search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
fix baseline build (old cairo) - 'cairo_rectangle_int_t' does not name a type
[LibreOffice.git] / oox / source / crypto / DocumentDecryption.cxx
blobd582c7ddf63bfd5e80d43b6b3deffea4f293ec9d
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 */
10
11 #include "oox/crypto/DocumentDecryption.hxx"
12
13 #include <comphelper/sequenceashashmap.hxx>
14 #include <sax/tools/converter.hxx>
15 #include <cppuhelper/implbase1.hxx>
16
17 #include <com/sun/star/io/XSeekable.hpp>
18 #include <com/sun/star/uno/XComponentContext.hpp>
19 #include <com/sun/star/xml/sax/XFastParser.hpp>
20 #include <com/sun/star/xml/sax/XFastTokenHandler.hpp>
21 #include <com/sun/star/xml/sax/FastParser.hpp>
22 #include <com/sun/star/xml/sax/FastToken.hpp>
23
24 namespace oox {
25 namespace core {
26
27 using namespace css::beans;
28 using namespace css::io;
29 using namespace css::lang;
30 using namespace css::uno;
31 using namespace css::xml::sax;
32 using namespace css::xml;
33
34 using namespace std;
35
36 using ::comphelper::SequenceAsHashMap;
37 using ::sax::Converter;
38
39 namespace {
40
41 vector<sal_uInt8> convertToVector(Sequence<sal_Int8>& input)
42 {
43 const sal_uInt8* inputArray = reinterpret_cast<const sal_uInt8*>( input.getConstArray() );
44 return vector<sal_uInt8>(inputArray, inputArray + input.getLength());
45 }
46
47 class AgileTokenHandler : public cppu::WeakImplHelper1< XFastTokenHandler >
48 {
49 public:
50 virtual sal_Int32 SAL_CALL getTokenFromUTF8( const Sequence< sal_Int8 >& /*nIdentifier*/ ) throw (RuntimeException, std::exception) SAL_OVERRIDE
51 {
52 return FastToken::DONTKNOW;
53 }
54
55 virtual Sequence<sal_Int8> SAL_CALL getUTF8Identifier(sal_Int32 /*nToken*/) throw (RuntimeException, std::exception) SAL_OVERRIDE
56 {
57 return Sequence<sal_Int8>();
58 }
59 };
60
61 class AgileDocumentHandler : public ::cppu::WeakImplHelper1< XFastDocumentHandler >
62 {
63 AgileEncryptionInfo& mInfo;
64
65 public:
66 explicit AgileDocumentHandler(AgileEncryptionInfo& rInfo) :
67 mInfo(rInfo)
68 {}
69
70 void SAL_CALL startDocument()
71 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
72 {}
73 void SAL_CALL endDocument()
74 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
75 {}
76 void SAL_CALL setDocumentLocator( const Reference< XLocator >& /*xLocator*/ )
77 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
78 {}
79 void SAL_CALL startFastElement( sal_Int32 /*Element*/, const Reference< XFastAttributeList >& /*Attribs*/ )
80 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
81 {}
82
83 void SAL_CALL startUnknownElement( const OUString& /*aNamespace*/, const OUString& aName, const Reference< XFastAttributeList >& aAttributeList )
84 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
85 {
86 if(aName == "keyData")
87 {
88 Sequence<Attribute> aAttributes(aAttributeList->getUnknownAttributes());
89
90 for (int i=0; i<aAttributes.getLength(); i++)
91 {
92 if (aAttributes[i].Name == "saltValue")
93 {
94 Sequence<sal_Int8> keyDataSalt;
95 Converter::decodeBase64(keyDataSalt, aAttributes[i].Value);
96 mInfo.keyDataSalt = convertToVector(keyDataSalt);
97 }
98 }
99 }
100 else if(aName == "encryptedKey")
101 {
102 Sequence<Attribute> aAttributes(aAttributeList->getUnknownAttributes());
103 for (int i=0; i<aAttributes.getLength(); i++)
104 {
105 if (aAttributes[i].Name == "spinCount")
106 {
107 Converter::convertNumber(mInfo.spinCount, aAttributes[i].Value);
108 }
109 else if (aAttributes[i].Name == "saltSize")
110 {
111 Converter::convertNumber(mInfo.saltSize, aAttributes[i].Value);
112 }
113 else if (aAttributes[i].Name == "blockSize")
114 {
115 Converter::convertNumber(mInfo.blockSize, aAttributes[i].Value);
116 }
117 else if (aAttributes[i].Name == "keyBits")
118 {
119 Converter::convertNumber(mInfo.keyBits, aAttributes[i].Value);
120 }
121 else if (aAttributes[i].Name == "hashSize")
122 {
123 Converter::convertNumber(mInfo.hashSize, aAttributes[i].Value);
124 }
125 else if (aAttributes[i].Name == "cipherAlgorithm")
126 {
127 mInfo.cipherAlgorithm = aAttributes[i].Value;
128 }
129 else if (aAttributes[i].Name == "cipherChaining")
130 {
131 mInfo.cipherChaining = aAttributes[i].Value;
132 }
133 else if (aAttributes[i].Name == "hashAlgorithm")
134 {
135 mInfo.hashAlgorithm = aAttributes[i].Value;
136 }
137 else if (aAttributes[i].Name == "saltValue")
138 {
139 Sequence<sal_Int8> saltValue;
140 Converter::decodeBase64(saltValue, aAttributes[i].Value);
141 mInfo.saltValue = convertToVector(saltValue);
142 }
143 else if (aAttributes[i].Name == "encryptedVerifierHashInput")
144 {
145 Sequence<sal_Int8> encryptedVerifierHashInput;
146 Converter::decodeBase64(encryptedVerifierHashInput, aAttributes[i].Value);
147 mInfo.encryptedVerifierHashInput = convertToVector(encryptedVerifierHashInput);
148 }
149 else if (aAttributes[i].Name == "encryptedVerifierHashValue")
150 {
151 Sequence<sal_Int8> encryptedVerifierHashValue;
152 Converter::decodeBase64(encryptedVerifierHashValue, aAttributes[i].Value);
153 mInfo.encryptedVerifierHashValue = convertToVector(encryptedVerifierHashValue);
154 }
155 else if (aAttributes[i].Name == "encryptedKeyValue")
156 {
157 Sequence<sal_Int8> encryptedKeyValue;
158 Converter::decodeBase64(encryptedKeyValue, aAttributes[i].Value);
159 mInfo.encryptedKeyValue = convertToVector(encryptedKeyValue);
160 }
161 }
162 }
163 }
164
165 void SAL_CALL endFastElement( sal_Int32 /*aElement*/ )
166 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
167 {}
168 void SAL_CALL endUnknownElement( const OUString& /*aNamespace*/, const OUString& /*aName*/ )
169 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
170 {}
171
172 Reference< XFastContextHandler > SAL_CALL createFastChildContext( sal_Int32 /*aElement*/, const Reference< XFastAttributeList >& /*aAttribs*/ )
173 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
174 {
175 return NULL;
176 }
177
178 Reference< XFastContextHandler > SAL_CALL createUnknownChildContext( const OUString& /*aNamespace*/, const OUString& /*aName*/, const Reference< XFastAttributeList >& /*aAttribs*/ )
179 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
180 {
181 return this;
182 }
183
184 void SAL_CALL characters( const OUString& /*aChars*/ )
185 throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
186 {}
187 };
188
189 } // namespace
190
191 DocumentDecryption::DocumentDecryption(oox::ole::OleStorage& rOleStorage, Reference<XComponentContext> xContext) :
192 mxContext(xContext),
193 mrOleStorage(rOleStorage),
194 mCryptoType(UNKNOWN)
195 {}
196
197 bool DocumentDecryption::generateEncryptionKey(const OUString& rPassword)
198 {
199 if (mEngine.get())
200 return mEngine->generateEncryptionKey(rPassword);
201 return false;
202 }
203
204 bool DocumentDecryption::readAgileEncryptionInfo(Reference< XInputStream >& xInputStream)
205 {
206 AgileEngine* engine = new AgileEngine();
207 mEngine.reset(engine);
208 AgileEncryptionInfo& info = engine->getInfo();
209
210 Reference<XFastDocumentHandler> xFastDocumentHandler( new AgileDocumentHandler(info) );
211 Reference<XFastTokenHandler> xFastTokenHandler ( new AgileTokenHandler );
212
213 Reference<XFastParser> xParser(
214 css::xml::sax::FastParser::create(mxContext));
215
216 xParser->setFastDocumentHandler( xFastDocumentHandler );
217 xParser->setTokenHandler( xFastTokenHandler );
218
219 InputSource aInputSource;
220 aInputSource.aInputStream = xInputStream;
221 xParser->parseStream( aInputSource );
222
223 // CHECK info data
224 if (2 > info.blockSize || info.blockSize > 4096)
225 return false;
226
227 if (0 > info.spinCount || info.spinCount > 10000000)
228 return false;
229
230 if (1 > info.saltSize|| info.saltSize > 65536) // Check
231 return false;
232
233 // AES 128 CBC with SHA1
234 if (info.keyBits == 128 &&
235 info.cipherAlgorithm == "AES" &&
236 info.cipherChaining == "ChainingModeCBC" &&
237 info.hashAlgorithm == "SHA1" &&
238 info.hashSize == 20)
239 {
240 return true;
241 }
242
243 // AES 256 CBC with SHA512
244 if (info.keyBits == 256 &&
245 info.cipherAlgorithm == "AES" &&
246 info.cipherChaining == "ChainingModeCBC" &&
247 info.hashAlgorithm == "SHA512" &&
248 info.hashSize == 64 )
249 {
250 return true;
251 }
252
253 return false;
254 }
255
256 bool DocumentDecryption::readStandard2007EncryptionInfo(BinaryInputStream& rStream)
257 {
258 Standard2007Engine* engine = new Standard2007Engine();
259 mEngine.reset(engine);
260 StandardEncryptionInfo& info = engine->getInfo();
261
262 info.header.flags = rStream.readuInt32();
263 if( getFlag( info.header.flags, ENCRYPTINFO_EXTERNAL ) )
264 return false;
265
266 sal_uInt32 nHeaderSize = rStream.readuInt32();
267
268 sal_uInt32 actualHeaderSize = sizeof(info.header);
269
270 if( (nHeaderSize < actualHeaderSize) )
271 return false;
272
273 info.header.flags = rStream.readuInt32();
274 info.header.sizeExtra = rStream.readuInt32();
275 info.header.algId = rStream.readuInt32();
276 info.header.algIdHash = rStream.readuInt32();
277 info.header.keyBits = rStream.readuInt32();
278 info.header.providedType = rStream.readuInt32();
279 info.header.reserved1 = rStream.readuInt32();
280 info.header.reserved2 = rStream.readuInt32();
281
282 rStream.skip( nHeaderSize - actualHeaderSize );
283
284 info.verifier.saltSize = rStream.readuInt32();
285 rStream.readArray(info.verifier.salt, SAL_N_ELEMENTS(info.verifier.salt));
286 rStream.readArray(info.verifier.encryptedVerifier, SAL_N_ELEMENTS(info.verifier.encryptedVerifier));
287 info.verifier.encryptedVerifierHashSize = rStream.readuInt32();
288 rStream.readArray(info.verifier.encryptedVerifierHash, SAL_N_ELEMENTS(info.verifier.encryptedVerifierHash));
289
290 if( info.verifier.saltSize != 16 )
291 return false;
292
293 // check flags and algorithm IDs, required are AES128 and SHA-1
294 if( !getFlag( info.header.flags , ENCRYPTINFO_CRYPTOAPI ) )
295 return false;
296
297 if( !getFlag( info.header.flags, ENCRYPTINFO_AES ) )
298 return false;
299
300 // algorithm ID 0 defaults to AES128 too, if ENCRYPTINFO_AES flag is set
301 if( info.header.algId != 0 && info.header.algId != ENCRYPT_ALGO_AES128 )
302 return false;
303
304 // hash algorithm ID 0 defaults to SHA-1 too
305 if( info.header.algIdHash != 0 && info.header.algIdHash != ENCRYPT_HASH_SHA1 )
306 return false;
307
308 if( info.verifier.encryptedVerifierHashSize != 20 )
309 return false;
310
311 return !rStream.isEof();
312 }
313
314 bool DocumentDecryption::readEncryptionInfo()
315 {
316 if( !mrOleStorage.isStorage() )
317 return false;
318
319 Reference< XInputStream > xEncryptionInfo( mrOleStorage.openInputStream( "EncryptionInfo" ), UNO_SET_THROW );
320
321 bool bResult = false;
322
323 BinaryXInputStream aBinaryInputStream( xEncryptionInfo, true );
324
325 sal_uInt32 aVersion = aBinaryInputStream.readuInt32();
326
327 switch (aVersion)
328 {
329 case VERSION_INFO_2007_FORMAT:
330 case VERSION_INFO_2007_FORMAT_SP2:
331 mCryptoType = STANDARD_2007; // Set encryption info format
332 bResult = readStandard2007EncryptionInfo( aBinaryInputStream );
333 break;
334 case VERSION_INFO_AGILE:
335 mCryptoType = AGILE; // Set encryption info format
336 aBinaryInputStream.skip(4);
337 bResult = readAgileEncryptionInfo( xEncryptionInfo );
338 break;
339 default:
340 break;
341 }
342
343 return bResult;
344 }
345
346 Sequence<NamedValue> DocumentDecryption::createEncryptionData(const OUString& rPassword)
347 {
348 SequenceAsHashMap aEncryptionData;
349
350 if (mCryptoType == AGILE)
351 {
352 aEncryptionData["CryptoType"] <<= OUString("Agile");
353 }
354 else if (mCryptoType == STANDARD_2007)
355 {
356 aEncryptionData["CryptoType"] <<= OUString("Standard");
357 }
358
359 aEncryptionData["OOXPassword"] <<= rPassword;
360 return aEncryptionData.getAsConstNamedValueList();
361 }
362
363 bool DocumentDecryption::decrypt(Reference<XStream> xDocumentStream)
364 {
365 bool aResult = false;
366
367 if( !mrOleStorage.isStorage() )
368 return false;
369
370 // open the required input streams in the encrypted package
371 Reference< XInputStream > xEncryptedPackage( mrOleStorage.openInputStream( "EncryptedPackage" ), UNO_SET_THROW );
372
373 // create temporary file for unencrypted package
374 Reference< XOutputStream > xDecryptedPackage( xDocumentStream->getOutputStream(), UNO_SET_THROW );
375 BinaryXOutputStream aDecryptedPackage( xDecryptedPackage, true );
376 BinaryXInputStream aEncryptedPackage( xEncryptedPackage, true );
377
378 aResult = mEngine->decrypt(aEncryptedPackage, aDecryptedPackage);
379
380 xDecryptedPackage->flush();
381 aDecryptedPackage.seekToStart();
382
383 return aResult;
384 }
385
386 } // namespace core
387 } // namespace oox
388
389 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE