Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : * This file incorporates work covered by the following license notice:
10 : *
11 : * Licensed to the Apache Software Foundation (ASF) under one or more
12 : * contributor license agreements. See the NOTICE file distributed
13 : * with this work for additional information regarding copyright
14 : * ownership. The ASF licenses this file to you under the Apache
15 : * License, Version 2.0 (the "License"); you may not use this file
16 : * except in compliance with the License. You may obtain a copy of
17 : * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18 : */
19 :
20 : #include "oox/core/binarycodec.hxx"
21 :
22 : #include <algorithm>
23 : #include <string.h>
24 : #include "oox/helper/attributelist.hxx"
25 :
26 : #include <comphelper/sequenceashashmap.hxx>
27 : #include <comphelper/docpasswordhelper.hxx>
28 :
29 : using namespace ::com::sun::star;
30 :
31 : namespace oox {
32 : namespace core {
33 :
34 :
35 :
36 : namespace {
37 :
38 : /** Rotates rnValue left by nBits bits. */
39 : template< typename Type >
40 0 : inline void lclRotateLeft( Type& rnValue, size_t nBits )
41 : {
42 : OSL_ENSURE( nBits < sizeof( Type ) * 8, "lclRotateLeft - rotation count overflow" );
43 0 : rnValue = static_cast< Type >( (rnValue << nBits) | (rnValue >> (sizeof( Type ) * 8 - nBits)) );
44 0 : }
45 :
46 : /** Rotates the lower nWidth bits of rnValue left by nBits bits. */
47 : template< typename Type >
48 0 : inline void lclRotateLeft( Type& rnValue, size_t nBits, size_t nWidth )
49 : {
50 : OSL_ENSURE( (nBits < nWidth) && (nWidth < sizeof( Type ) * 8), "lclRotateLeft - rotation count overflow" );
51 0 : Type nMask = static_cast< Type >( (1UL << nWidth) - 1 );
52 0 : rnValue = static_cast< Type >(
53 : ((rnValue << nBits) | ((rnValue & nMask) >> (nWidth - nBits))) & nMask );
54 0 : }
55 :
56 0 : sal_Int32 lclGetLen( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
57 : {
58 0 : sal_Int32 nLen = 0;
59 0 : while( (nLen < nBufferSize) && pnPassData[ nLen ] ) ++nLen;
60 0 : return nLen;
61 : }
62 :
63 0 : sal_uInt16 lclGetKey( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
64 : {
65 0 : sal_Int32 nLen = lclGetLen( pnPassData, nBufferSize );
66 0 : if( nLen <= 0 ) return 0;
67 :
68 0 : sal_uInt16 nKey = 0;
69 0 : sal_uInt16 nKeyBase = 0x8000;
70 0 : sal_uInt16 nKeyEnd = 0xFFFF;
71 0 : const sal_uInt8* pnChar = pnPassData + nLen - 1;
72 0 : for( sal_Int32 nIndex = 0; nIndex < nLen; ++nIndex, --pnChar )
73 : {
74 0 : sal_uInt8 cChar = *pnChar & 0x7F;
75 0 : for( size_t nBit = 0; nBit < 8; ++nBit )
76 : {
77 0 : lclRotateLeft( nKeyBase, 1 );
78 0 : if( nKeyBase & 1 ) nKeyBase ^= 0x1020;
79 0 : if( cChar & 1 ) nKey ^= nKeyBase;
80 0 : cChar >>= 1;
81 0 : lclRotateLeft( nKeyEnd, 1 );
82 0 : if( nKeyEnd & 1 ) nKeyEnd ^= 0x1020;
83 : }
84 : }
85 0 : return nKey ^ nKeyEnd;
86 : }
87 :
88 0 : sal_uInt16 lclGetHash( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
89 : {
90 0 : sal_Int32 nLen = lclGetLen( pnPassData, nBufferSize );
91 :
92 0 : sal_uInt16 nHash = static_cast< sal_uInt16 >( nLen );
93 0 : if( nLen > 0 )
94 0 : nHash ^= 0xCE4B;
95 :
96 0 : const sal_uInt8* pnChar = pnPassData;
97 0 : for( sal_Int32 nIndex = 0; nIndex < nLen; ++nIndex, ++pnChar )
98 : {
99 0 : sal_uInt16 cChar = *pnChar;
100 0 : size_t nRot = static_cast< size_t >( (nIndex + 1) % 15 );
101 0 : lclRotateLeft( cChar, nRot, 15 );
102 0 : nHash ^= cChar;
103 : }
104 0 : return nHash;
105 : }
106 :
107 : } // namespace
108 :
109 :
110 :
111 0 : sal_uInt16 CodecHelper::getPasswordHash( const AttributeList& rAttribs, sal_Int32 nElement )
112 : {
113 0 : sal_Int32 nPasswordHash = rAttribs.getIntegerHex( nElement, 0 );
114 : OSL_ENSURE( (0 <= nPasswordHash) && (nPasswordHash <= SAL_MAX_UINT16), "CodecHelper::getPasswordHash - invalid password hash" );
115 0 : return static_cast< sal_uInt16 >( ((0 <= nPasswordHash) && (nPasswordHash <= SAL_MAX_UINT16)) ? nPasswordHash : 0 );
116 : }
117 :
118 :
119 :
120 0 : BinaryCodec_XOR::BinaryCodec_XOR( CodecType eCodecType ) :
121 : meCodecType( eCodecType ),
122 : mnOffset( 0 ),
123 : mnBaseKey( 0 ),
124 0 : mnHash( 0 )
125 : {
126 0 : (void)memset( mpnKey, 0, sizeof( mpnKey ) );
127 0 : }
128 :
129 0 : BinaryCodec_XOR::~BinaryCodec_XOR()
130 : {
131 0 : (void)memset( mpnKey, 0, sizeof( mpnKey ) );
132 0 : mnBaseKey = mnHash = 0;
133 0 : }
134 :
135 0 : void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
136 : {
137 : // calculate base key and hash from passed password
138 0 : mnBaseKey = lclGetKey( pnPassData, 16 );
139 0 : mnHash = lclGetHash( pnPassData, 16 );
140 :
141 : static const sal_uInt8 spnFillChars[] =
142 : {
143 : 0xBB, 0xFF, 0xFF, 0xBA,
144 : 0xFF, 0xFF, 0xB9, 0x80,
145 : 0x00, 0xBE, 0x0F, 0x00,
146 : 0xBF, 0x0F, 0x00
147 : };
148 :
149 0 : (void)memcpy( mpnKey, pnPassData, 16 );
150 : sal_Int32 nIndex;
151 0 : sal_Int32 nLen = lclGetLen( pnPassData, 16 );
152 0 : const sal_uInt8* pnFillChar = spnFillChars;
153 0 : for( nIndex = nLen; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnFillChar )
154 0 : mpnKey[ nIndex ] = *pnFillChar;
155 :
156 : // rotation of key values is application dependent
157 0 : size_t nRotateSize = 0;
158 0 : switch( meCodecType )
159 : {
160 0 : case CODEC_WORD: nRotateSize = 7; break;
161 0 : case CODEC_EXCEL: nRotateSize = 2; break;
162 : // compiler will warn, if new codec type is introduced and not handled here
163 : }
164 :
165 : // use little-endian base key to create key array
166 : sal_uInt8 pnBaseKeyLE[ 2 ];
167 0 : pnBaseKeyLE[ 0 ] = static_cast< sal_uInt8 >( mnBaseKey );
168 0 : pnBaseKeyLE[ 1 ] = static_cast< sal_uInt8 >( mnBaseKey >> 8 );
169 0 : sal_uInt8* pnKeyChar = mpnKey;
170 0 : for( nIndex = 0; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnKeyChar )
171 : {
172 0 : *pnKeyChar ^= pnBaseKeyLE[ nIndex & 1 ];
173 0 : lclRotateLeft( *pnKeyChar, nRotateSize );
174 : }
175 0 : }
176 :
177 0 : bool BinaryCodec_XOR::initCodec( const uno::Sequence< beans::NamedValue >& aData )
178 : {
179 0 : bool bResult = false;
180 :
181 0 : ::comphelper::SequenceAsHashMap aHashData( aData );
182 0 : uno::Sequence< sal_Int8 > aKey = aHashData.getUnpackedValueOrDefault("XOR95EncryptionKey", uno::Sequence< sal_Int8 >() );
183 :
184 0 : if ( aKey.getLength() == 16 )
185 : {
186 0 : (void)memcpy( mpnKey, aKey.getConstArray(), 16 );
187 0 : bResult = true;
188 :
189 0 : mnBaseKey = (sal_uInt16)aHashData.getUnpackedValueOrDefault("XOR95BaseKey", (sal_Int16)0 );
190 0 : mnHash = (sal_uInt16)aHashData.getUnpackedValueOrDefault("XOR95PasswordHash", (sal_Int16)0 );
191 : }
192 : else
193 : OSL_FAIL( "Unexpected key size!\n" );
194 :
195 0 : return bResult;
196 : }
197 :
198 0 : uno::Sequence< beans::NamedValue > BinaryCodec_XOR::getEncryptionData()
199 : {
200 0 : ::comphelper::SequenceAsHashMap aHashData;
201 0 : aHashData[ OUString("XOR95EncryptionKey") ] <<= uno::Sequence<sal_Int8>( (sal_Int8*)mpnKey, 16 );
202 0 : aHashData[ OUString("XOR95BaseKey") ] <<= (sal_Int16)mnBaseKey;
203 0 : aHashData[ OUString("XOR95PasswordHash") ] <<= (sal_Int16)mnHash;
204 :
205 0 : return aHashData.getAsConstNamedValueList();
206 : }
207 :
208 0 : bool BinaryCodec_XOR::verifyKey( sal_uInt16 nKey, sal_uInt16 nHash ) const
209 : {
210 0 : return (nKey == mnBaseKey) && (nHash == mnHash);
211 : }
212 :
213 0 : void BinaryCodec_XOR::startBlock()
214 : {
215 0 : mnOffset = 0;
216 0 : }
217 :
218 0 : bool BinaryCodec_XOR::decode( sal_uInt8* pnDestData, const sal_uInt8* pnSrcData, sal_Int32 nBytes )
219 : {
220 0 : const sal_uInt8* pnCurrKey = mpnKey + mnOffset;
221 0 : const sal_uInt8* pnKeyLast = mpnKey + 0x0F;
222 :
223 : // switch/case outside of the for loop (performance)
224 0 : const sal_uInt8* pnSrcDataEnd = pnSrcData + nBytes;
225 0 : switch( meCodecType )
226 : {
227 : case CODEC_WORD:
228 : {
229 0 : for( ; pnSrcData < pnSrcDataEnd; ++pnSrcData, ++pnDestData )
230 : {
231 0 : sal_uInt8 nData = *pnSrcData ^ *pnCurrKey;
232 0 : if( (*pnSrcData != 0) && (nData != 0) )
233 0 : *pnDestData = nData;
234 0 : if( pnCurrKey < pnKeyLast ) ++pnCurrKey; else pnCurrKey = mpnKey;
235 : }
236 : }
237 0 : break;
238 : case CODEC_EXCEL:
239 : {
240 0 : for( ; pnSrcData < pnSrcDataEnd; ++pnSrcData, ++pnDestData )
241 : {
242 0 : *pnDestData = *pnSrcData;
243 0 : lclRotateLeft( *pnDestData, 3 );
244 0 : *pnDestData ^= *pnCurrKey;
245 0 : if( pnCurrKey < pnKeyLast ) ++pnCurrKey; else pnCurrKey = mpnKey;
246 : }
247 : }
248 0 : break;
249 : // compiler will warn, if new codec type is introduced and not handled here
250 : }
251 :
252 : // update offset and leave
253 0 : return skip( nBytes );
254 : }
255 :
256 0 : bool BinaryCodec_XOR::skip( sal_Int32 nBytes )
257 : {
258 0 : mnOffset = static_cast< sal_Int32 >( (mnOffset + nBytes) & 0x0F );
259 0 : return true;
260 : }
261 :
262 :
263 :
264 0 : BinaryCodec_RCF::BinaryCodec_RCF()
265 : {
266 0 : mhCipher = rtl_cipher_create( rtl_Cipher_AlgorithmARCFOUR, rtl_Cipher_ModeStream );
267 : OSL_ENSURE( mhCipher != 0, "BinaryCodec_RCF::BinaryCodec_RCF - cannot create cipher" );
268 :
269 0 : mhDigest = rtl_digest_create( rtl_Digest_AlgorithmMD5 );
270 : OSL_ENSURE( mhDigest != 0, "BinaryCodec_RCF::BinaryCodec_RCF - cannot create digest" );
271 :
272 0 : (void)memset( mpnDigestValue, 0, sizeof( mpnDigestValue ) );
273 0 : (void)memset (mpnUnique, 0, sizeof(mpnUnique));
274 0 : }
275 :
276 0 : BinaryCodec_RCF::~BinaryCodec_RCF()
277 : {
278 0 : (void)memset( mpnDigestValue, 0, sizeof( mpnDigestValue ) );
279 0 : (void)memset (mpnUnique, 0, sizeof(mpnUnique));
280 0 : rtl_digest_destroy( mhDigest );
281 0 : rtl_cipher_destroy( mhCipher );
282 0 : }
283 :
284 0 : bool BinaryCodec_RCF::initCodec( const uno::Sequence< beans::NamedValue >& aData )
285 : {
286 0 : bool bResult = false;
287 :
288 0 : ::comphelper::SequenceAsHashMap aHashData( aData );
289 0 : uno::Sequence< sal_Int8 > aKey = aHashData.getUnpackedValueOrDefault("STD97EncryptionKey", uno::Sequence< sal_Int8 >() );
290 :
291 0 : if ( aKey.getLength() == RTL_DIGEST_LENGTH_MD5 )
292 : {
293 0 : (void)memcpy( mpnDigestValue, aKey.getConstArray(), RTL_DIGEST_LENGTH_MD5 );
294 0 : uno::Sequence< sal_Int8 > aUniqueID = aHashData.getUnpackedValueOrDefault("STD97UniqueID", uno::Sequence< sal_Int8 >() );
295 0 : if ( aUniqueID.getLength() == 16 )
296 : {
297 0 : (void)memcpy( mpnUnique, aUniqueID.getConstArray(), 16 );
298 0 : bResult = false;
299 : }
300 : else
301 0 : OSL_FAIL( "Unexpected document ID!\n" );
302 : }
303 : else
304 : OSL_FAIL( "Unexpected key size!\n" );
305 :
306 0 : return bResult;
307 : }
308 :
309 0 : uno::Sequence< beans::NamedValue > BinaryCodec_RCF::getEncryptionData()
310 : {
311 0 : ::comphelper::SequenceAsHashMap aHashData;
312 0 : aHashData[ OUString("STD97EncryptionKey") ] <<= uno::Sequence< sal_Int8 >( (sal_Int8*)mpnDigestValue, RTL_DIGEST_LENGTH_MD5 );
313 0 : aHashData[ OUString("STD97UniqueID") ] <<= uno::Sequence< sal_Int8 >( (sal_Int8*)mpnUnique, 16 );
314 :
315 0 : return aHashData.getAsConstNamedValueList();
316 : }
317 :
318 0 : void BinaryCodec_RCF::initKey( const sal_uInt16 pnPassData[ 16 ], const sal_uInt8 pnSalt[ 16 ] )
319 : {
320 0 : uno::Sequence< sal_Int8 > aKey = ::comphelper::DocPasswordHelper::GenerateStd97Key( pnPassData, uno::Sequence< sal_Int8 >( (sal_Int8*)pnSalt, 16 ) );
321 : // Fill raw digest of above updates into DigestValue.
322 :
323 0 : if ( aKey.getLength() == sizeof(mpnDigestValue) )
324 0 : (void)memcpy ( mpnDigestValue, (const sal_uInt8*)aKey.getConstArray(), sizeof(mpnDigestValue) );
325 : else
326 0 : memset( mpnDigestValue, 0, sizeof(mpnDigestValue) );
327 :
328 0 : (void)memcpy( mpnUnique, pnSalt, 16 );
329 0 : }
330 :
331 0 : bool BinaryCodec_RCF::verifyKey( const sal_uInt8 pnVerifier[ 16 ], const sal_uInt8 pnVerifierHash[ 16 ] )
332 : {
333 0 : if( !startBlock( 0 ) )
334 0 : return false;
335 :
336 : sal_uInt8 pnDigest[ RTL_DIGEST_LENGTH_MD5 ];
337 : sal_uInt8 pnBuffer[ 64 ];
338 :
339 : // decode salt data into buffer
340 0 : rtl_cipher_decode( mhCipher, pnVerifier, 16, pnBuffer, sizeof( pnBuffer ) );
341 :
342 0 : pnBuffer[ 16 ] = 0x80;
343 0 : (void)memset( pnBuffer + 17, 0, sizeof( pnBuffer ) - 17 );
344 0 : pnBuffer[ 56 ] = 0x80;
345 :
346 : // fill raw digest of buffer into digest
347 0 : rtl_digest_updateMD5( mhDigest, pnBuffer, sizeof( pnBuffer ) );
348 0 : rtl_digest_rawMD5( mhDigest, pnDigest, sizeof( pnDigest ) );
349 :
350 : // decode original salt digest into buffer
351 0 : rtl_cipher_decode( mhCipher, pnVerifierHash, 16, pnBuffer, sizeof( pnBuffer ) );
352 :
353 : // compare buffer with computed digest
354 0 : bool bResult = memcmp( pnBuffer, pnDigest, sizeof( pnDigest ) ) == 0;
355 :
356 : // erase buffer and digest arrays and leave
357 0 : (void)memset( pnBuffer, 0, sizeof( pnBuffer ) );
358 0 : (void)memset( pnDigest, 0, sizeof( pnDigest ) );
359 0 : return bResult;
360 : }
361 :
362 0 : bool BinaryCodec_RCF::startBlock( sal_Int32 nCounter )
363 : {
364 : // initialize key data array
365 : sal_uInt8 pnKeyData[ 64 ];
366 0 : (void)memset( pnKeyData, 0, sizeof( pnKeyData ) );
367 :
368 : // fill 40 bit of digest value into [0..4]
369 0 : (void)memcpy( pnKeyData, mpnDigestValue, 5 );
370 :
371 : // fill little-endian counter into [5..8], static_cast masks out unneeded bits
372 0 : pnKeyData[ 5 ] = static_cast< sal_uInt8 >( nCounter );
373 0 : pnKeyData[ 6 ] = static_cast< sal_uInt8 >( nCounter >> 8 );
374 0 : pnKeyData[ 7 ] = static_cast< sal_uInt8 >( nCounter >> 16 );
375 0 : pnKeyData[ 8 ] = static_cast< sal_uInt8 >( nCounter >> 24 );
376 :
377 0 : pnKeyData[ 9 ] = 0x80;
378 0 : pnKeyData[ 56 ] = 0x48;
379 :
380 : // fill raw digest of key data into key data
381 0 : (void)rtl_digest_updateMD5( mhDigest, pnKeyData, sizeof( pnKeyData ) );
382 0 : (void)rtl_digest_rawMD5( mhDigest, pnKeyData, RTL_DIGEST_LENGTH_MD5 );
383 :
384 : // initialize cipher with key data (for decoding)
385 : rtlCipherError eResult =
386 0 : rtl_cipher_init( mhCipher, rtl_Cipher_DirectionDecode, pnKeyData, RTL_DIGEST_LENGTH_MD5, 0, 0 );
387 :
388 : // rrase key data array and leave
389 0 : (void)memset( pnKeyData, 0, sizeof( pnKeyData ) );
390 0 : return eResult == rtl_Cipher_E_None;
391 : }
392 :
393 0 : bool BinaryCodec_RCF::decode( sal_uInt8* pnDestData, const sal_uInt8* pnSrcData, sal_Int32 nBytes )
394 : {
395 : rtlCipherError eResult = rtl_cipher_decode( mhCipher,
396 : pnSrcData, static_cast< sal_Size >( nBytes ),
397 0 : pnDestData, static_cast< sal_Size >( nBytes ) );
398 0 : return eResult == rtl_Cipher_E_None;
399 : }
400 :
401 0 : bool BinaryCodec_RCF::skip( sal_Int32 nBytes )
402 : {
403 : // decode dummy data in memory to update internal state of RC4 cipher
404 : sal_uInt8 pnDummy[ 1024 ];
405 0 : sal_Int32 nBytesLeft = nBytes;
406 0 : bool bResult = true;
407 0 : while( bResult && (nBytesLeft > 0) )
408 : {
409 0 : sal_Int32 nBlockLen = ::std::min( nBytesLeft, static_cast< sal_Int32 >( sizeof( pnDummy ) ) );
410 0 : bResult = decode( pnDummy, pnDummy, nBlockLen );
411 0 : nBytesLeft -= nBlockLen;
412 : }
413 0 : return bResult;
414 : }
415 :
416 :
417 :
418 : } // namespace core
419 : } // namespace oox
420 :
421 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
