RubyGems - ooxml_crypt - Versions diffs - 0.1.0 - Mend

ooxml_crypt 0.1.0

Files changed (264) hide show

checksums.yaml +7 -0
data/Gemfile +4 -0
data/LICENSE.txt +21 -0
data/README.md +58 -0
data/Rakefile +12 -0
data/bin/console +15 -0
data/bin/setup +8 -0
data/ext/ooxml_crypt/extconf.rb +18 -0
data/ext/ooxml_crypt/ooxml_crypt.c +27 -0
data/ext/ooxml_crypt/ooxml_crypt.h +7 -0
data/lib/ooxml_crypt/version.rb +5 -0
data/lib/ooxml_crypt.rb +75 -0
data/vendor/cybozulib/.github/workflows/main.yml +12 -0
data/vendor/cybozulib/.gitignore +5 -0
data/vendor/cybozulib/CMakeLists.txt +6 -0
data/vendor/cybozulib/COPYRIGHT +27 -0
data/vendor/cybozulib/Makefile +26 -0
data/vendor/cybozulib/bin/libeay32.dll +0 -0
data/vendor/cybozulib/bin/libmecab.dll +0 -0
data/vendor/cybozulib/bin/ssleay32.dll +0 -0
data/vendor/cybozulib/common.mk +116 -0
data/vendor/cybozulib/common.props +25 -0
data/vendor/cybozulib/cybozulib.sln +286 -0
data/vendor/cybozulib/debug.props +14 -0
data/vendor/cybozulib/include/cybozu/array.hpp +197 -0
data/vendor/cybozulib/include/cybozu/atoi.hpp +238 -0
data/vendor/cybozulib/include/cybozu/atomic.hpp +146 -0
data/vendor/cybozulib/include/cybozu/base64.hpp +210 -0
data/vendor/cybozulib/include/cybozu/benchmark.hpp +212 -0
data/vendor/cybozulib/include/cybozu/bfd.hpp +105 -0
data/vendor/cybozulib/include/cybozu/bit_operation.hpp +139 -0
data/vendor/cybozulib/include/cybozu/bitvector.hpp +358 -0
data/vendor/cybozulib/include/cybozu/condition_variable.hpp +113 -0
data/vendor/cybozulib/include/cybozu/condition_variable_cs.hpp +74 -0
data/vendor/cybozulib/include/cybozu/config.hpp +392 -0
data/vendor/cybozulib/include/cybozu/critical_section.hpp +60 -0
data/vendor/cybozulib/include/cybozu/crypto.hpp +321 -0
data/vendor/cybozulib/include/cybozu/csucvector.hpp +624 -0
data/vendor/cybozulib/include/cybozu/csv.hpp +294 -0
data/vendor/cybozulib/include/cybozu/data_type.hpp +27 -0
data/vendor/cybozulib/include/cybozu/endian.hpp +224 -0
data/vendor/cybozulib/include/cybozu/env.hpp +63 -0
data/vendor/cybozulib/include/cybozu/event.hpp +122 -0
data/vendor/cybozulib/include/cybozu/exception.hpp +253 -0
data/vendor/cybozulib/include/cybozu/file.hpp +626 -0
data/vendor/cybozulib/include/cybozu/fmindex.hpp +291 -0
data/vendor/cybozulib/include/cybozu/format.hpp +93 -0
data/vendor/cybozulib/include/cybozu/frequency.hpp +264 -0
data/vendor/cybozulib/include/cybozu/hash.hpp +67 -0
data/vendor/cybozulib/include/cybozu/inttype.hpp +174 -0
data/vendor/cybozulib/include/cybozu/itoa.hpp +336 -0
data/vendor/cybozulib/include/cybozu/json.hpp +120 -0
data/vendor/cybozulib/include/cybozu/line_stream.hpp +149 -0
data/vendor/cybozulib/include/cybozu/link_libeay32.hpp +21 -0
data/vendor/cybozulib/include/cybozu/link_mpir.hpp +18 -0
data/vendor/cybozulib/include/cybozu/link_ssleay32.hpp +19 -0
data/vendor/cybozulib/include/cybozu/log.hpp +237 -0
data/vendor/cybozulib/include/cybozu/minixml.hpp +452 -0
data/vendor/cybozulib/include/cybozu/mmap.hpp +143 -0
data/vendor/cybozulib/include/cybozu/mutex.hpp +144 -0
data/vendor/cybozulib/include/cybozu/nlp/mecab.hpp +96 -0
data/vendor/cybozulib/include/cybozu/nlp/plsi.hpp +315 -0
data/vendor/cybozulib/include/cybozu/nlp/random.hpp +74 -0
data/vendor/cybozulib/include/cybozu/nlp/sparse.hpp +529 -0
data/vendor/cybozulib/include/cybozu/nlp/svd.hpp +486 -0
data/vendor/cybozulib/include/cybozu/nlp/tfidf.hpp +226 -0
data/vendor/cybozulib/include/cybozu/nlp/top_score.hpp +75 -0
data/vendor/cybozulib/include/cybozu/option.hpp +743 -0
data/vendor/cybozulib/include/cybozu/parallel.hpp +88 -0
data/vendor/cybozulib/include/cybozu/pcg.hpp +72 -0
data/vendor/cybozulib/include/cybozu/process.hpp +324 -0
data/vendor/cybozulib/include/cybozu/quit_signal_handler.hpp +66 -0
data/vendor/cybozulib/include/cybozu/random_generator.hpp +144 -0
data/vendor/cybozulib/include/cybozu/regex.hpp +463 -0
data/vendor/cybozulib/include/cybozu/select8.hpp +279 -0
data/vendor/cybozulib/include/cybozu/serializer.hpp +363 -0
data/vendor/cybozulib/include/cybozu/sha1.hpp +209 -0
data/vendor/cybozulib/include/cybozu/sha2.hpp +506 -0
data/vendor/cybozulib/include/cybozu/siphash.hpp +105 -0
data/vendor/cybozulib/include/cybozu/socket.hpp +785 -0
data/vendor/cybozulib/include/cybozu/ssl.hpp +203 -0
data/vendor/cybozulib/include/cybozu/stacktrace.hpp +291 -0
data/vendor/cybozulib/include/cybozu/stream.hpp +269 -0
data/vendor/cybozulib/include/cybozu/string.hpp +1746 -0
data/vendor/cybozulib/include/cybozu/string_operation.hpp +365 -0
data/vendor/cybozulib/include/cybozu/sucvector.hpp +378 -0
data/vendor/cybozulib/include/cybozu/test.hpp +373 -0
data/vendor/cybozulib/include/cybozu/thread.hpp +229 -0
data/vendor/cybozulib/include/cybozu/time.hpp +281 -0
data/vendor/cybozulib/include/cybozu/tls.hpp +115 -0
data/vendor/cybozulib/include/cybozu/unordered_map.hpp +13 -0
data/vendor/cybozulib/include/cybozu/unordered_set.hpp +13 -0
data/vendor/cybozulib/include/cybozu/v128.hpp +376 -0
data/vendor/cybozulib/include/cybozu/wavelet_matrix.hpp +345 -0
data/vendor/cybozulib/include/cybozu/xorshift.hpp +189 -0
data/vendor/cybozulib/include/cybozu/zlib.hpp +325 -0
data/vendor/cybozulib/include/sais.hxx +364 -0
data/vendor/cybozulib/misc/make_select8tbl.cpp +26 -0
data/vendor/cybozulib/mk.bat +37 -0
data/vendor/cybozulib/readme.md +29 -0
data/vendor/cybozulib/release.props +12 -0
data/vendor/cybozulib/sample/Makefile +30 -0
data/vendor/cybozulib/sample/csucvector_smpl.cpp +42 -0
data/vendor/cybozulib/sample/data/svd/org/test1.S +4 -0
data/vendor/cybozulib/sample/data/svd/org/test1.U +4 -0
data/vendor/cybozulib/sample/data/svd/org/test1.V +6 -0
data/vendor/cybozulib/sample/data/svd/test1 +4 -0
data/vendor/cybozulib/sample/data/svd/test2 +4 -0
data/vendor/cybozulib/sample/desymbol.cpp +127 -0
data/vendor/cybozulib/sample/exception_smpl.cpp +46 -0
data/vendor/cybozulib/sample/fmindex_smpl.cpp +231 -0
data/vendor/cybozulib/sample/log_smpl.cpp +19 -0
data/vendor/cybozulib/sample/mecab_smpl.cpp +37 -0
data/vendor/cybozulib/sample/option2_smpl.cpp +68 -0
data/vendor/cybozulib/sample/option_smpl.cpp +42 -0
data/vendor/cybozulib/sample/plsi_smpl.cpp +207 -0
data/vendor/cybozulib/sample/proj/exception_smpl.vcproj +184 -0
data/vendor/cybozulib/sample/proj/mecab_smpl.vcproj +184 -0
data/vendor/cybozulib/sample/proj/ssl_smpl/ssl_smpl.vcxproj +85 -0
data/vendor/cybozulib/sample/proj/ssl_smpl.vcproj +347 -0
data/vendor/cybozulib/sample/proj/stacktrace_smpl/stacktrace_smpl.vcxproj +85 -0
data/vendor/cybozulib/sample/proj/svd_smpl.vcproj +184 -0
data/vendor/cybozulib/sample/quit_signal_handler.cpp +30 -0
data/vendor/cybozulib/sample/serializer_smpl.cpp +196 -0
data/vendor/cybozulib/sample/socket_smpl.cpp +82 -0
data/vendor/cybozulib/sample/ssl_smpl.cpp +39 -0
data/vendor/cybozulib/sample/stacktrace_smpl.cpp +52 -0
data/vendor/cybozulib/sample/svd_bench_smpl.cpp +143 -0
data/vendor/cybozulib/sample/svd_smpl.cpp +94 -0
data/vendor/cybozulib/sample/wm_bench_smpl.cpp +182 -0
data/vendor/cybozulib/sample/zlib_smpl.cpp +41 -0
data/vendor/cybozulib/src/Makefile +8 -0
data/vendor/cybozulib/src/base/Makefile +19 -0
data/vendor/cybozulib/test/Makefile +12 -0
data/vendor/cybozulib/test/base/Makefile +37 -0
data/vendor/cybozulib/test/base/array_test.cpp +173 -0
data/vendor/cybozulib/test/base/atoi_test.cpp +774 -0
data/vendor/cybozulib/test/base/atomic_test.cpp +49 -0
data/vendor/cybozulib/test/base/base64_test.cpp +113 -0
data/vendor/cybozulib/test/base/bit_operation_test.cpp +134 -0
data/vendor/cybozulib/test/base/bitvector_test.cpp +204 -0
data/vendor/cybozulib/test/base/condition_variable_cs_test.cpp +92 -0
data/vendor/cybozulib/test/base/condition_variable_test.cpp +88 -0
data/vendor/cybozulib/test/base/config_test.cpp +236 -0
data/vendor/cybozulib/test/base/crypto_test.cpp +122 -0
data/vendor/cybozulib/test/base/csucvector_test.cpp +63 -0
data/vendor/cybozulib/test/base/csv_test.cpp +182 -0
data/vendor/cybozulib/test/base/data/a.xml +26 -0
data/vendor/cybozulib/test/base/endian_test.cpp +56 -0
data/vendor/cybozulib/test/base/env_test.cpp +22 -0
data/vendor/cybozulib/test/base/event_test.cpp +41 -0
data/vendor/cybozulib/test/base/file_test.cpp +233 -0
data/vendor/cybozulib/test/base/fmindex_test.cpp +118 -0
data/vendor/cybozulib/test/base/format_test.cpp +12 -0
data/vendor/cybozulib/test/base/frequency_test.cpp +104 -0
data/vendor/cybozulib/test/base/itoa_test.cpp +522 -0
data/vendor/cybozulib/test/base/line_stream_test.cpp +208 -0
data/vendor/cybozulib/test/base/mecab_test.cpp +41 -0
data/vendor/cybozulib/test/base/minixml_test.cpp +103 -0
data/vendor/cybozulib/test/base/mmap_test.cpp +15 -0
data/vendor/cybozulib/test/base/option_test.cpp +487 -0
data/vendor/cybozulib/test/base/parallel_test.cpp +48 -0
data/vendor/cybozulib/test/base/proj/array_test/array_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/atoi_test/atoi_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/atomic_test/atomic_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/base64_test/base64_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/condition_variable_cs_test/condition_variable_cs_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/condition_variable_test/condition_variable_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/config_test/config_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/csv_test/csv_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/endian_test/endian_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/env_test/env_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/event_test/event_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/file_test/file_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/itoa_test/itoa_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/mecab_test/mecab_test.vcxproj +88 -0
data/vendor/cybozulib/test/base/proj/minixml_test/minixml_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/mmap_test/mmap_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/serializer_test/serializer_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/sha1_test/sha1_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/stream_test/stream_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/string_operation_test/string_operation_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/string_test/string_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/thread_test/thread_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/time_test/time_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/tls_test/tls_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/proj/zlib_test/zlib_test.vcxproj +86 -0
data/vendor/cybozulib/test/base/random_generator_test.cpp +28 -0
data/vendor/cybozulib/test/base/regex_test.cpp +74 -0
data/vendor/cybozulib/test/base/serializer_test.cpp +483 -0
data/vendor/cybozulib/test/base/sha1_test.cpp +61 -0
data/vendor/cybozulib/test/base/sha2_test.cpp +191 -0
data/vendor/cybozulib/test/base/siphash_test.cpp +33 -0
data/vendor/cybozulib/test/base/socket_test.cpp +76 -0
data/vendor/cybozulib/test/base/stream_test.cpp +101 -0
data/vendor/cybozulib/test/base/string_operation_test.cpp +340 -0
data/vendor/cybozulib/test/base/string_test.cpp +1705 -0
data/vendor/cybozulib/test/base/sucvector_test.cpp +312 -0
data/vendor/cybozulib/test/base/thread_test.cpp +62 -0
data/vendor/cybozulib/test/base/time_test.cpp +164 -0
data/vendor/cybozulib/test/base/tls_test.cpp +50 -0
data/vendor/cybozulib/test/base/wavelet_matrix_test.cpp +145 -0
data/vendor/cybozulib/test/base/zlib_test.cpp +371 -0
data/vendor/cybozulib/test/nlp/Makefile +27 -0
data/vendor/cybozulib/test/nlp/proj/random_test.vcproj +184 -0
data/vendor/cybozulib/test/nlp/proj/sparse_test.vcproj +184 -0
data/vendor/cybozulib/test/nlp/proj/svd_test.vcproj +184 -0
data/vendor/cybozulib/test/nlp/random_test.cpp +62 -0
data/vendor/cybozulib/test/nlp/sparse_test.cpp +347 -0
data/vendor/cybozulib/test/nlp/svd_test.cpp +234 -0
data/vendor/cybozulib/test/nlp/top_score_test.cpp +40 -0
data/vendor/cybozulib/tool/create_vcproj.py +186 -0
data/vendor/cybozulib/tool/vcproj_tmpl.py +185 -0
data/vendor/msoffice/COPYRIGHT +27 -0
data/vendor/msoffice/Makefile +29 -0
data/vendor/msoffice/bin/64/msoc.dll +0 -0
data/vendor/msoffice/bin/64/msocsample.exe +0 -0
data/vendor/msoffice/bin/64/msoffice-crypt.exe +0 -0
data/vendor/msoffice/bin/msoc.dll +0 -0
data/vendor/msoffice/bin/msocsample.exe +0 -0
data/vendor/msoffice/bin/msoffice-crypt.exe +0 -0
data/vendor/msoffice/common.mk +71 -0
data/vendor/msoffice/common.props +26 -0
data/vendor/msoffice/debug.props +14 -0
data/vendor/msoffice/include/attack.hpp +211 -0
data/vendor/msoffice/include/cfb.hpp +777 -0
data/vendor/msoffice/include/crypto_util.hpp +450 -0
data/vendor/msoffice/include/custom_sha1.hpp +342 -0
data/vendor/msoffice/include/decode.hpp +240 -0
data/vendor/msoffice/include/encode.hpp +221 -0
data/vendor/msoffice/include/make_dataspace.hpp +316 -0
data/vendor/msoffice/include/msoc.h +129 -0
data/vendor/msoffice/include/resource.hpp +7 -0
data/vendor/msoffice/include/standard_encryption.hpp +145 -0
data/vendor/msoffice/include/uint32vec.hpp +179 -0
data/vendor/msoffice/include/util.hpp +212 -0
data/vendor/msoffice/lib/.emptydir +0 -0
data/vendor/msoffice/misc/decrypt-xls.vbs +46 -0
data/vendor/msoffice/mk.bat +1 -0
data/vendor/msoffice/mkdll.bat +3 -0
data/vendor/msoffice/msoc.def +13 -0
data/vendor/msoffice/msocsample.py +178 -0
data/vendor/msoffice/msoffice12.sln +31 -0
data/vendor/msoffice/readme.md +110 -0
data/vendor/msoffice/release.props +28 -0
data/vendor/msoffice/src/Makefile +19 -0
data/vendor/msoffice/src/attack.cpp +124 -0
data/vendor/msoffice/src/cfb_test.cpp +77 -0
data/vendor/msoffice/src/minisample.c +54 -0
data/vendor/msoffice/src/msocdll.cpp +276 -0
data/vendor/msoffice/src/msocsample.c +136 -0
data/vendor/msoffice/src/msoffice-crypt.cpp +219 -0
data/vendor/msoffice/src/proj/attack/attack.vcxproj +88 -0
data/vendor/msoffice/src/proj/main/msoffice-crypt.vcxproj +88 -0
data/vendor/msoffice/src/sha1.cpp +234 -0
data/vendor/msoffice/test/Makefile +20 -0
data/vendor/msoffice/test/cfb_test.cpp +74 -0
data/vendor/msoffice/test/hash_test.cpp +59 -0
data/vendor/msoffice/test/proj/cfb/cfb_test.vcxproj +90 -0
data/vendor/msoffice/test/proj/hash/hash_test.vcxproj +90 -0
data/vendor/msoffice/test/sampl.bat +8 -0
data/vendor/msoffice/test_all.py +46 -0
data/vendor/update +4 -0
metadata +351 -0

data/vendor/msoffice/include/crypto_util.hpp ADDED Viewed

@@ -0,0 +1,450 @@
+#pragma once
+/**
+	@file
+	Copyright (C) 2012 Cybozu Labs, Inc., all rights reserved.
+*/
+#include "util.hpp"
+#include <cybozu/crypto.hpp>
+#include <cybozu/stream.hpp>
+#include <cybozu/string.hpp>
+#include <cybozu/minixml.hpp>
+#include <cybozu/endian.hpp>
+#include "custom_sha1.hpp"
+//#define DEBUG_CLK
+#ifdef DEBUG_CLK
+#define XBYAK_NO_OP_NAMES
+#include <xbyak/xbyak_util.h>
+#endif
+namespace ms {
+// [OFFCRYPTO] 2.3.4.13 encryptedVerifierHashInput step 2
+static const std::string blkKey_VerifierHashInput("\xfe" "\xa7" "\xd2" "\x76" "\x3b" "\x4b" "\x9e" "\x79", 8);
+// [OFFCRYPTO] 2.3.4.13 encryptedVerifierHashValue step 2
+static const std::string blkKey_encryptedVerifierHashValue("\xd7" "\xaa" "\x0f" "\x6d" "\x30" "\x61" "\x34" "\x4e", 8);
+// [OFFCRYPTO] 2.3.4.13 encryptedKeyValue step 2
+static const std::string blkKey_encryptedKeyValue("\x14" "\x6e" "\x0b" "\xe7" "\xab" "\xac" "\xd0" "\xd6", 8);
+// [OFFCRYPTO] 2.3.4.14 DataIntegrity Generation step 3
+static const std::string blkKey_dataIntegrity1("\x5f" "\xb2" "\xad" "\x01" "\x0c" "\xb9" "\xe1" "\xf6", 8);
+// [OFFCRYPTO] 2.3.4.14 DataIntegrity Generation step 6
+static const std::string blkKey_dataIntegrity2("\xa0" "\x67" "\x7f" "\x02" "\xb2" "\x2c" "\x84" "\x33", 8);
+inline void normalizeKey(std::string& key, size_t keySize)
+{
+	key.resize(keySize, char(0x36));
+}
+#ifdef DEBUG_CLK
+Xbyak::util::Clock clk;
+struct XXX {
+	~XXX()
+	{
+		printf("%.1f Mclk\n", clk.getClock() / double(clk.getCount()) * 1e-6);
+	}
+} xxx;
+#endif
+// #define USE_CUSTOM_SHA1
+inline std::string hashPassword(cybozu::crypto::Hash::Name name, const std::string& salt, const std::string& pass, int spinCount)
+{
+#ifdef USE_CUSTOM_SHA1
+	if (name != cybozu::crypto::Hash::N_SHA1) {
+		throw cybozu::Exception("hashPassword") << "not support" << cybozu::crypto::Hash::getName(name);
+	}
+#endif
+	cybozu::crypto::Hash s(name);
+	std::string h = s.digest(salt + pass);
+#ifdef DEBUG_CLK
+	clk.begin();
+#endif
+#ifdef USE_CUSTOM_SHA1
+	assert(h.size() == 20);
+	CustomSha1::digest(&h[0], spinCount);
+#else
+	for (int i = 0; i < spinCount; i++) {
+		char iter[4];
+		cybozu::Set32bitAsLE(iter, i);
+		s.update(iter, sizeof(iter));
+		s.digest(&h[0], &h[0], h.size());
+	}
+#endif
+#ifdef DEBUG_CLK
+	clk.end();
+#endif
+	return h;
+}
+#ifdef SHA1_USE_SIMD
+template<int n>
+inline void sha1PasswordX(std::string out[n], const std::string& salt, const std::string pass[n], int spinCount)
+{
+	for (int i = 0; i < n; i++) {
+		out[i] = cybozu::crypto::Hash::digest(cybozu::crypto::Hash::N_SHA1, salt + pass[i]);
+	}
+	CustomSha1::digestX<n>(out, spinCount);
+}
+#endif
+/*
+	[MS-OFFCRYPTO] 2.3.4.10
+*/
+struct CipherParam {
+	cybozu::crypto::Cipher::Name cipherName;
+	std::string cipherNameStr;
+	size_t saltSize;
+	size_t blockSize;
+	size_t keyBits;
+	cybozu::crypto::Hash::Name hashName;
+	std::string hashNameStr;
+	int hashSize;
+	std::string saltValue;
+	CipherParam()
+		: saltSize(0)
+		, blockSize(0)
+		, keyBits(0)
+		, hashSize(0)
+	{
+	}
+	void put() const
+	{
+		printf("cipherName = %s\n", cipherNameStr.c_str());
+		printf("saltSize = %d\n", (int)saltSize);
+		printf("blockSize = %d\n", (int)blockSize);
+		printf("keyBits = %d\n", (int)keyBits);
+		printf("hashName = %s\n", hashNameStr.c_str());
+		printf("hashSize = %d\n", hashSize);
+		printf("saltValue = "); dump(saltValue, false);
+	}
+	explicit CipherParam(const cybozu::minixml::Node *node)
+	{
+		setByXml(node);
+	}
+	void setByXml(const cybozu::minixml::Node *node)
+	{
+		saltSize = cybozu::atoi(node->attr["saltSize"]);
+		blockSize = cybozu::atoi(node->attr["blockSize"]);
+		keyBits = cybozu::atoi(node->attr["keyBits"]);
+		hashSize = cybozu::atoi(node->attr["hashSize"]);
+		saltValue = dec64(node->attr["saltValue"]);
+		if (saltSize < 1 || saltSize > 65536) {
+			throw cybozu::Exception("ms:CipherParam:saltSize") << saltSize;
+		}
+		if (blockSize < 2 || blockSize > 4096 || (blockSize & 1)) {
+			throw cybozu::Exception("ms:CipherParam:blockSize") << blockSize;
+		}
+		const std::string& chaining = node->attr["cipherChaining"];
+		cipherNameStr = node->attr["cipherAlgorithm"];
+		if (cipherNameStr == "AES" && keyBits == 128 && chaining == "ChainingModeCBC") {
+			cipherName = cybozu::crypto::Cipher::N_AES128_CBC;
+		} else if (cipherNameStr == "AES" && keyBits == 256 && chaining == "ChainingModeCBC") {
+			cipherName = cybozu::crypto::Cipher::N_AES256_CBC;
+		} else {
+			throw cybozu::Exception("ms:CipherParam:cipherNameStr") << cipherNameStr << keyBits << chaining;
+		}
+		hashNameStr = node->attr["hashAlgorithm"];
+		if (hashNameStr == "SHA1" && hashSize == 20) {
+			hashName = cybozu::crypto::Hash::N_SHA1;
+		} else if (hashNameStr == "SHA256" && hashSize == 32) {
+			hashName = cybozu::crypto::Hash::N_SHA256;
+		} else if (hashNameStr == "SHA384" && hashSize == 48) {
+			hashName = cybozu::crypto::Hash::N_SHA384;
+		} else if (hashNameStr == "SHA512" && hashSize == 64) {
+			hashName = cybozu::crypto::Hash::N_SHA512;
+		} else {
+			throw cybozu::Exception("ms:CipherParam:hashNameStr") << hashNameStr << hashSize;
+		}
+	}
+	void setByName(cybozu::crypto::Cipher::Name cipherName, cybozu::crypto::Hash::Name hashName)
+	{
+		this->cipherName = cipherName;
+		this->hashName = hashName;
+		switch (cipherName) {
+		case cybozu::crypto::Cipher::N_AES128_CBC:
+			saltSize = 16;
+			blockSize = 16;
+			keyBits = 128;
+			cipherNameStr = "AES";
+			break;
+		case cybozu::crypto::Cipher::N_AES256_CBC:
+			saltSize = 16;
+			blockSize = 16;
+			keyBits = 256;
+			cipherNameStr = "AES";
+			break;
+		default:
+			throw cybozu::Exception("ms:CipherParam:not support cipherName") << cipherName;
+		}
+		if (saltSize == 0 || saltSize > 65536) throw cybozu::Exception("ms:CipherParam:setByName:bad saltSize") << saltSize;
+		switch (hashName) {
+		case cybozu::crypto::Hash::N_SHA1:
+			hashSize = 20;
+			hashNameStr = "SHA1";
+			break;
+		case cybozu::crypto::Hash::N_SHA256:
+			hashSize = 32;
+			hashNameStr = "SHA256";
+			break;
+		case cybozu::crypto::Hash::N_SHA384:
+			hashSize = 48;
+			hashNameStr = "SHA384";
+			break;
+		case cybozu::crypto::Hash::N_SHA512:
+			hashSize = 64;
+			hashNameStr = "SHA512";
+			break;
+		default:
+			throw cybozu::Exception("ms:CipherParam:setByName:not support hash") << hashName;
+		}
+	}
+};
+} // ms
+#include "standard_encryption.hpp"
+namespace ms {
+#ifdef __GNUC__ // defined in sys/sysmacros.h
+	#undef major
+	#undef minor
+#endif
+struct EncryptionInfo {
+	int spinCount;
+	uint16_t major;
+	uint16_t minor;
+	cybozu::MiniXml xml;
+	CipherParam keyData;
+	std::string encryptedHmacKey;
+	std::string encryptedHmacValue;
+	CipherParam encryptedKey;
+	std::string encryptedVerifierHashInput;
+	std::string encryptedVerifierHashValue;
+	std::string encryptedKeyValue;
+	// for LibreOffice
+	bool isStandardEncryption;
+	EncryptionHeader seHeader;
+	EncryptionVerifier seVerifier;
+	EncryptionInfo()
+		: spinCount(0)
+		, major(0)
+		, minor(0)
+		, isStandardEncryption(false)
+	{
+	}
+	explicit EncryptionInfo(const std::string& data)
+		: spinCount(0)
+		, major(0)
+		, minor(0)
+		, isStandardEncryption(false)
+	{
+		if (data.size() < 8) {
+			throw cybozu::Exception("ms:EncryptionInfo:data.size") << data.size();
+		}
+		const char *p = &data[0];
+		major = cybozu::Get16bitAsLE(p + 0);
+		minor = cybozu::Get16bitAsLE(p + 2);
+		// [MS-OFFCRYPTO] 2.3.4.10
+		if (major == 4 && minor == 4) {
+			setAgileEncryptionInfo(data);
+			return;
+		}
+		if ((major == 3 || major == 4) && minor == 2) {
+			setStandardEncryptionInfo(data);
+			isStandardEncryption = true;
+			return;
+		}
+		throw cybozu::Exception("ms:EncryptionInfo:not support version") << major << minor;
+	}
+	void put() const
+	{
+		if (!isDebug(0)) return;
+		printf("major = %d\n", major);
+		printf("minor = %d\n", minor);
+		printf("isStandardEncryption = %d\n", isStandardEncryption);
+		if (isStandardEncryption) {
+			seHeader.put();
+			seVerifier.put();
+		} else {
+			printf("spinCount = %d\n", spinCount);
+			puts("keyData");
+			keyData.put();
+			printf("encryptedHmacKey = "); dump(encryptedHmacKey, false);
+			printf("encryptedHmacValue = "); dump(encryptedHmacValue, false);
+			puts("encryptedKey");
+			encryptedKey.put();
+			printf("encryptedVerifierHashInput = "); dump(encryptedVerifierHashInput, false);
+			printf("encryptedVerifierHashValue = "); dump(encryptedVerifierHashValue, false);
+			printf("encryptedKeyValue = "); dump(encryptedKeyValue, false);
+		}
+	}
+	void setStandardEncryptionInfo(const std::string& data)
+	{
+		const size_t encryptionHeaderSizePos = 8;
+		size_t dataSize = data.size();
+		const char *p = data.c_str();
+		if (dataSize < encryptionHeaderSizePos + 4) {
+			throw cybozu::Exception("ms:StandardEncryption2007Info:bad data size") << dataSize;
+		}
+		const uint32_t encryptionHeaderSize = cybozu::Get32bitAsLE(p + encryptionHeaderSizePos);
+		if (encryptionHeaderSize > dataSize) {
+			throw cybozu::Exception("ms:setStandardEncryptionInfo:bad size") << encryptionHeaderSize << dataSize;
+		}
+		p += encryptionHeaderSizePos + 4;
+		dataSize -= encryptionHeaderSizePos + 4;
+		seHeader.analyze(p, encryptionHeaderSize);
+		seHeader.put();
+		p += encryptionHeaderSize;
+		dataSize -= encryptionHeaderSize;
+		printf("dataSize=%u\n", (uint32_t)dataSize);
+		seVerifier.analyze(p, dataSize);
+		seVerifier.put();
+	}
+	void setAgileEncryptionInfo(const std::string& data)
+	{
+		const char *p = &data[0];
+		const uint32_t reserved = cybozu::Get32bitAsLE(p + 4);
+		MS_ASSERT_EQUAL(reserved, 0x40u);
+		xml.parse(p + 8, p + data.size());
+		// keyData
+		const cybozu::minixml::Node *keyDataNode = xml.get().getFirstTagByName("keyData");
+		if (keyDataNode == 0) throw cybozu::Exception("ms:EncryptionInfo:no keyData");
+		keyData.setByXml(keyDataNode);
+		// dataIntegrity
+		const cybozu::minixml::Node *dataIntegrity = xml.get().getFirstTagByName("dataIntegrity");
+		if (dataIntegrity == 0) throw cybozu::Exception("ms:EncryptionInfo:no dataIntegrity");
+		encryptedHmacKey = dec64(dataIntegrity->attr["encryptedHmacKey"]);
+		encryptedHmacValue = dec64(dataIntegrity->attr["encryptedHmacValue"]);
+		// keyEncryptor
+		const cybozu::minixml::Node *encryptedKeyNode = xml.get().getFirstTagByName("p:encryptedKey");
+		if (encryptedKeyNode == 0) throw cybozu::Exception("ms:EncryptionInfo:no p:encryptedKey");
+		encryptedKey.setByXml(encryptedKeyNode);
+		spinCount = cybozu::atoi(encryptedKeyNode->attr["spinCount"]);
+		encryptedVerifierHashInput = dec64(encryptedKeyNode->attr["encryptedVerifierHashInput"]);
+		encryptedVerifierHashValue = dec64(encryptedKeyNode->attr["encryptedVerifierHashValue"]);
+		encryptedKeyValue = dec64(encryptedKeyNode->attr["encryptedKeyValue"]);
+	}
+	std::string addHeader(const std::string& xmlStr) const
+	{
+		char buf[8];
+		const uint16_t major = 4;
+		const uint16_t minor = 4;
+		const uint32_t reserved = 0x40u;
+		cybozu::Set16bitAsLE(buf + 0, major);
+		cybozu::Set16bitAsLE(buf + 2, minor);
+		cybozu::Set32bitAsLE(buf + 4, reserved);
+		return std::string(buf, sizeof(buf)) + xmlStr;
+	}
+	std::string toXml(bool isOffice2013 = false) const
+	{
+		char buf[2048];
+		CYBOZU_SNPRINTF(buf, sizeof(buf),
+			"<?xml version=\"1.0\" encoding=\"UTF-8\" standalone=\"yes\"?>\n"
+			"<encryption xmlns=\"http://schemas.microsoft.com/office/2006/encryption\""
+			" xmlns:p=\"http://schemas.microsoft.com/office/2006/keyEncryptor/password\""
+//			" xmlns:c=\"http://schemas.microsoft.com/office/2006/keyEncryptor/certificate\""
+			"%s"
+			">"
+			"<keyData saltSize=\"%d\" blockSize=\"%d\" keyBits=\"%d\" hashSize=\"%d\""
+			" cipherAlgorithm=\"%s\" cipherChaining=\"ChainingModeCBC\" hashAlgorithm=\"%s\""
+			" saltValue=\"%s\"/>"
+			"<dataIntegrity encryptedHmacKey=\"%s\""
+			" encryptedHmacValue=\"%s\"/><keyEncryptors>"
+			"<keyEncryptor uri=\"http://schemas.microsoft.com/office/2006/keyEncryptor/password\">"
+			"<p:encryptedKey spinCount=\"%d\" saltSize=\"%d\" blockSize=\"%d\" keyBits=\"%d\" hashSize=\"%d\""
+			" cipherAlgorithm=\"%s\" cipherChaining=\"ChainingModeCBC\" hashAlgorithm=\"%s\""
+			" saltValue=\"%s\""
+			" encryptedVerifierHashInput=\"%s\""
+			" encryptedVerifierHashValue=\"%s\""
+			" encryptedKeyValue=\"%s\"/></keyEncryptor></keyEncryptors></encryption>",
+			isOffice2013 ? " xmlns:c=\"http://schemas.microsoft.com/office/2006/keyEncryptor/certificate\"" : "",
+			int(keyData.saltSize), int(keyData.blockSize), int(keyData.keyBits), int(keyData.hashSize),
+			keyData.cipherNameStr.c_str(), keyData.hashNameStr.c_str(),
+			enc64(keyData.saltValue).c_str(),
+			enc64(encryptedHmacKey).c_str(),
+			enc64(encryptedHmacValue).c_str(),
+			spinCount,
+			int(encryptedKey.saltSize), int(encryptedKey.blockSize), int(encryptedKey.keyBits), int(encryptedKey.hashSize),
+			encryptedKey.cipherNameStr.c_str(), encryptedKey.hashNameStr.c_str(),
+			enc64(encryptedKey.saltValue).c_str(),
+			enc64(encryptedVerifierHashInput).c_str(),
+			enc64(encryptedVerifierHashValue).c_str(),
+			enc64(encryptedKeyValue).c_str()
+		);
+		return buf;
+	}
+};
+inline std::string cipher(cybozu::crypto::Cipher::Name name, const char *msg, size_t msgLen, const std::string& key, const std::string& iv, cybozu::crypto::Cipher::Mode mode)
+{
+	cybozu::crypto::Cipher cipher(name);
+	cipher.setup(mode, key, iv);
+	std::string ret;
+	ret.resize(msgLen + 128/* margin */);
+	const size_t roundMsgLen = msgLen & ~15;
+	if (roundMsgLen > 0) {
+		int writeSize = cipher.update(&ret[0], msg, (int)roundMsgLen);
+		if (writeSize < 0) {
+			throw cybozu::Exception("ms:cipher:update");
+		}
+	}
+	const int remainSize = int(msgLen - roundMsgLen);
+	if (remainSize > 0) {
+		std::string remain(msg + roundMsgLen, remainSize);
+		remain.resize(16);
+		int writeSize = cipher.update(&ret[roundMsgLen], &remain[0], 16);
+		if (writeSize < 0) {
+			throw cybozu::Exception("ms:cipher:update:remain");
+		}
+		ret.resize(roundMsgLen + 16);
+	} else {
+		ret.resize(msgLen);
+	}
+	return ret;
+}
+inline std::string cipher(cybozu::crypto::Cipher::Name name, const std::string& msg, const std::string& key, const std::string& iv, cybozu::crypto::Cipher::Mode mode)
+{
+	return cipher(name, msg.c_str(), msg.size(), key, iv, mode);
+}
+inline std::string generateIv(const CipherParam& param, const std::string& blockKey, const std::string& salt)
+{
+	std::string ret;
+	if (blockKey.empty()) {
+		ret = salt;
+	} else {
+		ret = cybozu::crypto::Hash::digest(param.hashName, salt + blockKey);
+	}
+	normalizeKey(ret, param.blockSize);
+	return ret;
+}
+/*
+	[MS-OFFCRYPTO] 2.3.4.11
+*/
+inline std::string generateKey(const CipherParam& param, const std::string& hash, const std::string& blockKey)
+{
+	std::string ret = cybozu::crypto::Hash::digest(param.hashName, hash + blockKey);
+	normalizeKey(ret, param.keyBits / 8);
+	return ret;
+}
+} // ms