1 files changed, 59 insertions, 10 deletions

diff --git a/svl/source/passwordcontainer/passwordcontainer.hxx b/svl/source/passwordcontainer/passwordcontainer.hxx
index 3da1e606d4d1..db6cc4a02e43 100644
--- a/svl/source/passwordcontainer/passwordcontainer.hxx
+++ b/svl/source/passwordcontainer/passwordcontainer.hxx
@@ -36,6 +36,7 @@
 #include <unotools/configitem.hxx>
 #include <ucbhelper/interactionrequest.hxx>
 
+#include <rtl/random.h>
 #include <rtl/ref.hxx>
 #include <osl/mutex.hxx>
 
@@ -54,11 +55,12 @@ class NamePassRecord
     ::std::vector< OUString >                      m_aMemPass;
 
     // persistent passwords are encrypted in one string
-    bool                                                  m_bHasPersPass;
+    bool                                           m_bHasPersPass;
     OUString                                       m_aPersPass;
+    OUString                                       m_aPersistentIV;
 
     void InitArrays( bool bHasMemoryList, const ::std::vector< OUString >& aMemoryList,
-                     bool bHasPersistentList, const OUString& aPersistentList )
+                     bool bHasPersistentList, const OUString& aPersistentList, const OUString& aPersistentIV )
     {
         m_bHasMemPass = bHasMemoryList;
         if ( bHasMemoryList )
@@ -66,7 +68,10 @@ class NamePassRecord
 
         m_bHasPersPass = bHasPersistentList;
         if ( bHasPersistentList )
+        {
             m_aPersPass = aPersistentList;
+            m_aPersistentIV = aPersistentIV;
+        }
     }
 
 public:
@@ -78,11 +83,12 @@ public:
     {
     }
 
-    NamePassRecord( const OUString& aName, const OUString& aPersistentList )
+    NamePassRecord( const OUString& aName, const OUString& aPersistentList, const OUString& aPersistentIV )
         : m_aName( aName )
         , m_bHasMemPass( false )
         , m_bHasPersPass( true )
         , m_aPersPass( aPersistentList )
+        , m_aPersistentIV( aPersistentIV )
     {
     }
 
@@ -91,7 +97,8 @@ public:
         , m_bHasMemPass( false )
         , m_bHasPersPass( false )
     {
-        InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+        InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+                    aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
     }
 
     NamePassRecord& operator=( const NamePassRecord& aRecord )
@@ -100,7 +107,9 @@ public:
 
         m_aMemPass.clear();
         m_aPersPass.clear();
-        InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass, aRecord.m_bHasPersPass, aRecord.m_aPersPass );
+        m_aPersistentIV.clear();
+        InitArrays( aRecord.m_bHasMemPass, aRecord.m_aMemPass,
+                    aRecord.m_bHasPersPass, aRecord.m_aPersPass, aRecord.m_aPersistentIV );
 
         return *this;
     }
@@ -136,15 +145,24 @@ public:
         return OUString();
     }
 
+    OUString GetPersistentIV() const
+    {
+        if ( m_bHasPersPass )
+            return m_aPersistentIV;
+
+        return OUString();
+    }
+
     void SetMemPasswords( const ::std::vector< OUString >& aMemList )
     {
         m_aMemPass = aMemList;
         m_bHasMemPass = true;
     }
 
-    void SetPersPasswords( const OUString& aPersList )
+    void SetPersPasswords( const OUString& aPersList, const OUString& aPersIV )
     {
         m_aPersPass = aPersList;
+        m_aPersistentIV = aPersIV;
         m_bHasPersPass = true;
     }
 
@@ -159,6 +177,7 @@ public:
         {
             m_bHasPersPass = false;
             m_aPersPass.clear();
+            m_aPersistentIV.clear();
         }
     }
 
@@ -168,6 +187,10 @@ public:
 typedef ::std::pair< const OUString, ::std::vector< NamePassRecord > > PairUrlRecord;
 typedef ::std::map< OUString, ::std::vector< NamePassRecord > > PassMap;
 
+// org.openoffice.Office.Common/Passwords/StorageVersion bump if details of
+// how password details are saved changes. Enables migration from previous
+// schemes.
+constexpr sal_Int32 nCurrentStorageVersion = 1;
 
 class PasswordContainer;
 
@@ -178,6 +201,7 @@ private:
     PasswordContainer*     mainCont;
     bool                   hasEncoded;
     OUString        mEncoded;
+    OUString        mEncodedIV;
 
     virtual void            ImplCommit() override;
 
@@ -196,8 +220,10 @@ public:
     void remove( const OUString& url, const OUString& rec );
     void clear();
 
-    bool getEncodedMP( OUString& aResult );
-    void setEncodedMP( const OUString& aResult, bool bAcceptEnmpty = false );
+    sal_Int32 getStorageVersion();
+
+    bool getEncodedMP( OUString& aResult, OUString& aResultIV );
+    void setEncodedMP( const OUString& aResult, const OUString& aResultIV, bool bAcceptEmpty = false );
     void setUseStorage( bool bUse );
     bool useStorage();
 
@@ -218,6 +244,29 @@ private:
     css::uno::Reference< css::lang::XComponent > mComponent;
     SysCredentialsConfig mUrlContainer;
 
+    class RandomPool
+    {
+    private:
+        rtlRandomPool m_aRandomPool;
+    public:
+        RandomPool() : m_aRandomPool(rtl_random_createPool())
+        {
+        }
+        rtlRandomPool get()
+        {
+            return m_aRandomPool;
+        }
+        ~RandomPool()
+        {
+            // Clean up random pool memory
+            rtl_random_destroyPool(m_aRandomPool);
+        }
+    };
+
+    RandomPool mRandomPool;
+
+    OUString createIV();
+
     /// @throws css::uno::RuntimeException
     css::uno::Sequence< css::task::UserRecord > CopyToUserRecordSequence(
                                         const ::std::vector< NamePassRecord >& original,
@@ -268,10 +317,10 @@ css::task::UrlRecord find(
                               const css::uno::Reference< css::task::XInteractionHandler >& Handler );
 
     /// @throws css::uno::RuntimeException
-    static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
+    static ::std::vector< OUString > DecodePasswords( const OUString& aLine, const OUString& aIV, const OUString& aMasterPassword, css::task::PasswordRequestMode mode );
 
     /// @throws css::uno::RuntimeException
-    static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aMasterPassword );
+    static OUString EncodePasswords(const std::vector< OUString >& lines, const OUString& aIV, const OUString& aMasterPassword );
 
 public:
     PasswordContainer( const css::uno::Reference< css::lang::XMultiServiceFactory >& );