; // 20

oox/qa/unit/CryptoTest.cxx

@@ -224,7 +224,6 @@ void CryptoTest::testAgileEncrpytionInfoWritingAndParsing()
                 new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
             xInputStream->skipBytes(4); // Encryption type -> Agile
-            xInputStream->skipBytes(4); // Reserved
 
             CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream));
 
@@ -271,7 +270,6 @@ void CryptoTest::testAgileEncrpytionInfoWritingAndParsing()
                 new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
             xInputStream->skipBytes(4); // Encryption type -> Agile
-            xInputStream->skipBytes(4); // Reserved
 
             CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream));
 
@@ -324,7 +322,6 @@ void CryptoTest::testAgileDataIntegrityHmacKey()
             new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
         xInputStream->skipBytes(4); // Encryption type -> Agile
-        xInputStream->skipBytes(4); // Reserved
 
         CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xInputStream));
         CPPUNIT_ASSERT(aEngine.generateEncryptionKey(aPassword));
@@ -391,7 +388,6 @@ void CryptoTest::testAgileEncryptingAndDecrypting()
             new utl::OSeekableInputStreamWrapper(aEncryptionInfo));
 
         xEncryptionInfo->skipBytes(4); // Encryption type -> Agile
-        xEncryptionInfo->skipBytes(4); // Reserved
 
         CPPUNIT_ASSERT(aEngine.readEncryptionInfo(xEncryptionInfo));
 

oox/source/crypto/AgileEngine.cxx

@@ -486,6 +486,16 @@ bool AgileEngine::decrypt(BinaryXInputStream& aInputStream,
 
 bool AgileEngine::readEncryptionInfo(uno::Reference<io::XInputStream> & rxInputStream)
 {
+    // Check reserved value
+    std::vector<sal_uInt8> aExpectedReservedBytes(sizeof(sal_uInt32));
+    ByteOrderConverter::writeLittleEndian(aExpectedReservedBytes.data(), msfilter::AGILE_ENCRYPTION_RESERVED);
+
+    uno::Sequence<sal_Int8> aReadReservedBytes(sizeof(sal_uInt32));
+    rxInputStream->readBytes(aReadReservedBytes, aReadReservedBytes.getLength());
+
+    if (!std::equal(aReadReservedBytes.begin(), aReadReservedBytes.end(), aExpectedReservedBytes.begin()))
+        return false;
+
     mInfo.spinCount = 0;
     mInfo.saltSize = 0;
     mInfo.keyBits = 0;
@@ -695,7 +705,7 @@ bool AgileEngine::setupEncryptionKey(OUString const & rPassword)
 void AgileEngine::writeEncryptionInfo(BinaryXOutputStream & rStream)
 {
     rStream.WriteUInt32(msfilter::VERSION_INFO_AGILE);
-    rStream.WriteUInt32(0); // reserved
+    rStream.WriteUInt32(msfilter::AGILE_ENCRYPTION_RESERVED);
 
     SvMemoryStream aMemStream;
     tools::XmlWriter aXmlWriter(&aMemStream);

oox/source/crypto/DocumentDecryption.cxx

@@ -58,7 +58,6 @@ bool DocumentDecryption::readEncryptionInfo()
             break;
         case msfilter::VERSION_INFO_AGILE:
             mCryptoType = AGILE; // Set encryption info format
-            xEncryptionInfo->skipBytes(4);
             mEngine.reset(new AgileEngine);
             break;
         default: