ddn.odf.crypto

ODF package encryption and decryption support.

Implements the ODF encryption specification per ODF 1.2 Part 3.

Supported algorithms

AES-256-CBC, AES-192-CBC, AES-128-CBC (recommended)
Triple DES-CBC (legacy, for reading older documents)
Blowfish-CFB (legacy, for reading older documents)
PBKDF2 key derivation with SHA-1 or SHA-256
SHA-256 checksum verification of decrypted content

Operations

deriveOdfKey() derives an encryption key from password and parameters
encryptOdfEntry() encrypts package entry content
decryptOdfEntry() decrypts an encrypted entry from a package
computeOdfChecksum() / verifyOdfChecksum() for integrity checking

var x

enum OdfChecksum OdfEncryptionAlgorithm OdfKdf

struct OdfEncryptionParams

fn aesCbcDecrypt aesCbcEncrypt blowfishCfbDecrypt computeOdfChecksum decryptOdfEntry deriveOdfKey encryptOdfEntry tripleDesCbcDecrypt verifyOdfChecksum

Types 4

enumOdfEncryptionAlgorithm

Describes the encryption algorithm used for an ODF entry.

AES_256_CBCAES-256-CBC (the ODF 1.2+ standard).

AES_192_CBCAES-192-CBC.

AES_128_CBCAES-128-CBC.

TRIPLE_DES_CBCTriple DES-CBC (ODF 1.2 legacy).

BLOWFISH_CFBBlowfish-CFB (ODF 1.0/1.1 legacy).

UNKNOWNUnknown or unsupported algorithm.

enumOdfKdf

Describes the key derivation function used for password-based encryption.

PBKDF2_HMAC_SHA1PBKDF2 with HMAC-SHA1 (ODF 1.2 default).

PBKDF2_HMAC_SHA256PBKDF2 with HMAC-SHA256 (ODF 1.3+).

UNKNOWNUnknown or unsupported KDF.

enumOdfChecksum

Describes the checksum algorithm used to verify decrypted content.

SHA1SHA-1 checksum (ODF 1.2 default).

SHA256SHA-256 checksum (ODF 1.3+).

UNKNOWNUnknown checksum type.

structOdfEncryptionParams

Parameters for ODF encryption/decryption.

Fields

OdfEncryptionAlgorithm algorithm

OdfKdf keyDerivation

OdfChecksum checksumType

ushort keySize

ushort blockSize

uint iterationCount

ubyte[] salt

ubyte[] initialisationVector

ubyte[] checksum

Methods

bool isSupported() const @safe pure nothrowReturns `true` when the parameters represent a supported configuration that can be decrypted.

Functions 9

ubyte[] decryptOdfEntry(const(ubyte)[]  encryptedData,
    string password,  const  ref  OdfEncryptionParams params)

Decrypts ODF-encrypted content using the given password and parameters.

ubyte[] encryptOdfEntry(const(ubyte)[]  plaintext,
    string password,  ref  OdfEncryptionParams params)

Encrypts ODF content using AES-256-CBC with PBKDF2 key derivation.

ubyte[] deriveOdfKey(string password,
    const  ref  OdfEncryptionParams params)

Derives an encryption key from a password using PBKDF2.

bool verifyOdfChecksum(const(ubyte)[]  plaintext,
    const(ubyte)[]  expectedChecksum,  OdfChecksum checksumType)

Verifies a checksum against decrypted content.

ubyte[] computeOdfChecksum(const(ubyte)[]  data,
    OdfChecksum checksumType)

Computes a checksum over the given data.

ubyte[] aesCbcDecrypt(const(ubyte)[]  ciphertext,
    const(ubyte)[]  key,  const(ubyte)[]  iv)

ubyte[] aesCbcEncrypt(const(ubyte)[]  plaintext,
    const(ubyte)[]  key,  const(ubyte)[]  iv)

ubyte[] tripleDesCbcDecrypt(const(ubyte)[]  ciphertext,
    const(ubyte)[]  key,  const(ubyte)[]  iv)

ubyte[] blowfishCfbDecrypt(const(ubyte)[]  ciphertext,
    const(ubyte)[]  key,  const(ubyte)[]  iv)

Variables 1

private enumvar

x = (string hex)  {
    import  std.conv :  parse;
    auto  result =  new  ubyte[hex.length /  2];
    foreach (i;  0 ..  result.length)  {
       auto  slice =  hex[i *  2 ..  i *  2 +  2];
       result[i]  =  cast(ubyte) parse!uint(slice,  16);
    }
    return  cast(const(ubyte)[]) result;
 }