1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
3 * This file is part of the LibreOffice project.
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 * This file incorporates work covered by the following license notice:
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
21 #include <svl/PasswordHelper.hxx>
22 #include <comphelper/hash.hxx>
23 #include <rtl/digest.h>
25 #include <unicode/regex.h>
26 #include <unicode/unistr.h>
27 #include <unicode/errorcode.h>
29 #include <sal/log.hxx>
31 using namespace com::sun::star
;
33 void SvPasswordHelper::GetHashPasswordSHA256(uno::Sequence
<sal_Int8
>& rPassHash
, std::u16string_view rPassword
)
35 OString
const tmp(OUStringToOString(rPassword
, RTL_TEXTENCODING_UTF8
));
36 ::std::vector
<unsigned char> const hash(::comphelper::Hash::calculateHash(
37 reinterpret_cast<unsigned char const*>(tmp
.getStr()), tmp
.getLength(),
38 ::comphelper::HashType::SHA256
));
39 rPassHash
.realloc(hash
.size());
40 ::std::copy(hash
.begin(), hash
.end(), rPassHash
.getArray());
41 rtl_secureZeroMemory(const_cast<char *>(tmp
.getStr()), tmp
.getLength());
44 void SvPasswordHelper::GetHashPasswordSHA1UTF8(uno::Sequence
<sal_Int8
>& rPassHash
, std::u16string_view rPassword
)
46 OString
const tmp(OUStringToOString(rPassword
, RTL_TEXTENCODING_UTF8
));
47 ::std::vector
<unsigned char> const hash(::comphelper::Hash::calculateHash(
48 reinterpret_cast<unsigned char const*>(tmp
.getStr()), tmp
.getLength(),
49 ::comphelper::HashType::SHA1
));
50 rPassHash
.realloc(hash
.size());
51 ::std::copy(hash
.begin(), hash
.end(), rPassHash
.getArray());
52 rtl_secureZeroMemory(const_cast<char *>(tmp
.getStr()), tmp
.getLength());
55 void SvPasswordHelper::GetHashPassword(uno::Sequence
<sal_Int8
>& rPassHash
, const char* pPass
, sal_uInt32 nLen
)
57 rPassHash
.realloc(RTL_DIGEST_LENGTH_SHA1
);
59 rtlDigestError aError
= rtl_digest_SHA1 (pPass
, nLen
, reinterpret_cast<sal_uInt8
*>(rPassHash
.getArray()), rPassHash
.getLength());
60 if (aError
!= rtl_Digest_E_None
)
66 void SvPasswordHelper::GetHashPasswordLittleEndian(uno::Sequence
<sal_Int8
>& rPassHash
, std::u16string_view sPass
)
68 sal_Int32
nSize(sPass
.size());
69 std::unique_ptr
<char[]> pCharBuffer(new char[nSize
* sizeof(sal_Unicode
)]);
71 for (sal_Int32 i
= 0; i
< nSize
; ++i
)
73 sal_Unicode
ch(sPass
[ i
]);
74 pCharBuffer
[2 * i
] = static_cast< char >(ch
& 0xFF);
75 pCharBuffer
[2 * i
+ 1] = static_cast< char >(ch
>> 8);
78 GetHashPassword(rPassHash
, pCharBuffer
.get(), nSize
* sizeof(sal_Unicode
));
79 rtl_secureZeroMemory(pCharBuffer
.get(), nSize
* sizeof(sal_Unicode
));
82 void SvPasswordHelper::GetHashPasswordBigEndian(uno::Sequence
<sal_Int8
>& rPassHash
, std::u16string_view sPass
)
84 sal_Int32
nSize(sPass
.size());
85 std::unique_ptr
<char[]> pCharBuffer(new char[nSize
* sizeof(sal_Unicode
)]);
87 for (sal_Int32 i
= 0; i
< nSize
; ++i
)
89 sal_Unicode
ch(sPass
[ i
]);
90 pCharBuffer
[2 * i
] = static_cast< char >(ch
>> 8);
91 pCharBuffer
[2 * i
+ 1] = static_cast< char >(ch
& 0xFF);
94 GetHashPassword(rPassHash
, pCharBuffer
.get(), nSize
* sizeof(sal_Unicode
));
95 rtl_secureZeroMemory(pCharBuffer
.get(), nSize
* sizeof(sal_Unicode
));
98 void SvPasswordHelper::GetHashPassword(uno::Sequence
<sal_Int8
>& rPassHash
, std::u16string_view sPass
)
100 GetHashPasswordLittleEndian(rPassHash
, sPass
);
103 bool SvPasswordHelper::CompareHashPassword(const uno::Sequence
<sal_Int8
>& rOldPassHash
, std::u16string_view sNewPass
)
105 bool bResult
= false;
107 if (rOldPassHash
.getLength() == RTL_DIGEST_LENGTH_SHA1
)
109 uno::Sequence
<sal_Int8
> aNewPass(RTL_DIGEST_LENGTH_SHA1
);
110 GetHashPasswordSHA1UTF8(aNewPass
, sNewPass
);
111 if (aNewPass
== rOldPassHash
)
117 GetHashPasswordLittleEndian(aNewPass
, sNewPass
);
118 if (aNewPass
== rOldPassHash
)
122 GetHashPasswordBigEndian(aNewPass
, sNewPass
);
123 bResult
= (aNewPass
== rOldPassHash
);
127 else if (rOldPassHash
.getLength() == 32)
129 uno::Sequence
<sal_Int8
> aNewPass
;
130 GetHashPasswordSHA256(aNewPass
, sNewPass
);
131 bResult
= aNewPass
== rOldPassHash
;
137 double SvPasswordHelper::GetPasswordStrengthPercentage(const char* pPassword
)
139 // Entropy bits ≥ 112 are mapped to 100% password strength.
140 // 112 was picked since according to the linked below KeePass help page, it
141 // corresponds to a strong password:
142 // <http://web.archive.org/web/20231128131604/https://keepass.info/help/kb/pw_quality_est.html>
143 static constexpr double fMaxPassStrengthEntropyBits
= 112.0;
144 return std::min(100.0,
145 ZxcvbnMatch(pPassword
, nullptr, nullptr) * 100.0 / fMaxPassStrengthEntropyBits
);
148 double SvPasswordHelper::GetPasswordStrengthPercentage(const OUString
& aPassword
)
150 OString aPasswordUtf8
= aPassword
.toUtf8();
151 return GetPasswordStrengthPercentage(aPasswordUtf8
.getStr());
154 bool SvPasswordHelper::PasswordMeetsPolicy(const char* pPassword
,
155 const std::optional
<OUString
>& oPasswordPolicy
)
159 icu::ErrorCode aStatus
;
160 icu::UnicodeString
sPassword(pPassword
);
161 icu::UnicodeString
sRegex(oPasswordPolicy
->getStr());
162 icu::RegexMatcher
aRegexMatcher(sRegex
, sPassword
, 0, aStatus
);
164 if (aRegexMatcher
.matches(aStatus
))
168 aStatus
.isFailure(), "svl.misc",
169 "Password policy regular expression failed with error: " << aStatus
.errorName());
176 bool SvPasswordHelper::PasswordMeetsPolicy(const OUString
& aPassword
,
177 const std::optional
<OUString
>& oPasswordPolicy
)
179 OString aPasswordUtf8
= aPassword
.toUtf8();
180 return PasswordMeetsPolicy(aPasswordUtf8
.getStr(), oPasswordPolicy
);
183 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */