LibreOffice Module oox (master)  1
binarycodec.cxx
Go to the documentation of this file.
1 /* -*- Mode: C++; tab-width: 4; indent-tabs-mode: nil; c-basic-offset: 4 -*- */
2 /*
3  * This file is part of the LibreOffice project.
4  *
5  * This Source Code Form is subject to the terms of the Mozilla Public
6  * License, v. 2.0. If a copy of the MPL was not distributed with this
7  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
8  *
9  * This file incorporates work covered by the following license notice:
10  *
11  * Licensed to the Apache Software Foundation (ASF) under one or more
12  * contributor license agreements. See the NOTICE file distributed
13  * with this work for additional information regarding copyright
14  * ownership. The ASF licenses this file to you under the Apache
15  * License, Version 2.0 (the "License"); you may not use this file
16  * except in compliance with the License. You may obtain a copy of
17  * the License at http://www.apache.org/licenses/LICENSE-2.0 .
18  */
19 
20 #include "oox/core/binarycodec.hxx"
21 
22 #include <algorithm>
23 #include <string.h>
25 
26 #include <osl/diagnose.h>
29 
30 using namespace ::com::sun::star;
31 
32 namespace oox {
33 namespace core {
34 
35 namespace {
36 
38 template< typename Type >
39 inline void lclRotateLeft( Type& rnValue, size_t nBits )
40 {
41  OSL_ENSURE( nBits < sizeof( Type ) * 8, "lclRotateLeft - rotation count overflow" );
42  rnValue = static_cast< Type >( (rnValue << nBits) | (rnValue >> (sizeof( Type ) * 8 - nBits)) );
43 }
44 
46 template< typename Type >
47 inline void lclRotateLeft( Type& rnValue, size_t nBits, size_t nWidth )
48 {
49  OSL_ENSURE( (nBits < nWidth) && (nWidth < sizeof( Type ) * 8), "lclRotateLeft - rotation count overflow" );
50  Type nMask = static_cast< Type >( (1UL << nWidth) - 1 );
51  rnValue = static_cast< Type >(
52  ((rnValue << nBits) | ((rnValue & nMask) >> (nWidth - nBits))) & nMask );
53 }
54 
55 sal_Int32 lclGetLen( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
56 {
57  sal_Int32 nLen = 0;
58  while( (nLen < nBufferSize) && pnPassData[ nLen ] ) ++nLen;
59  return nLen;
60 }
61 
62 sal_uInt16 lclGetKey( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
63 {
64  sal_Int32 nLen = lclGetLen( pnPassData, nBufferSize );
65  if( nLen <= 0 ) return 0;
66 
67  sal_uInt16 nKey = 0;
68  sal_uInt16 nKeyBase = 0x8000;
69  sal_uInt16 nKeyEnd = 0xFFFF;
70  const sal_uInt8* pnChar = pnPassData + nLen - 1;
71  for( sal_Int32 nIndex = 0; nIndex < nLen; ++nIndex, --pnChar )
72  {
73  sal_uInt8 cChar = *pnChar & 0x7F;
74  for( size_t nBit = 0; nBit < 8; ++nBit )
75  {
76  lclRotateLeft( nKeyBase, 1 );
77  if( nKeyBase & 1 ) nKeyBase ^= 0x1020;
78  if( cChar & 1 ) nKey ^= nKeyBase;
79  cChar >>= 1;
80  lclRotateLeft( nKeyEnd, 1 );
81  if( nKeyEnd & 1 ) nKeyEnd ^= 0x1020;
82  }
83  }
84  return nKey ^ nKeyEnd;
85 }
86 
87 sal_uInt16 lclGetHash( const sal_uInt8* pnPassData, sal_Int32 nBufferSize )
88 {
89  sal_Int32 nLen = lclGetLen( pnPassData, nBufferSize );
90 
91  sal_uInt16 nHash = static_cast< sal_uInt16 >( nLen );
92  if( nLen > 0 )
93  nHash ^= 0xCE4B;
94 
95  const sal_uInt8* pnChar = pnPassData;
96  for( sal_Int32 nIndex = 0; nIndex < nLen; ++nIndex, ++pnChar )
97  {
98  sal_uInt16 cChar = *pnChar;
99  size_t nRot = static_cast< size_t >( (nIndex + 1) % 15 );
100  lclRotateLeft( cChar, nRot, 15 );
101  nHash ^= cChar;
102  }
103  return nHash;
104 }
105 
106 } // namespace
107 
108 sal_uInt16 CodecHelper::getPasswordHash( const AttributeList& rAttribs, sal_Int32 nElement )
109 {
110  sal_Int32 nPasswordHash = rAttribs.getIntegerHex( nElement, 0 );
111  OSL_ENSURE( (0 <= nPasswordHash) && (nPasswordHash <= SAL_MAX_UINT16), "CodecHelper::getPasswordHash - invalid password hash" );
112  return static_cast< sal_uInt16 >( ((0 <= nPasswordHash) && (nPasswordHash <= SAL_MAX_UINT16)) ? nPasswordHash : 0 );
113 }
114 
116  mnOffset( 0 ),
117  mnBaseKey( 0 ),
118  mnHash( 0 )
119 {
120  (void)memset( mpnKey, 0, sizeof( mpnKey ) );
121 }
122 
124 {
125  (void)memset( mpnKey, 0, sizeof( mpnKey ) );
126  mnBaseKey = mnHash = 0;
127 }
128 
129 void BinaryCodec_XOR::initKey( const sal_uInt8 pnPassData[ 16 ] )
130 {
131  // calculate base key and hash from passed password
132  mnBaseKey = lclGetKey( pnPassData, 16 );
133  mnHash = lclGetHash( pnPassData, 16 );
134 
135  static const sal_uInt8 spnFillChars[] =
136  {
137  0xBB, 0xFF, 0xFF, 0xBA,
138  0xFF, 0xFF, 0xB9, 0x80,
139  0x00, 0xBE, 0x0F, 0x00,
140  0xBF, 0x0F, 0x00, 0x00
141  };
142 
143  (void)memcpy( mpnKey, pnPassData, 16 );
144  sal_Int32 nLen = lclGetLen( pnPassData, 16 );
145  const sal_uInt8* pnFillChar = spnFillChars;
146  for (sal_Int32 nIndex = nLen; nIndex < static_cast<sal_Int32>(sizeof(mpnKey)); ++nIndex, ++pnFillChar )
147  mpnKey[ nIndex ] = *pnFillChar;
148 
149  size_t nRotateSize = 2;
150 
151  // use little-endian base key to create key array
152  sal_uInt8 pnBaseKeyLE[ 2 ];
153  pnBaseKeyLE[ 0 ] = static_cast< sal_uInt8 >( mnBaseKey );
154  pnBaseKeyLE[ 1 ] = static_cast< sal_uInt8 >( mnBaseKey >> 8 );
155  sal_uInt8* pnKeyChar = mpnKey;
156  for (sal_Int32 nIndex = 0; nIndex < static_cast<sal_Int32>(sizeof(mpnKey)); ++nIndex, ++pnKeyChar )
157  {
158  *pnKeyChar ^= pnBaseKeyLE[ nIndex & 1 ];
159  lclRotateLeft( *pnKeyChar, nRotateSize );
160  }
161 }
162 
163 bool BinaryCodec_XOR::initCodec( const uno::Sequence< beans::NamedValue >& aData )
164 {
165  bool bResult = false;
166 
167  ::comphelper::SequenceAsHashMap aHashData( aData );
168  uno::Sequence< sal_Int8 > aKey = aHashData.getUnpackedValueOrDefault("XOR95EncryptionKey", uno::Sequence< sal_Int8 >() );
169 
170  if ( aKey.getLength() == 16 )
171  {
172  (void)memcpy( mpnKey, aKey.getConstArray(), 16 );
173  bResult = true;
174 
175  mnBaseKey = (sal_uInt16)aHashData.getUnpackedValueOrDefault("XOR95BaseKey", (sal_Int16)0 );
176  mnHash = (sal_uInt16)aHashData.getUnpackedValueOrDefault("XOR95PasswordHash", (sal_Int16)0 );
177  }
178  else
179  OSL_FAIL( "Unexpected key size!" );
180 
181  return bResult;
182 }
183 
184 uno::Sequence< beans::NamedValue > BinaryCodec_XOR::getEncryptionData()
185 {
187  aHashData[ OUString("XOR95EncryptionKey") ] <<= uno::Sequence<sal_Int8>( reinterpret_cast<sal_Int8*>(mpnKey), 16 );
188  aHashData[ OUString("XOR95BaseKey") ] <<= (sal_Int16)mnBaseKey;
189  aHashData[ OUString("XOR95PasswordHash") ] <<= (sal_Int16)mnHash;
190 
191  return aHashData.getAsConstNamedValueList();
192 }
193 
194 bool BinaryCodec_XOR::verifyKey( sal_uInt16 nKey, sal_uInt16 nHash ) const
195 {
196  return (nKey == mnBaseKey) && (nHash == mnHash);
197 }
198 
199 bool BinaryCodec_XOR::skip( sal_Int32 nBytes )
200 {
201  mnOffset = static_cast< sal_Int32 >( (mnOffset + nBytes) & 0x0F );
202  return true;
203 }
204 
206 {
207  mhCipher = rtl_cipher_create( rtl_Cipher_AlgorithmARCFOUR, rtl_Cipher_ModeStream );
208  OSL_ENSURE( mhCipher != nullptr, "BinaryCodec_RCF::BinaryCodec_RCF - cannot create cipher" );
209 
210  mhDigest = rtl_digest_create( rtl_Digest_AlgorithmMD5 );
211  OSL_ENSURE( mhDigest != nullptr, "BinaryCodec_RCF::BinaryCodec_RCF - cannot create digest" );
212 
213  (void)memset( mpnDigestValue, 0, sizeof( mpnDigestValue ) );
214  (void)memset (mpnUnique, 0, sizeof(mpnUnique));
215 }
216 
218 {
219  (void)memset( mpnDigestValue, 0, sizeof( mpnDigestValue ) );
220  (void)memset (mpnUnique, 0, sizeof(mpnUnique));
221  rtl_digest_destroy( mhDigest );
222  rtl_cipher_destroy( mhCipher );
223 }
224 
225 bool BinaryCodec_RCF::initCodec( const uno::Sequence< beans::NamedValue >& aData )
226 {
227  bool bResult = false;
228 
229  ::comphelper::SequenceAsHashMap aHashData( aData );
230  uno::Sequence< sal_Int8 > aKey = aHashData.getUnpackedValueOrDefault("STD97EncryptionKey", uno::Sequence< sal_Int8 >() );
231 
232  if ( aKey.getLength() == RTL_DIGEST_LENGTH_MD5 )
233  {
234  (void)memcpy( mpnDigestValue, aKey.getConstArray(), RTL_DIGEST_LENGTH_MD5 );
235  uno::Sequence< sal_Int8 > aUniqueID = aHashData.getUnpackedValueOrDefault("STD97UniqueID", uno::Sequence< sal_Int8 >() );
236  if ( aUniqueID.getLength() == 16 )
237  {
238  (void)memcpy( mpnUnique, aUniqueID.getConstArray(), 16 );
239  bResult = false;
240  }
241  else
242  OSL_FAIL( "Unexpected document ID!" );
243  }
244  else
245  OSL_FAIL( "Unexpected key size!" );
246 
247  return bResult;
248 }
249 
250 uno::Sequence< beans::NamedValue > BinaryCodec_RCF::getEncryptionData()
251 {
253  aHashData[ OUString("STD97EncryptionKey") ] <<= uno::Sequence< sal_Int8 >( reinterpret_cast<sal_Int8*>(mpnDigestValue), RTL_DIGEST_LENGTH_MD5 );
254  aHashData[ OUString("STD97UniqueID") ] <<= uno::Sequence< sal_Int8 >( reinterpret_cast<sal_Int8*>(mpnUnique), 16 );
255 
256  return aHashData.getAsConstNamedValueList();
257 }
258 
259 void BinaryCodec_RCF::initKey( const sal_uInt16 pnPassData[ 16 ], const sal_uInt8 pnSalt[ 16 ] )
260 {
261  uno::Sequence< sal_Int8 > aKey = ::comphelper::DocPasswordHelper::GenerateStd97Key( pnPassData, uno::Sequence< sal_Int8 >( reinterpret_cast<sal_Int8 const *>(pnSalt), 16 ) );
262  // Fill raw digest of above updates into DigestValue.
263 
264  if ( aKey.getLength() == sizeof(mpnDigestValue) )
265  (void)memcpy ( mpnDigestValue, aKey.getConstArray(), sizeof(mpnDigestValue) );
266  else
267  memset( mpnDigestValue, 0, sizeof(mpnDigestValue) );
268 
269  (void)memcpy( mpnUnique, pnSalt, 16 );
270 }
271 
272 bool BinaryCodec_RCF::verifyKey( const sal_uInt8 pnVerifier[ 16 ], const sal_uInt8 pnVerifierHash[ 16 ] )
273 {
274  if( !startBlock( 0 ) )
275  return false;
276 
277  sal_uInt8 pnDigest[ RTL_DIGEST_LENGTH_MD5 ];
278  sal_uInt8 pnBuffer[ 64 ];
279 
280  // decode salt data into buffer
281  rtl_cipher_decode( mhCipher, pnVerifier, 16, pnBuffer, sizeof( pnBuffer ) );
282 
283  pnBuffer[ 16 ] = 0x80;
284  (void)memset( pnBuffer + 17, 0, sizeof( pnBuffer ) - 17 );
285  pnBuffer[ 56 ] = 0x80;
286 
287  // fill raw digest of buffer into digest
288  rtl_digest_updateMD5( mhDigest, pnBuffer, sizeof( pnBuffer ) );
289  rtl_digest_rawMD5( mhDigest, pnDigest, sizeof( pnDigest ) );
290 
291  // decode original salt digest into buffer
292  rtl_cipher_decode( mhCipher, pnVerifierHash, 16, pnBuffer, sizeof( pnBuffer ) );
293 
294  // compare buffer with computed digest
295  bool bResult = memcmp( pnBuffer, pnDigest, sizeof( pnDigest ) ) == 0;
296 
297  // erase buffer and digest arrays and leave
298  rtl_secureZeroMemory (pnBuffer, sizeof(pnBuffer));
299  rtl_secureZeroMemory (pnDigest, sizeof(pnDigest));
300  return bResult;
301 }
302 
303 bool BinaryCodec_RCF::startBlock( sal_Int32 nCounter )
304 {
305  // initialize key data array
306  sal_uInt8 pnKeyData[ 64 ];
307  (void)memset( pnKeyData, 0, sizeof( pnKeyData ) );
308 
309  // fill 40 bit of digest value into [0..4]
310  (void)memcpy( pnKeyData, mpnDigestValue, 5 );
311 
312  // fill little-endian counter into [5..8], static_cast masks out unneeded bits
313  pnKeyData[ 5 ] = static_cast< sal_uInt8 >( nCounter );
314  pnKeyData[ 6 ] = static_cast< sal_uInt8 >( nCounter >> 8 );
315  pnKeyData[ 7 ] = static_cast< sal_uInt8 >( nCounter >> 16 );
316  pnKeyData[ 8 ] = static_cast< sal_uInt8 >( nCounter >> 24 );
317 
318  pnKeyData[ 9 ] = 0x80;
319  pnKeyData[ 56 ] = 0x48;
320 
321  // fill raw digest of key data into key data
322  (void)rtl_digest_updateMD5( mhDigest, pnKeyData, sizeof( pnKeyData ) );
323  (void)rtl_digest_rawMD5( mhDigest, pnKeyData, RTL_DIGEST_LENGTH_MD5 );
324 
325  // initialize cipher with key data (for decoding)
326  rtlCipherError eResult =
327  rtl_cipher_init( mhCipher, rtl_Cipher_DirectionDecode, pnKeyData, RTL_DIGEST_LENGTH_MD5, nullptr, 0 );
328 
329  // erase key data array and leave
330  rtl_secureZeroMemory (pnKeyData, sizeof(pnKeyData));
331  return eResult == rtl_Cipher_E_None;
332 }
333 
334 bool BinaryCodec_RCF::decode( sal_uInt8* pnDestData, const sal_uInt8* pnSrcData, sal_Int32 nBytes )
335 {
336  rtlCipherError eResult = rtl_cipher_decode( mhCipher,
337  pnSrcData, static_cast< sal_Size >( nBytes ),
338  pnDestData, static_cast< sal_Size >( nBytes ) );
339  return eResult == rtl_Cipher_E_None;
340 }
341 
342 } // namespace core
343 } // namespace oox
344 
345 /* vim:set shiftwidth=4 softtabstop=4 expandtab: */
Type
css::uno::Sequence< css::beans::NamedValue > getEncryptionData()
Retrieves the encryption data.
signed char sal_Int8
sal_Int32 mnOffset
Key offset.
OOX_DLLPUBLIC sal_uInt16 getPasswordHash(const AttributeList &rAttribs, sal_Int32 nElement)
Returns the password hash if it is in the required 16-bit limit.
sal_uInt8 mpnKey[16]
Encryption key.
BinaryCodec_RCF()
Default constructor.
bool startBlock(sal_Int32 nCounter)
Rekeys the codec using the specified counter.
bool initCodec(const css::uno::Sequence< css::beans::NamedValue > &aData)
Initializes the algorithm with the encryption data.
bool decode(sal_uInt8 *pnDestData, const sal_uInt8 *pnSrcData, sal_Int32 nBytes)
Decodes a block of memory.
#define SAL_MAX_UINT16
const css::uno::Sequence< css::beans::NamedValue > getAsConstNamedValueList() const
sal_uInt16 mnBaseKey
Base key from password.
TValueType getUnpackedValueOrDefault(const OUString &sKey, const TValueType &aDefault) const
bool skip(sal_Int32 nBytes)
Lets the cipher skip a specific amount of bytes.
void initKey(const sal_uInt8 pnPassData[16])
Initializes the algorithm with the specified password.
bool verifyKey(const sal_uInt8 pnVerifier[16], const sal_uInt8 pnVerifierHash[16])
Verifies the validity of the password using the passed salt data.
static css::uno::Sequence< sal_Int8 > GenerateStd97Key(const OUString &aPassword, const css::uno::Sequence< sal_Int8 > &aDocId)
bool initCodec(const css::uno::Sequence< css::beans::NamedValue > &aData)
Initializes the algorithm with the encryption data.
sal_uInt16 mnHash
Hash value from password.
BinaryCodec_XOR()
Default constructor.
Provides access to attribute values of an element.
css::uno::Sequence< css::beans::NamedValue > getEncryptionData()
Retrieves the encryption data.
sal_uInt8 mpnDigestValue[RTL_DIGEST_LENGTH_MD5]
OptValue< sal_Int32 > getIntegerHex(sal_Int32 nAttrToken) const
Returns the 32-bit signed integer value of the specified attribute (hexadecimal). ...
unsigned char sal_uInt8
void initKey(const sal_uInt16 pnPassData[16], const sal_uInt8 pnSalt[16])
Initializes the algorithm with the specified password and document ID.
GUIDCNamePair aData
Definition: olehelper.cxx:99
bool verifyKey(sal_uInt16 nKey, sal_uInt16 nHash) const
Verifies the validity of the password using the passed key and hash.
typedef void(CALLTYPE *GetFuncDataPtr)(sal_uInt16 &nNo