diff options
Diffstat (limited to 'comphelper/source/misc/docpasswordhelper.cxx')
-rw-r--r-- | comphelper/source/misc/docpasswordhelper.cxx | 152 |
1 files changed, 122 insertions, 30 deletions
diff --git a/comphelper/source/misc/docpasswordhelper.cxx b/comphelper/source/misc/docpasswordhelper.cxx index 37941352ae28..3c8d66bd57e4 100644 --- a/comphelper/source/misc/docpasswordhelper.cxx +++ b/comphelper/source/misc/docpasswordhelper.cxx @@ -84,16 +84,9 @@ uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswo { uno::Sequence< beans::PropertyValue > aResult; - uno::Sequence< sal_Int8 > aSalt( 16 ); + uno::Sequence< sal_Int8 > aSalt = GenerateRandomByteSequence( 16 ); sal_Int32 nCount = 1024; - TimeValue aTime; - osl_getSystemTime( &aTime ); - rtlRandomPool aRandomPool = rtl_random_createPool (); - rtl_random_addBytes ( aRandomPool, &aTime, 8 ); - - rtl_random_getBytes ( aRandomPool, aSalt.getArray(), 16 ); - uno::Sequence< sal_Int8 > aNewHash = GeneratePBKDF2Hash( aPassword, aSalt, nCount, 16 ); if ( aNewHash.getLength() ) { @@ -108,9 +101,6 @@ uno::Sequence< beans::PropertyValue > DocPasswordHelper::GenerateNewModifyPasswo aResult[3].Value <<= aNewHash; } - // Clean up random pool memory - rtl_random_destroyPool ( aRandomPool ); - return aResult; } @@ -282,9 +272,98 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( } // ============================================================================ +/*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateRandomByteSequence( sal_Int32 nLength ) +{ + uno::Sequence< sal_Int8 > aResult( nLength ); + + TimeValue aTime; + osl_getSystemTime( &aTime ); + rtlRandomPool aRandomPool = rtl_random_createPool (); + rtl_random_addBytes ( aRandomPool, &aTime, 8 ); + rtl_random_getBytes ( aRandomPool, aResult.getArray(), nLength ); + rtl_random_destroyPool ( aRandomPool ); -/*static*/ OUString DocPasswordHelper::requestAndVerifyDocPassword( + return aResult; +} + + +// ============================================================================ +/*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const ::rtl::OUString& aPassword, const uno::Sequence< sal_Int8 >& aDocId ) +{ + uno::Sequence< sal_Int8 > aResultKey; + if ( aPassword.getLength() && aDocId.getLength() == 16 ) + { + sal_uInt16 pPassData[16]; + rtl_zeroMemory( pPassData, sizeof(pPassData) ); + + sal_Int32 nPassLen = ::std::min< sal_Int32 >( aPassword.getLength(), 15 ); + rtl_copyMemory( pPassData, aPassword.getStr(), nPassLen * sizeof(pPassData[0]) ); + + aResultKey = GenerateStd97Key( pPassData, aDocId ); + } + + return aResultKey; +} + +// ============================================================================ +/*static*/ uno::Sequence< sal_Int8 > DocPasswordHelper::GenerateStd97Key( const sal_uInt16 pPassData[16], const uno::Sequence< sal_Int8 >& aDocId ) +{ + uno::Sequence< sal_Int8 > aResultKey; + if ( pPassData[0] && aDocId.getLength() == 16 ) + { + sal_uInt8 pKeyData[64]; + rtl_zeroMemory( pKeyData, sizeof(pKeyData) ); + + sal_Int32 nInd = 0; + + // Fill PassData into KeyData. + for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++) + { + pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff ); + pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff ); + } + + pKeyData[2*nInd] = 0x80; + pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 ); + + // Fill raw digest of KeyData into KeyData. + rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 ); + (void)rtl_digest_updateMD5 ( + hDigest, pKeyData, sizeof(pKeyData)); + (void)rtl_digest_rawMD5 ( + hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5); + + // Update digest with KeyData and Unique. + for ( nInd = 0; nInd < 16; nInd++ ) + { + rtl_digest_updateMD5( hDigest, pKeyData, 5 ); + rtl_digest_updateMD5( hDigest, (const sal_uInt8*)aDocId.getConstArray(), aDocId.getLength() ); + } + + // Update digest with padding. + pKeyData[16] = 0x80; + rtl_zeroMemory( pKeyData + 17, sizeof(pKeyData) - 17 ); + pKeyData[56] = 0x80; + pKeyData[57] = 0x0a; + + rtl_digest_updateMD5( hDigest, &(pKeyData[16]), sizeof(pKeyData) - 16 ); + + // Fill raw digest of above updates + aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 ); + rtl_digest_rawMD5 ( hDigest, (sal_uInt8*)aResultKey.getArray(), aResultKey.getLength() ); + + // Erase KeyData array and leave. + rtl_zeroMemory( pKeyData, sizeof(pKeyData) ); + } + + return aResultKey; +} + +// ============================================================================ + +/*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword( IDocPasswordVerifier& rVerifier, + const ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue >& rMediaEncData, const OUString& rMediaPassword, const Reference< XInteractionHandler >& rxInteractHandler, const OUString& rDocumentName, @@ -292,7 +371,7 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( const ::std::vector< OUString >* pDefaultPasswords, bool* pbIsDefaultPassword ) { - OUString aPassword; + ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > aEncData; DocPasswordVerifierResult eResult = DocPasswordVerifierResult_WRONG_PASSWORD; // first, try provided default passwords @@ -302,23 +381,32 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( { for( ::std::vector< OUString >::const_iterator aIt = pDefaultPasswords->begin(), aEnd = pDefaultPasswords->end(); (eResult == DocPasswordVerifierResult_WRONG_PASSWORD) && (aIt != aEnd); ++aIt ) { - aPassword = *aIt; - OSL_ENSURE( aPassword.getLength() > 0, "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" ); - if( aPassword.getLength() > 0 ) + OSL_ENSURE( aIt->getLength() > 0, "DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" ); + if( aIt->getLength() > 0 ) { - eResult = rVerifier.verifyPassword( aPassword ); + eResult = rVerifier.verifyPassword( *aIt, aEncData ); if( pbIsDefaultPassword ) *pbIsDefaultPassword = eResult == DocPasswordVerifierResult_OK; } } } + // try media encryption data (skip, if result is OK or ABORT) + if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD ) + { + if( rMediaEncData.getLength() > 0 ) + { + eResult = rVerifier.verifyEncryptionData( rMediaEncData ); + if( eResult == DocPasswordVerifierResult_OK ) + aEncData = rMediaEncData; + } + } + // try media password (skip, if result is OK or ABORT) if( eResult == DocPasswordVerifierResult_WRONG_PASSWORD ) { - aPassword = rMediaPassword; - if( aPassword.getLength() > 0 ) - eResult = rVerifier.verifyPassword( aPassword ); + if( rMediaPassword.getLength() > 0 ) + eResult = rVerifier.verifyPassword( rMediaPassword, aEncData ); } // request a password (skip, if result is OK or ABORT) @@ -332,9 +420,8 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( rxInteractHandler->handle( xRequest ); if( pRequest->isPassword() ) { - aPassword = pRequest->getPassword(); - if( aPassword.getLength() > 0 ) - eResult = rVerifier.verifyPassword( aPassword ); + if( pRequest->getPassword().getLength() > 0 ) + eResult = rVerifier.verifyPassword( pRequest->getPassword(), aEncData ); } else { @@ -347,15 +434,17 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( { } - return (eResult == DocPasswordVerifierResult_OK) ? aPassword : OUString(); + return (eResult == DocPasswordVerifierResult_OK) ? aEncData : uno::Sequence< beans::NamedValue >(); } -/*static*/ OUString DocPasswordHelper::requestAndVerifyDocPassword( +/*static*/ ::com::sun::star::uno::Sequence< ::com::sun::star::beans::NamedValue > DocPasswordHelper::requestAndVerifyDocPassword( IDocPasswordVerifier& rVerifier, MediaDescriptor& rMediaDesc, DocPasswordRequestType eRequestType, const ::std::vector< OUString >* pDefaultPasswords ) { + uno::Sequence< beans::NamedValue > aMediaEncData = rMediaDesc.getUnpackedValueOrDefault( + MediaDescriptor::PROP_ENCRYPTIONDATA(), uno::Sequence< beans::NamedValue >() ); OUString aMediaPassword = rMediaDesc.getUnpackedValueOrDefault( MediaDescriptor::PROP_PASSWORD(), OUString() ); Reference< XInteractionHandler > xInteractHandler = rMediaDesc.getUnpackedValueOrDefault( @@ -364,14 +453,17 @@ Sequence< sal_Int8 > DocPasswordHelper::GetXLHashAsSequence( MediaDescriptor::PROP_URL(), OUString() ); bool bIsDefaultPassword = false; - OUString aPassword = requestAndVerifyDocPassword( - rVerifier, aMediaPassword, xInteractHandler, aDocumentName, eRequestType, pDefaultPasswords, &bIsDefaultPassword ); + uno::Sequence< beans::NamedValue > aEncryptionData = requestAndVerifyDocPassword( + rVerifier, aMediaEncData, aMediaPassword, xInteractHandler, aDocumentName, eRequestType, pDefaultPasswords, &bIsDefaultPassword ); + + rMediaDesc.erase( MediaDescriptor::PROP_PASSWORD() ); + rMediaDesc.erase( MediaDescriptor::PROP_ENCRYPTIONDATA() ); // insert valid password into media descriptor (but not a default password) - if( (aPassword.getLength() > 0) && !bIsDefaultPassword ) - rMediaDesc[ MediaDescriptor::PROP_PASSWORD() ] <<= aPassword; + if( (aEncryptionData.getLength() > 0) && !bIsDefaultPassword ) + rMediaDesc[ MediaDescriptor::PROP_ENCRYPTIONDATA() ] <<= aEncryptionData; - return aPassword; + return aEncryptionData; } // ============================================================================ |