Inicio Explorar Ayuda
Registro Iniciar sesión
OTH
/
repos_util
3
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Árbol: 2a48e18f45
Ramas Etiquetas
repos_util
/
xlnt
/
source
/
detail
/
cryptography
/
encryption_info.cpp

encryption_info.cpp 6.6 KB
Histórico Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179 
  1. // Copyright (c) 2017-2021 Thomas Fussell
    2. 

  2. //
    3. 

  3. // Permission is hereby granted, free of charge, to any person obtaining a copy
    4. 

  4. // of this software and associated documentation files (the "Software"), to deal
    5. 

  5. // in the Software without restriction, including without limitation the rights
    6. 

  6. // to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
    7. 

  7. // copies of the Software, and to permit persons to whom the Software is
    8. 

  8. // furnished to do so, subject to the following conditions:
    9. 

  9. //
    10. 

  10. // The above copyright notice and this permission notice shall be included in
    11. 

  11. // all copies or substantial portions of the Software.
    12. 

  12. //
    13. 

  13. // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
    14. 

  14. // IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
    15. 

  15. // FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
    16. 

  16. // AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
    17. 

  17. // LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
    18. 

  18. // OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
    19. 

  19. // THE SOFTWARE
    20. 

  20. //
    21. 

  21. // @license: http://www.opensource.org/licenses/mit-license.php
    22. 

  22. // @author: see AUTHORS file
    23. 

  23. 

  24. #include <array>
    25. 

  25. 

  26. #include <detail/binary.hpp>
    27. 

  27. #include <detail/cryptography/aes.hpp>
    28. 

  28. #include <detail/cryptography/encryption_info.hpp>
    29. 

  29. 

  30. namespace {
    31. 

  31. 

  32. using xlnt::detail::encryption_info;
    33. 

  33. 

  34. std::vector<std::uint8_t> calculate_standard_key(
    35. 

  35.     encryption_info::standard_encryption_info info,
    36. 

  36.     const std::u16string &password)
    37. 

  37. {
    38. 

  38.     // H_0 = H(salt + password)
    39. 

  39.     auto salt_plus_password = info.salt;
    40. 

  40.     auto password_bytes = xlnt::detail::string_to_bytes(password);
    41. 

  41.     std::copy(password_bytes.begin(),
    42. 

  42.         password_bytes.end(),
    43. 

  43.         std::back_inserter(salt_plus_password));
    44. 

  44.     auto h_0 = hash(info.hash, salt_plus_password);
    45. 

  45. 

  46.     // H_n = H(iterator + H_n-1)
    47. 

  47.     std::vector<std::uint8_t> iterator_plus_h_n(4, 0);
    48. 

  48.     iterator_plus_h_n.insert(iterator_plus_h_n.end(), h_0.begin(), h_0.end());
    49. 

  49.     std::uint32_t &iterator = *reinterpret_cast<std::uint32_t *>(iterator_plus_h_n.data());
    50. 

  50.     std::vector<std::uint8_t> h_n;
    51. 

  51.     for (iterator = 0; iterator < info.spin_count; ++iterator)
    52. 

  52.     {
    53. 

  53.         hash(info.hash, iterator_plus_h_n, h_n);
    54. 

  54.         std::copy(h_n.begin(), h_n.end(), iterator_plus_h_n.begin() + 4);
    55. 

  55.     }
    56. 

  56. 

  57.     // H_final = H(H_n + block)
    58. 

  58.     auto h_n_plus_block = h_n;
    59. 

  59.     const std::uint32_t block_number = 0;
    60. 

  60.     h_n_plus_block.insert(
    61. 

  61.         h_n_plus_block.end(),
    62. 

  62.         reinterpret_cast<const std::uint8_t *>(&block_number),
    63. 

  63.         reinterpret_cast<const std::uint8_t *>(&block_number) + sizeof(std::uint32_t));
    64. 

  64.     auto h_final = hash(info.hash, h_n_plus_block);
    65. 

  65. 

  66.     // X1 = H(h_final ^ 0x36)
    67. 

  67.     std::vector<std::uint8_t> buffer(64, 0x36);
    68. 

  68.     for (std::size_t i = 0; i < h_final.size(); ++i)
    69. 

  69.     {
    70. 

  70.         buffer[i] = static_cast<std::uint8_t>(0x36 ^ h_final[i]);
    71. 

  71.     }
    72. 

  72.     auto X1 = hash(info.hash, buffer);
    73. 

  73. 

  74.     // X2 = H(h_final ^ 0x5C)
    75. 

  75.     buffer.assign(64, 0x5c);
    76. 

  76.     for (std::size_t i = 0; i < h_final.size(); ++i)
    77. 

  77.     {
    78. 

  78.         buffer[i] = static_cast<std::uint8_t>(0x5c ^ h_final[i]);
    79. 

  79.     }
    80. 

  80.     auto X2 = hash(info.hash, buffer);
    81. 

  81. 

  82.     auto X3 = X1;
    83. 

  83.     X3.insert(X3.end(), X2.begin(), X2.end());
    84. 

  84. 

  85.     auto key = std::vector<std::uint8_t>(X3.begin(),
    86. 

  86.         X3.begin() + static_cast<std::ptrdiff_t>(info.key_bytes));
    87. 

  87. 

  88.     using xlnt::detail::aes_ecb_decrypt;
    89. 

  89. 

  90.     auto calculated_verifier_hash = hash(info.hash,
    91. 

  91.         aes_ecb_decrypt(info.encrypted_verifier, key));
    92. 

  92.     auto decrypted_verifier_hash = aes_ecb_decrypt(
    93. 

  93.         info.encrypted_verifier_hash, key);
    94. 

  94.     decrypted_verifier_hash.resize(calculated_verifier_hash.size());
    95. 

  95. 

  96.     if (calculated_verifier_hash != decrypted_verifier_hash)
    97. 

  97.     {
    98. 

  98.         throw xlnt::exception("bad password");
    99. 

  99.     }
    100. 

  100. 

  101.     return key;
    102. 

  102. }
    103. 

  103. 

  104. std::vector<std::uint8_t> calculate_agile_key(
    105. 

  105.     encryption_info::agile_encryption_info info,
    106. 

  106.     const std::u16string &password)
    107. 

  107. {
    108. 

  108.     // H_0 = H(salt + password)
    109. 

  109.     auto salt_plus_password = info.key_encryptor.salt_value;
    110. 

  110.     auto password_bytes = xlnt::detail::string_to_bytes(password);
    111. 

  111.     std::copy(password_bytes.begin(),
    112. 

  112.         password_bytes.end(),
    113. 

  113.         std::back_inserter(salt_plus_password));
    114. 

  114. 

  115.     auto h_0 = hash(info.key_encryptor.hash, salt_plus_password);
    116. 

  116. 

  117.     // H_n = H(iterator + H_n-1)
    118. 

  118.     std::vector<std::uint8_t> iterator_plus_h_n(4, 0);
    119. 

  119.     iterator_plus_h_n.insert(iterator_plus_h_n.end(), h_0.begin(), h_0.end());
    120. 

  120.     std::uint32_t &iterator = *reinterpret_cast<std::uint32_t *>(iterator_plus_h_n.data());
    121. 

  121.     std::vector<std::uint8_t> h_n;
    122. 

  122.     for (iterator = 0; iterator < info.key_encryptor.spin_count; ++iterator)
    123. 

  123.     {
    124. 

  124.         hash(info.key_encryptor.hash, iterator_plus_h_n, h_n);
    125. 

  125.         std::copy(h_n.begin(), h_n.end(), iterator_plus_h_n.begin() + 4);
    126. 

  126.     }
    127. 

  127. 

  128.     static const std::size_t block_size = 8;
    129. 

  129. 

  130.     auto calculate_block = [&info](
    131. 

  131.                                const std::vector<std::uint8_t> &raw_key,
    132. 

  132.                                const std::array<std::uint8_t, block_size> &block,
    133. 

  133.                                const std::vector<std::uint8_t> &encrypted) {
    134. 

  134.         auto combined = raw_key;
    135. 

  135.         combined.insert(combined.end(), block.begin(), block.end());
    136. 

  136. 

  137.         auto key = hash(info.key_encryptor.hash, combined);
    138. 

  138.         key.resize(info.key_encryptor.key_bits / 8);
    139. 

  139. 

  140.         using xlnt::detail::aes_cbc_decrypt;
    141. 

  141. 

  142.         return aes_cbc_decrypt(encrypted, key, info.key_encryptor.salt_value);
    143. 

  143.     };
    144. 

  144. 

  145.     const std::array<std::uint8_t, block_size> input_block_key = {{0xfe, 0xa7, 0xd2, 0x76, 0x3b, 0x4b, 0x9e, 0x79}};
    146. 

  146.     auto hash_input = calculate_block(h_n, input_block_key, info.key_encryptor.verifier_hash_input);
    147. 

  147.     auto calculated_verifier = hash(info.key_encryptor.hash, hash_input);
    148. 

  148. 

  149.     const std::array<std::uint8_t, block_size> verifier_block_key = {
    150. 

  150.         {0xd7, 0xaa, 0x0f, 0x6d, 0x30, 0x61, 0x34, 0x4e}};
    151. 

  151.     auto expected_verifier = calculate_block(h_n, verifier_block_key, info.key_encryptor.verifier_hash_value);
    152. 

  152.     expected_verifier.resize(calculated_verifier.size());
    153. 

  153. 

  154.     if (calculated_verifier != expected_verifier)
    155. 

  155.     {
    156. 

  156.         throw xlnt::exception("bad password");
    157. 

  157.     }
    158. 

  158. 

  159.     const std::array<std::uint8_t, block_size> key_value_block_key =
    160. 

  160.         {
    161. 

  161.             {0x14, 0x6e, 0x0b, 0xe7, 0xab, 0xac, 0xd0, 0xd6}};
    162. 

  162. 

  163.     return calculate_block(h_n, key_value_block_key, info.key_encryptor.encrypted_key_value);
    164. 

  164. }
    165. 

  165. 

  166. } // namespace
    167. 

  167. 

  168. namespace xlnt {
    169. 

  169. namespace detail {
    170. 

  170. 

  171. std::vector<std::uint8_t> encryption_info::calculate_key() const
    172. 

  172. {
    173. 

  173.     return is_agile
    174. 

  174.         ? calculate_agile_key(agile, password)
    175. 

  175.         : calculate_standard_key(standard, password);
    176. 

  176. }
    177. 

  177. 

  178. } // namespace detail
    179. 

  179. } // namespace xlnt
    180.