20#include <config_gpgme.h>
31#include <com/sun/star/beans/NamedValue.hpp>
32#include <com/sun/star/beans/PropertyValue.hpp>
33#include <com/sun/star/task/XInteractionHandler.hpp>
35#include <osl/diagnose.h>
37#include <rtl/digest.h>
38#include <rtl/random.h>
44# include <decryptionresult.h>
47using ::com::sun::star::uno::Sequence;
48using ::com::sun::star::uno::Exception;
49using ::com::sun::star::uno::Reference;
50using ::com::sun::star::task::PasswordRequestMode;
51using ::com::sun::star::task::PasswordRequestMode_PASSWORD_ENTER;
52using ::com::sun::star::task::PasswordRequestMode_PASSWORD_REENTER;
53using ::com::sun::star::task::XInteractionHandler;
54using ::com::sun::star::task::XInteractionRequest;
61static uno::Sequence< sal_Int8 >
GeneratePBKDF2Hash( std::u16string_view aPassword,
const uno::Sequence< sal_Int8 >& aSalt, sal_Int32 nCount, sal_Int32 nHashLength )
63 uno::Sequence< sal_Int8 > aResult;
65 if ( !aPassword.empty() && aSalt.hasElements() &&
nCount && nHashLength )
70 aResult.realloc( 16 );
71 rtl_digest_PBKDF2(
reinterpret_cast < sal_uInt8 *
> ( aResult.getArray() ),
73 reinterpret_cast < const sal_uInt8 *
> ( aBytePass.getStr() ),
74 aBytePass.getLength(),
75 reinterpret_cast < const sal_uInt8 *
> ( aSalt.getConstArray() ),
91 uno::Sequence< beans::PropertyValue > aResult;
94 sal_Int32
const nPBKDF2IterationCount = 100000;
96 uno::Sequence< sal_Int8 > aNewHash =
GeneratePBKDF2Hash(aPassword, aSalt, nPBKDF2IterationCount, 16);
97 if ( aNewHash.hasElements() )
109uno::Sequence<beans::PropertyValue>
112 uno::Sequence<beans::PropertyValue> aResult;
114 if (!aPassword.empty())
119 OUString sSalt =
aBuffer.makeStringAndClear();
121 sal_Int32
const nIterationCount = 100000;
122 OUString sAlgorithm(
"SHA-512");
127 if (!
sHash.isEmpty())
142 uno::Sequence< beans::PropertyValue > aResult;
143 OUString sAlgorithm,
sHash, sSalt, sCount;
144 sal_Int32 nAlgorithm = 0;
146 for (
const auto & prop : aInfo )
148 if ( prop.Name ==
"cryptAlgorithmSid" )
150 prop.Value >>= sAlgorithm;
151 nAlgorithm = sAlgorithm.toInt32();
153 else if ( prop.Name ==
"salt" )
154 prop.Value >>= sSalt;
155 else if ( prop.Name ==
"cryptSpinCount" )
156 prop.Value >>= sCount;
157 else if ( prop.Name ==
"hash" )
158 prop.Value >>=
sHash;
163 else if (nAlgorithm == 2)
165 else if (nAlgorithm == 3)
167 else if (nAlgorithm == 4)
168 sAlgorithm =
"SHA-1";
169 else if (nAlgorithm == 5)
171 else if (nAlgorithm == 6)
172 sAlgorithm =
"RIPEMD";
173 else if (nAlgorithm == 7)
174 sAlgorithm =
"RIPEMD-160";
175 else if (nAlgorithm == 9)
177 else if (nAlgorithm == 12)
178 sAlgorithm =
"SHA-256";
179 else if (nAlgorithm == 13)
180 sAlgorithm =
"SHA-384";
181 else if (nAlgorithm == 14)
182 sAlgorithm =
"SHA-512";
184 if ( !sCount.isEmpty() )
186 sal_Int32
nCount = sCount.toInt32();
199 bool bResult =
false;
200 if ( !aPassword.empty() && aInfo.hasElements() )
206 for (
const auto & prop : aInfo )
208 if ( prop.Name ==
"algorithm-name" )
209 prop.Value >>= sAlgorithm;
210 else if ( prop.Name ==
"salt" )
212 else if ( prop.Name ==
"iteration-count" )
214 else if ( prop.Name ==
"hash" )
218 if ( sAlgorithm ==
"PBKDF2" )
220 uno::Sequence<sal_Int8> aIntSalt, aIntHash;
223 if (aIntSalt.hasElements() &&
nCount > 0 && aIntHash.hasElements())
225 uno::Sequence<sal_Int8> aNewHash
227 for (sal_Int32 nInd = 0; nInd < aNewHash.getLength() && nInd < aIntHash.getLength()
228 && aNewHash[nInd] == aIntHash[nInd];
231 if (nInd == aNewHash.getLength() - 1 && nInd == aIntHash.getLength() - 1)
238 OUString sSalt,
sHash;
241 if (!sSalt.isEmpty() && !
sHash.isEmpty())
246 if (!aNewHash.isEmpty())
247 bResult = aNewHash ==
sHash;
257 std::u16string_view aUString )
259 static const sal_uInt16 pInitialCode[] = {
277 static const sal_uInt16 pEncryptionMatrix[15][7] = {
278 { 0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09},
279 { 0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF},
280 { 0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0},
281 { 0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40},
282 { 0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5},
283 { 0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A},
284 { 0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9},
285 { 0x47D3, 0x8FA6, 0x8FA6, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0},
286 { 0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC},
287 { 0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10},
288 { 0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168},
289 { 0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C},
290 { 0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD},
291 { 0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC},
292 { 0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4}
295 sal_uInt32 nResult = 0;
296 size_t nLen = aUString.size();
303 sal_uInt16 nHighResult = pInitialCode[nLen - 1];
304 sal_uInt16 nLowResult = 0;
306 for (
size_t nInd = 0; nInd < nLen; nInd++ )
310 char nHighChar =
static_cast<char>( aUString[nInd] >> 8 );
311 char nLowChar =
static_cast<char>( aUString[nInd] & 0xFF );
312 char nChar = nLowChar ? nLowChar : nHighChar;
314 for (
int nMatrixInd = 0; nMatrixInd < 7; ++nMatrixInd )
316 if ( ( nChar & ( 1 << nMatrixInd ) ) != 0 )
317 nHighResult = nHighResult ^ pEncryptionMatrix[15 - nLen + nInd][nMatrixInd];
320 nLowResult = ( ( ( nLowResult >> 14 ) & 0x0001 ) | ( ( nLowResult << 1 ) & 0x7FFF ) ) ^ nChar;
323 nLowResult =
static_cast<sal_uInt16
>( ( ( ( nLowResult >> 14 ) & 0x001 ) | ( ( nLowResult << 1 ) & 0x7FF ) ) ^ nLen ^ 0xCE4B );
325 nResult = ( nHighResult << 16 ) | nLowResult;
333 std::u16string_view aUString,
334 rtl_TextEncoding nEnc )
336 sal_uInt16 nResult = 0;
340 if ( !aString.isEmpty() && aString.getLength() <=
SAL_MAX_UINT16 )
342 for ( sal_Int32 nInd = aString.getLength() - 1; nInd >= 0; nInd-- )
344 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
345 nResult ^= aString[nInd];
348 nResult = ( ( nResult >> 14 ) & 0x01 ) | ( ( nResult << 1 ) & 0x7FFF );
349 nResult ^= ( 0x8000 | (
'N' << 8 ) |
'K' );
350 nResult ^= aString.getLength();
358 std::u16string_view aUString )
366 const OUString& rPassword,
367 const std::vector<unsigned char>& rSaltValue,
368 sal_uInt32 nSpinCount,
370 std::u16string_view rAlgorithmName)
373 if (rAlgorithmName ==
u"SHA-512" || rAlgorithmName ==
u"SHA512")
375 else if (rAlgorithmName ==
u"SHA-256" || rAlgorithmName ==
u"SHA256")
377 else if (rAlgorithmName ==
u"SHA-1" || rAlgorithmName ==
u"SHA1")
379 else if (rAlgorithmName ==
u"MD5")
382 return std::vector<unsigned char>();
389 const OUString& rPassword,
390 std::u16string_view rSaltValue,
391 sal_uInt32 nSpinCount,
393 std::u16string_view rAlgorithmName)
395 std::vector<unsigned char> aSaltVec;
396 if (!rSaltValue.empty())
398 css::uno::Sequence<sal_Int8> aSaltSeq;
400 aSaltVec = comphelper::sequenceToContainer<std::vector<unsigned char>>( aSaltSeq);
403 std::vector<unsigned char> hash(
GetOoxHashAsVector( rPassword, aSaltVec, nSpinCount, eIterCount, rAlgorithmName));
405 return comphelper::containerToSequence<sal_Int8>( hash);
409 const OUString& rPassword,
410 std::u16string_view rSaltValue,
411 sal_uInt32 nSpinCount,
413 std::u16string_view rAlgorithmName)
416 eIterCount, rAlgorithmName));
418 OUStringBuffer
aBuf((
aSeq.getLength()+2)/3*4);
420 return aBuf.makeStringAndClear();
426 uno::Sequence< sal_Int8 > aResult(
nLength );
429 rtl_random_getBytes ( aRandomPool, aResult.getArray(),
nLength );
430 rtl_random_destroyPool ( aRandomPool );
438 uno::Sequence< sal_Int8 > aResultKey;
439 if ( !aPassword.empty() && aDocId.getLength() == 16 )
441 sal_uInt16 pPassData[16] = {};
443 sal_Int32 nPassLen = std::min< sal_Int32 >( aPassword.size(), 15 );
444 memcpy( pPassData, aPassword.data(), nPassLen *
sizeof(pPassData[0]) );
455 uno::Sequence< sal_Int8 > aResultKey;
457 if ( aDocId.getLength() == 16 )
466 uno::Sequence< sal_Int8 > aResultKey;
474 for ( nInd = 0; nInd < 16 && pPassData[nInd]; nInd++)
476 pKeyData[2*nInd] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 0) & 0xff );
477 pKeyData[2*nInd + 1] = sal::static_int_cast< sal_uInt8 >( (pPassData[nInd] >> 8) & 0xff );
480 pKeyData[2*nInd] = 0x80;
481 pKeyData[56] = sal::static_int_cast< sal_uInt8 >( nInd << 4 );
484 rtlDigest hDigest = rtl_digest_create ( rtl_Digest_AlgorithmMD5 );
485 (void)rtl_digest_updateMD5 (
486 hDigest, pKeyData,
sizeof(pKeyData));
487 (void)rtl_digest_rawMD5 (
488 hDigest, pKeyData, RTL_DIGEST_LENGTH_MD5);
491 for ( nInd = 0; nInd < 16; nInd++ )
493 rtl_digest_updateMD5( hDigest, pKeyData, 5 );
494 rtl_digest_updateMD5( hDigest, pDocId, 16 );
499 memset( pKeyData + 17, 0,
sizeof(pKeyData) - 17 );
503 rtl_digest_updateMD5( hDigest, &(pKeyData[16]),
sizeof(pKeyData) - 16 );
506 aResultKey.realloc( RTL_DIGEST_LENGTH_MD5 );
507 rtl_digest_rawMD5 ( hDigest,
reinterpret_cast<sal_uInt8*
>(aResultKey.getArray()), aResultKey.getLength() );
510 rtl_secureZeroMemory (pKeyData,
sizeof(pKeyData));
512 rtl_digest_destroy(hDigest);
521 const css::uno::Sequence< css::beans::NamedValue >& rMediaEncData,
522 const OUString& rMediaPassword,
523 const Reference< XInteractionHandler >& rxInteractHandler,
524 const OUString& rDocumentUrl,
526 const std::vector< OUString >* pDefaultPasswords,
527 bool* pbIsDefaultPassword )
529 css::uno::Sequence< css::beans::NamedValue > aEncData;
533 sal_Int32 nMediaEncDataCount = rMediaEncData.getLength();
538 bool bForSalvage =
false;
539 if (nMediaEncDataCount)
541 for (
auto& val : rMediaEncData)
543 if (val.Name ==
"ForSalvage")
545 --nMediaEncDataCount;
546 val.Value >>= bForSalvage;
553 if( pbIsDefaultPassword )
554 *pbIsDefaultPassword =
false;
555 if( pDefaultPasswords )
557 for(
const auto& rPassword : *pDefaultPasswords )
559 OSL_ENSURE( !rPassword.isEmpty(),
"DocPasswordHelper::requestAndVerifyDocPassword - unexpected empty default password" );
560 if( !rPassword.isEmpty() )
565 aPassword = rPassword;
566 if (pbIsDefaultPassword)
567 *pbIsDefaultPassword =
true;
578 if (nMediaEncDataCount)
582 aEncData = rMediaEncData;
589 if( !rMediaPassword.isEmpty() )
593 aPassword = rMediaPassword;
600 PasswordRequestMode eRequestMode = PasswordRequestMode_PASSWORD_ENTER;
604 rxInteractHandler->handle( pRequest );
605 if( pRequest->isPassword() )
607 if( !pRequest->getPassword().isEmpty() )
608 eResult = rVerifier.
verifyPassword( pRequest->getPassword(), aEncData );
610 aPassword = pRequest->getPassword();
616 eRequestMode = PasswordRequestMode_PASSWORD_REENTER;
625 if (std::find_if(std::cbegin(aEncData), std::cend(aEncData),
626 [](
const css::beans::NamedValue& val) {
629 == std::cend(aEncData))
646 aEncData, std::initializer_list<beans::NamedValue>{
647 {
"STD97EncryptionKey", css::uno::Any(aEnc97Key) },
648 {
"STD97UniqueID", css::uno::Any(aUniqueID) },
649 {
"OOXPassword", css::uno::Any(aPassword) },
657 uno::Sequence< css::beans::NamedValue >
659 const uno::Sequence< uno::Sequence< beans::NamedValue > >& rGpgProperties )
661#if HAVE_FEATURE_GPGME
662 if ( !rGpgProperties.hasElements() )
663 return uno::Sequence< beans::NamedValue >();
665 uno::Sequence< beans::NamedValue > aEncryptionData;
666 std::unique_ptr<GpgME::Context>
ctx;
667 GpgME::initializeLibrary();
668 GpgME::Error
err = GpgME::checkEngine(GpgME::OpenPGP);
670 throw uno::RuntimeException(
"The GpgME library failed to initialize for the OpenPGP protocol.");
672 ctx.reset( GpgME::Context::createForProtocol(GpgME::OpenPGP) );
674 throw uno::RuntimeException(
"The GpgME library failed to initialize for the OpenPGP protocol.");
675 ctx->setArmor(
false);
677 const uno::Sequence < beans::NamedValue > *pSequence = rGpgProperties.getConstArray();
678 const sal_Int32
nLength = rGpgProperties.getLength();
679 for ( sal_Int32
i = 0;
i <
nLength ;
i++, pSequence++ )
681 const beans::NamedValue *
pValues = pSequence->getConstArray();
682 if ( pSequence->getLength() == 3 )
688 uno::Sequence < sal_Int8 > aVector;
692 reinterpret_cast<const char*
>(aVector.getConstArray()),
693 size_t(aVector.getLength()),
false);
696 GpgME::DecryptionResult crypt_res =
ctx->decrypt(
702 off_t
result = plain.seek(0,SEEK_SET);
705 int len=0, curr=0;
char buf;
706 while( (curr=plain.read(&buf, 1)) )
709 if(crypt_res.error() || !len)
712 uno::Sequence < sal_Int8 > aKeyValue(len);
713 result = plain.seek(0,SEEK_SET);
715 if( plain.read(aKeyValue.getArray(), len) != len )
716 throw uno::RuntimeException(
"The GpgME library failed to read the encrypted value.");
718 SAL_INFO(
"comphelper.crypto",
"Extracted gpg session key of length: " << len);
725 if ( aEncryptionData.hasElements() )
727 uno::Sequence< beans::NamedValue > aContainer{
728 {
"GpgInfos",
uno::Any(rGpgProperties) }, {
"EncryptionKey",
uno::Any(aEncryptionData) }
734 (void)rGpgProperties;
736 return uno::Sequence< beans::NamedValue >();
const PropertyValue * pValues
static void encode(OUStringBuffer &aStrBuffer, const css::uno::Sequence< sal_Int8 > &aPass)
encodes the given byte sequence into Base64
static void decode(css::uno::Sequence< sal_Int8 > &aPass, std::u16string_view sBuffer)
static css::uno::Sequence< css::beans::NamedValue > decryptGpgSession(const css::uno::Sequence< css::uno::Sequence< css::beans::NamedValue > > &rGpgProperties)
static css::uno::Sequence< sal_Int8 > GetXLHashAsSequence(std::u16string_view aString)
This helper function generates the hash code based on the algorithm specified by MS for "Password to ...
static sal_uInt16 GetXLHashAsUINT16(std::u16string_view aString, rtl_TextEncoding nEnc=RTL_TEXTENCODING_UTF8)
This helper function generates the hash code based on the algorithm specified by MS for "Password to ...
static css::uno::Sequence< css::beans::NamedValue > requestAndVerifyDocPassword(IDocPasswordVerifier &rVerifier, const css::uno::Sequence< css::beans::NamedValue > &rMediaEncData, const OUString &rMediaPassword, const css::uno::Reference< css::task::XInteractionHandler > &rxInteractHandler, const OUString &rDocumentUrl, DocPasswordRequestType eRequestType, const ::std::vector< OUString > *pDefaultPasswords=nullptr, bool *pbIsDefaultPassword=nullptr)
This helper function tries to request and verify a password to load a protected document.
static css::uno::Sequence< sal_Int8 > GenerateRandomByteSequence(sal_Int32 nLength)
This helper function generates a random sequence of bytes of requested length.
static bool IsModifyPasswordCorrect(std::u16string_view aPassword, const css::uno::Sequence< css::beans::PropertyValue > &aInfo)
This helper function allows to check whether the "Password to modify" provided by user is the correct...
static css::uno::Sequence< css::beans::PropertyValue > ConvertPasswordInfo(const css::uno::Sequence< css::beans::PropertyValue > &aInfo)
This helper function converts a grab-bagged password, e.g.
static std::vector< unsigned char > GetOoxHashAsVector(const OUString &rPassword, const std::vector< unsigned char > &rSaltValue, sal_uInt32 nSpinCount, comphelper::Hash::IterCount eIterCount, std::u16string_view rAlgorithmName)
Convenience function to calculate a salted hash with iterations as specified in https://msdn....
static OUString GetOoxHashAsBase64(const OUString &rPassword, std::u16string_view rSaltValue, sal_uInt32 nSpinCount, comphelper::Hash::IterCount eIterCount, std::u16string_view rAlgorithmName)
Convenience function to calculate a salted hash with iterations as specified in https://msdn....
static css::uno::Sequence< css::beans::PropertyValue > GenerateNewModifyPasswordInfoOOXML(std::u16string_view aPassword)
static sal_uInt32 GetWordHashAsUINT32(std::u16string_view aString)
This helper function generates the hash code based on the algorithm specified by MS for "Password to ...
static css::uno::Sequence< sal_Int8 > GetOoxHashAsSequence(const OUString &rPassword, std::u16string_view rSaltValue, sal_uInt32 nSpinCount, comphelper::Hash::IterCount eIterCount, std::u16string_view rAlgorithmName)
Convenience function to calculate a salted hash with iterations as specified in https://msdn....
static css::uno::Sequence< css::beans::PropertyValue > GenerateNewModifyPasswordInfo(std::u16string_view aPassword)
This helper function generates the information related to "Password to modify" provided by user.
static css::uno::Sequence< sal_Int8 > GenerateStd97Key(std::u16string_view aPassword, const css::uno::Sequence< sal_Int8 > &aDocId)
This helper function generates a byte sequence representing the key digest value used by MSCodec_Std9...
Implements the task.XInteractionRequest interface for requesting a password string for a document.
static std::vector< unsigned char > calculateHash(const unsigned char *pInput, size_t length, HashType eType)
@ APPEND
Iteration count prepended to hash iterations.
Base class for a password verifier used by the DocPasswordHelper class below.
virtual ~IDocPasswordVerifier()
virtual DocPasswordVerifierResult verifyPassword(const OUString &rPassword, css::uno::Sequence< css::beans::NamedValue > &o_rEncryptionData)=0
Will be called every time a password needs to be verified.
virtual DocPasswordVerifierResult verifyEncryptionData(const css::uno::Sequence< css::beans::NamedValue > &o_rEncryptionData)=0
Will be called every time an encryption data needs to be verified.
static css::uno::Sequence< css::beans::NamedValue > CreatePackageEncryptionData(std::u16string_view aPassword)
Sequence< sal_Int8 > aSeq
#define SAL_INFO(area, stream)
css::uno::Sequence< T > concatSequences(const css::uno::Sequence< T > &rS1, const Ss &... rSn)
concat several sequences
DocPasswordRequestType
Selects which UNO document password request type to use.
DocPasswordVerifierResult
static uno::Sequence< sal_Int8 > GeneratePBKDF2Hash(std::u16string_view aPassword, const uno::Sequence< sal_Int8 > &aSalt, sal_Int32 nCount, sal_Int32 nHashLength)
css::beans::PropertyValue makePropertyValue(const OUString &rName, T &&rValue)
Creates a beans::PropertyValue easily, i.e.
OString OUStringToOString(std::u16string_view str, ConnectionSettings const *settings)
constexpr OUStringLiteral PACKAGE_ENCRYPTIONDATA_SHA256UTF8
std::unique_ptr< char[]> aBuffer