tdf#130857 qt weld: Implement QtInstanceWidget::strip_mnemonic
[LibreOffice.git] / svl / source / misc / PasswordHelper.cxx
blobc98a26eff4afe2e2e92b1ac5b42bbc5a93077072
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
9 * This file incorporates work covered by the following license notice:
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
21 #include <svl/PasswordHelper.hxx>
22 #include <comphelper/hash.hxx>
23 #include <rtl/digest.h>
24 #include <memory>
25 #include <unicode/regex.h>
26 #include <unicode/unistr.h>
27 #include <unicode/errorcode.h>
28 #include <zxcvbn.h>
29 #include <sal/log.hxx>
31 using namespace com::sun::star;
33 void SvPasswordHelper::GetHashPasswordSHA256(uno::Sequence<sal_Int8>& rPassHash, std::u16string_view rPassword)
35 OString const tmp(OUStringToOString(rPassword, RTL_TEXTENCODING_UTF8));
36 ::std::vector<unsigned char> const hash(::comphelper::Hash::calculateHash(
37 reinterpret_cast<unsigned char const*>(tmp.getStr()), tmp.getLength(),
38 ::comphelper::HashType::SHA256));
39 rPassHash.realloc(hash.size());
40 ::std::copy(hash.begin(), hash.end(), rPassHash.getArray());
41 rtl_secureZeroMemory(const_cast<char *>(tmp.getStr()), tmp.getLength());
44 void SvPasswordHelper::GetHashPasswordSHA1UTF8(uno::Sequence<sal_Int8>& rPassHash, std::u16string_view rPassword)
46 OString const tmp(OUStringToOString(rPassword, RTL_TEXTENCODING_UTF8));
47 ::std::vector<unsigned char> const hash(::comphelper::Hash::calculateHash(
48 reinterpret_cast<unsigned char const*>(tmp.getStr()), tmp.getLength(),
49 ::comphelper::HashType::SHA1));
50 rPassHash.realloc(hash.size());
51 ::std::copy(hash.begin(), hash.end(), rPassHash.getArray());
52 rtl_secureZeroMemory(const_cast<char *>(tmp.getStr()), tmp.getLength());
55 void SvPasswordHelper::GetHashPassword(uno::Sequence<sal_Int8>& rPassHash, const char* pPass, sal_uInt32 nLen)
57 rPassHash.realloc(RTL_DIGEST_LENGTH_SHA1);
59 rtlDigestError aError = rtl_digest_SHA1 (pPass, nLen, reinterpret_cast<sal_uInt8*>(rPassHash.getArray()), rPassHash.getLength());
60 if (aError != rtl_Digest_E_None)
62 rPassHash.realloc(0);
66 void SvPasswordHelper::GetHashPasswordLittleEndian(uno::Sequence<sal_Int8>& rPassHash, std::u16string_view sPass)
68 sal_Int32 nSize(sPass.size());
69 std::unique_ptr<char[]> pCharBuffer(new char[nSize * sizeof(sal_Unicode)]);
71 for (sal_Int32 i = 0; i < nSize; ++i)
73 sal_Unicode ch(sPass[ i ]);
74 pCharBuffer[2 * i] = static_cast< char >(ch & 0xFF);
75 pCharBuffer[2 * i + 1] = static_cast< char >(ch >> 8);
78 GetHashPassword(rPassHash, pCharBuffer.get(), nSize * sizeof(sal_Unicode));
79 rtl_secureZeroMemory(pCharBuffer.get(), nSize * sizeof(sal_Unicode));
82 void SvPasswordHelper::GetHashPasswordBigEndian(uno::Sequence<sal_Int8>& rPassHash, std::u16string_view sPass)
84 sal_Int32 nSize(sPass.size());
85 std::unique_ptr<char[]> pCharBuffer(new char[nSize * sizeof(sal_Unicode)]);
87 for (sal_Int32 i = 0; i < nSize; ++i)
89 sal_Unicode ch(sPass[ i ]);
90 pCharBuffer[2 * i] = static_cast< char >(ch >> 8);
91 pCharBuffer[2 * i + 1] = static_cast< char >(ch & 0xFF);
94 GetHashPassword(rPassHash, pCharBuffer.get(), nSize * sizeof(sal_Unicode));
95 rtl_secureZeroMemory(pCharBuffer.get(), nSize * sizeof(sal_Unicode));
98 void SvPasswordHelper::GetHashPassword(uno::Sequence<sal_Int8>& rPassHash, std::u16string_view sPass)
100 GetHashPasswordLittleEndian(rPassHash, sPass);
103 bool SvPasswordHelper::CompareHashPassword(const uno::Sequence<sal_Int8>& rOldPassHash, std::u16string_view sNewPass)
105 bool bResult = false;
107 if (rOldPassHash.getLength() == RTL_DIGEST_LENGTH_SHA1)
109 uno::Sequence<sal_Int8> aNewPass(RTL_DIGEST_LENGTH_SHA1);
110 GetHashPasswordSHA1UTF8(aNewPass, sNewPass);
111 if (aNewPass == rOldPassHash)
113 bResult = true;
115 else
117 GetHashPasswordLittleEndian(aNewPass, sNewPass);
118 if (aNewPass == rOldPassHash)
119 bResult = true;
120 else
122 GetHashPasswordBigEndian(aNewPass, sNewPass);
123 bResult = (aNewPass == rOldPassHash);
127 else if (rOldPassHash.getLength() == 32)
129 uno::Sequence<sal_Int8> aNewPass;
130 GetHashPasswordSHA256(aNewPass, sNewPass);
131 bResult = aNewPass == rOldPassHash;
134 return bResult;
137 double SvPasswordHelper::GetPasswordStrengthPercentage(const char* pPassword)
139 // Entropy bits ≥ 112 are mapped to 100% password strength.
140 // 112 was picked since according to the linked below KeePass help page, it
141 // corresponds to a strong password:
142 // <http://web.archive.org/web/20231128131604/https://keepass.info/help/kb/pw_quality_est.html>
143 static constexpr double fMaxPassStrengthEntropyBits = 112.0;
144 return std::min(100.0,
145 ZxcvbnMatch(pPassword, nullptr, nullptr) * 100.0 / fMaxPassStrengthEntropyBits);
148 double SvPasswordHelper::GetPasswordStrengthPercentage(const OUString& aPassword)
150 OString aPasswordUtf8 = aPassword.toUtf8();
151 return GetPasswordStrengthPercentage(aPasswordUtf8.getStr());
154 bool SvPasswordHelper::PasswordMeetsPolicy(const char* pPassword,
155 const std::optional<OUString>& oPasswordPolicy)
157 if (oPasswordPolicy)
159 icu::ErrorCode aStatus;
160 icu::UnicodeString sPassword(pPassword);
161 icu::UnicodeString sRegex(oPasswordPolicy->getStr());
162 icu::RegexMatcher aRegexMatcher(sRegex, sPassword, 0, aStatus);
164 if (aRegexMatcher.matches(aStatus))
165 return true;
167 SAL_WARN_IF(
168 aStatus.isFailure(), "svl.misc",
169 "Password policy regular expression failed with error: " << aStatus.errorName());
171 return false;
173 return true;
176 bool SvPasswordHelper::PasswordMeetsPolicy(const OUString& aPassword,
177 const std::optional<OUString>& oPasswordPolicy)
179 OString aPasswordUtf8 = aPassword.toUtf8();
180 return PasswordMeetsPolicy(aPasswordUtf8.getStr(), oPasswordPolicy);
183 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */