LCOV - code coverage report
Current view: top level - comphelper/source/misc - docpasswordhelper.cxx (source / functions) Hit Total Coverage
Test: commit e02a6cb2c3e2b23b203b422e4e0680877f232636 Lines: 0 171 0.0 %
Date: 2014-04-14 Functions: 0 13 0.0 %
Legend: Lines: hit not hit

          Line data    Source code
       1             : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
       2             : /*
       3             :  * This file is part of the LibreOffice project.
       4             :  *
       5             :  * This Source Code Form is subject to the terms of the Mozilla Public
       6             :  * License, v. 2.0. If a copy of the MPL was not distributed with this
       7             :  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
       8             :  *
       9             :  * This file incorporates work covered by the following license notice:
      10             :  *
      11             :  *   Licensed to the Apache Software Foundation (ASF) under one or more
      12             :  *   contributor license agreements. See the NOTICE file distributed
      13             :  *   with this work for additional information regarding copyright
      14             :  *   ownership. The ASF licenses this file to you under the Apache
      15             :  *   License, Version 2.0 (the "License"); you may not use this file
      16             :  *   except in compliance with the License. You may obtain a copy of
      17             :  *   the License at http://www.apache.org/licenses/LICENSE-2.0 .
      18             :  */
      19             : 
      20             : 
      21             : #include "comphelper/docpasswordhelper.hxx"
      22             : #include <com/sun/star/beans/PropertyValue.hpp>
      23             : #include <com/sun/star/task/XInteractionHandler.hpp>
      24             : 
      25             : #include <osl/time.h>
      26             : #include <rtl/digest.h>
      27             : #include <rtl/random.h>
      28             : #include <string.h>
      29             : 
      30             : using ::com::sun::star::uno::Sequence;
      31             : using ::com::sun::star::uno::Exception;
      32             : using ::com::sun::star::uno::Reference;
      33             : using ::com::sun::star::uno::UNO_SET_THROW;
      34             : using ::com::sun::star::task::PasswordRequestMode;
      35             : using ::com::sun::star::task::PasswordRequestMode_PASSWORD_ENTER;
      36             : using ::com::sun::star::task::PasswordRequestMode_PASSWORD_REENTER;
      37             : using ::com::sun::star::task::XInteractionHandler;
      38             : using ::com::sun::star::task::XInteractionRequest;
      39             : 
      40             : using namespace ::com::sun::star;
      41             : 
      42             : namespace comphelper {
      43             : 
      44             : 
      45             : 
      46           0 : static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash( const OUString& aPassword, const uno::Sequence< sal_Int8 >& aSalt, sal_Int32 nCount, sal_Int32 nHashLength )
      47             : {
      48           0 :     uno::Sequence< sal_Int8 > aResult;
      49             : 
      50           0 :     if ( !aPassword.isEmpty() && aSalt.getLength() && nCount && nHashLength )
      51             :     {
      52           0 :         OString aBytePass = OUStringToOString( aPassword, RTL_TEXTENCODING_UTF8 );
      53           0 :         aResult.realloc( 16 );
      54           0 :         rtl_digest_PBKDF2( reinterpret_cast < sal_uInt8 * > ( aResult.getArray() ),
      55           0 :                            aResult.getLength(),
      56           0 :                            reinterpret_cast < const sal_uInt8 * > ( aBytePass.getStr() ),
      57           0 :                            aBytePass.getLength(),
      58           0 :                            reinterpret_cast < const sal_uInt8 * > ( aSalt.getConstArray() ),
      59           0 :                            aSalt.getLength(),
      60           0 :                            nCount );
      61             :     }
      62             : 
      63           0 :     return aResult;
      64             : }
      65             : 
      66             : 
      67             : 
      68           0 : IDocPasswordVerifier::~IDocPasswordVerifier()
      69             : {
      70           0 : }
      71             : 
      72             : 
      73           0 : uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswordInfo( const OUString& aPassword )
      74             : {
      75           0 :     uno::Sequence< beans::PropertyValue > aResult;
      76             : 
      77           0 :     uno::Sequence< sal_Int8 > aSalt = GenerateRandomByteSequence( 16 );
      78           0 :     sal_Int32 nCount = 1024;
      79             : 
      80           0 :     uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, 16 );
      81           0 :     if ( aNewHash.getLength() )
      82             :     {
      83           0 :         aResult.realloc( 4 );
      84           0 :         aResult[0].Name = "algorithm-name";
      85           0 :         aResult[0].Value <<= OUString( "PBKDF2" );
      86           0 :         aResult[1].Name = "salt";
      87           0 :         aResult[1].Value <<= aSalt;
      88           0 :         aResult[2].Name = "iteration-count";
      89           0 :         aResult[2].Value <<= nCount;
      90           0 :         aResult[3].Name = "hash";
      91           0 :         aResult[3].Value <<= aNewHash;
      92             :     }
      93             : 
      94           0 :     return aResult;
      95             : }
      96             : 
      97             : 
      98           0 : bool DocPasswordHelper::IsModifyPasswordCorrect( const OUString& aPassword, const uno::Sequence< beans::PropertyValue >& aInfo )
      99             : {
     100           0 :     bool bResult = false;
     101           0 :     if ( !aPassword.isEmpty() && aInfo.getLength() )
     102             :     {
     103           0 :         OUString sAlgorithm;
     104           0 :         uno::Sequence< sal_Int8 > aSalt;
     105           0 :         uno::Sequence< sal_Int8 > aHash;
     106           0 :         sal_Int32 nCount = 0;
     107             : 
     108           0 :         for ( sal_Int32 nInd = 0; nInd < aInfo.getLength(); nInd++ )
     109             :         {
     110           0 :             if ( aInfo[nInd].Name == "algorithm-name" )
     111           0 :                 aInfo[nInd].Value >>= sAlgorithm;
     112           0 :             else if ( aInfo[nInd].Name == "salt" )
     113           0 :                 aInfo[nInd].Value >>= aSalt;
     114           0 :             else if ( aInfo[nInd].Name == "iteration-count" )
     115           0 :                 aInfo[nInd].Value >>= nCount;
     116           0 :             else if ( aInfo[nInd].Name == "hash" )
     117           0 :                 aInfo[nInd].Value >>= aHash;
     118             :         }
     119             : 
     120           0 :         if ( sAlgorithm == "PBKDF2" && aSalt.getLength() && nCount > 0 && aHash.getLength() )
     121             :         {
     122           0 :             uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, aHash.getLength() );
     123           0 :             for ( sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aHash.getLength() && aNewHash[nInd] == aHash[nInd]; nInd ++ )
     124             :             {
     125           0 :                 if ( nInd == aNewHash.getLength() - 1 && nInd == aHash.getLength() - 1 )
     126           0 :                     bResult = true;
     127           0 :             }
     128           0 :         }
     129             :     }
     130             : 
     131           0 :     return bResult;
     132             : }
     133             : 
     134             : 
     135           0 : sal_uInt32 DocPasswordHelper::GetWordHashAsUINT32(
     136             :                 const OUString& aUString )
     137             : {
     138             :     static const sal_uInt16 pInitialCode[] = {
     139             :         0xE1F0, // 1
     140             :         0x1D0F, // 2
     141             :         0xCC9C, // 3
     142             :         0x84C0, // 4
     143             :         0x110C, // 5
     144             :         0x0E10, // 6
     145             :         0xF1CE, // 7
     146             :         0x313E, // 8
     147             :         0x1872, // 9
     148             :         0xE139, // 10
     149             :         0xD40F, // 11
     150             :         0x84F9, // 12
     151             :         0x280C, // 13
     152             :         0xA96A, // 14
     153             :         0x4EC3  // 15
     154             :     };
     155             : 
     156             :     static const sal_uInt16 pEncryptionMatrix[15][7] = {
     157             :         { 0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09}, // last-14
     158             :         { 0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF}, // last-13
     159             :         { 0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0}, // last-12
     160             :         { 0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40}, // last-11
     161             :         { 0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5}, // last-10
     162             :         { 0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A}, // last-9
     163             :         { 0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9}, // last-8
     164             :         { 0x47D3, 0x8FA6, 0x8FA6, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0}, // last-7
     165             :         { 0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC}, // last-6
     166             :         { 0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10}, // last-5
     167             :         { 0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168}, // last-4
     168             :         { 0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C}, // last-3
     169             :         { 0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD}, // last-2
     170             :         { 0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC}, // last-1
     171             :         { 0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4}  // last
     172             :     };
     173             : 
     174           0 :     sal_uInt32 nResult = 0;
     175           0 :     sal_uInt32 nLen = aUString.getLength();
     176             : 
     177           0 :     if ( nLen )
     178             :     {
     179           0 :         if ( nLen > 15 )
     180           0 :             nLen = 15;
     181             : 
     182           0 :         sal_uInt16 nHighResult = pInitialCode[nLen - 1];
     183           0 :         sal_uInt16 nLowResult = 0;
     184             : 
     185           0 :         const sal_Unicode* pStr = aUString.getStr();
     186           0 :         for ( sal_uInt32 nInd = 0; nInd < nLen; nInd++ )
     187             :         {
     188             :             // NO Encoding during conversion!
     189             :             // The specification says that the low byte should be used in case it is not NULL
     190           0 :             char nHighChar = (char)( pStr[nInd] >> 8 );
     191           0 :             char nLowChar = (char)( pStr[nInd] & 0xFF );
     192           0 :             char nChar = nLowChar ? nLowChar : nHighChar;
     193             : 
     194           0 :             for ( int nMatrixInd = 0; nMatrixInd < 7; ++nMatrixInd )
     195             :             {
     196           0 :                 if ( ( nChar & ( 1 << nMatrixInd ) ) != 0 )
     197           0 :                     nHighResult = nHighResult ^ pEncryptionMatrix[15 - nLen + nInd][nMatrixInd];
     198             :             }
     199             : 
     200           0 :             nLowResult = ( ( ( nLowResult >> 14 ) & 0x0001 ) | ( ( nLowResult << 1 ) & 0x7FFF ) ) ^ nChar;
     201             :         }
     202             : 
     203           0 :         nLowResult = (sal_uInt16)( ( ( ( nLowResult >> 14 ) & 0x001 ) | ( ( nLowResult << 1 ) & 0x7FF ) ) ^ nLen ^ 0xCE4B );
     204             : 
     205           0 :         nResult = ( nHighResult << 16 ) | nLowResult;
     206             :     }
     207             : 
     208           0 :     return nResult;
     209             : }
     210             : 
     211             : 
     212           0 : sal_uInt16 DocPasswordHelper::GetXLHashAsUINT16(
     213             :                 const OUString& aUString,
     214             :                 rtl_TextEncoding nEnc )
     215             : {
     216           0 :     sal_uInt16 nResult = 0;
     217             : 
     218           0 :     OString aString = OUStringToOString( aUString, nEnc );
     219             : 
     220           0 :     if ( !aString.isEmpty() && aString.getLength() <= SAL_MAX_UINT16 )
     221             :     {
     222           0 :         for ( sal_Int32 nInd = aString.getLength() - 1; nInd >= 0; nInd-- )
     223             :         {
     224           0 :             nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
     225           0 :             nResult ^= aString[nInd];
     226             :         }
     227             : 
     228           0 :         nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
     229           0 :         nResult ^= ( 0x8000 | ( 'N' << 8 ) | 'K' );
     230           0 :         nResult ^= aString.getLength();
     231             :     }
     232             : 
     233           0 :     return nResult;
     234             : }
     235             : 
     236             : 
     237           0 : Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
     238             :                 const OUString& aUString,
     239             :                 rtl_TextEncoding nEnc )
     240             : {
     241           0 :     sal_uInt16 nHash = GetXLHashAsUINT16( aUString, nEnc );
     242           0 :     Sequence< sal_Int8 > aResult( 2 );
     243           0 :     aResult[0] = ( nHash >> 8 );
     244           0 :     aResult[1] = ( nHash & 0xFF );
     245             : 
     246           0 :     return aResult;
     247             : }
     248             : 
     249             : 
     250           0 : /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateRandomByteSequence( sal_Int32 nLength )
     251             : {
     252           0 :     uno::Sequence< sal_Int8 > aResult( nLength );
     253             : 
     254             :     TimeValue aTime;
     255           0 :     osl_getSystemTime( &aTime );
     256           0 :     rtlRandomPool aRandomPool = rtl_random_createPool ();
     257           0 :     rtl_random_addBytes ( aRandomPool, &aTime, 8 );
     258           0 :     rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength );
     259           0 :     rtl_random_destroyPool ( aRandomPool );
     260             : 
     261           0 :     return aResult;
     262             : }
     263             : 
     264             : 
     265             : 
     266           0 : /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const OUString& aPassword, const uno::Sequence< sal_Int8 >& aDocId )
     267             : {
     268           0 :     uno::Sequence< sal_Int8 > aResultKey;
     269           0 :     if ( !aPassword.isEmpty() && aDocId.getLength() == 16 )
     270             :     {
     271             :         sal_uInt16 pPassData[16];
     272           0 :         memset( pPassData, 0, sizeof(pPassData) );
     273             : 
     274           0 :         sal_Int32 nPassLen = ::std::min< sal_Int32 >( aPassword.getLength(), 15 );
     275           0 :         memcpy( pPassData, aPassword.getStr(), nPassLen * sizeof(pPassData[0]) );
     276             : 
     277           0 :         aResultKey = GenerateStd97Key( pPassData, aDocId );
     278             :     }
     279             : 
     280           0 :     return aResultKey;
     281             : }
     282             : 
     283             : 
     284           0 : /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const uno::Sequence< sal_Int8 >& aDocId )
     285             : {
     286           0 :     uno::Sequence< sal_Int8 > aResultKey;
     287             : 
     288           0 :     if ( aDocId.getLength() == 16 )
     289           0 :         aResultKey = GenerateStd97Key(pPassData, (const sal_uInt8*)aDocId.getConstArray());
     290             : 
     291           0 :     return aResultKey;
     292             : }
     293             : 
     294             : 
     295           0 : /*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const sal_uInt8 pDocId[16] )
     296             : {
     297           0 :     uno::Sequence< sal_Int8 > aResultKey;
     298           0 :     if ( pPassData[0] )
     299             :     {
     300             :         sal_uInt8 pKeyData[64];
     301           0 :         memset( pKeyData, 0, sizeof(pKeyData) );
     302             : 
     303           0 :         sal_Int32 nInd = 0;
     304             : 
     305             :         // Fill PassData into KeyData.
     306           0 :         for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++)
     307             :         {
     308           0 :             pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff );
     309           0 :             pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff );
     310             :         }
     311             : 
     312           0 :         pKeyData[2*nInd] = 0x80;
     313           0 :         pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 );
     314             : 
     315             :         // Fill raw digest of KeyData into KeyData.
     316           0 :         rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 );
     317             :         (void)rtl_digest_updateMD5 (
     318           0 :             hDigest, pKeyData, sizeof(pKeyData));
     319             :         (void)rtl_digest_rawMD5 (
     320           0 :             hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5);
     321             : 
     322             :         // Update digest with KeyData and Unique.
     323           0 :         for ( nInd = 0; nInd < 16; nInd++ )
     324             :         {
     325           0 :             rtl_digest_updateMD5( hDigest, pKeyData, 5 );
     326           0 :             rtl_digest_updateMD5( hDigest, pDocId, 16 );
     327             :         }
     328             : 
     329             :         // Update digest with padding.
     330           0 :         pKeyData[16] = 0x80;
     331           0 :         memset( pKeyData + 17, 0, sizeof(pKeyData) - 17 );
     332           0 :         pKeyData[56] = 0x80;
     333           0 :         pKeyData[57] = 0x0a;
     334             : 
     335           0 :         rtl_digest_updateMD5( hDigest, &(pKeyData[16]), sizeof(pKeyData) - 16 );
     336             : 
     337             :         // Fill raw digest of above updates
     338           0 :         aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 );
     339           0 :         rtl_digest_rawMD5 ( hDigest, (sal_uInt8*)aResultKey.getArray(), aResultKey.getLength() );
     340             : 
     341             :         // Erase KeyData array and leave.
     342           0 :         memset( pKeyData, 0, sizeof(pKeyData) );
     343             :     }
     344             : 
     345           0 :     return aResultKey;
     346             : }
     347             : 
     348             : 
     349             : 
     350             : 
     351           0 : /*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
     352             :         IDocPasswordVerifier& rVerifier,
     353             :         const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& rMediaEncData,
     354             :         const OUString& rMediaPassword,
     355             :         const Reference< XInteractionHandler >& rxInteractHandler,
     356             :         const OUString& rDocumentName,
     357             :         DocPasswordRequestType eRequestType,
     358             :         const ::std::vector< OUString >* pDefaultPasswords,
     359             :         bool* pbIsDefaultPassword )
     360             : {
     361           0 :     ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > aEncData;
     362           0 :     DocPasswordVerifierResult eResult = DocPasswordVerifierResult_WRONG_PASSWORD;
     363             : 
     364             :     // first, try provided default passwords
     365           0 :     if( pbIsDefaultPassword )
     366           0 :         *pbIsDefaultPassword = false;
     367           0 :     if( pDefaultPasswords )
     368             :     {
     369           0 :         for( ::std::vector< OUString >::const_iterator aIt = pDefaultPasswords->begin(), aEnd = pDefaultPasswords->end(); (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && (aIt != aEnd); ++aIt )
     370             :         {
     371             :             OSL_ENSURE( !aIt->isEmpty(), "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
     372           0 :             if( !aIt->isEmpty() )
     373             :             {
     374           0 :                 eResult = rVerifier.verifyPassword( *aIt, aEncData );
     375           0 :                 if( pbIsDefaultPassword )
     376           0 :                     *pbIsDefaultPassword = eResult == DocPasswordVerifierResult_OK;
     377             :             }
     378             :         }
     379             :     }
     380             : 
     381             :     // try media encryption data (skip, if result is OK or ABORT)
     382           0 :     if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
     383             :     {
     384           0 :         if( rMediaEncData.getLength() > 0 )
     385             :         {
     386           0 :             eResult = rVerifier.verifyEncryptionData( rMediaEncData );
     387           0 :             if( eResult == DocPasswordVerifierResult_OK )
     388           0 :                 aEncData = rMediaEncData;
     389             :         }
     390             :     }
     391             : 
     392             :     // try media password (skip, if result is OK or ABORT)
     393           0 :     if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
     394             :     {
     395           0 :         if( !rMediaPassword.isEmpty() )
     396           0 :             eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
     397             :     }
     398             : 
     399             :     // request a password (skip, if result is OK or ABORT)
     400           0 :     if( (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && rxInteractHandler.is() ) try
     401             :     {
     402           0 :         PasswordRequestMode eRequestMode = PasswordRequestMode_PASSWORD_ENTER;
     403           0 :         while( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
     404             :         {
     405           0 :             DocPasswordRequest* pRequest = new DocPasswordRequest( eRequestType, eRequestMode, rDocumentName );
     406           0 :             Reference< XInteractionRequest > xRequest( pRequest );
     407           0 :             rxInteractHandler->handle( xRequest );
     408           0 :             if( pRequest->isPassword() )
     409             :             {
     410           0 :                 if( !pRequest->getPassword().isEmpty() )
     411           0 :                     eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
     412             :             }
     413             :             else
     414             :             {
     415           0 :                 eResult = DocPasswordVerifierResult_ABORT;
     416             :             }
     417           0 :             eRequestMode = PasswordRequestMode_PASSWORD_REENTER;
     418           0 :         }
     419             :     }
     420           0 :     catch( Exception& )
     421             :     {
     422             :     }
     423             : 
     424           0 :     return (eResult == DocPasswordVerifierResult_OK) ? aEncData : uno::Sequence< beans::NamedValue >();
     425             : }
     426             : 
     427             : } // namespace comphelper
     428             : 
     429             : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */

Generated by: LCOV version 1.10