search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Version 7.6.3.2-android, tag libreoffice-7.6.3.2-android
[LibreOffice.git] / comphelper / source / misc / docpasswordhelper.cxx
blob0adb6eff9a4a963a01b32942148aa546f0136eed
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20 #include <config_gpgme.h>
21
22 #include <algorithm>
23 #include <string_view>
24
25 #include <comphelper/docpasswordhelper.hxx>
26 #include <comphelper/propertyvalue.hxx>
27 #include <comphelper/storagehelper.hxx>
28 #include <comphelper/hash.hxx>
29 #include <comphelper/base64.hxx>
30 #include <comphelper/sequence.hxx>
31 #include <com/sun/star/beans/NamedValue.hpp>
32 #include <com/sun/star/beans/PropertyValue.hpp>
33 #include <com/sun/star/task/XInteractionHandler.hpp>
34
35 #include <osl/diagnose.h>
36 #include <sal/log.hxx>
37 #include <rtl/digest.h>
38 #include <rtl/random.h>
39 #include <string.h>
40
41 #if HAVE_FEATURE_GPGME
42 # include <context.h>
43 # include <data.h>
44 # include <decryptionresult.h>
45 #endif
46
47 using ::com::sun::star::uno::Sequence;
48 using ::com::sun::star::uno::Exception;
49 using ::com::sun::star::uno::Reference;
50 using ::com::sun::star::task::PasswordRequestMode;
51 using ::com::sun::star::task::PasswordRequestMode_PASSWORD_ENTER;
52 using ::com::sun::star::task::PasswordRequestMode_PASSWORD_REENTER;
53 using ::com::sun::star::task::XInteractionHandler;
54
55 using namespace ::com::sun::star;
56
57 namespace comphelper {
58
59
60 static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash( std::u16string_view aPassword, const uno::Sequence< sal_Int8 >& aSalt, sal_Int32 nCount, sal_Int32 nHashLength )
61 {
62 uno::Sequence< sal_Int8 > aResult;
63
64 if ( !aPassword.empty() && aSalt.hasElements() && nCount && nHashLength )
65 {
66 OString aBytePass = OUStringToOString( aPassword, RTL_TEXTENCODING_UTF8 );
67 // FIXME this is subject to the SHA1-bug tdf#114939 - see also
68 // RequestPassword() in filedlghelper.cxx
69 aResult.realloc( 16 );
70 rtl_digest_PBKDF2( reinterpret_cast < sal_uInt8 * > ( aResult.getArray() ),
71 aResult.getLength(),
72 reinterpret_cast < const sal_uInt8 * > ( aBytePass.getStr() ),
73 aBytePass.getLength(),
74 reinterpret_cast < const sal_uInt8 * > ( aSalt.getConstArray() ),
75 aSalt.getLength(),
76 nCount );
77 }
78
79 return aResult;
80 }
81
82
83 IDocPasswordVerifier::~IDocPasswordVerifier()
84 {
85 }
86
87
88 uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswordInfo( std::u16string_view aPassword )
89 {
90 uno::Sequence< beans::PropertyValue > aResult;
91
92 uno::Sequence< sal_Int8 > aSalt = GenerateRandomByteSequence( 16 );
93 sal_Int32 const nPBKDF2IterationCount = 100000;
94
95 uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash(aPassword, aSalt, nPBKDF2IterationCount, 16);
96 if ( aNewHash.hasElements() )
97 {
98 aResult = { comphelper::makePropertyValue("algorithm-name", OUString( "PBKDF2" )),
99 comphelper::makePropertyValue("salt", aSalt),
100 comphelper::makePropertyValue("iteration-count", nPBKDF2IterationCount),
101 comphelper::makePropertyValue("hash", aNewHash) };
102 }
103
104 return aResult;
105 }
106
107
108 uno::Sequence<beans::PropertyValue>
109 DocPasswordHelper::GenerateNewModifyPasswordInfoOOXML(std::u16string_view aPassword)
110 {
111 uno::Sequence<beans::PropertyValue> aResult;
112
113 if (!aPassword.empty())
114 {
115 uno::Sequence<sal_Int8> aSalt = GenerateRandomByteSequence(16);
116 OUStringBuffer aBuffer(22);
117 comphelper::Base64::encode(aBuffer, aSalt);
118 OUString sSalt = aBuffer.makeStringAndClear();
119
120 sal_Int32 const nIterationCount = 100000;
121 OUString sAlgorithm("SHA-512");
122
123 const OUString sHash(GetOoxHashAsBase64(OUString(aPassword), sSalt, nIterationCount,
124 comphelper::Hash::IterCount::APPEND, sAlgorithm));
125
126 if (!sHash.isEmpty())
127 {
128 aResult = { comphelper::makePropertyValue("algorithm-name", sAlgorithm),
129 comphelper::makePropertyValue("salt", sSalt),
130 comphelper::makePropertyValue("iteration-count", nIterationCount),
131 comphelper::makePropertyValue("hash", sHash) };
132 }
133 }
134
135 return aResult;
136 }
137
138
139 uno::Sequence< beans::PropertyValue > DocPasswordHelper::ConvertPasswordInfo( const uno::Sequence< beans::PropertyValue >& aInfo )
140 {
141 uno::Sequence< beans::PropertyValue > aResult;
142 OUString sAlgorithm, sHash, sSalt, sCount;
143 sal_Int32 nAlgorithm = 0;
144
145 for ( const auto & prop : aInfo )
146 {
147 if ( prop.Name == "cryptAlgorithmSid" )
148 {
149 prop.Value >>= sAlgorithm;
150 nAlgorithm = sAlgorithm.toInt32();
151 }
152 else if ( prop.Name == "salt" )
153 prop.Value >>= sSalt;
154 else if ( prop.Name == "cryptSpinCount" )
155 prop.Value >>= sCount;
156 else if ( prop.Name == "hash" )
157 prop.Value >>= sHash;
158 }
159
160 if (nAlgorithm == 1)
161 sAlgorithm = "MD2";
162 else if (nAlgorithm == 2)
163 sAlgorithm = "MD4";
164 else if (nAlgorithm == 3)
165 sAlgorithm = "MD5";
166 else if (nAlgorithm == 4)
167 sAlgorithm = "SHA-1";
168 else if (nAlgorithm == 5)
169 sAlgorithm = "MAC";
170 else if (nAlgorithm == 6)
171 sAlgorithm = "RIPEMD";
172 else if (nAlgorithm == 7)
173 sAlgorithm = "RIPEMD-160";
174 else if (nAlgorithm == 9)
175 sAlgorithm = "HMAC";
176 else if (nAlgorithm == 12)
177 sAlgorithm = "SHA-256";
178 else if (nAlgorithm == 13)
179 sAlgorithm = "SHA-384";
180 else if (nAlgorithm == 14)
181 sAlgorithm = "SHA-512";
182
183 if ( !sCount.isEmpty() )
184 {
185 sal_Int32 nCount = sCount.toInt32();
186 aResult = { comphelper::makePropertyValue("algorithm-name", sAlgorithm),
187 comphelper::makePropertyValue("salt", sSalt),
188 comphelper::makePropertyValue("iteration-count", nCount),
189 comphelper::makePropertyValue("hash", sHash) };
190 }
191
192 return aResult;
193 }
194
195
196 bool DocPasswordHelper::IsModifyPasswordCorrect( std::u16string_view aPassword, const uno::Sequence< beans::PropertyValue >& aInfo )
197 {
198 bool bResult = false;
199 if ( !aPassword.empty() && aInfo.hasElements() )
200 {
201 OUString sAlgorithm;
202 uno::Any aSalt, aHash;
203 sal_Int32 nCount = 0;
204
205 for ( const auto & prop : aInfo )
206 {
207 if ( prop.Name == "algorithm-name" )
208 prop.Value >>= sAlgorithm;
209 else if ( prop.Name == "salt" )
210 aSalt = prop.Value;
211 else if ( prop.Name == "iteration-count" )
212 prop.Value >>= nCount;
213 else if ( prop.Name == "hash" )
214 aHash = prop.Value;
215 }
216
217 if ( sAlgorithm == "PBKDF2" )
218 {
219 uno::Sequence<sal_Int8> aIntSalt, aIntHash;
220 aSalt >>= aIntSalt;
221 aHash >>= aIntHash;
222 if (aIntSalt.hasElements() && nCount > 0 && aIntHash.hasElements())
223 {
224 uno::Sequence<sal_Int8> aNewHash
225 = GeneratePBKDF2Hash(aPassword, aIntSalt, nCount, aIntHash.getLength());
226 for (sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aIntHash.getLength()
227 && aNewHash[nInd] == aIntHash[nInd];
228 nInd++)
229 {
230 if (nInd == aNewHash.getLength() - 1 && nInd == aIntHash.getLength() - 1)
231 bResult = true;
232 }
233 }
234 }
235 else if (nCount > 0)
236 {
237 OUString sSalt, sHash;
238 aSalt >>= sSalt;
239 aHash >>= sHash;
240 if (!sSalt.isEmpty() && !sHash.isEmpty())
241 {
242 const OUString aNewHash(GetOoxHashAsBase64(OUString(aPassword), sSalt, nCount,
243 comphelper::Hash::IterCount::APPEND,
244 sAlgorithm));
245 if (!aNewHash.isEmpty())
246 bResult = aNewHash == sHash;
247 }
248 }
249 }
250
251 return bResult;
252 }
253
254
255 sal_uInt32 DocPasswordHelper::GetWordHashAsUINT32(
256 std::u16string_view aUString )
257 {
258 static const sal_uInt16 pInitialCode[] = {
259 0xE1F0, // 1
260 0x1D0F, // 2
261 0xCC9C, // 3
262 0x84C0, // 4
263 0x110C, // 5
264 0x0E10, // 6
265 0xF1CE, // 7
266 0x313E, // 8
267 0x1872, // 9
268 0xE139, // 10
269 0xD40F, // 11
270 0x84F9, // 12
271 0x280C, // 13
272 0xA96A, // 14
273 0x4EC3 // 15
274 };
275
276 static const sal_uInt16 pEncryptionMatrix[15][7] = {
277 { 0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09}, // last-14
278 { 0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF}, // last-13
279 { 0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0}, // last-12
280 { 0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40}, // last-11
281 { 0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5}, // last-10
282 { 0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A}, // last-9
283 { 0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9}, // last-8
284 { 0x47D3, 0x8FA6, 0x8FA6, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0}, // last-7
285 { 0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC}, // last-6
286 { 0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10}, // last-5
287 { 0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168}, // last-4
288 { 0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C}, // last-3
289 { 0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD}, // last-2
290 { 0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC}, // last-1
291 { 0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4} // last
292 };
293
294 sal_uInt32 nResult = 0;
295 size_t nLen = aUString.size();
296
297 if ( nLen )
298 {
299 if ( nLen > 15 )
300 nLen = 15;
301
302 sal_uInt16 nHighResult = pInitialCode[nLen - 1];
303 sal_uInt16 nLowResult = 0;
304
305 for ( size_t nInd = 0; nInd < nLen; nInd++ )
306 {
307 // NO Encoding during conversion!
308 // The specification says that the low byte should be used in case it is not NULL
309 char nHighChar = static_cast<char>( aUString[nInd] >> 8 );
310 char nLowChar = static_cast<char>( aUString[nInd] & 0xFF );
311 char nChar = nLowChar ? nLowChar : nHighChar;
312
313 for ( int nMatrixInd = 0; nMatrixInd < 7; ++nMatrixInd )
314 {
315 if ( ( nChar & ( 1 << nMatrixInd ) ) != 0 )
316 nHighResult = nHighResult ^ pEncryptionMatrix[15 - nLen + nInd][nMatrixInd];
317 }
318
319 nLowResult = ( ( ( nLowResult >> 14 ) & 0x0001 ) | ( ( nLowResult << 1 ) & 0x7FFF ) ) ^ nChar;
320 }
321
322 nLowResult = static_cast<sal_uInt16>( ( ( ( nLowResult >> 14 ) & 0x001 ) | ( ( nLowResult << 1 ) & 0x7FF ) ) ^ nLen ^ 0xCE4B );
323
324 nResult = ( nHighResult << 16 ) | nLowResult;
325 }
326
327 return nResult;
328 }
329
330
331 sal_uInt16 DocPasswordHelper::GetXLHashAsUINT16(
332 std::u16string_view aUString,
333 rtl_TextEncoding nEnc )
334 {
335 sal_uInt16 nResult = 0;
336
337 OString aString = OUStringToOString( aUString, nEnc );
338
339 if ( !aString.isEmpty() && aString.getLength() <= SAL_MAX_UINT16 )
340 {
341 for ( sal_Int32 nInd = aString.getLength() - 1; nInd >= 0; nInd-- )
342 {
343 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
344 nResult ^= aString[nInd];
345 }
346
347 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
348 nResult ^= ( 0x8000 | ( 'N' << 8 ) | 'K' );
349 nResult ^= aString.getLength();
350 }
351
352 return nResult;
353 }
354
355
356 Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
357 std::u16string_view aUString )
358 {
359 sal_uInt16 nHash = GetXLHashAsUINT16( aUString );
360 return {sal_Int8(nHash >> 8), sal_Int8(nHash & 0xFF)};
361 }
362
363
364 std::vector<unsigned char> DocPasswordHelper::GetOoxHashAsVector(
365 const OUString& rPassword,
366 const std::vector<unsigned char>& rSaltValue,
367 sal_uInt32 nSpinCount,
368 comphelper::Hash::IterCount eIterCount,
369 std::u16string_view rAlgorithmName)
370 {
371 comphelper::HashType eType;
372 if (rAlgorithmName == u"SHA-512" || rAlgorithmName == u"SHA512")
373 eType = comphelper::HashType::SHA512;
374 else if (rAlgorithmName == u"SHA-256" || rAlgorithmName == u"SHA256")
375 eType = comphelper::HashType::SHA256;
376 else if (rAlgorithmName == u"SHA-384" || rAlgorithmName == u"SHA384")
377 eType = comphelper::HashType::SHA384;
378 else if (rAlgorithmName == u"SHA-1" || rAlgorithmName == u"SHA1") // "SHA1" might be in the wild
379 eType = comphelper::HashType::SHA1;
380 else if (rAlgorithmName == u"MD5")
381 eType = comphelper::HashType::MD5;
382 else
383 return std::vector<unsigned char>();
384
385 return comphelper::Hash::calculateHash( rPassword, rSaltValue, nSpinCount, eIterCount, eType);
386 }
387
388
389 css::uno::Sequence<sal_Int8> DocPasswordHelper::GetOoxHashAsSequence(
390 const OUString& rPassword,
391 std::u16string_view rSaltValue,
392 sal_uInt32 nSpinCount,
393 comphelper::Hash::IterCount eIterCount,
394 std::u16string_view rAlgorithmName)
395 {
396 std::vector<unsigned char> aSaltVec;
397 if (!rSaltValue.empty())
398 {
399 css::uno::Sequence<sal_Int8> aSaltSeq;
400 comphelper::Base64::decode( aSaltSeq, rSaltValue);
401 aSaltVec = comphelper::sequenceToContainer<std::vector<unsigned char>>( aSaltSeq);
402 }
403
404 std::vector<unsigned char> hash( GetOoxHashAsVector( rPassword, aSaltVec, nSpinCount, eIterCount, rAlgorithmName));
405
406 return comphelper::containerToSequence<sal_Int8>( hash);
407 }
408
409 OUString DocPasswordHelper::GetOoxHashAsBase64(
410 const OUString& rPassword,
411 std::u16string_view rSaltValue,
412 sal_uInt32 nSpinCount,
413 comphelper::Hash::IterCount eIterCount,
414 std::u16string_view rAlgorithmName)
415 {
416 css::uno::Sequence<sal_Int8> aSeq( GetOoxHashAsSequence( rPassword, rSaltValue, nSpinCount,
417 eIterCount, rAlgorithmName));
418
419 OUStringBuffer aBuf((aSeq.getLength()+2)/3*4);
420 comphelper::Base64::encode( aBuf, aSeq);
421 return aBuf.makeStringAndClear();
422 }
423
424
425 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateRandomByteSequence( sal_Int32 nLength )
426 {
427 uno::Sequence< sal_Int8 > aResult( nLength );
428
429 rtlRandomPool aRandomPool = rtl_random_createPool ();
430 rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength );
431 rtl_random_destroyPool ( aRandomPool );
432
433 return aResult;
434 }
435
436
437 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( std::u16string_view aPassword, const uno::Sequence< sal_Int8 >& aDocId )
438 {
439 uno::Sequence< sal_Int8 > aResultKey;
440 if ( !aPassword.empty() && aDocId.getLength() == 16 )
441 {
442 sal_uInt16 pPassData[16] = {};
443
444 sal_Int32 nPassLen = std::min< sal_Int32 >( aPassword.size(), 15 );
445 memcpy( pPassData, aPassword.data(), nPassLen * sizeof(pPassData[0]) );
446
447 aResultKey = GenerateStd97Key( pPassData, aDocId );
448 }
449
450 return aResultKey;
451 }
452
453
454 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const uno::Sequence< sal_Int8 >& aDocId )
455 {
456 uno::Sequence< sal_Int8 > aResultKey;
457
458 if ( aDocId.getLength() == 16 )
459 aResultKey = GenerateStd97Key(pPassData, reinterpret_cast<const sal_uInt8*>(aDocId.getConstArray()));
460
461 return aResultKey;
462 }
463
464
465 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const sal_uInt8 pDocId[16] )
466 {
467 uno::Sequence< sal_Int8 > aResultKey;
468 if ( pPassData[0] )
469 {
470 sal_uInt8 pKeyData[64] = {};
471
472 sal_Int32 nInd = 0;
473
474 // Fill PassData into KeyData.
475 for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++)
476 {
477 pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff );
478 pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff );
479 }
480
481 pKeyData[2*nInd] = 0x80;
482 pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 );
483
484 // Fill raw digest of KeyData into KeyData.
485 rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 );
486 (void)rtl_digest_updateMD5 (
487 hDigest, pKeyData, sizeof(pKeyData));
488 (void)rtl_digest_rawMD5 (
489 hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5);
490
491 // Update digest with KeyData and Unique.
492 for ( nInd = 0; nInd < 16; nInd++ )
493 {
494 rtl_digest_updateMD5( hDigest, pKeyData, 5 );
495 rtl_digest_updateMD5( hDigest, pDocId, 16 );
496 }
497
498 // Update digest with padding.
499 pKeyData[16] = 0x80;
500 memset( pKeyData + 17, 0, sizeof(pKeyData) - 17 );
501 pKeyData[56] = 0x80;
502 pKeyData[57] = 0x0a;
503
504 rtl_digest_updateMD5( hDigest, &(pKeyData[16]), sizeof(pKeyData) - 16 );
505
506 // Fill raw digest of above updates
507 aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 );
508 rtl_digest_rawMD5 ( hDigest, reinterpret_cast<sal_uInt8*>(aResultKey.getArray()), aResultKey.getLength() );
509
510 // Erase KeyData array and leave.
511 rtl_secureZeroMemory (pKeyData, sizeof(pKeyData));
512
513 rtl_digest_destroy(hDigest);
514 }
515
516 return aResultKey;
517 }
518
519
520 /*static*/ css::uno::Sequence< css::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
521 IDocPasswordVerifier& rVerifier,
522 const css::uno::Sequence< css::beans::NamedValue >& rMediaEncData,
523 const OUString& rMediaPassword,
524 const Reference< XInteractionHandler >& rxInteractHandler,
525 const OUString& rDocumentUrl,
526 DocPasswordRequestType eRequestType,
527 const std::vector< OUString >* pDefaultPasswords,
528 bool* pbIsDefaultPassword )
529 {
530 css::uno::Sequence< css::beans::NamedValue > aEncData;
531 OUString aPassword;
532 DocPasswordVerifierResult eResult = DocPasswordVerifierResult::WrongPassword;
533
534 sal_Int32 nMediaEncDataCount = rMediaEncData.getLength();
535
536 // tdf#93389: if the document is being restored from autorecovery, we need to add encryption
537 // data also for real document type.
538 // TODO: get real filter name here (from CheckPasswd_Impl), to only add necessary data
539 bool bForSalvage = false;
540 if (nMediaEncDataCount)
541 {
542 for (auto& val : rMediaEncData)
543 {
544 if (val.Name == "ForSalvage")
545 {
546 --nMediaEncDataCount; // don't consider this element below
547 val.Value >>= bForSalvage;
548 break;
549 }
550 }
551 }
552
553 // first, try provided default passwords
554 if( pbIsDefaultPassword )
555 *pbIsDefaultPassword = false;
556 if( pDefaultPasswords )
557 {
558 for( const auto& rPassword : *pDefaultPasswords )
559 {
560 OSL_ENSURE( !rPassword.isEmpty(), "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
561 if( !rPassword.isEmpty() )
562 {
563 eResult = rVerifier.verifyPassword( rPassword, aEncData );
564 if (eResult == DocPasswordVerifierResult::OK)
565 {
566 aPassword = rPassword;
567 if (pbIsDefaultPassword)
568 *pbIsDefaultPassword = true;
569 }
570 if( eResult != DocPasswordVerifierResult::WrongPassword )
571 break;
572 }
573 }
574 }
575
576 // try media encryption data (skip, if result is OK or ABORT)
577 if( eResult == DocPasswordVerifierResult::WrongPassword )
578 {
579 if (nMediaEncDataCount)
580 {
581 eResult = rVerifier.verifyEncryptionData( rMediaEncData );
582 if( eResult == DocPasswordVerifierResult::OK )
583 aEncData = rMediaEncData;
584 }
585 }
586
587 // try media password (skip, if result is OK or ABORT)
588 if( eResult == DocPasswordVerifierResult::WrongPassword )
589 {
590 if( !rMediaPassword.isEmpty() )
591 {
592 eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
593 if (eResult == DocPasswordVerifierResult::OK)
594 aPassword = rMediaPassword;
595 }
596 }
597
598 // request a password (skip, if result is OK or ABORT)
599 if( (eResult == DocPasswordVerifierResult::WrongPassword) && rxInteractHandler.is() ) try
600 {
601 PasswordRequestMode eRequestMode = PasswordRequestMode_PASSWORD_ENTER;
602 while( eResult == DocPasswordVerifierResult::WrongPassword )
603 {
604 rtl::Reference<DocPasswordRequest> pRequest = new DocPasswordRequest( eRequestType, eRequestMode, rDocumentUrl );
605 rxInteractHandler->handle( pRequest );
606 if( pRequest->isPassword() )
607 {
608 if( !pRequest->getPassword().isEmpty() )
609 eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
610 if (eResult == DocPasswordVerifierResult::OK)
611 aPassword = pRequest->getPassword();
612 }
613 else
614 {
615 eResult = DocPasswordVerifierResult::Abort;
616 }
617 eRequestMode = PasswordRequestMode_PASSWORD_REENTER;
618 }
619 }
620 catch( Exception& )
621 {
622 }
623
624 if (eResult == DocPasswordVerifierResult::OK && !aPassword.isEmpty())
625 {
626 if (std::none_of(std::cbegin(aEncData), std::cend(aEncData),
627 [](const css::beans::NamedValue& val) {
628 return val.Name == PACKAGE_ENCRYPTIONDATA_SHA256UTF8;
629 }))
630 {
631 // tdf#118639: We need ODF encryption data for autorecovery, where password
632 // will already be unavailable, so generate and append it here
633 aEncData = comphelper::concatSequences(
634 aEncData, OStorageHelper::CreatePackageEncryptionData(aPassword));
635 }
636
637 if (bForSalvage)
638 {
639 // TODO: add individual methods for different target filter, and only call what's needed
640
641 // 1. Prepare binary MS formats encryption data
642 auto aUniqueID = GenerateRandomByteSequence(16);
643 auto aEnc97Key = GenerateStd97Key(aPassword, aUniqueID);
644 // 2. Add MS binary and OOXML encryption data to result
645 aEncData = comphelper::concatSequences(
646 aEncData, std::initializer_list<beans::NamedValue>{
647 { "STD97EncryptionKey", css::uno::Any(aEnc97Key) },
648 { "STD97UniqueID", css::uno::Any(aUniqueID) },
649 { "OOXPassword", css::uno::Any(aPassword) },
650 });
651 }
652 }
653
654 return (eResult == DocPasswordVerifierResult::OK) ? aEncData : uno::Sequence< beans::NamedValue >();
655 }
656
657 /*static*/ uno::Sequence< css::beans::NamedValue >
658 DocPasswordHelper::decryptGpgSession(
659 const uno::Sequence< uno::Sequence< beans::NamedValue > >& rGpgProperties )
660 {
661 #if HAVE_FEATURE_GPGME
662 if ( !rGpgProperties.hasElements() )
663 return uno::Sequence< beans::NamedValue >();
664
665 uno::Sequence< beans::NamedValue > aEncryptionData;
666 std::unique_ptr<GpgME::Context> ctx;
667 GpgME::initializeLibrary();
668 GpgME::Error err = GpgME::checkEngine(GpgME::OpenPGP);
669 if (err)
670 throw uno::RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
671
672 ctx.reset( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
673 if (ctx == nullptr)
674 throw uno::RuntimeException("The GpgME library failed to initialize for the OpenPGP protocol.");
675 ctx->setArmor(false);
676
677 const uno::Sequence < beans::NamedValue > *pSequence = rGpgProperties.getConstArray();
678 const sal_Int32 nLength = rGpgProperties.getLength();
679 for ( sal_Int32 i = 0; i < nLength ; i++, pSequence++ )
680 {
681 const beans::NamedValue *pValues = pSequence->getConstArray();
682 if ( pSequence->getLength() == 3 )
683 {
684 // take CipherValue and try to decrypt that - stop after
685 // the first successful decryption
686
687 // ctx is setup now, let's decrypt the lot!
688 uno::Sequence < sal_Int8 > aVector;
689 pValues[2].Value >>= aVector;
690
691 GpgME::Data cipher(
692 reinterpret_cast<const char*>(aVector.getConstArray()),
693 size_t(aVector.getLength()), false);
694 GpgME::Data plain;
695
696 GpgME::DecryptionResult crypt_res = ctx->decrypt(
697 cipher, plain);
698
699 // NO_SECKEY -> skip
700 // BAD_PASSPHRASE -> retry?
701
702 off_t result = plain.seek(0,SEEK_SET);
703 (void) result;
704 assert(result == 0);
705 int len=0, curr=0; char buf;
706 while( (curr=plain.read(&buf, 1)) )
707 len += curr;
708
709 if(crypt_res.error() || !len)
710 continue; // can't use this key, take next one
711
712 uno::Sequence < sal_Int8 > aKeyValue(len);
713 result = plain.seek(0,SEEK_SET);
714 assert(result == 0);
715 if( plain.read(aKeyValue.getArray(), len) != len )
716 throw uno::RuntimeException("The GpgME library failed to read the encrypted value.");
717
718 SAL_INFO("comphelper.crypto", "Extracted gpg session key of length: " << len);
719
720 aEncryptionData = { { PACKAGE_ENCRYPTIONDATA_SHA256UTF8, uno::Any(aKeyValue) } };
721 break;
722 }
723 }
724
725 if ( aEncryptionData.hasElements() )
726 {
727 uno::Sequence< beans::NamedValue > aContainer{
728 { "GpgInfos", uno::Any(rGpgProperties) }, { "EncryptionKey", uno::Any(aEncryptionData) }
729 };
730
731 return aContainer;
732 }
733 #else
734 (void)rGpgProperties;
735 #endif
736 return uno::Sequence< beans::NamedValue >();
737 }
738
739 } // namespace comphelper
740
741 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE