LibreOffice Module oox (master)  1
binarycodec.cxx
Go to the documentation of this file.
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3  * This file is part of the LibreOffice project.
4  *
5  * This Source Code Form is subject to the terms of the Mozilla Public
6  * License, v. 2.0. If a copy of the MPL was not distributed with this
7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8  *
9  * This file incorporates work covered by the following license notice:
10  *
11  * Licensed to the Apache Software Foundation (ASF) under one or more
12  * contributor license agreements. See the NOTICE file distributed
13  * with this work for additional information regarding copyright
14  * ownership. The ASF licenses this file to you under the Apache
15  * License, Version 2.0 (the "License"); you may not use this file
16  * except in compliance with the License. You may obtain a copy of
17  * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18  */
19 
20 #include "oox/core/binarycodec.hxx"
21 
22 #include <algorithm>
23 #include <string.h>
25 
28 
29 using namespace ::com::sun::star;
30 
31 namespace oox {
32 namespace core {
33 
34 namespace {
35 
37 template< typename Type >
38 inline void lclRotateLeft( Type& rnValue, size_t nBits )
39 {
40  OSL_ENSURE( nBits < sizeof( Type ) * 8, "lclRotateLeft - rotation count overflow" );
41  rnValue = static_cast< Type >( (rnValue << nBits) | (rnValue >> (sizeof( Type ) * 8 - nBits)) );
42 }
43 
45 template< typename Type >
46 inline void lclRotateLeft( Type& rnValue, size_t nBits, size_t nWidth )
47 {
48  OSL_ENSURE( (nBits < nWidth) && (nWidth < sizeof( Type ) * 8), "lclRotateLeft - rotation count overflow" );
49  Type nMask = static_cast< Type >( (1UL << nWidth) - 1 );
50  rnValue = static_cast< Type >(
51  ((rnValue << nBits) | ((rnValue & nMask) >> (nWidth - nBits))) & nMask );
52 }
53 
54 sal_Int32 lclGetLen( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
55 {
56  sal_Int32 nLen = 0;
57  while( (nLen < nBufferSize) && pnPassData[ nLen ] ) ++nLen;
58  return nLen;
59 }
60 
61 sal_uInt16 lclGetKey( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
62 {
63  sal_Int32 nLen = lclGetLen( pnPassData, nBufferSize );
64  if( nLen <= 0 ) return 0;
65 
66  sal_uInt16 nKey = 0;
67  sal_uInt16 nKeyBase = 0x8000;
68  sal_uInt16 nKeyEnd = 0xFFFF;
69  const sal_uInt8* pnChar = pnPassData + nLen - 1;
70  for( sal_Int32 nIndex = 0; nIndex < nLen; ++nIndex, --pnChar )
71  {
72  sal_uInt8 cChar = *pnChar & 0x7F;
73  for( size_t nBit = 0; nBit < 8; ++nBit )
74  {
75  lclRotateLeft( nKeyBase, 1 );
76  if( nKeyBase & 1 ) nKeyBase ^= 0x1020;
77  if( cChar & 1 ) nKey ^= nKeyBase;
78  cChar >>= 1;
79  lclRotateLeft( nKeyEnd, 1 );
80  if( nKeyEnd & 1 ) nKeyEnd ^= 0x1020;
81  }
82  }
83  return nKey ^ nKeyEnd;
84 }
85 
86 sal_uInt16 lclGetHash( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
87 {
88  sal_Int32 nLen = lclGetLen( pnPassData, nBufferSize );
89 
90  sal_uInt16 nHash = static_cast< sal_uInt16 >( nLen );
91  if( nLen > 0 )
92  nHash ^= 0xCE4B;
93 
94  const sal_uInt8* pnChar = pnPassData;
95  for( sal_Int32 nIndex = 0; nIndex < nLen; ++nIndex, ++pnChar )
96  {
97  sal_uInt16 cChar = *pnChar;
98  size_t nRot = static_cast< size_t >( (nIndex + 1) % 15 );
99  lclRotateLeft( cChar, nRot, 15 );
100  nHash ^= cChar;
101  }
102  return nHash;
103 }
104 
105 } // namespace
106 
107 sal_uInt16 CodecHelper::getPasswordHash( const AttributeList& rAttribs, sal_Int32 nElement )
108 {
109  sal_Int32 nPasswordHash = rAttribs.getIntegerHex( nElement, 0 );
110  OSL_ENSURE( (0 <= nPasswordHash) && (nPasswordHash <= SAL_MAX_UINT16), "CodecHelper::getPasswordHash - invalid password hash" );
111  return static_cast< sal_uInt16 >( ((0 <= nPasswordHash) && (nPasswordHash <= SAL_MAX_UINT16)) ? nPasswordHash : 0 );
112 }
113 
115  meCodecType( eCodecType ),
116  mnOffset( 0 ),
117  mnBaseKey( 0 ),
118  mnHash( 0 )
119 {
120  (void)memset( mpnKey, 0, sizeof( mpnKey ) );
121 }
122 
124 {
125  (void)memset( mpnKey, 0, sizeof( mpnKey ) );
126  mnBaseKey = mnHash = 0;
127 }
128 
129 void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
130 {
131  // calculate base key and hash from passed password
132  mnBaseKey = lclGetKey( pnPassData, 16 );
133  mnHash = lclGetHash( pnPassData, 16 );
134 
135  static const sal_uInt8 spnFillChars[] =
136  {
137  0xBB, 0xFF, 0xFF, 0xBA,
138  0xFF, 0xFF, 0xB9, 0x80,
139  0x00, 0xBE, 0x0F, 0x00,
140  0xBF, 0x0F, 0x00
141  };
142 
143  (void)memcpy( mpnKey, pnPassData, 16 );
144  sal_Int32 nIndex;
145  sal_Int32 nLen = lclGetLen( pnPassData, 16 );
146  const sal_uInt8* pnFillChar = spnFillChars;
147  for( nIndex = nLen; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnFillChar )
148  mpnKey[ nIndex ] = *pnFillChar;
149 
150  // rotation of key values is application dependent
151  size_t nRotateSize = 0;
152  switch( meCodecType )
153  {
154  case CODEC_WORD: nRotateSize = 7; break;
155  case CODEC_EXCEL: nRotateSize = 2; break;
156  // compiler will warn, if new codec type is introduced and not handled here
157  }
158 
159  // use little-endian base key to create key array
160  sal_uInt8 pnBaseKeyLE[ 2 ];
161  pnBaseKeyLE[ 0 ] = static_cast< sal_uInt8 >( mnBaseKey );
162  pnBaseKeyLE[ 1 ] = static_cast< sal_uInt8 >( mnBaseKey >> 8 );
163  sal_uInt8* pnKeyChar = mpnKey;
164  for( nIndex = 0; nIndex < static_cast< sal_Int32 >( sizeof( mpnKey ) ); ++nIndex, ++pnKeyChar )
165  {
166  *pnKeyChar ^= pnBaseKeyLE[ nIndex & 1 ];
167  lclRotateLeft( *pnKeyChar, nRotateSize );
168  }
169 }
170 
171 bool BinaryCodec_XOR::initCodec( const uno::Sequence< beans::NamedValue >& aData )
172 {
173  bool bResult = false;
174 
175  ::comphelper::SequenceAsHashMap aHashData( aData );
176  uno::Sequence< sal_Int8 > aKey = aHashData.getUnpackedValueOrDefault("XOR95EncryptionKey", uno::Sequence< sal_Int8 >() );
177 
178  if ( aKey.getLength() == 16 )
179  {
180  (void)memcpy( mpnKey, aKey.getConstArray(), 16 );
181  bResult = true;
182 
183  mnBaseKey = (sal_uInt16)aHashData.getUnpackedValueOrDefault("XOR95BaseKey", (sal_Int16)0 );
184  mnHash = (sal_uInt16)aHashData.getUnpackedValueOrDefault("XOR95PasswordHash", (sal_Int16)0 );
185  }
186  else
187  OSL_FAIL( "Unexpected key size!\n" );
188 
189  return bResult;
190 }
191 
192 uno::Sequence< beans::NamedValue > BinaryCodec_XOR::getEncryptionData()
193 {
195  aHashData[ OUString("XOR95EncryptionKey") ] <<= uno::Sequence<sal_Int8>( (sal_Int8*)mpnKey, 16 );
196  aHashData[ OUString("XOR95BaseKey") ] <<= (sal_Int16)mnBaseKey;
197  aHashData[ OUString("XOR95PasswordHash") ] <<= (sal_Int16)mnHash;
198 
199  return aHashData.getAsConstNamedValueList();
200 }
201 
202 bool BinaryCodec_XOR::verifyKey( sal_uInt16 nKey, sal_uInt16 nHash ) const
203 {
204  return (nKey == mnBaseKey) && (nHash == mnHash);
205 }
206 
208 {
209  mnOffset = 0;
210 }
211 
212 bool BinaryCodec_XOR::decode( sal_uInt8* pnDestData, const sal_uInt8* pnSrcData, sal_Int32 nBytes )
213 {
214  const sal_uInt8* pnCurrKey = mpnKey + mnOffset;
215  const sal_uInt8* pnKeyLast = mpnKey + 0x0F;
216 
217  // switch/case outside of the for loop (performance)
218  const sal_uInt8* pnSrcDataEnd = pnSrcData + nBytes;
219  switch( meCodecType )
220  {
221  case CODEC_WORD:
222  {
223  for( ; pnSrcData < pnSrcDataEnd; ++pnSrcData, ++pnDestData )
224  {
225  sal_uInt8 nData = *pnSrcData ^ *pnCurrKey;
226  if( (*pnSrcData != 0) && (nData != 0) )
227  *pnDestData = nData;
228  if( pnCurrKey < pnKeyLast ) ++pnCurrKey; else pnCurrKey = mpnKey;
229  }
230  }
231  break;
232  case CODEC_EXCEL:
233  {
234  for( ; pnSrcData < pnSrcDataEnd; ++pnSrcData, ++pnDestData )
235  {
236  *pnDestData = *pnSrcData;
237  lclRotateLeft( *pnDestData, 3 );
238  *pnDestData ^= *pnCurrKey;
239  if( pnCurrKey < pnKeyLast ) ++pnCurrKey; else pnCurrKey = mpnKey;
240  }
241  }
242  break;
243  // compiler will warn, if new codec type is introduced and not handled here
244  }
245 
246  // update offset and leave
247  return skip( nBytes );
248 }
249 
250 bool BinaryCodec_XOR::skip( sal_Int32 nBytes )
251 {
252  mnOffset = static_cast< sal_Int32 >( (mnOffset + nBytes) & 0x0F );
253  return true;
254 }
255 
257 {
258  mhCipher = rtl_cipher_create( rtl_Cipher_AlgorithmARCFOUR, rtl_Cipher_ModeStream );
259  OSL_ENSURE( mhCipher != 0, "BinaryCodec_RCF::BinaryCodec_RCF - cannot create cipher" );
260 
261  mhDigest = rtl_digest_create( rtl_Digest_AlgorithmMD5 );
262  OSL_ENSURE( mhDigest != 0, "BinaryCodec_RCF::BinaryCodec_RCF - cannot create digest" );
263 
264  (void)memset( mpnDigestValue, 0, sizeof( mpnDigestValue ) );
265  (void)memset (mpnUnique, 0, sizeof(mpnUnique));
266 }
267 
269 {
270  (void)memset( mpnDigestValue, 0, sizeof( mpnDigestValue ) );
271  (void)memset (mpnUnique, 0, sizeof(mpnUnique));
272  rtl_digest_destroy( mhDigest );
273  rtl_cipher_destroy( mhCipher );
274 }
275 
276 bool BinaryCodec_RCF::initCodec( const uno::Sequence< beans::NamedValue >& aData )
277 {
278  bool bResult = false;
279 
280  ::comphelper::SequenceAsHashMap aHashData( aData );
281  uno::Sequence< sal_Int8 > aKey = aHashData.getUnpackedValueOrDefault("STD97EncryptionKey", uno::Sequence< sal_Int8 >() );
282 
283  if ( aKey.getLength() == RTL_DIGEST_LENGTH_MD5 )
284  {
285  (void)memcpy( mpnDigestValue, aKey.getConstArray(), RTL_DIGEST_LENGTH_MD5 );
286  uno::Sequence< sal_Int8 > aUniqueID = aHashData.getUnpackedValueOrDefault("STD97UniqueID", uno::Sequence< sal_Int8 >() );
287  if ( aUniqueID.getLength() == 16 )
288  {
289  (void)memcpy( mpnUnique, aUniqueID.getConstArray(), 16 );
290  bResult = false;
291  }
292  else
293  OSL_FAIL( "Unexpected document ID!\n" );
294  }
295  else
296  OSL_FAIL( "Unexpected key size!\n" );
297 
298  return bResult;
299 }
300 
301 uno::Sequence< beans::NamedValue > BinaryCodec_RCF::getEncryptionData()
302 {
304  aHashData[ OUString("STD97EncryptionKey") ] <<= uno::Sequence< sal_Int8 >( (sal_Int8*)mpnDigestValue, RTL_DIGEST_LENGTH_MD5 );
305  aHashData[ OUString("STD97UniqueID") ] <<= uno::Sequence< sal_Int8 >( (sal_Int8*)mpnUnique, 16 );
306 
307  return aHashData.getAsConstNamedValueList();
308 }
309 
310 void BinaryCodec_RCF::initKey( const sal_uInt16 pnPassData[ 16 ], const sal_uInt8 pnSalt[ 16 ] )
311 {
312  uno::Sequence< sal_Int8 > aKey = ::comphelper::DocPasswordHelper::GenerateStd97Key( pnPassData, uno::Sequence< sal_Int8 >( (sal_Int8*)pnSalt, 16 ) );
313  // Fill raw digest of above updates into DigestValue.
314 
315  if ( aKey.getLength() == sizeof(mpnDigestValue) )
316  (void)memcpy ( mpnDigestValue, (const sal_uInt8*)aKey.getConstArray(), sizeof(mpnDigestValue) );
317  else
318  memset( mpnDigestValue, 0, sizeof(mpnDigestValue) );
319 
320  (void)memcpy( mpnUnique, pnSalt, 16 );
321 }
322 
323 bool BinaryCodec_RCF::verifyKey( const sal_uInt8 pnVerifier[ 16 ], const sal_uInt8 pnVerifierHash[ 16 ] )
324 {
325  if( !startBlock( 0 ) )
326  return false;
327 
328  sal_uInt8 pnDigest[ RTL_DIGEST_LENGTH_MD5 ];
329  sal_uInt8 pnBuffer[ 64 ];
330 
331  // decode salt data into buffer
332  rtl_cipher_decode( mhCipher, pnVerifier, 16, pnBuffer, sizeof( pnBuffer ) );
333 
334  pnBuffer[ 16 ] = 0x80;
335  (void)memset( pnBuffer + 17, 0, sizeof( pnBuffer ) - 17 );
336  pnBuffer[ 56 ] = 0x80;
337 
338  // fill raw digest of buffer into digest
339  rtl_digest_updateMD5( mhDigest, pnBuffer, sizeof( pnBuffer ) );
340  rtl_digest_rawMD5( mhDigest, pnDigest, sizeof( pnDigest ) );
341 
342  // decode original salt digest into buffer
343  rtl_cipher_decode( mhCipher, pnVerifierHash, 16, pnBuffer, sizeof( pnBuffer ) );
344 
345  // compare buffer with computed digest
346  bool bResult = memcmp( pnBuffer, pnDigest, sizeof( pnDigest ) ) == 0;
347 
348  // erase buffer and digest arrays and leave
349  (void)memset( pnBuffer, 0, sizeof( pnBuffer ) );
350  (void)memset( pnDigest, 0, sizeof( pnDigest ) );
351  return bResult;
352 }
353 
354 bool BinaryCodec_RCF::startBlock( sal_Int32 nCounter )
355 {
356  // initialize key data array
357  sal_uInt8 pnKeyData[ 64 ];
358  (void)memset( pnKeyData, 0, sizeof( pnKeyData ) );
359 
360  // fill 40 bit of digest value into [0..4]
361  (void)memcpy( pnKeyData, mpnDigestValue, 5 );
362 
363  // fill little-endian counter into [5..8], static_cast masks out unneeded bits
364  pnKeyData[ 5 ] = static_cast< sal_uInt8 >( nCounter );
365  pnKeyData[ 6 ] = static_cast< sal_uInt8 >( nCounter >> 8 );
366  pnKeyData[ 7 ] = static_cast< sal_uInt8 >( nCounter >> 16 );
367  pnKeyData[ 8 ] = static_cast< sal_uInt8 >( nCounter >> 24 );
368 
369  pnKeyData[ 9 ] = 0x80;
370  pnKeyData[ 56 ] = 0x48;
371 
372  // fill raw digest of key data into key data
373  (void)rtl_digest_updateMD5( mhDigest, pnKeyData, sizeof( pnKeyData ) );
374  (void)rtl_digest_rawMD5( mhDigest, pnKeyData, RTL_DIGEST_LENGTH_MD5 );
375 
376  // initialize cipher with key data (for decoding)
377  rtlCipherError eResult =
378  rtl_cipher_init( mhCipher, rtl_Cipher_DirectionDecode, pnKeyData, RTL_DIGEST_LENGTH_MD5, 0, 0 );
379 
380  // rrase key data array and leave
381  (void)memset( pnKeyData, 0, sizeof( pnKeyData ) );
382  return eResult == rtl_Cipher_E_None;
383 }
384 
385 bool BinaryCodec_RCF::decode( sal_uInt8* pnDestData, const sal_uInt8* pnSrcData, sal_Int32 nBytes )
386 {
387  rtlCipherError eResult = rtl_cipher_decode( mhCipher,
388  pnSrcData, static_cast< sal_Size >( nBytes ),
389  pnDestData, static_cast< sal_Size >( nBytes ) );
390  return eResult == rtl_Cipher_E_None;
391 }
392 
393 bool BinaryCodec_RCF::skip( sal_Int32 nBytes )
394 {
395  // decode dummy data in memory to update internal state of RC4 cipher
396  sal_uInt8 pnDummy[ 1024 ];
397  sal_Int32 nBytesLeft = nBytes;
398  bool bResult = true;
399  while( bResult && (nBytesLeft > 0) )
400  {
401  sal_Int32 nBlockLen = ::std::min( nBytesLeft, static_cast< sal_Int32 >( sizeof( pnDummy ) ) );
402  bResult = decode( pnDummy, pnDummy, nBlockLen );
403  nBytesLeft -= nBlockLen;
404  }
405  return bResult;
406 }
407 
408 } // namespace core
409 } // namespace oox
410 
411 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */