oox/source/crypto/Standard2007Engine.cxx

   1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
   2 /*
   3  * This file is part of the LibreOffice project.
   4  *
   5  * This Source Code Form is subject to the terms of the Mozilla Public
   6  * License, v. 2.0. If a copy of the MPL was not distributed with this
   7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
   8  *
   9  */
  10
  11 #include <oox/crypto/Standard2007Engine.hxx>
  12
  13 #include <oox/crypto/CryptTools.hxx>
  14 #include <oox/helper/binaryinputstream.hxx>
  15 #include <oox/helper/binaryoutputstream.hxx>
  16 #include <rtl/digest.h>
  17 #include <rtl/random.h>
  18
  19 #include <comphelper/hash.hxx>
  20
  21 namespace oox {
  22 namespace core {
  23
  24 /* =========================================================================== */
  25 /*  Kudos to Caolan McNamara who provided the core decryption implementations. */
  26 /* =========================================================================== */
  27 namespace
  28 {
  29
  30 void lclRandomGenerateValues(sal_uInt8* aArray, sal_uInt32 aSize)
  31 {
  32     rtlRandomPool aRandomPool = rtl_random_createPool();
  33     rtl_random_getBytes(aRandomPool, aArray, aSize);
  34     rtl_random_destroyPool(aRandomPool);
  35 }
  36
  37 static const OUString lclCspName = "Microsoft Enhanced RSA and AES Cryptographic Provider";
  38
  39 } // end anonymous namespace
  40
  41 bool Standard2007Engine::generateVerifier()
  42 {
  43     // only support key of size 128 bit (16 byte)
  44     if (mKey.size() != 16)
  45         return false;
  46
  47     std::vector<sal_uInt8> verifier(msfilter::ENCRYPTED_VERIFIER_LENGTH);
  48     std::vector<sal_uInt8> encryptedVerifier(msfilter::ENCRYPTED_VERIFIER_LENGTH);
  49
  50     lclRandomGenerateValues(verifier.data(), verifier.size());
  51
  52     std::vector<sal_uInt8> iv;
  53     Encrypt aEncryptorVerifier(mKey, iv, Crypto::AES_128_ECB);
  54     if (aEncryptorVerifier.update(encryptedVerifier, verifier) != msfilter::ENCRYPTED_VERIFIER_LENGTH)
  55         return false;
  56     std::copy(encryptedVerifier.begin(), encryptedVerifier.end(), mInfo.verifier.encryptedVerifier);
  57
  58     mInfo.verifier.encryptedVerifierHashSize = msfilter::SHA1_HASH_LENGTH;
  59     std::vector<sal_uInt8> hash = comphelper::Hash::calculateHash(verifier.data(), verifier.size(), comphelper::HashType::SHA1);
  60     hash.resize(msfilter::SHA256_HASH_LENGTH, 0);
  61
  62     std::vector<sal_uInt8> encryptedHash(msfilter::SHA256_HASH_LENGTH, 0);
  63
  64     Encrypt aEncryptorHash(mKey, iv, Crypto::AES_128_ECB);
  65     aEncryptorHash.update(encryptedHash, hash, hash.size());
  66     std::copy(encryptedHash.begin(), encryptedHash.end(), mInfo.verifier.encryptedVerifierHash);
  67
  68     return true;
  69 }
  70
  71 bool Standard2007Engine::calculateEncryptionKey(const OUString& rPassword)
  72 {
  73     sal_uInt32 saltSize = mInfo.verifier.saltSize;
  74     sal_uInt32 passwordByteLength = rPassword.getLength() * 2;
  75     const sal_uInt8* saltArray = mInfo.verifier.salt;
  76
  77     // Prepare initial data -> salt + password (in 16-bit chars)
  78     std::vector<sal_uInt8> initialData(saltSize + passwordByteLength);
  79     std::copy(saltArray, saltArray + saltSize, initialData.begin());
  80
  81     const sal_uInt8* passwordByteArray = reinterpret_cast<const sal_uInt8*>(rPassword.getStr());
  82
  83     std::copy(
  84         passwordByteArray,
  85         passwordByteArray + passwordByteLength,
  86         initialData.begin() + saltSize);
  87
  88     // use "hash" vector for result of sha1 hashing
  89     // calculate SHA1 hash of initialData
  90     std::vector<sal_uInt8> hash = comphelper::Hash::calculateHash(initialData.data(), initialData.size(), comphelper::HashType::SHA1);
  91
  92     // data = iterator (4bytes) + hash
  93     std::vector<sal_uInt8> data(msfilter::SHA1_HASH_LENGTH + 4, 0);
  94
  95     for (sal_Int32 i = 0; i < 50000; ++i)
  96     {
  97         ByteOrderConverter::writeLittleEndian(data.data(), i);
  98         std::copy(hash.begin(), hash.end(), data.begin() + 4);
  99         hash = comphelper::Hash::calculateHash(data.data(), data.size(), comphelper::HashType::SHA1);
 100     }
 101     std::copy(hash.begin(), hash.end(), data.begin() );
 102     std::fill(data.begin() + msfilter::SHA1_HASH_LENGTH, data.end(), 0 );
 103
 104     hash = comphelper::Hash::calculateHash(data.data(), data.size(), comphelper::HashType::SHA1);
 105
 106     // derive key
 107     std::vector<sal_uInt8> buffer(64, 0x36);
 108     for (size_t i = 0; i < hash.size(); ++i)
 109         buffer[i] ^= hash[i];
 110
 111     hash = comphelper::Hash::calculateHash(buffer.data(), buffer.size(), comphelper::HashType::SHA1);
 112     if (mKey.size() > hash.size())
 113         return false;
 114     std::copy(hash.begin(), hash.begin() + mKey.size(), mKey.begin());
 115
 116     return true;
 117 }
 118
 119 bool Standard2007Engine::generateEncryptionKey(const OUString& password)
 120 {
 121     mKey.clear();
 122     mKey.resize(mInfo.header.keyBits / 8, 0);
 123     if (mKey.empty())
 124         return false;
 125
 126     calculateEncryptionKey(password);
 127
 128     std::vector<sal_uInt8> encryptedVerifier(msfilter::ENCRYPTED_VERIFIER_LENGTH);
 129     std::copy(
 130         mInfo.verifier.encryptedVerifier,
 131         mInfo.verifier.encryptedVerifier + msfilter::ENCRYPTED_VERIFIER_LENGTH,
 132         encryptedVerifier.begin());
 133
 134     std::vector<sal_uInt8> encryptedHash(msfilter::SHA256_HASH_LENGTH);
 135     std::copy(
 136         mInfo.verifier.encryptedVerifierHash,
 137         mInfo.verifier.encryptedVerifierHash + msfilter::SHA256_HASH_LENGTH,
 138         encryptedHash.begin());
 139
 140     std::vector<sal_uInt8> verifier(encryptedVerifier.size(), 0);
 141     Decrypt::aes128ecb(verifier, encryptedVerifier, mKey);
 142
 143     std::vector<sal_uInt8> verifierHash(encryptedHash.size(), 0);
 144     Decrypt::aes128ecb(verifierHash, encryptedHash, mKey);
 145
 146     std::vector<sal_uInt8> hash = comphelper::Hash::calculateHash(verifier.data(), verifier.size(), comphelper::HashType::SHA1);
 147
 148     return std::equal(hash.begin(), hash.end(), verifierHash.begin());
 149 }
 150
 151 bool Standard2007Engine::decrypt(BinaryXInputStream& aInputStream,
 152                                  BinaryXOutputStream& aOutputStream)
 153 {
 154     aInputStream.skip(4); // Document unencrypted size - 4 bytes
 155     aInputStream.skip(4); // Reserved 4 Bytes
 156
 157     std::vector<sal_uInt8> iv;
 158     Decrypt aDecryptor(mKey, iv, Crypto::AES_128_ECB);
 159     std::vector<sal_uInt8> inputBuffer (4096);
 160     std::vector<sal_uInt8> outputBuffer(4096);
 161     sal_uInt32 inputLength;
 162     sal_uInt32 outputLength;
 163
 164     while ((inputLength = aInputStream.readMemory(inputBuffer.data(), inputBuffer.size())) > 0)
 165     {
 166         outputLength = aDecryptor.update(outputBuffer, inputBuffer, inputLength);
 167         aOutputStream.writeMemory(outputBuffer.data(), outputLength);
 168     }
 169     return true;
 170 }
 171
 172 void Standard2007Engine::writeEncryptionInfo(const OUString& password, BinaryXOutputStream& rStream)
 173 {
 174     mInfo.header.flags        = msfilter::ENCRYPTINFO_AES | msfilter::ENCRYPTINFO_CRYPTOAPI;
 175     mInfo.header.algId        = msfilter::ENCRYPT_ALGO_AES128;
 176     mInfo.header.algIdHash    = msfilter::ENCRYPT_HASH_SHA1;
 177     mInfo.header.keyBits      = msfilter::ENCRYPT_KEY_SIZE_AES_128;
 178     mInfo.header.providedType = msfilter::ENCRYPT_PROVIDER_TYPE_AES;
 179
 180     lclRandomGenerateValues(mInfo.verifier.salt, mInfo.verifier.saltSize);
 181     const sal_Int32 keyLength = mInfo.header.keyBits / 8;
 182
 183     mKey.clear();
 184     mKey.resize(keyLength, 0);
 185
 186     if (!calculateEncryptionKey(password))
 187         return;
 188
 189     if (!generateVerifier())
 190         return;
 191
 192     rStream.WriteUInt32(msfilter::VERSION_INFO_2007_FORMAT);
 193
 194     sal_uInt32 cspNameSize = (lclCspName.getLength() * 2) + 2;
 195
 196     sal_uInt32 encryptionHeaderSize = static_cast<sal_uInt32>(sizeof(msfilter::EncryptionStandardHeader));
 197
 198     rStream.WriteUInt32(mInfo.header.flags);
 199     sal_uInt32 headerSize = encryptionHeaderSize + cspNameSize;
 200     rStream.WriteUInt32(headerSize);
 201
 202     rStream.writeMemory(&mInfo.header, encryptionHeaderSize);
 203     rStream.writeUnicodeArray(lclCspName);
 204     rStream.WriteUInt16(0);
 205
 206     rStream.writeMemory(&mInfo.verifier, sizeof(msfilter::EncryptionVerifierAES));
 207 }
 208
 209 void Standard2007Engine::encrypt(BinaryXInputStream& aInputStream,
 210                                  BinaryXOutputStream& aOutputStream)
 211 {
 212     std::vector<sal_uInt8> inputBuffer(1024);
 213     std::vector<sal_uInt8> outputBuffer(1024);
 214
 215     sal_uInt32 inputLength;
 216     sal_uInt32 outputLength;
 217
 218     std::vector<sal_uInt8> iv;
 219     Encrypt aEncryptor(mKey, iv, Crypto::AES_128_ECB);
 220
 221     while ((inputLength = aInputStream.readMemory(inputBuffer.data(), inputBuffer.size())) > 0)
 222     {
 223         inputLength = inputLength % 16 == 0 ? inputLength : ((inputLength / 16) * 16) + 16;
 224         outputLength = aEncryptor.update(outputBuffer, inputBuffer, inputLength);
 225         aOutputStream.writeMemory(outputBuffer.data(), outputLength);
 226     }
 227 }
 228
 229 } // namespace core
 230 } // namespace oox
 231
 232 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */