search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
CWS-TOOLING: integrate CWS os146
[LibreOffice.git] / comphelper / source / misc / docpasswordhelper.cxx
blob3c8d66bd57e40dccc5b168c3b93c3441869cfc87
1 /***********************************************************************
2 *
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * Copyright 2000, 2010 Oracle and/or its affiliates.
6 *
7 * OpenOffice.org - a multi-platform office productivity suite
8 *
9 * This file is part of OpenOffice.org.
10 *
11 * OpenOffice.org is free software: you can redistribute it and/or modify
12 * it under the terms of the GNU Lesser General Public License version 3
13 * only, as published by the Free Software Foundation.
14 *
15 * OpenOffice.org is distributed in the hope that it will be useful,
16 * but WITHOUT ANY WARRANTY; without even the implied warranty of
17 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18 * GNU Lesser General Public License version 3 for more details
19 * (a copy is included in the LICENSE file that accompanied this code).
20 *
21 * You should have received a copy of the GNU Lesser General Public License
22 * version 3 along with OpenOffice.org. If not, see
23 * <http://www.openoffice.org/license.html>
24 * for a copy of the LGPLv3 License.
25 *
26 ************************************************************************/
27
28 // MARKER(update_precomp.py): autogen include statement, do not remove
29 #include "precompiled_comphelper.hxx"
30
31 #include "comphelper/docpasswordhelper.hxx"
32 #include <com/sun/star/task/XInteractionHandler.hpp>
33 #include "comphelper/mediadescriptor.hxx"
34
35 #include <osl/time.h>
36 #include <rtl/digest.h>
37 #include <rtl/random.h>
38
39 using ::rtl::OUString;
40 using ::com::sun::star::uno::Sequence;
41 using ::com::sun::star::uno::Exception;
42 using ::com::sun::star::uno::Reference;
43 using ::com::sun::star::uno::UNO_SET_THROW;
44 using ::com::sun::star::task::PasswordRequestMode;
45 using ::com::sun::star::task::PasswordRequestMode_PASSWORD_ENTER;
46 using ::com::sun::star::task::PasswordRequestMode_PASSWORD_REENTER;
47 using ::com::sun::star::task::XInteractionHandler;
48 using ::com::sun::star::task::XInteractionRequest;
49
50 using namespace ::com::sun::star;
51
52 namespace comphelper {
53
54 // ============================================================================
55
56 static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash( const ::rtl::OUString& aPassword, const uno::Sequence< sal_Int8 >& aSalt, sal_Int32 nCount, sal_Int32 nHashLength )
57 {
58 uno::Sequence< sal_Int8 > aResult;
59
60 if ( aPassword.getLength() && aSalt.getLength() && nCount && nHashLength )
61 {
62 ::rtl::OString aBytePass = ::rtl::OUStringToOString( aPassword, RTL_TEXTENCODING_UTF8 );
63 aResult.realloc( 16 );
64 rtl_digest_PBKDF2( reinterpret_cast < sal_uInt8 * > ( aResult.getArray() ),
65 aResult.getLength(),
66 reinterpret_cast < const sal_uInt8 * > ( aBytePass.getStr() ),
67 aBytePass.getLength(),
68 reinterpret_cast < const sal_uInt8 * > ( aSalt.getConstArray() ),
69 aSalt.getLength(),
70 nCount );
71 }
72
73 return aResult;
74 }
75
76 // ============================================================================
77
78 IDocPasswordVerifier::~IDocPasswordVerifier()
79 {
80 }
81
82 // ============================================================================
83 uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswordInfo( const ::rtl::OUString& aPassword )
84 {
85 uno::Sequence< beans::PropertyValue > aResult;
86
87 uno::Sequence< sal_Int8 > aSalt = GenerateRandomByteSequence( 16 );
88 sal_Int32 nCount = 1024;
89
90 uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, 16 );
91 if ( aNewHash.getLength() )
92 {
93 aResult.realloc( 4 );
94 aResult[0].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "algorithm-name" ) );
95 aResult[0].Value <<= ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "PBKDF2" ) );
96 aResult[1].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "salt" ) );
97 aResult[1].Value <<= aSalt;
98 aResult[2].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "iteration-count" ) );
99 aResult[2].Value <<= nCount;
100 aResult[3].Name = ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "hash" ) );
101 aResult[3].Value <<= aNewHash;
102 }
103
104 return aResult;
105 }
106
107 // ============================================================================
108 sal_Bool DocPasswordHelper::IsModifyPasswordCorrect( const ::rtl::OUString& aPassword, const uno::Sequence< beans::PropertyValue >& aInfo )
109 {
110 sal_Bool bResult = sal_False;
111 if ( aPassword.getLength() && aInfo.getLength() )
112 {
113 ::rtl::OUString sAlgorithm;
114 uno::Sequence< sal_Int8 > aSalt;
115 uno::Sequence< sal_Int8 > aHash;
116 sal_Int32 nCount = 0;
117
118 for ( sal_Int32 nInd = 0; nInd < aInfo.getLength(); nInd++ )
119 {
120 if ( aInfo[nInd].Name.equals( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "algorithm-name" ) ) ) )
121 aInfo[nInd].Value >>= sAlgorithm;
122 else if ( aInfo[nInd].Name.equals( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "salt" ) ) ) )
123 aInfo[nInd].Value >>= aSalt;
124 else if ( aInfo[nInd].Name.equals( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "iteration-count" ) ) ) )
125 aInfo[nInd].Value >>= nCount;
126 else if ( aInfo[nInd].Name.equals( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "hash" ) ) ) )
127 aInfo[nInd].Value >>= aHash;
128 }
129
130 if ( sAlgorithm.equals( ::rtl::OUString( RTL_CONSTASCII_USTRINGPARAM( "PBKDF2" ) ) )
131 && aSalt.getLength() && nCount > 0 && aHash.getLength() )
132 {
133 uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, aHash.getLength() );
134 for ( sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aHash.getLength() && aNewHash[nInd] == aHash[nInd]; nInd ++ )
135 {
136 if ( nInd == aNewHash.getLength() - 1 && nInd == aHash.getLength() - 1 )
137 bResult = sal_True;
138 }
139 }
140 }
141
142 return bResult;
143 }
144
145 // ============================================================================
146 sal_uInt32 DocPasswordHelper::GetWordHashAsUINT32(
147 const ::rtl::OUString& aUString )
148 {
149 static sal_uInt16 pInitialCode[] = {
150 0xE1F0, // 1
151 0x1D0F, // 2
152 0xCC9C, // 3
153 0x84C0, // 4
154 0x110C, // 5
155 0x0E10, // 6
156 0xF1CE, // 7
157 0x313E, // 8
158 0x1872, // 9
159 0xE139, // 10
160 0xD40F, // 11
161 0x84F9, // 12
162 0x280C, // 13
163 0xA96A, // 14
164 0x4EC3 // 15
165 };
166
167 static sal_uInt16 pEncryptionMatrix[15][7] = {
168 { 0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09}, // last-14
169 { 0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF}, // last-13
170 { 0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0}, // last-12
171 { 0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40}, // last-11
172 { 0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5}, // last-10
173 { 0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A}, // last-9
174 { 0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9}, // last-8
175 { 0x47D3, 0x8FA6, 0x8FA6, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0}, // last-7
176 { 0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC}, // last-6
177 { 0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10}, // last-5
178 { 0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168}, // last-4
179 { 0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C}, // last-3
180 { 0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD}, // last-2
181 { 0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC}, // last-1
182 { 0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4} // last
183 };
184
185 sal_uInt32 nResult = 0;
186 sal_uInt32 nLen = aUString.getLength();
187
188 if ( nLen )
189 {
190 if ( nLen > 15 )
191 nLen = 15;
192
193 sal_uInt16 nHighResult = pInitialCode[nLen - 1];
194 sal_uInt16 nLowResult = 0;
195
196 const sal_Unicode* pStr = aUString.getStr();
197 for ( sal_uInt32 nInd = 0; nInd < nLen; nInd++ )
198 {
199 // NO Encoding during conversion!
200 // The specification says that the low byte should be used in case it is not NULL
201 char nHighChar = (char)( pStr[nInd] >> 8 );
202 char nLowChar = (char)( pStr[nInd] & 0xFF );
203 char nChar = nLowChar ? nLowChar : nHighChar;
204
205 for ( int nMatrixInd = 0; nMatrixInd < 7; ++nMatrixInd )
206 {
207 if ( ( nChar & ( 1 << nMatrixInd ) ) != 0 )
208 nHighResult = nHighResult ^ pEncryptionMatrix[15 - nLen + nInd][nMatrixInd];
209 }
210
211 nLowResult = ( ( ( nLowResult >> 14 ) & 0x0001 ) | ( ( nLowResult << 1 ) & 0x7FFF ) ) ^ nChar;
212 }
213
214 nLowResult = (sal_uInt16)( ( ( ( nLowResult >> 14 ) & 0x001 ) | ( ( nLowResult << 1 ) & 0x7FF ) ) ^ nLen ^ 0xCE4B );
215
216 nResult = ( nHighResult << 16 ) | nLowResult;
217 }
218
219 return nResult;
220 }
221
222 // ============================================================================
223 Sequence< sal_Int8 > DocPasswordHelper::GetWordHashAsSequence(
224 const ::rtl::OUString& aUString )
225 {
226 sal_uInt32 nHash = GetWordHashAsUINT32( aUString );
227 Sequence< sal_Int8 > aResult( 4 );
228 aResult[0] = ( nHash >> 24 );
229 aResult[1] = ( ( nHash >> 16 ) & 0xFF );
230 aResult[2] = ( ( nHash >> 8 ) & 0xFF );
231 aResult[3] = ( nHash & 0xFF );
232
233 return aResult;
234 }
235
236 // ============================================================================
237 sal_uInt16 DocPasswordHelper::GetXLHashAsUINT16(
238 const ::rtl::OUString& aUString,
239 rtl_TextEncoding nEnc )
240 {
241 sal_uInt16 nResult = 0;
242
243 ::rtl::OString aString = ::rtl::OUStringToOString( aUString, nEnc );
244
245 if ( aString.getLength() && aString.getLength() <= SAL_MAX_UINT16 )
246 {
247 for ( sal_Int32 nInd = aString.getLength() - 1; nInd >= 0; nInd-- )
248 {
249 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
250 nResult ^= aString.getStr()[nInd];
251 }
252
253 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
254 nResult ^= ( 0x8000 | ( 'N' << 8 ) | 'K' );
255 nResult ^= aString.getLength();
256 }
257
258 return nResult;
259 }
260
261 // ============================================================================
262 Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
263 const ::rtl::OUString& aUString,
264 rtl_TextEncoding nEnc )
265 {
266 sal_uInt16 nHash = GetXLHashAsUINT16( aUString, nEnc );
267 Sequence< sal_Int8 > aResult( 2 );
268 aResult[0] = ( nHash >> 8 );
269 aResult[1] = ( nHash & 0xFF );
270
271 return aResult;
272 }
273
274 // ============================================================================
275 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateRandomByteSequence( sal_Int32 nLength )
276 {
277 uno::Sequence< sal_Int8 > aResult( nLength );
278
279 TimeValue aTime;
280 osl_getSystemTime( &aTime );
281 rtlRandomPool aRandomPool = rtl_random_createPool ();
282 rtl_random_addBytes ( aRandomPool, &aTime, 8 );
283 rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength );
284 rtl_random_destroyPool ( aRandomPool );
285
286 return aResult;
287 }
288
289
290 // ============================================================================
291 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const ::rtl::OUString& aPassword, const uno::Sequence< sal_Int8 >& aDocId )
292 {
293 uno::Sequence< sal_Int8 > aResultKey;
294 if ( aPassword.getLength() && aDocId.getLength() == 16 )
295 {
296 sal_uInt16 pPassData[16];
297 rtl_zeroMemory( pPassData, sizeof(pPassData) );
298
299 sal_Int32 nPassLen = ::std::min< sal_Int32 >( aPassword.getLength(), 15 );
300 rtl_copyMemory( pPassData, aPassword.getStr(), nPassLen * sizeof(pPassData[0]) );
301
302 aResultKey = GenerateStd97Key( pPassData, aDocId );
303 }
304
305 return aResultKey;
306 }
307
308 // ============================================================================
309 /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const uno::Sequence< sal_Int8 >& aDocId )
310 {
311 uno::Sequence< sal_Int8 > aResultKey;
312 if ( pPassData[0] && aDocId.getLength() == 16 )
313 {
314 sal_uInt8 pKeyData[64];
315 rtl_zeroMemory( pKeyData, sizeof(pKeyData) );
316
317 sal_Int32 nInd = 0;
318
319 // Fill PassData into KeyData.
320 for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++)
321 {
322 pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff );
323 pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff );
324 }
325
326 pKeyData[2*nInd] = 0x80;
327 pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 );
328
329 // Fill raw digest of KeyData into KeyData.
330 rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 );
331 (void)rtl_digest_updateMD5 (
332 hDigest, pKeyData, sizeof(pKeyData));
333 (void)rtl_digest_rawMD5 (
334 hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5);
335
336 // Update digest with KeyData and Unique.
337 for ( nInd = 0; nInd < 16; nInd++ )
338 {
339 rtl_digest_updateMD5( hDigest, pKeyData, 5 );
340 rtl_digest_updateMD5( hDigest, (const sal_uInt8*)aDocId.getConstArray(), aDocId.getLength() );
341 }
342
343 // Update digest with padding.
344 pKeyData[16] = 0x80;
345 rtl_zeroMemory( pKeyData + 17, sizeof(pKeyData) - 17 );
346 pKeyData[56] = 0x80;
347 pKeyData[57] = 0x0a;
348
349 rtl_digest_updateMD5( hDigest, &(pKeyData[16]), sizeof(pKeyData) - 16 );
350
351 // Fill raw digest of above updates
352 aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 );
353 rtl_digest_rawMD5 ( hDigest, (sal_uInt8*)aResultKey.getArray(), aResultKey.getLength() );
354
355 // Erase KeyData array and leave.
356 rtl_zeroMemory( pKeyData, sizeof(pKeyData) );
357 }
358
359 return aResultKey;
360 }
361
362 // ============================================================================
363
364 /*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
365 IDocPasswordVerifier& rVerifier,
366 const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& rMediaEncData,
367 const OUString& rMediaPassword,
368 const Reference< XInteractionHandler >& rxInteractHandler,
369 const OUString& rDocumentName,
370 DocPasswordRequestType eRequestType,
371 const ::std::vector< OUString >* pDefaultPasswords,
372 bool* pbIsDefaultPassword )
373 {
374 ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > aEncData;
375 DocPasswordVerifierResult eResult = DocPasswordVerifierResult_WRONG_PASSWORD;
376
377 // first, try provided default passwords
378 if( pbIsDefaultPassword )
379 *pbIsDefaultPassword = false;
380 if( pDefaultPasswords )
381 {
382 for( ::std::vector< OUString >::const_iterator aIt = pDefaultPasswords->begin(), aEnd = pDefaultPasswords->end(); (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && (aIt != aEnd); ++aIt )
383 {
384 OSL_ENSURE( aIt->getLength() > 0, "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
385 if( aIt->getLength() > 0 )
386 {
387 eResult = rVerifier.verifyPassword( *aIt, aEncData );
388 if( pbIsDefaultPassword )
389 *pbIsDefaultPassword = eResult == DocPasswordVerifierResult_OK;
390 }
391 }
392 }
393
394 // try media encryption data (skip, if result is OK or ABORT)
395 if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
396 {
397 if( rMediaEncData.getLength() > 0 )
398 {
399 eResult = rVerifier.verifyEncryptionData( rMediaEncData );
400 if( eResult == DocPasswordVerifierResult_OK )
401 aEncData = rMediaEncData;
402 }
403 }
404
405 // try media password (skip, if result is OK or ABORT)
406 if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
407 {
408 if( rMediaPassword.getLength() > 0 )
409 eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
410 }
411
412 // request a password (skip, if result is OK or ABORT)
413 if( (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && rxInteractHandler.is() ) try
414 {
415 PasswordRequestMode eRequestMode = PasswordRequestMode_PASSWORD_ENTER;
416 while( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
417 {
418 DocPasswordRequest* pRequest = new DocPasswordRequest( eRequestType, eRequestMode, rDocumentName );
419 Reference< XInteractionRequest > xRequest( pRequest );
420 rxInteractHandler->handle( xRequest );
421 if( pRequest->isPassword() )
422 {
423 if( pRequest->getPassword().getLength() > 0 )
424 eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
425 }
426 else
427 {
428 eResult = DocPasswordVerifierResult_ABORT;
429 }
430 eRequestMode = PasswordRequestMode_PASSWORD_REENTER;
431 }
432 }
433 catch( Exception& )
434 {
435 }
436
437 return (eResult == DocPasswordVerifierResult_OK) ? aEncData : uno::Sequence< beans::NamedValue >();
438 }
439
440 /*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
441 IDocPasswordVerifier& rVerifier,
442 MediaDescriptor& rMediaDesc,
443 DocPasswordRequestType eRequestType,
444 const ::std::vector< OUString >* pDefaultPasswords )
445 {
446 uno::Sequence< beans::NamedValue > aMediaEncData = rMediaDesc.getUnpackedValueOrDefault(
447 MediaDescriptor::PROP_ENCRYPTIONDATA(), uno::Sequence< beans::NamedValue >() );
448 OUString aMediaPassword = rMediaDesc.getUnpackedValueOrDefault(
449 MediaDescriptor::PROP_PASSWORD(), OUString() );
450 Reference< XInteractionHandler > xInteractHandler = rMediaDesc.getUnpackedValueOrDefault(
451 MediaDescriptor::PROP_INTERACTIONHANDLER(), Reference< XInteractionHandler >() );
452 OUString aDocumentName = rMediaDesc.getUnpackedValueOrDefault(
453 MediaDescriptor::PROP_URL(), OUString() );
454
455 bool bIsDefaultPassword = false;
456 uno::Sequence< beans::NamedValue > aEncryptionData = requestAndVerifyDocPassword(
457 rVerifier, aMediaEncData, aMediaPassword, xInteractHandler, aDocumentName, eRequestType, pDefaultPasswords, &bIsDefaultPassword );
458
459 rMediaDesc.erase( MediaDescriptor::PROP_PASSWORD() );
460 rMediaDesc.erase( MediaDescriptor::PROP_ENCRYPTIONDATA() );
461
462 // insert valid password into media descriptor (but not a default password)
463 if( (aEncryptionData.getLength() > 0) && !bIsDefaultPassword )
464 rMediaDesc[ MediaDescriptor::PROP_ENCRYPTIONDATA() ] <<= aEncryptionData;
465
466 return aEncryptionData;
467 }
468
469 // ============================================================================
470
471 } // namespace comphelper
472
FREE OFFICE SUITE