search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
update credits
[LibreOffice.git] / comphelper / source / misc / docpasswordhelper.cxx
blobb941cbd150497347c592a8f116685dc53865f8b2
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3 * This file is part of the LibreOffice project.
4 *
5 * This Source Code Form is subject to the terms of the Mozilla Public
6 * License, v. 2.0. If a copy of the MPL was not distributed with this
7 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 *
9 * This file incorporates work covered by the following license notice:
10 *
11 * Licensed to the Apache Software Foundation (ASF) under one or more
12 * contributor license agreements. See the NOTICE file distributed
13 * with this work for additional information regarding copyright
14 * ownership. The ASF licenses this file to you under the Apache
15 * License, Version 2.0 (the "License"); you may not use this file
16 * except in compliance with the License. You may obtain a copy of
17 * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 */
19
20
21 #include "comphelper/docpasswordhelper.hxx"
22 #include <com/sun/star/task/XInteractionHandler.hpp>
23 #include "comphelper/mediadescriptor.hxx"
24
25 #include <osl/time.h>
26 #include <rtl/digest.h>
27 #include <rtl/random.h>
28 #include <string.h>
29
30 using ::com::sun::star::uno::Sequence;
31 using ::com::sun::star::uno::Exception;
32 using ::com::sun::star::uno::Reference;
33 using ::com::sun::star::uno::UNO_SET_THROW;
34 using ::com::sun::star::task::PasswordRequestMode;
35 using ::com::sun::star::task::PasswordRequestMode_PASSWORD_ENTER;
36 using ::com::sun::star::task::PasswordRequestMode_PASSWORD_REENTER;
37 using ::com::sun::star::task::XInteractionHandler;
38 using ::com::sun::star::task::XInteractionRequest;
39
40 using namespace ::com::sun::star;
41
42 namespace comphelper {
43
44 // ============================================================================
45
46 static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash( const OUString& aPassword, const uno::Sequence< sal_Int8 >& aSalt, sal_Int32 nCount, sal_Int32 nHashLength )
47 {
48 uno::Sequence< sal_Int8 > aResult;
49
50 if ( !aPassword.isEmpty() && aSalt.getLength() && nCount && nHashLength )
51 {
52 OString aBytePass = OUStringToOString( aPassword, RTL_TEXTENCODING_UTF8 );
53 aResult.realloc( 16 );
54 rtl_digest_PBKDF2( reinterpret_cast < sal_uInt8 * > ( aResult.getArray() ),
55 aResult.getLength(),
56 reinterpret_cast < const sal_uInt8 * > ( aBytePass.getStr() ),
57 aBytePass.getLength(),
58 reinterpret_cast < const sal_uInt8 * > ( aSalt.getConstArray() ),
59 aSalt.getLength(),
60 nCount );
61 }
62
63 return aResult;
64 }
65
66 // ============================================================================
67
68 IDocPasswordVerifier::~IDocPasswordVerifier()
69 {
70 }
71
72 // ============================================================================
73 uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswordInfo( const OUString& aPassword )
74 {
75 uno::Sequence< beans::PropertyValue > aResult;
76
77 uno::Sequence< sal_Int8 > aSalt = GenerateRandomByteSequence( 16 );
78 sal_Int32 nCount = 1024;
79
80 uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, 16 );
81 if ( aNewHash.getLength() )
82 {
83 aResult.realloc( 4 );
84 aResult[0].Name = "algorithm-name";
85 aResult[0].Value <<= OUString( "PBKDF2" );
86 aResult[1].Name = "salt";
87 aResult[1].Value <<= aSalt;
88 aResult[2].Name = "iteration-count";
89 aResult[2].Value <<= nCount;
90 aResult[3].Name = "hash";
91 aResult[3].Value <<= aNewHash;
92 }
93
94 return aResult;
95 }
96
97 // ============================================================================
98 sal_Bool DocPasswordHelper::IsModifyPasswordCorrect( const OUString& aPassword, const uno::Sequence< beans::PropertyValue >& aInfo )
99 {
100 sal_Bool bResult = sal_False;
101 if ( !aPassword.isEmpty() && aInfo.getLength() )
102 {
103 OUString sAlgorithm;
104 uno::Sequence< sal_Int8 > aSalt;
105 uno::Sequence< sal_Int8 > aHash;
106 sal_Int32 nCount = 0;
107
108 for ( sal_Int32 nInd = 0; nInd < aInfo.getLength(); nInd++ )
109 {
110 if ( aInfo[nInd].Name == "algorithm-name" )
111 aInfo[nInd].Value >>= sAlgorithm;
112 else if ( aInfo[nInd].Name == "salt" )
113 aInfo[nInd].Value >>= aSalt;
114 else if ( aInfo[nInd].Name == "iteration-count" )
115 aInfo[nInd].Value >>= nCount;
116 else if ( aInfo[nInd].Name == "hash" )
117 aInfo[nInd].Value >>= aHash;
118 }
119
120 if ( sAlgorithm == "PBKDF2" && aSalt.getLength() && nCount > 0 && aHash.getLength() )
121 {
122 uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, aHash.getLength() );
123 for ( sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aHash.getLength() && aNewHash[nInd] == aHash[nInd]; nInd ++ )
124 {
125 if ( nInd == aNewHash.getLength() - 1 && nInd == aHash.getLength() - 1 )
126 bResult = sal_True;
127 }
128 }
129 }
130
131 return bResult;
132 }
133
134 // ============================================================================
135 sal_uInt32 DocPasswordHelper::GetWordHashAsUINT32(
136 const OUString& aUString )
137 {
138 static sal_uInt16 pInitialCode[] = {
139 0xE1F0, // 1
140 0x1D0F, // 2
141 0xCC9C, // 3
142 0x84C0, // 4
143 0x110C, // 5
144 0x0E10, // 6
145 0xF1CE, // 7
146 0x313E, // 8
147 0x1872, // 9
148 0xE139, // 10
149 0xD40F, // 11
150 0x84F9, // 12
151 0x280C, // 13
152 0xA96A, // 14
153 0x4EC3 // 15
154 };
155
156 static sal_uInt16 pEncryptionMatrix[15][7] = {
157 { 0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09}, // last-14
158 { 0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF}, // last-13
159 { 0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0}, // last-12
160 { 0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40}, // last-11
161 { 0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5}, // last-10
162 { 0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A}, // last-9
163 { 0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9}, // last-8
164 { 0x47D3, 0x8FA6, 0x8FA6, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0}, // last-7
165 { 0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC}, // last-6
166 { 0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10}, // last-5
167 { 0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168}, // last-4
168 { 0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C}, // last-3
169 { 0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD}, // last-2
170 { 0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC}, // last-1
171 { 0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4} // last
172 };
173
174 sal_uInt32 nResult = 0;
175 sal_uInt32 nLen = aUString.getLength();
176
177 if ( nLen )
178 {
179 if ( nLen > 15 )
180 nLen = 15;
181
182 sal_uInt16 nHighResult = pInitialCode[nLen - 1];
183 sal_uInt16 nLowResult = 0;
184
185 const sal_Unicode* pStr = aUString.getStr();
186 for ( sal_uInt32 nInd = 0; nInd < nLen; nInd++ )
187 {
188 // NO Encoding during conversion!
189 // The specification says that the low byte should be used in case it is not NULL
190 char nHighChar = (char)( pStr[nInd] >> 8 );
191 char nLowChar = (char)( pStr[nInd] & 0xFF );
192 char nChar = nLowChar ? nLowChar : nHighChar;
193
194 for ( int nMatrixInd = 0; nMatrixInd < 7; ++nMatrixInd )
195 {
196 if ( ( nChar & ( 1 << nMatrixInd ) ) != 0 )
197 nHighResult = nHighResult ^ pEncryptionMatrix[15 - nLen + nInd][nMatrixInd];
198 }
199
200 nLowResult = ( ( ( nLowResult >> 14 ) & 0x0001 ) | ( ( nLowResult << 1 ) & 0x7FFF ) ) ^ nChar;
201 }
202
203 nLowResult = (sal_uInt16)( ( ( ( nLowResult >> 14 ) & 0x001 ) | ( ( nLowResult << 1 ) & 0x7FF ) ) ^ nLen ^ 0xCE4B );
204
205 nResult = ( nHighResult << 16 ) | nLowResult;
206 }
207
208 return nResult;
209 }
210
211 // ============================================================================
212 sal_uInt16 DocPasswordHelper::GetXLHashAsUINT16(
213 const OUString& aUString,
214 rtl_TextEncoding nEnc )
215 {
216 sal_uInt16 nResult = 0;
217
218 OString aString = OUStringToOString( aUString, nEnc );
219
220 if ( !aString.isEmpty() && aString.getLength() <= SAL_MAX_UINT16 )
221 {
222 for ( sal_Int32 nInd = aString.getLength() - 1; nInd >= 0; nInd-- )
223 {
224 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
225 nResult ^= aString.getStr()[nInd];
226 }
227
228 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
229 nResult ^= ( 0x8000 | ( 'N' << 8 ) | 'K' );
230 nResult ^= aString.getLength();
231 }
232
233 return nResult;
234 }
235
236 // ============================================================================
237 Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
238 const OUString& aUString,
239 rtl_TextEncoding nEnc )
240 {
241 sal_uInt16 nHash = GetXLHashAsUINT16( aUString, nEnc );
242 Sequence< sal_Int8 > aResult( 2 );
243 aResult[0] = ( nHash >> 8 );
244 aResult[1] = ( nHash & 0xFF );
245
246 return aResult;
247 }
248
249 // ============================================================================
250 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateRandomByteSequence( sal_Int32 nLength )
251 {
252 uno::Sequence< sal_Int8 > aResult( nLength );
253
254 TimeValue aTime;
255 osl_getSystemTime( &aTime );
256 rtlRandomPool aRandomPool = rtl_random_createPool ();
257 rtl_random_addBytes ( aRandomPool, &aTime, 8 );
258 rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength );
259 rtl_random_destroyPool ( aRandomPool );
260
261 return aResult;
262 }
263
264
265 // ============================================================================
266 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const OUString& aPassword, const uno::Sequence< sal_Int8 >& aDocId )
267 {
268 uno::Sequence< sal_Int8 > aResultKey;
269 if ( !aPassword.isEmpty() && aDocId.getLength() == 16 )
270 {
271 sal_uInt16 pPassData[16];
272 memset( pPassData, 0, sizeof(pPassData) );
273
274 sal_Int32 nPassLen = ::std::min< sal_Int32 >( aPassword.getLength(), 15 );
275 memcpy( pPassData, aPassword.getStr(), nPassLen * sizeof(pPassData[0]) );
276
277 aResultKey = GenerateStd97Key( pPassData, aDocId );
278 }
279
280 return aResultKey;
281 }
282
283 // ============================================================================
284 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const uno::Sequence< sal_Int8 >& aDocId )
285 {
286 uno::Sequence< sal_Int8 > aResultKey;
287 if ( pPassData[0] && aDocId.getLength() == 16 )
288 {
289 sal_uInt8 pKeyData[64];
290 memset( pKeyData, 0, sizeof(pKeyData) );
291
292 sal_Int32 nInd = 0;
293
294 // Fill PassData into KeyData.
295 for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++)
296 {
297 pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff );
298 pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff );
299 }
300
301 pKeyData[2*nInd] = 0x80;
302 pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 );
303
304 // Fill raw digest of KeyData into KeyData.
305 rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 );
306 (void)rtl_digest_updateMD5 (
307 hDigest, pKeyData, sizeof(pKeyData));
308 (void)rtl_digest_rawMD5 (
309 hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5);
310
311 // Update digest with KeyData and Unique.
312 for ( nInd = 0; nInd < 16; nInd++ )
313 {
314 rtl_digest_updateMD5( hDigest, pKeyData, 5 );
315 rtl_digest_updateMD5( hDigest, (const sal_uInt8*)aDocId.getConstArray(), aDocId.getLength() );
316 }
317
318 // Update digest with padding.
319 pKeyData[16] = 0x80;
320 memset( pKeyData + 17, 0, sizeof(pKeyData) - 17 );
321 pKeyData[56] = 0x80;
322 pKeyData[57] = 0x0a;
323
324 rtl_digest_updateMD5( hDigest, &(pKeyData[16]), sizeof(pKeyData) - 16 );
325
326 // Fill raw digest of above updates
327 aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 );
328 rtl_digest_rawMD5 ( hDigest, (sal_uInt8*)aResultKey.getArray(), aResultKey.getLength() );
329
330 // Erase KeyData array and leave.
331 memset( pKeyData, 0, sizeof(pKeyData) );
332 }
333
334 return aResultKey;
335 }
336
337 // ============================================================================
338
339 /*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
340 IDocPasswordVerifier& rVerifier,
341 const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& rMediaEncData,
342 const OUString& rMediaPassword,
343 const Reference< XInteractionHandler >& rxInteractHandler,
344 const OUString& rDocumentName,
345 DocPasswordRequestType eRequestType,
346 const ::std::vector< OUString >* pDefaultPasswords,
347 bool* pbIsDefaultPassword )
348 {
349 ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > aEncData;
350 DocPasswordVerifierResult eResult = DocPasswordVerifierResult_WRONG_PASSWORD;
351
352 // first, try provided default passwords
353 if( pbIsDefaultPassword )
354 *pbIsDefaultPassword = false;
355 if( pDefaultPasswords )
356 {
357 for( ::std::vector< OUString >::const_iterator aIt = pDefaultPasswords->begin(), aEnd = pDefaultPasswords->end(); (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && (aIt != aEnd); ++aIt )
358 {
359 OSL_ENSURE( !aIt->isEmpty(), "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
360 if( !aIt->isEmpty() )
361 {
362 eResult = rVerifier.verifyPassword( *aIt, aEncData );
363 if( pbIsDefaultPassword )
364 *pbIsDefaultPassword = eResult == DocPasswordVerifierResult_OK;
365 }
366 }
367 }
368
369 // try media encryption data (skip, if result is OK or ABORT)
370 if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
371 {
372 if( rMediaEncData.getLength() > 0 )
373 {
374 eResult = rVerifier.verifyEncryptionData( rMediaEncData );
375 if( eResult == DocPasswordVerifierResult_OK )
376 aEncData = rMediaEncData;
377 }
378 }
379
380 // try media password (skip, if result is OK or ABORT)
381 if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
382 {
383 if( !rMediaPassword.isEmpty() )
384 eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
385 }
386
387 // request a password (skip, if result is OK or ABORT)
388 if( (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && rxInteractHandler.is() ) try
389 {
390 PasswordRequestMode eRequestMode = PasswordRequestMode_PASSWORD_ENTER;
391 while( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
392 {
393 DocPasswordRequest* pRequest = new DocPasswordRequest( eRequestType, eRequestMode, rDocumentName );
394 Reference< XInteractionRequest > xRequest( pRequest );
395 rxInteractHandler->handle( xRequest );
396 if( pRequest->isPassword() )
397 {
398 if( !pRequest->getPassword().isEmpty() )
399 eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
400 }
401 else
402 {
403 eResult = DocPasswordVerifierResult_ABORT;
404 }
405 eRequestMode = PasswordRequestMode_PASSWORD_REENTER;
406 }
407 }
408 catch( Exception& )
409 {
410 }
411
412 return (eResult == DocPasswordVerifierResult_OK) ? aEncData : uno::Sequence< beans::NamedValue >();
413 }
414
415 /*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
416 IDocPasswordVerifier& rVerifier,
417 MediaDescriptor& rMediaDesc,
418 DocPasswordRequestType eRequestType,
419 const ::std::vector< OUString >* pDefaultPasswords )
420 {
421 uno::Sequence< beans::NamedValue > aMediaEncData = rMediaDesc.getUnpackedValueOrDefault(
422 MediaDescriptor::PROP_ENCRYPTIONDATA(), uno::Sequence< beans::NamedValue >() );
423 OUString aMediaPassword = rMediaDesc.getUnpackedValueOrDefault(
424 MediaDescriptor::PROP_PASSWORD(), OUString() );
425 Reference< XInteractionHandler > xInteractHandler = rMediaDesc.getUnpackedValueOrDefault(
426 MediaDescriptor::PROP_INTERACTIONHANDLER(), Reference< XInteractionHandler >() );
427 OUString aDocumentName = rMediaDesc.getUnpackedValueOrDefault(
428 MediaDescriptor::PROP_URL(), OUString() );
429
430 bool bIsDefaultPassword = false;
431 uno::Sequence< beans::NamedValue > aEncryptionData = requestAndVerifyDocPassword(
432 rVerifier, aMediaEncData, aMediaPassword, xInteractHandler, aDocumentName, eRequestType, pDefaultPasswords, &bIsDefaultPassword );
433
434 rMediaDesc.erase( MediaDescriptor::PROP_PASSWORD() );
435 rMediaDesc.erase( MediaDescriptor::PROP_ENCRYPTIONDATA() );
436
437 // insert valid password into media descriptor (but not a default password)
438 if( (aEncryptionData.getLength() > 0) && !bIsDefaultPassword )
439 rMediaDesc[ MediaDescriptor::PROP_ENCRYPTIONDATA() ] <<= aEncryptionData;
440
441 return aEncryptionData;
442 }
443
444 // ============================================================================
445
446 } // namespace comphelper
447
448 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
FREE OFFICE SUITE