Line data Source code
1 : /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 : /*
3 : * This file is part of the LibreOffice project.
4 : *
5 : * This Source Code Form is subject to the terms of the Mozilla Public
6 : * License, v. 2.0. If a copy of the MPL was not distributed with this
7 : * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8 : *
9 : */
10 :
11 : #include "oox/crypto/DocumentDecryption.hxx"
12 :
13 : #include <comphelper/sequenceashashmap.hxx>
14 : #include <sax/tools/converter.hxx>
15 : #include <cppuhelper/implbase1.hxx>
16 :
17 : #include <com/sun/star/io/XSeekable.hpp>
18 : #include <com/sun/star/uno/XComponentContext.hpp>
19 : #include <com/sun/star/xml/sax/XFastParser.hpp>
20 : #include <com/sun/star/xml/sax/XFastTokenHandler.hpp>
21 : #include <com/sun/star/xml/sax/FastParser.hpp>
22 : #include <com/sun/star/xml/sax/FastToken.hpp>
23 :
24 : namespace oox {
25 : namespace core {
26 :
27 : using namespace css::beans;
28 : using namespace css::io;
29 : using namespace css::lang;
30 : using namespace css::uno;
31 : using namespace css::xml::sax;
32 : using namespace css::xml;
33 :
34 : using namespace std;
35 :
36 : using ::comphelper::SequenceAsHashMap;
37 : using ::sax::Converter;
38 :
39 : namespace {
40 :
41 0 : vector<sal_uInt8> convertToVector(Sequence<sal_Int8>& input)
42 : {
43 0 : const sal_uInt8* inputArray = reinterpret_cast<const sal_uInt8*>( input.getConstArray() );
44 0 : return vector<sal_uInt8>(inputArray, inputArray + input.getLength());
45 : }
46 :
47 0 : class AgileTokenHandler : public cppu::WeakImplHelper1< XFastTokenHandler >
48 : {
49 : public:
50 0 : virtual sal_Int32 SAL_CALL getTokenFromUTF8( const Sequence< sal_Int8 >& /*nIdentifier*/ ) throw (RuntimeException, std::exception) SAL_OVERRIDE
51 : {
52 0 : return FastToken::DONTKNOW;
53 : }
54 :
55 0 : virtual Sequence<sal_Int8> SAL_CALL getUTF8Identifier(sal_Int32 /*nToken*/) throw (RuntimeException, std::exception) SAL_OVERRIDE
56 : {
57 0 : return Sequence<sal_Int8>();
58 : }
59 : };
60 :
61 0 : class AgileDocumentHandler : public ::cppu::WeakImplHelper1< XFastDocumentHandler >
62 : {
63 : AgileEncryptionInfo& mInfo;
64 :
65 : public:
66 0 : AgileDocumentHandler(AgileEncryptionInfo& rInfo) :
67 0 : mInfo(rInfo)
68 0 : {}
69 :
70 0 : void SAL_CALL startDocument()
71 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
72 0 : {}
73 0 : void SAL_CALL endDocument()
74 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
75 0 : {}
76 0 : void SAL_CALL setDocumentLocator( const Reference< XLocator >& /*xLocator*/ )
77 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
78 0 : {}
79 0 : void SAL_CALL startFastElement( sal_Int32 /*Element*/, const Reference< XFastAttributeList >& /*Attribs*/ )
80 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
81 0 : {}
82 :
83 0 : void SAL_CALL startUnknownElement( const OUString& /*aNamespace*/, const OUString& aName, const Reference< XFastAttributeList >& aAttributeList )
84 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
85 : {
86 0 : if(aName == "keyData")
87 : {
88 0 : Sequence<Attribute> aAttributes(aAttributeList->getUnknownAttributes());
89 :
90 0 : for (int i=0; i<aAttributes.getLength(); i++)
91 : {
92 0 : if (aAttributes[i].Name == "saltValue")
93 : {
94 0 : Sequence<sal_Int8> keyDataSalt;
95 0 : Converter::decodeBase64(keyDataSalt, aAttributes[i].Value);
96 0 : mInfo.keyDataSalt = convertToVector(keyDataSalt);
97 : }
98 0 : }
99 : }
100 0 : else if(aName == "encryptedKey")
101 : {
102 0 : Sequence<Attribute> aAttributes(aAttributeList->getUnknownAttributes());
103 0 : for (int i=0; i<aAttributes.getLength(); i++)
104 : {
105 0 : if (aAttributes[i].Name == "spinCount")
106 : {
107 0 : Converter::convertNumber(mInfo.spinCount, aAttributes[i].Value);
108 : }
109 0 : else if (aAttributes[i].Name == "saltSize")
110 : {
111 0 : Converter::convertNumber(mInfo.saltSize, aAttributes[i].Value);
112 : }
113 0 : else if (aAttributes[i].Name == "blockSize")
114 : {
115 0 : Converter::convertNumber(mInfo.blockSize, aAttributes[i].Value);
116 : }
117 0 : else if (aAttributes[i].Name == "keyBits")
118 : {
119 0 : Converter::convertNumber(mInfo.keyBits, aAttributes[i].Value);
120 : }
121 0 : else if (aAttributes[i].Name == "hashSize")
122 : {
123 0 : Converter::convertNumber(mInfo.hashSize, aAttributes[i].Value);
124 : }
125 0 : else if (aAttributes[i].Name == "cipherAlgorithm")
126 : {
127 0 : mInfo.cipherAlgorithm = aAttributes[i].Value;
128 : }
129 0 : else if (aAttributes[i].Name == "cipherChaining")
130 : {
131 0 : mInfo.cipherChaining = aAttributes[i].Value;
132 : }
133 0 : else if (aAttributes[i].Name == "hashAlgorithm")
134 : {
135 0 : mInfo.hashAlgorithm = aAttributes[i].Value;
136 : }
137 0 : else if (aAttributes[i].Name == "saltValue")
138 : {
139 0 : Sequence<sal_Int8> saltValue;
140 0 : Converter::decodeBase64(saltValue, aAttributes[i].Value);
141 0 : mInfo.saltValue = convertToVector(saltValue);
142 : }
143 0 : else if (aAttributes[i].Name == "encryptedVerifierHashInput")
144 : {
145 0 : Sequence<sal_Int8> encryptedVerifierHashInput;
146 0 : Converter::decodeBase64(encryptedVerifierHashInput, aAttributes[i].Value);
147 0 : mInfo.encryptedVerifierHashInput = convertToVector(encryptedVerifierHashInput);
148 : }
149 0 : else if (aAttributes[i].Name == "encryptedVerifierHashValue")
150 : {
151 0 : Sequence<sal_Int8> encryptedVerifierHashValue;
152 0 : Converter::decodeBase64(encryptedVerifierHashValue, aAttributes[i].Value);
153 0 : mInfo.encryptedVerifierHashValue = convertToVector(encryptedVerifierHashValue);
154 : }
155 0 : else if (aAttributes[i].Name == "encryptedKeyValue")
156 : {
157 0 : Sequence<sal_Int8> encryptedKeyValue;
158 0 : Converter::decodeBase64(encryptedKeyValue, aAttributes[i].Value);
159 0 : mInfo.encryptedKeyValue = convertToVector(encryptedKeyValue);
160 : }
161 0 : }
162 : }
163 0 : }
164 :
165 0 : void SAL_CALL endFastElement( sal_Int32 /*aElement*/ )
166 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
167 0 : {}
168 0 : void SAL_CALL endUnknownElement( const OUString& /*aNamespace*/, const OUString& /*aName*/ )
169 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
170 0 : {}
171 :
172 0 : Reference< XFastContextHandler > SAL_CALL createFastChildContext( sal_Int32 /*aElement*/, const Reference< XFastAttributeList >& /*aAttribs*/ )
173 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
174 : {
175 0 : return NULL;
176 : }
177 :
178 0 : Reference< XFastContextHandler > SAL_CALL createUnknownChildContext( const OUString& /*aNamespace*/, const OUString& /*aName*/, const Reference< XFastAttributeList >& /*aAttribs*/ )
179 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
180 : {
181 0 : return this;
182 : }
183 :
184 0 : void SAL_CALL characters( const OUString& /*aChars*/ )
185 : throw (RuntimeException, SAXException, std::exception) SAL_OVERRIDE
186 0 : {}
187 : };
188 :
189 : } // namespace
190 :
191 30 : DocumentDecryption::DocumentDecryption(oox::ole::OleStorage& rOleStorage, Reference<XComponentContext> xContext) :
192 : mxContext(xContext),
193 : mrOleStorage(rOleStorage),
194 30 : mCryptoType(UNKNOWN)
195 30 : {}
196 :
197 0 : bool DocumentDecryption::checkEncryptionData(const Sequence<NamedValue>& /*rEncryptionData*/)
198 : {
199 0 : return false;
200 : }
201 :
202 0 : bool DocumentDecryption::generateEncryptionKey(const OUString& rPassword)
203 : {
204 0 : if (mEngine.get())
205 0 : return mEngine->generateEncryptionKey(rPassword);
206 0 : return false;
207 : }
208 :
209 0 : bool DocumentDecryption::readAgileEncryptionInfo(Reference< XInputStream >& xInputStream)
210 : {
211 0 : AgileEngine* engine = new AgileEngine();
212 0 : mEngine.reset(engine);
213 0 : AgileEncryptionInfo& info = engine->getInfo();
214 :
215 0 : Reference<XFastDocumentHandler> xFastDocumentHandler( new AgileDocumentHandler(info) );
216 0 : Reference<XFastTokenHandler> xFastTokenHandler ( new AgileTokenHandler );
217 :
218 : Reference<XFastParser> xParser(
219 0 : css::xml::sax::FastParser::create(mxContext));
220 :
221 0 : xParser->setFastDocumentHandler( xFastDocumentHandler );
222 0 : xParser->setTokenHandler( xFastTokenHandler );
223 :
224 0 : InputSource aInputSource;
225 0 : aInputSource.aInputStream = xInputStream;
226 0 : xParser->parseStream( aInputSource );
227 :
228 : // CHECK info data
229 0 : if (2 > info.blockSize || info.blockSize > 4096)
230 0 : return false;
231 :
232 0 : if (0 > info.spinCount || info.spinCount > 10000000)
233 0 : return false;
234 :
235 0 : if (1 > info.saltSize|| info.saltSize > 65536) // Check
236 0 : return false;
237 :
238 : // AES 128 CBC with SHA1
239 0 : if (info.keyBits == 128 &&
240 0 : info.cipherAlgorithm == "AES" &&
241 0 : info.cipherChaining == "ChainingModeCBC" &&
242 0 : info.hashAlgorithm == "SHA1" &&
243 0 : info.hashSize == 20)
244 : {
245 0 : return true;
246 : }
247 :
248 : // AES 256 CBC with SHA512
249 0 : if (info.keyBits == 256 &&
250 0 : info.cipherAlgorithm == "AES" &&
251 0 : info.cipherChaining == "ChainingModeCBC" &&
252 0 : info.hashAlgorithm == "SHA512" &&
253 0 : info.hashSize == 64 )
254 : {
255 0 : return true;
256 : }
257 :
258 0 : return false;
259 : }
260 :
261 0 : bool DocumentDecryption::readStandard2007EncryptionInfo(BinaryInputStream& rStream)
262 : {
263 0 : Standard2007Engine* engine = new Standard2007Engine();
264 0 : mEngine.reset(engine);
265 0 : StandardEncryptionInfo& info = engine->getInfo();
266 :
267 0 : rStream >> info.header.flags;
268 0 : if( getFlag( info.header.flags, ENCRYPTINFO_EXTERNAL ) )
269 0 : return false;
270 :
271 : sal_uInt32 nHeaderSize;
272 0 : rStream >> nHeaderSize;
273 :
274 0 : sal_uInt32 actualHeaderSize = sizeof(info.header);
275 :
276 0 : if( (nHeaderSize < actualHeaderSize) )
277 0 : return false;
278 :
279 0 : rStream >> info.header.flags;
280 0 : rStream >> info.header.sizeExtra;
281 0 : rStream >> info.header.algId;
282 0 : rStream >> info.header.algIdHash;
283 0 : rStream >> info.header.keyBits;
284 0 : rStream >> info.header.providedType;
285 0 : rStream >> info.header.reserved1;
286 0 : rStream >> info.header.reserved2;
287 :
288 0 : rStream.skip( nHeaderSize - actualHeaderSize );
289 :
290 0 : rStream >> info.verifier.saltSize;
291 0 : rStream.readArray(info.verifier.salt, SAL_N_ELEMENTS(info.verifier.salt));
292 0 : rStream.readArray(info.verifier.encryptedVerifier, SAL_N_ELEMENTS(info.verifier.encryptedVerifier));
293 0 : rStream >> info.verifier.encryptedVerifierHashSize;
294 0 : rStream.readArray(info.verifier.encryptedVerifierHash, SAL_N_ELEMENTS(info.verifier.encryptedVerifierHash));
295 :
296 0 : if( info.verifier.saltSize != 16 )
297 0 : return false;
298 :
299 : // check flags and algorithm IDs, required are AES128 and SHA-1
300 0 : if( !getFlag( info.header.flags , ENCRYPTINFO_CRYPTOAPI ) )
301 0 : return false;
302 :
303 0 : if( !getFlag( info.header.flags, ENCRYPTINFO_AES ) )
304 0 : return false;
305 :
306 : // algorithm ID 0 defaults to AES128 too, if ENCRYPTINFO_AES flag is set
307 0 : if( info.header.algId != 0 && info.header.algId != ENCRYPT_ALGO_AES128 )
308 0 : return false;
309 :
310 : // hash algorithm ID 0 defaults to SHA-1 too
311 0 : if( info.header.algIdHash != 0 && info.header.algIdHash != ENCRYPT_HASH_SHA1 )
312 0 : return false;
313 :
314 0 : if( info.verifier.encryptedVerifierHashSize != 20 )
315 0 : return false;
316 :
317 0 : return !rStream.isEof();
318 : }
319 :
320 30 : bool DocumentDecryption::readEncryptionInfo()
321 : {
322 30 : if( !mrOleStorage.isStorage() )
323 0 : return false;
324 :
325 60 : Reference< XInputStream > xEncryptionInfo( mrOleStorage.openInputStream( "EncryptionInfo" ), UNO_SET_THROW );
326 :
327 0 : bool bResult = false;
328 :
329 0 : BinaryXInputStream aBinaryInputStream( xEncryptionInfo, true );
330 :
331 : sal_uInt32 aVersion;
332 0 : aBinaryInputStream >> aVersion;
333 :
334 0 : switch (aVersion)
335 : {
336 : case VERSION_INFO_2007_FORMAT:
337 : case VERSION_INFO_2007_FORMAT_SP2:
338 0 : mCryptoType = STANDARD_2007; // Set encryption info format
339 0 : bResult = readStandard2007EncryptionInfo( aBinaryInputStream );
340 0 : break;
341 : case VERSION_INFO_AGILE:
342 0 : mCryptoType = AGILE; // Set encryption info format
343 0 : aBinaryInputStream.skip(4);
344 0 : bResult = readAgileEncryptionInfo( xEncryptionInfo );
345 0 : break;
346 : default:
347 0 : break;
348 : }
349 :
350 0 : return bResult;
351 : }
352 :
353 0 : Sequence<NamedValue> DocumentDecryption::createEncryptionData(const OUString& rPassword)
354 : {
355 0 : SequenceAsHashMap aEncryptionData;
356 :
357 0 : if (mCryptoType == AGILE)
358 : {
359 0 : aEncryptionData["CryptoType"] <<= OUString("Agile");
360 : }
361 0 : else if (mCryptoType == STANDARD_2007)
362 : {
363 0 : aEncryptionData["CryptoType"] <<= OUString("Standard");
364 : }
365 :
366 0 : aEncryptionData["OOXPassword"] <<= rPassword;
367 0 : return aEncryptionData.getAsConstNamedValueList();
368 : }
369 :
370 0 : bool DocumentDecryption::decrypt(Reference<XStream> xDocumentStream)
371 : {
372 0 : bool aResult = false;
373 :
374 0 : if( !mrOleStorage.isStorage() )
375 0 : return false;
376 :
377 : // open the required input streams in the encrypted package
378 0 : Reference< XInputStream > xEncryptedPackage( mrOleStorage.openInputStream( "EncryptedPackage" ), UNO_SET_THROW );
379 :
380 : // create temporary file for unencrypted package
381 0 : Reference< XOutputStream > xDecryptedPackage( xDocumentStream->getOutputStream(), UNO_SET_THROW );
382 0 : BinaryXOutputStream aDecryptedPackage( xDecryptedPackage, true );
383 0 : BinaryXInputStream aEncryptedPackage( xEncryptedPackage, true );
384 :
385 0 : aResult = mEngine->decrypt(aEncryptedPackage, aDecryptedPackage);
386 :
387 0 : xDecryptedPackage->flush();
388 0 : aDecryptedPackage.seekToStart();
389 :
390 0 : return aResult;
391 : }
392 :
393 : } // namespace core
394 408 : } // namespace oox
395 :
396 : /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
|
