summaryrefslogtreecommitdiff
path: root/comphelper/source/misc/docpasswordhelper.cxx
diff options
context:
space:
mode:
Diffstat (limited to 'comphelper/source/misc/docpasswordhelper.cxx')
-rw-r--r--comphelper/source/misc/docpasswordhelper.cxx152
1 files changed, 122 insertions, 30 deletions
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx
index 37941352ae28..3c8d66bd57e4 100644
--- a/comphelper/source/misc/docpasswordhelper.cxx
+++ b/comphelper/source/misc/docpasswordhelper.cxx
@@ -84,16 +84,9 @@ uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswo
{
uno::Sequence< beans::PropertyValue > aResult;
- uno::Sequence< sal_Int8 > aSalt( 16 );
+ uno::Sequence< sal_Int8 > aSalt = GenerateRandomByteSequence( 16 );
sal_Int32 nCount = 1024;
- TimeValue aTime;
- osl_getSystemTime( &aTime );
- rtlRandomPool aRandomPool = rtl_random_createPool ();
- rtl_random_addBytes ( aRandomPool, &aTime, 8 );
-
- rtl_random_getBytes ( aRandomPool, aSalt.getArray(), 16 );
-
uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, 16 );
if ( aNewHash.getLength() )
{
@@ -108,9 +101,6 @@ uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswo
aResult[3].Value <<= aNewHash;
}
- // Clean up random pool memory
- rtl_random_destroyPool ( aRandomPool );
-
return aResult;
}
@@ -282,9 +272,98 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
}
// ============================================================================
+/*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateRandomByteSequence( sal_Int32 nLength )
+{
+ uno::Sequence< sal_Int8 > aResult( nLength );
+
+ TimeValue aTime;
+ osl_getSystemTime( &aTime );
+ rtlRandomPool aRandomPool = rtl_random_createPool ();
+ rtl_random_addBytes ( aRandomPool, &aTime, 8 );
+ rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength );
+ rtl_random_destroyPool ( aRandomPool );
-/*static*/ OUString DocPasswordHelper::requestAndVerifyDocPassword(
+ return aResult;
+}
+
+
+// ============================================================================
+/*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const ::rtl::OUString& aPassword, const uno::Sequence< sal_Int8 >& aDocId )
+{
+ uno::Sequence< sal_Int8 > aResultKey;
+ if ( aPassword.getLength() && aDocId.getLength() == 16 )
+ {
+ sal_uInt16 pPassData[16];
+ rtl_zeroMemory( pPassData, sizeof(pPassData) );
+
+ sal_Int32 nPassLen = ::std::min< sal_Int32 >( aPassword.getLength(), 15 );
+ rtl_copyMemory( pPassData, aPassword.getStr(), nPassLen * sizeof(pPassData[0]) );
+
+ aResultKey = GenerateStd97Key( pPassData, aDocId );
+ }
+
+ return aResultKey;
+}
+
+// ============================================================================
+/*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const uno::Sequence< sal_Int8 >& aDocId )
+{
+ uno::Sequence< sal_Int8 > aResultKey;
+ if ( pPassData[0] && aDocId.getLength() == 16 )
+ {
+ sal_uInt8 pKeyData[64];
+ rtl_zeroMemory( pKeyData, sizeof(pKeyData) );
+
+ sal_Int32 nInd = 0;
+
+ // Fill PassData into KeyData.
+ for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++)
+ {
+ pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff );
+ pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff );
+ }
+
+ pKeyData[2*nInd] = 0x80;
+ pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 );
+
+ // Fill raw digest of KeyData into KeyData.
+ rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 );
+ (void)rtl_digest_updateMD5 (
+ hDigest, pKeyData, sizeof(pKeyData));
+ (void)rtl_digest_rawMD5 (
+ hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5);
+
+ // Update digest with KeyData and Unique.
+ for ( nInd = 0; nInd < 16; nInd++ )
+ {
+ rtl_digest_updateMD5( hDigest, pKeyData, 5 );
+ rtl_digest_updateMD5( hDigest, (const sal_uInt8*)aDocId.getConstArray(), aDocId.getLength() );
+ }
+
+ // Update digest with padding.
+ pKeyData[16] = 0x80;
+ rtl_zeroMemory( pKeyData + 17, sizeof(pKeyData) - 17 );
+ pKeyData[56] = 0x80;
+ pKeyData[57] = 0x0a;
+
+ rtl_digest_updateMD5( hDigest, &(pKeyData[16]), sizeof(pKeyData) - 16 );
+
+ // Fill raw digest of above updates
+ aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 );
+ rtl_digest_rawMD5 ( hDigest, (sal_uInt8*)aResultKey.getArray(), aResultKey.getLength() );
+
+ // Erase KeyData array and leave.
+ rtl_zeroMemory( pKeyData, sizeof(pKeyData) );
+ }
+
+ return aResultKey;
+}
+
+// ============================================================================
+
+/*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
IDocPasswordVerifier& rVerifier,
+ const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& rMediaEncData,
const OUString& rMediaPassword,
const Reference< XInteractionHandler >& rxInteractHandler,
const OUString& rDocumentName,
@@ -292,7 +371,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
const ::std::vector< OUString >* pDefaultPasswords,
bool* pbIsDefaultPassword )
{
- OUString aPassword;
+ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > aEncData;
DocPasswordVerifierResult eResult = DocPasswordVerifierResult_WRONG_PASSWORD;
// first, try provided default passwords
@@ -302,23 +381,32 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
{
for( ::std::vector< OUString >::const_iterator aIt = pDefaultPasswords->begin(), aEnd = pDefaultPasswords->end(); (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && (aIt != aEnd); ++aIt )
{
- aPassword = *aIt;
- OSL_ENSURE( aPassword.getLength() > 0, "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
- if( aPassword.getLength() > 0 )
+ OSL_ENSURE( aIt->getLength() > 0, "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
+ if( aIt->getLength() > 0 )
{
- eResult = rVerifier.verifyPassword( aPassword );
+ eResult = rVerifier.verifyPassword( *aIt, aEncData );
if( pbIsDefaultPassword )
*pbIsDefaultPassword = eResult == DocPasswordVerifierResult_OK;
}
}
}
+ // try media encryption data (skip, if result is OK or ABORT)
+ if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
+ {
+ if( rMediaEncData.getLength() > 0 )
+ {
+ eResult = rVerifier.verifyEncryptionData( rMediaEncData );
+ if( eResult == DocPasswordVerifierResult_OK )
+ aEncData = rMediaEncData;
+ }
+ }
+
// try media password (skip, if result is OK or ABORT)
if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD )
{
- aPassword = rMediaPassword;
- if( aPassword.getLength() > 0 )
- eResult = rVerifier.verifyPassword( aPassword );
+ if( rMediaPassword.getLength() > 0 )
+ eResult = rVerifier.verifyPassword( rMediaPassword, aEncData );
}
// request a password (skip, if result is OK or ABORT)
@@ -332,9 +420,8 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
rxInteractHandler->handle( xRequest );
if( pRequest->isPassword() )
{
- aPassword = pRequest->getPassword();
- if( aPassword.getLength() > 0 )
- eResult = rVerifier.verifyPassword( aPassword );
+ if( pRequest->getPassword().getLength() > 0 )
+ eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData );
}
else
{
@@ -347,15 +434,17 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
{
}
- return (eResult == DocPasswordVerifierResult_OK) ? aPassword : OUString();
+ return (eResult == DocPasswordVerifierResult_OK) ? aEncData : uno::Sequence< beans::NamedValue >();
}
-/*static*/ OUString DocPasswordHelper::requestAndVerifyDocPassword(
+/*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword(
IDocPasswordVerifier& rVerifier,
MediaDescriptor& rMediaDesc,
DocPasswordRequestType eRequestType,
const ::std::vector< OUString >* pDefaultPasswords )
{
+ uno::Sequence< beans::NamedValue > aMediaEncData = rMediaDesc.getUnpackedValueOrDefault(
+ MediaDescriptor::PROP_ENCRYPTIONDATA(), uno::Sequence< beans::NamedValue >() );
OUString aMediaPassword = rMediaDesc.getUnpackedValueOrDefault(
MediaDescriptor::PROP_PASSWORD(), OUString() );
Reference< XInteractionHandler > xInteractHandler = rMediaDesc.getUnpackedValueOrDefault(
@@ -364,14 +453,17 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence(
MediaDescriptor::PROP_URL(), OUString() );
bool bIsDefaultPassword = false;
- OUString aPassword = requestAndVerifyDocPassword(
- rVerifier, aMediaPassword, xInteractHandler, aDocumentName, eRequestType, pDefaultPasswords, &bIsDefaultPassword );
+ uno::Sequence< beans::NamedValue > aEncryptionData = requestAndVerifyDocPassword(
+ rVerifier, aMediaEncData, aMediaPassword, xInteractHandler, aDocumentName, eRequestType, pDefaultPasswords, &bIsDefaultPassword );
+
+ rMediaDesc.erase( MediaDescriptor::PROP_PASSWORD() );
+ rMediaDesc.erase( MediaDescriptor::PROP_ENCRYPTIONDATA() );
// insert valid password into media descriptor (but not a default password)
- if( (aPassword.getLength() > 0) && !bIsDefaultPassword )
- rMediaDesc[ MediaDescriptor::PROP_PASSWORD() ] <<= aPassword;
+ if( (aEncryptionData.getLength() > 0) && !bIsDefaultPassword )
+ rMediaDesc[ MediaDescriptor::PROP_ENCRYPTIONDATA() ] <<= aEncryptionData;
- return aPassword;
+ return aEncryptionData;
}
// ============================================================================
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-30 11:45:02 +0000