ooxml_crypt 0.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +7 -0
- data/Gemfile +4 -0
- data/LICENSE.txt +21 -0
- data/README.md +58 -0
- data/Rakefile +12 -0
- data/bin/console +15 -0
- data/bin/setup +8 -0
- data/ext/ooxml_crypt/extconf.rb +18 -0
- data/ext/ooxml_crypt/ooxml_crypt.c +27 -0
- data/ext/ooxml_crypt/ooxml_crypt.h +7 -0
- data/lib/ooxml_crypt/version.rb +5 -0
- data/lib/ooxml_crypt.rb +75 -0
- data/vendor/cybozulib/.github/workflows/main.yml +12 -0
- data/vendor/cybozulib/.gitignore +5 -0
- data/vendor/cybozulib/CMakeLists.txt +6 -0
- data/vendor/cybozulib/COPYRIGHT +27 -0
- data/vendor/cybozulib/Makefile +26 -0
- data/vendor/cybozulib/bin/libeay32.dll +0 -0
- data/vendor/cybozulib/bin/libmecab.dll +0 -0
- data/vendor/cybozulib/bin/ssleay32.dll +0 -0
- data/vendor/cybozulib/common.mk +116 -0
- data/vendor/cybozulib/common.props +25 -0
- data/vendor/cybozulib/cybozulib.sln +286 -0
- data/vendor/cybozulib/debug.props +14 -0
- data/vendor/cybozulib/include/cybozu/array.hpp +197 -0
- data/vendor/cybozulib/include/cybozu/atoi.hpp +238 -0
- data/vendor/cybozulib/include/cybozu/atomic.hpp +146 -0
- data/vendor/cybozulib/include/cybozu/base64.hpp +210 -0
- data/vendor/cybozulib/include/cybozu/benchmark.hpp +212 -0
- data/vendor/cybozulib/include/cybozu/bfd.hpp +105 -0
- data/vendor/cybozulib/include/cybozu/bit_operation.hpp +139 -0
- data/vendor/cybozulib/include/cybozu/bitvector.hpp +358 -0
- data/vendor/cybozulib/include/cybozu/condition_variable.hpp +113 -0
- data/vendor/cybozulib/include/cybozu/condition_variable_cs.hpp +74 -0
- data/vendor/cybozulib/include/cybozu/config.hpp +392 -0
- data/vendor/cybozulib/include/cybozu/critical_section.hpp +60 -0
- data/vendor/cybozulib/include/cybozu/crypto.hpp +321 -0
- data/vendor/cybozulib/include/cybozu/csucvector.hpp +624 -0
- data/vendor/cybozulib/include/cybozu/csv.hpp +294 -0
- data/vendor/cybozulib/include/cybozu/data_type.hpp +27 -0
- data/vendor/cybozulib/include/cybozu/endian.hpp +224 -0
- data/vendor/cybozulib/include/cybozu/env.hpp +63 -0
- data/vendor/cybozulib/include/cybozu/event.hpp +122 -0
- data/vendor/cybozulib/include/cybozu/exception.hpp +253 -0
- data/vendor/cybozulib/include/cybozu/file.hpp +626 -0
- data/vendor/cybozulib/include/cybozu/fmindex.hpp +291 -0
- data/vendor/cybozulib/include/cybozu/format.hpp +93 -0
- data/vendor/cybozulib/include/cybozu/frequency.hpp +264 -0
- data/vendor/cybozulib/include/cybozu/hash.hpp +67 -0
- data/vendor/cybozulib/include/cybozu/inttype.hpp +174 -0
- data/vendor/cybozulib/include/cybozu/itoa.hpp +336 -0
- data/vendor/cybozulib/include/cybozu/json.hpp +120 -0
- data/vendor/cybozulib/include/cybozu/line_stream.hpp +149 -0
- data/vendor/cybozulib/include/cybozu/link_libeay32.hpp +21 -0
- data/vendor/cybozulib/include/cybozu/link_mpir.hpp +18 -0
- data/vendor/cybozulib/include/cybozu/link_ssleay32.hpp +19 -0
- data/vendor/cybozulib/include/cybozu/log.hpp +237 -0
- data/vendor/cybozulib/include/cybozu/minixml.hpp +452 -0
- data/vendor/cybozulib/include/cybozu/mmap.hpp +143 -0
- data/vendor/cybozulib/include/cybozu/mutex.hpp +144 -0
- data/vendor/cybozulib/include/cybozu/nlp/mecab.hpp +96 -0
- data/vendor/cybozulib/include/cybozu/nlp/plsi.hpp +315 -0
- data/vendor/cybozulib/include/cybozu/nlp/random.hpp +74 -0
- data/vendor/cybozulib/include/cybozu/nlp/sparse.hpp +529 -0
- data/vendor/cybozulib/include/cybozu/nlp/svd.hpp +486 -0
- data/vendor/cybozulib/include/cybozu/nlp/tfidf.hpp +226 -0
- data/vendor/cybozulib/include/cybozu/nlp/top_score.hpp +75 -0
- data/vendor/cybozulib/include/cybozu/option.hpp +743 -0
- data/vendor/cybozulib/include/cybozu/parallel.hpp +88 -0
- data/vendor/cybozulib/include/cybozu/pcg.hpp +72 -0
- data/vendor/cybozulib/include/cybozu/process.hpp +324 -0
- data/vendor/cybozulib/include/cybozu/quit_signal_handler.hpp +66 -0
- data/vendor/cybozulib/include/cybozu/random_generator.hpp +144 -0
- data/vendor/cybozulib/include/cybozu/regex.hpp +463 -0
- data/vendor/cybozulib/include/cybozu/select8.hpp +279 -0
- data/vendor/cybozulib/include/cybozu/serializer.hpp +363 -0
- data/vendor/cybozulib/include/cybozu/sha1.hpp +209 -0
- data/vendor/cybozulib/include/cybozu/sha2.hpp +506 -0
- data/vendor/cybozulib/include/cybozu/siphash.hpp +105 -0
- data/vendor/cybozulib/include/cybozu/socket.hpp +785 -0
- data/vendor/cybozulib/include/cybozu/ssl.hpp +203 -0
- data/vendor/cybozulib/include/cybozu/stacktrace.hpp +291 -0
- data/vendor/cybozulib/include/cybozu/stream.hpp +269 -0
- data/vendor/cybozulib/include/cybozu/string.hpp +1746 -0
- data/vendor/cybozulib/include/cybozu/string_operation.hpp +365 -0
- data/vendor/cybozulib/include/cybozu/sucvector.hpp +378 -0
- data/vendor/cybozulib/include/cybozu/test.hpp +373 -0
- data/vendor/cybozulib/include/cybozu/thread.hpp +229 -0
- data/vendor/cybozulib/include/cybozu/time.hpp +281 -0
- data/vendor/cybozulib/include/cybozu/tls.hpp +115 -0
- data/vendor/cybozulib/include/cybozu/unordered_map.hpp +13 -0
- data/vendor/cybozulib/include/cybozu/unordered_set.hpp +13 -0
- data/vendor/cybozulib/include/cybozu/v128.hpp +376 -0
- data/vendor/cybozulib/include/cybozu/wavelet_matrix.hpp +345 -0
- data/vendor/cybozulib/include/cybozu/xorshift.hpp +189 -0
- data/vendor/cybozulib/include/cybozu/zlib.hpp +325 -0
- data/vendor/cybozulib/include/sais.hxx +364 -0
- data/vendor/cybozulib/misc/make_select8tbl.cpp +26 -0
- data/vendor/cybozulib/mk.bat +37 -0
- data/vendor/cybozulib/readme.md +29 -0
- data/vendor/cybozulib/release.props +12 -0
- data/vendor/cybozulib/sample/Makefile +30 -0
- data/vendor/cybozulib/sample/csucvector_smpl.cpp +42 -0
- data/vendor/cybozulib/sample/data/svd/org/test1.S +4 -0
- data/vendor/cybozulib/sample/data/svd/org/test1.U +4 -0
- data/vendor/cybozulib/sample/data/svd/org/test1.V +6 -0
- data/vendor/cybozulib/sample/data/svd/test1 +4 -0
- data/vendor/cybozulib/sample/data/svd/test2 +4 -0
- data/vendor/cybozulib/sample/desymbol.cpp +127 -0
- data/vendor/cybozulib/sample/exception_smpl.cpp +46 -0
- data/vendor/cybozulib/sample/fmindex_smpl.cpp +231 -0
- data/vendor/cybozulib/sample/log_smpl.cpp +19 -0
- data/vendor/cybozulib/sample/mecab_smpl.cpp +37 -0
- data/vendor/cybozulib/sample/option2_smpl.cpp +68 -0
- data/vendor/cybozulib/sample/option_smpl.cpp +42 -0
- data/vendor/cybozulib/sample/plsi_smpl.cpp +207 -0
- data/vendor/cybozulib/sample/proj/exception_smpl.vcproj +184 -0
- data/vendor/cybozulib/sample/proj/mecab_smpl.vcproj +184 -0
- data/vendor/cybozulib/sample/proj/ssl_smpl/ssl_smpl.vcxproj +85 -0
- data/vendor/cybozulib/sample/proj/ssl_smpl.vcproj +347 -0
- data/vendor/cybozulib/sample/proj/stacktrace_smpl/stacktrace_smpl.vcxproj +85 -0
- data/vendor/cybozulib/sample/proj/svd_smpl.vcproj +184 -0
- data/vendor/cybozulib/sample/quit_signal_handler.cpp +30 -0
- data/vendor/cybozulib/sample/serializer_smpl.cpp +196 -0
- data/vendor/cybozulib/sample/socket_smpl.cpp +82 -0
- data/vendor/cybozulib/sample/ssl_smpl.cpp +39 -0
- data/vendor/cybozulib/sample/stacktrace_smpl.cpp +52 -0
- data/vendor/cybozulib/sample/svd_bench_smpl.cpp +143 -0
- data/vendor/cybozulib/sample/svd_smpl.cpp +94 -0
- data/vendor/cybozulib/sample/wm_bench_smpl.cpp +182 -0
- data/vendor/cybozulib/sample/zlib_smpl.cpp +41 -0
- data/vendor/cybozulib/src/Makefile +8 -0
- data/vendor/cybozulib/src/base/Makefile +19 -0
- data/vendor/cybozulib/test/Makefile +12 -0
- data/vendor/cybozulib/test/base/Makefile +37 -0
- data/vendor/cybozulib/test/base/array_test.cpp +173 -0
- data/vendor/cybozulib/test/base/atoi_test.cpp +774 -0
- data/vendor/cybozulib/test/base/atomic_test.cpp +49 -0
- data/vendor/cybozulib/test/base/base64_test.cpp +113 -0
- data/vendor/cybozulib/test/base/bit_operation_test.cpp +134 -0
- data/vendor/cybozulib/test/base/bitvector_test.cpp +204 -0
- data/vendor/cybozulib/test/base/condition_variable_cs_test.cpp +92 -0
- data/vendor/cybozulib/test/base/condition_variable_test.cpp +88 -0
- data/vendor/cybozulib/test/base/config_test.cpp +236 -0
- data/vendor/cybozulib/test/base/crypto_test.cpp +122 -0
- data/vendor/cybozulib/test/base/csucvector_test.cpp +63 -0
- data/vendor/cybozulib/test/base/csv_test.cpp +182 -0
- data/vendor/cybozulib/test/base/data/a.xml +26 -0
- data/vendor/cybozulib/test/base/endian_test.cpp +56 -0
- data/vendor/cybozulib/test/base/env_test.cpp +22 -0
- data/vendor/cybozulib/test/base/event_test.cpp +41 -0
- data/vendor/cybozulib/test/base/file_test.cpp +233 -0
- data/vendor/cybozulib/test/base/fmindex_test.cpp +118 -0
- data/vendor/cybozulib/test/base/format_test.cpp +12 -0
- data/vendor/cybozulib/test/base/frequency_test.cpp +104 -0
- data/vendor/cybozulib/test/base/itoa_test.cpp +522 -0
- data/vendor/cybozulib/test/base/line_stream_test.cpp +208 -0
- data/vendor/cybozulib/test/base/mecab_test.cpp +41 -0
- data/vendor/cybozulib/test/base/minixml_test.cpp +103 -0
- data/vendor/cybozulib/test/base/mmap_test.cpp +15 -0
- data/vendor/cybozulib/test/base/option_test.cpp +487 -0
- data/vendor/cybozulib/test/base/parallel_test.cpp +48 -0
- data/vendor/cybozulib/test/base/proj/array_test/array_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/atoi_test/atoi_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/atomic_test/atomic_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/base64_test/base64_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/condition_variable_cs_test/condition_variable_cs_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/condition_variable_test/condition_variable_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/config_test/config_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/csv_test/csv_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/endian_test/endian_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/env_test/env_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/event_test/event_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/file_test/file_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/itoa_test/itoa_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/mecab_test/mecab_test.vcxproj +88 -0
- data/vendor/cybozulib/test/base/proj/minixml_test/minixml_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/mmap_test/mmap_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/serializer_test/serializer_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/sha1_test/sha1_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/stream_test/stream_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/string_operation_test/string_operation_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/string_test/string_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/thread_test/thread_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/time_test/time_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/tls_test/tls_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/proj/zlib_test/zlib_test.vcxproj +86 -0
- data/vendor/cybozulib/test/base/random_generator_test.cpp +28 -0
- data/vendor/cybozulib/test/base/regex_test.cpp +74 -0
- data/vendor/cybozulib/test/base/serializer_test.cpp +483 -0
- data/vendor/cybozulib/test/base/sha1_test.cpp +61 -0
- data/vendor/cybozulib/test/base/sha2_test.cpp +191 -0
- data/vendor/cybozulib/test/base/siphash_test.cpp +33 -0
- data/vendor/cybozulib/test/base/socket_test.cpp +76 -0
- data/vendor/cybozulib/test/base/stream_test.cpp +101 -0
- data/vendor/cybozulib/test/base/string_operation_test.cpp +340 -0
- data/vendor/cybozulib/test/base/string_test.cpp +1705 -0
- data/vendor/cybozulib/test/base/sucvector_test.cpp +312 -0
- data/vendor/cybozulib/test/base/thread_test.cpp +62 -0
- data/vendor/cybozulib/test/base/time_test.cpp +164 -0
- data/vendor/cybozulib/test/base/tls_test.cpp +50 -0
- data/vendor/cybozulib/test/base/wavelet_matrix_test.cpp +145 -0
- data/vendor/cybozulib/test/base/zlib_test.cpp +371 -0
- data/vendor/cybozulib/test/nlp/Makefile +27 -0
- data/vendor/cybozulib/test/nlp/proj/random_test.vcproj +184 -0
- data/vendor/cybozulib/test/nlp/proj/sparse_test.vcproj +184 -0
- data/vendor/cybozulib/test/nlp/proj/svd_test.vcproj +184 -0
- data/vendor/cybozulib/test/nlp/random_test.cpp +62 -0
- data/vendor/cybozulib/test/nlp/sparse_test.cpp +347 -0
- data/vendor/cybozulib/test/nlp/svd_test.cpp +234 -0
- data/vendor/cybozulib/test/nlp/top_score_test.cpp +40 -0
- data/vendor/cybozulib/tool/create_vcproj.py +186 -0
- data/vendor/cybozulib/tool/vcproj_tmpl.py +185 -0
- data/vendor/msoffice/COPYRIGHT +27 -0
- data/vendor/msoffice/Makefile +29 -0
- data/vendor/msoffice/bin/64/msoc.dll +0 -0
- data/vendor/msoffice/bin/64/msocsample.exe +0 -0
- data/vendor/msoffice/bin/64/msoffice-crypt.exe +0 -0
- data/vendor/msoffice/bin/msoc.dll +0 -0
- data/vendor/msoffice/bin/msocsample.exe +0 -0
- data/vendor/msoffice/bin/msoffice-crypt.exe +0 -0
- data/vendor/msoffice/common.mk +71 -0
- data/vendor/msoffice/common.props +26 -0
- data/vendor/msoffice/debug.props +14 -0
- data/vendor/msoffice/include/attack.hpp +211 -0
- data/vendor/msoffice/include/cfb.hpp +777 -0
- data/vendor/msoffice/include/crypto_util.hpp +450 -0
- data/vendor/msoffice/include/custom_sha1.hpp +342 -0
- data/vendor/msoffice/include/decode.hpp +240 -0
- data/vendor/msoffice/include/encode.hpp +221 -0
- data/vendor/msoffice/include/make_dataspace.hpp +316 -0
- data/vendor/msoffice/include/msoc.h +129 -0
- data/vendor/msoffice/include/resource.hpp +7 -0
- data/vendor/msoffice/include/standard_encryption.hpp +145 -0
- data/vendor/msoffice/include/uint32vec.hpp +179 -0
- data/vendor/msoffice/include/util.hpp +212 -0
- data/vendor/msoffice/lib/.emptydir +0 -0
- data/vendor/msoffice/misc/decrypt-xls.vbs +46 -0
- data/vendor/msoffice/mk.bat +1 -0
- data/vendor/msoffice/mkdll.bat +3 -0
- data/vendor/msoffice/msoc.def +13 -0
- data/vendor/msoffice/msocsample.py +178 -0
- data/vendor/msoffice/msoffice12.sln +31 -0
- data/vendor/msoffice/readme.md +110 -0
- data/vendor/msoffice/release.props +28 -0
- data/vendor/msoffice/src/Makefile +19 -0
- data/vendor/msoffice/src/attack.cpp +124 -0
- data/vendor/msoffice/src/cfb_test.cpp +77 -0
- data/vendor/msoffice/src/minisample.c +54 -0
- data/vendor/msoffice/src/msocdll.cpp +276 -0
- data/vendor/msoffice/src/msocsample.c +136 -0
- data/vendor/msoffice/src/msoffice-crypt.cpp +219 -0
- data/vendor/msoffice/src/proj/attack/attack.vcxproj +88 -0
- data/vendor/msoffice/src/proj/main/msoffice-crypt.vcxproj +88 -0
- data/vendor/msoffice/src/sha1.cpp +234 -0
- data/vendor/msoffice/test/Makefile +20 -0
- data/vendor/msoffice/test/cfb_test.cpp +74 -0
- data/vendor/msoffice/test/hash_test.cpp +59 -0
- data/vendor/msoffice/test/proj/cfb/cfb_test.vcxproj +90 -0
- data/vendor/msoffice/test/proj/hash/hash_test.vcxproj +90 -0
- data/vendor/msoffice/test/sampl.bat +8 -0
- data/vendor/msoffice/test_all.py +46 -0
- data/vendor/update +4 -0
- metadata +351 -0
@@ -0,0 +1,342 @@
|
|
1
|
+
#pragma once
|
2
|
+
/**
|
3
|
+
@file custom sha1
|
4
|
+
@brief simd version of sha1
|
5
|
+
Copyright (C) 2012 Cybozu Labs, Inc., all rights reserved.
|
6
|
+
*/
|
7
|
+
|
8
|
+
//#define SHA1_DONT_USE_CYBOZULIB
|
9
|
+
#ifndef SHA1_DONT_USE_CYBOZULIB
|
10
|
+
#include <cybozu/endian.hpp>
|
11
|
+
#endif
|
12
|
+
#include <assert.h>
|
13
|
+
#include <string>
|
14
|
+
|
15
|
+
#define SHA1_USE_SIMD
|
16
|
+
#ifdef SHA1_USE_SIMD
|
17
|
+
#include "uint32vec.hpp"
|
18
|
+
#endif
|
19
|
+
|
20
|
+
#define SHA1_CALC0(f, W, K) \
|
21
|
+
{ \
|
22
|
+
T tmp = S(a, 5) + f(b, c, d) + e + W + K; \
|
23
|
+
e = d; \
|
24
|
+
d = c; \
|
25
|
+
c = S(b, 30); \
|
26
|
+
b = a; \
|
27
|
+
a = tmp; \
|
28
|
+
}
|
29
|
+
|
30
|
+
#define SHA1_CALC1(i, f, K) SHA1_CALC0(f, W[i], K)
|
31
|
+
|
32
|
+
#define SHA1_CALC2(i, f, K) \
|
33
|
+
W[i] = S(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); \
|
34
|
+
SHA1_CALC1(i, f, K) \
|
35
|
+
|
36
|
+
#define SHA1_LOOP20(loopOne, offset, f, K) \
|
37
|
+
loopOne(offset + 0, f, K) \
|
38
|
+
loopOne(offset + 1, f, K) \
|
39
|
+
loopOne(offset + 2, f, K) \
|
40
|
+
loopOne(offset + 3, f, K) \
|
41
|
+
loopOne(offset + 4, f, K) \
|
42
|
+
loopOne(offset + 5, f, K) \
|
43
|
+
loopOne(offset + 6, f, K) \
|
44
|
+
loopOne(offset + 7, f, K) \
|
45
|
+
loopOne(offset + 8, f, K) \
|
46
|
+
loopOne(offset + 9, f, K) \
|
47
|
+
loopOne(offset +10, f, K) \
|
48
|
+
loopOne(offset +11, f, K) \
|
49
|
+
loopOne(offset +12, f, K) \
|
50
|
+
loopOne(offset +13, f, K) \
|
51
|
+
loopOne(offset +14, f, K) \
|
52
|
+
loopOne(offset +15, f, K) \
|
53
|
+
loopOne(offset +16, f, K) \
|
54
|
+
loopOne(offset +17, f, K) \
|
55
|
+
loopOne(offset +18, f, K) \
|
56
|
+
loopOne(offset +19, f, K)
|
57
|
+
|
58
|
+
#define SHA1_LOOP1(f, K) \
|
59
|
+
SHA1_CALC1( 0, f, K) \
|
60
|
+
SHA1_CALC1( 1, f, K) \
|
61
|
+
SHA1_CALC1( 2, f, K) \
|
62
|
+
SHA1_CALC1( 3, f, K) \
|
63
|
+
SHA1_CALC1( 4, f, K) \
|
64
|
+
SHA1_CALC1( 5, f, K) \
|
65
|
+
SHA1_CALC0( f, W_06, K) \
|
66
|
+
SHA1_CALC0( f, 0, K) \
|
67
|
+
SHA1_CALC0( f, 0, K) \
|
68
|
+
SHA1_CALC0( f, 0, K) \
|
69
|
+
SHA1_CALC0( f, 0, K) \
|
70
|
+
SHA1_CALC0( f, 0, K) \
|
71
|
+
SHA1_CALC0( f, 0, K) \
|
72
|
+
SHA1_CALC0( f, 0, K) \
|
73
|
+
SHA1_CALC0( f, 0, K) \
|
74
|
+
SHA1_CALC0( f, W_15, K) \
|
75
|
+
W[16] = S( W[ 2] ^ W[ 0], 1); \
|
76
|
+
SHA1_CALC1(16, f, K) \
|
77
|
+
W[17] = S( W[ 3] ^ W[ 1], 1); \
|
78
|
+
SHA1_CALC1(17, f, K) \
|
79
|
+
W[18] = S(W_15 ^ W[ 4] ^ W[ 2], 1); \
|
80
|
+
SHA1_CALC1(18, f, K) \
|
81
|
+
W[19] = S(W[16] ^ W[ 5] ^ W[ 3], 1); \
|
82
|
+
SHA1_CALC1(19, f, K)
|
83
|
+
|
84
|
+
#define SHA1_LOOP2(f, K) \
|
85
|
+
W[20] = S(W[17] ^ W_06 ^ W[ 4], 1); \
|
86
|
+
SHA1_CALC1(20, f, K) \
|
87
|
+
W[21] = S(W[18] ^ W[ 5], 1); \
|
88
|
+
SHA1_CALC1(21, f, K) \
|
89
|
+
W[22] = S(W[19] ^ W_06 , 1); \
|
90
|
+
SHA1_CALC1(22, f, K) \
|
91
|
+
W[23] = S(W[20] ^ W_15, 1); \
|
92
|
+
SHA1_CALC1(23, f, K) \
|
93
|
+
W[24] = S(W[21] ^ W[16], 1); \
|
94
|
+
SHA1_CALC1(24, f, K) \
|
95
|
+
W[25] = S(W[22] ^ W[17], 1); \
|
96
|
+
SHA1_CALC1(25, f, K) \
|
97
|
+
W[26] = S(W[23] ^ W[18], 1); \
|
98
|
+
SHA1_CALC1(26, f, K) \
|
99
|
+
W[27] = S(W[24] ^ W[19], 1); \
|
100
|
+
SHA1_CALC1(27, f, K) \
|
101
|
+
W[28] = S(W[25] ^ W[20], 1); \
|
102
|
+
SHA1_CALC1(28, f, K) \
|
103
|
+
W[29] = S(W[26] ^ W[21] ^ W_15, 1); \
|
104
|
+
SHA1_CALC1(29, f, K) \
|
105
|
+
W[30] = S(W[27] ^ W[22] ^ W[16], 1); \
|
106
|
+
SHA1_CALC1(30, f, K) \
|
107
|
+
W[31] = S(W[28] ^ W[23] ^ W[17] ^ W_15, 1); \
|
108
|
+
SHA1_CALC1(31, f, K) \
|
109
|
+
SHA1_CALC2(32, f, K) \
|
110
|
+
SHA1_CALC2(33, f, K) \
|
111
|
+
SHA1_CALC2(34, f, K) \
|
112
|
+
SHA1_CALC2(35, f, K) \
|
113
|
+
SHA1_CALC2(36, f, K) \
|
114
|
+
SHA1_CALC2(37, f, K) \
|
115
|
+
SHA1_CALC2(38, f, K) \
|
116
|
+
SHA1_CALC2(39, f, K)
|
117
|
+
|
118
|
+
#define SHA1_LOOP3(offset, f, K) SHA1_LOOP20(SHA1_CALC2, offset, f, K)
|
119
|
+
|
120
|
+
class CustomSha1 {
|
121
|
+
static inline uint32_t S(uint32_t x, int s)
|
122
|
+
{
|
123
|
+
#ifdef _MSC_VER
|
124
|
+
return _rotl(x, s);
|
125
|
+
#else
|
126
|
+
return (x << s) | (x >> (32 - s));
|
127
|
+
#endif
|
128
|
+
}
|
129
|
+
#ifdef SHA1_USE_SIMD
|
130
|
+
template<class T>
|
131
|
+
static inline T S(T x, int s)
|
132
|
+
{
|
133
|
+
return (x << s) | (x >> (32 - s));
|
134
|
+
}
|
135
|
+
#endif
|
136
|
+
|
137
|
+
static inline uint32_t getBE(const char *p)
|
138
|
+
{
|
139
|
+
#ifdef SHA1_DONT_USE_CYBOZULIB
|
140
|
+
uint32_t a = (uint8_t)p[0];
|
141
|
+
uint32_t b = (uint8_t)p[1];
|
142
|
+
uint32_t c = (uint8_t)p[2];
|
143
|
+
uint32_t d = (uint8_t)p[3];
|
144
|
+
return (a << 24) | (b << 16) | (c << 8) | d;
|
145
|
+
#else
|
146
|
+
return cybozu::Get32bitAsBE(p);
|
147
|
+
#endif
|
148
|
+
}
|
149
|
+
|
150
|
+
static inline void setBE(void *out, uint32_t x)
|
151
|
+
{
|
152
|
+
#ifdef SHA1_DONT_USE_CYBOZULIB
|
153
|
+
uint8_t *p = (uint8_t *)out;
|
154
|
+
p[0] = uint8_t(x >> 24);
|
155
|
+
p[1] = uint8_t(x >> 16);
|
156
|
+
p[2] = uint8_t(x >> 8);
|
157
|
+
p[3] = uint8_t(x);
|
158
|
+
#else
|
159
|
+
cybozu::Set32bitAsBE(out, x);
|
160
|
+
#endif
|
161
|
+
}
|
162
|
+
static uint32_t f0(uint32_t b, uint32_t c, uint32_t d) { return (b & c) | ((~b) & d); }
|
163
|
+
#ifdef SHA1_USE_SIMD
|
164
|
+
template<class T>
|
165
|
+
static T f0(T b, T c, T d) { return (b & c) | andn(b, d); }
|
166
|
+
#endif
|
167
|
+
template<class T>
|
168
|
+
static T f1(T b, T c, T d) { return b ^ c ^ d; }
|
169
|
+
template<class T>
|
170
|
+
static T f2(T b, T c, T d) { return (b & c) | (b & d) | (c & d); }
|
171
|
+
static inline int mod(int n) { return n & 15; }
|
172
|
+
/*
|
173
|
+
input : W[1..5]
|
174
|
+
*/
|
175
|
+
template<class T>
|
176
|
+
static void digestOnce(T W[16])
|
177
|
+
{
|
178
|
+
T W_06 = 0x80000000;
|
179
|
+
T W_07, W_08, W_09, W_10, W_11, W_12, W_13, W_14;
|
180
|
+
T W_15 = 0xc0;
|
181
|
+
|
182
|
+
/*
|
183
|
+
input = W[0..5]
|
184
|
+
W[0] = index
|
185
|
+
W[1..5] = previous hash(input)
|
186
|
+
W_06 = 0x80000000
|
187
|
+
W_07..14= 0
|
188
|
+
W_15 = 0xc0
|
189
|
+
output : W[1..5]
|
190
|
+
*/
|
191
|
+
const T H0 = 0x67452301;
|
192
|
+
const T H1 = 0xefcdab89;
|
193
|
+
const T H2 = 0x98badcfe;
|
194
|
+
const T H3 = 0x10325476;
|
195
|
+
const T H4 = 0xc3d2e1f0;
|
196
|
+
const T K0 = 0x5a827999;
|
197
|
+
const T K1 = 0x6ed9eba1;
|
198
|
+
const T K2 = 0x8f1bbcdc;
|
199
|
+
const T K3 = 0xca62c1d6;
|
200
|
+
T a = H0;
|
201
|
+
T b = H1;
|
202
|
+
T c = H2;
|
203
|
+
T d = H3;
|
204
|
+
T e = H4;
|
205
|
+
|
206
|
+
SHA1_CALC0(f0, W[0], K0)
|
207
|
+
SHA1_CALC0(f0, W[1], K0)
|
208
|
+
SHA1_CALC0(f0, W[2], K0)
|
209
|
+
SHA1_CALC0(f0, W[3], K0)
|
210
|
+
SHA1_CALC0(f0, W[4], K0)
|
211
|
+
SHA1_CALC0(f0, W[5], K0)
|
212
|
+
SHA1_CALC0(f0, W_06, K0)
|
213
|
+
SHA1_CALC0(f0, 0, K0)
|
214
|
+
SHA1_CALC0(f0, 0, K0)
|
215
|
+
SHA1_CALC0(f0, 0, K0)
|
216
|
+
SHA1_CALC0(f0, 0, K0)
|
217
|
+
SHA1_CALC0(f0, 0, K0)
|
218
|
+
SHA1_CALC0(f0, 0, K0)
|
219
|
+
SHA1_CALC0(f0, 0, K0)
|
220
|
+
SHA1_CALC0(f0, 0, K0)
|
221
|
+
SHA1_CALC0(f0, W_15, K0)
|
222
|
+
W[0] = S( W[2] ^ W[0], 1); SHA1_CALC0(f0, W[0], K0)
|
223
|
+
W[1] = S( W[3] ^ W[1], 1); SHA1_CALC0(f0, W[1], K0)
|
224
|
+
W[2] = S(W_15 ^ W[4] ^ W[2], 1); SHA1_CALC0(f0, W[2], K0)
|
225
|
+
W[3] = S(W[0] ^ W[5] ^ W[3], 1); SHA1_CALC0(f0, W[3], K0)
|
226
|
+
W[4] = S(W[1] ^ W_06 ^ W[4], 1); SHA1_CALC0(f1, W[4], K1)
|
227
|
+
W[5] = S(W[2] ^ W[5], 1); SHA1_CALC0(f1, W[5], K1)
|
228
|
+
W_06 = S(W[3] ^ W_06, 1); SHA1_CALC0(f1, W_06, K1)
|
229
|
+
W_07 = S(W[4] ^ W_15 , 1); SHA1_CALC0(f1, W_07, K1)
|
230
|
+
W_08 = S(W[5] ^ W[0] , 1); SHA1_CALC0(f1, W_08, K1)
|
231
|
+
W_09 = S(W_06 ^ W[1] , 1); SHA1_CALC0(f1, W_09, K1)
|
232
|
+
W_10 = S(W_07 ^ W[2] , 1); SHA1_CALC0(f1, W_10, K1)
|
233
|
+
W_11 = S(W_08 ^ W[3] , 1); SHA1_CALC0(f1, W_11, K1)
|
234
|
+
W_12 = S(W_09 ^ W[4] , 1); SHA1_CALC0(f1, W_12, K1)
|
235
|
+
W_13 = S(W_10 ^ W[5] ^ W_15 , 1); SHA1_CALC0(f1, W_13, K1)
|
236
|
+
W_14 = S(W_11 ^ W_06 ^ W[0] , 1); SHA1_CALC0(f1, W_14, K1)
|
237
|
+
W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f1, W_15, K1)
|
238
|
+
W[0] = S(W_13 ^ W_08 ^ W[2] ^ W[0], 1); SHA1_CALC0(f1, W[0], K1)
|
239
|
+
W[1] = S(W_14 ^ W_09 ^ W[3] ^ W[1], 1); SHA1_CALC0(f1, W[1], K1)
|
240
|
+
W[2] = S(W_15 ^ W_10 ^ W[4] ^ W[2], 1); SHA1_CALC0(f1, W[2], K1)
|
241
|
+
W[3] = S(W[0] ^ W_11 ^ W[5] ^ W[3], 1); SHA1_CALC0(f1, W[3], K1)
|
242
|
+
W[4] = S(W[1] ^ W_12 ^ W_06 ^ W[4], 1); SHA1_CALC0(f1, W[4], K1)
|
243
|
+
W[5] = S(W[2] ^ W_13 ^ W_07 ^ W[5], 1); SHA1_CALC0(f1, W[5], K1)
|
244
|
+
W_06 = S(W[3] ^ W_14 ^ W_08 ^ W_06, 1); SHA1_CALC0(f1, W_06, K1)
|
245
|
+
W_07 = S(W[4] ^ W_15 ^ W_09 ^ W_07, 1); SHA1_CALC0(f1, W_07, K1)
|
246
|
+
W_08 = S(W[5] ^ W[0] ^ W_10 ^ W_08, 1); SHA1_CALC0(f2, W_08, K2)
|
247
|
+
W_09 = S(W_06 ^ W[1] ^ W_11 ^ W_09, 1); SHA1_CALC0(f2, W_09, K2)
|
248
|
+
W_10 = S(W_07 ^ W[2] ^ W_12 ^ W_10, 1); SHA1_CALC0(f2, W_10, K2)
|
249
|
+
W_11 = S(W_08 ^ W[3] ^ W_13 ^ W_11, 1); SHA1_CALC0(f2, W_11, K2)
|
250
|
+
W_12 = S(W_09 ^ W[4] ^ W_14 ^ W_12, 1); SHA1_CALC0(f2, W_12, K2)
|
251
|
+
W_13 = S(W_10 ^ W[5] ^ W_15 ^ W_13, 1); SHA1_CALC0(f2, W_13, K2)
|
252
|
+
W_14 = S(W_11 ^ W_06 ^ W[0] ^ W_14, 1); SHA1_CALC0(f2, W_14, K2)
|
253
|
+
W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f2, W_15, K2)
|
254
|
+
W[0] = S(W_13 ^ W_08 ^ W[2] ^ W[0], 1); SHA1_CALC0(f2, W[0], K2)
|
255
|
+
W[1] = S(W_14 ^ W_09 ^ W[3] ^ W[1], 1); SHA1_CALC0(f2, W[1], K2)
|
256
|
+
W[2] = S(W_15 ^ W_10 ^ W[4] ^ W[2], 1); SHA1_CALC0(f2, W[2], K2)
|
257
|
+
W[3] = S(W[0] ^ W_11 ^ W[5] ^ W[3], 1); SHA1_CALC0(f2, W[3], K2)
|
258
|
+
W[4] = S(W[1] ^ W_12 ^ W_06 ^ W[4], 1); SHA1_CALC0(f2, W[4], K2)
|
259
|
+
W[5] = S(W[2] ^ W_13 ^ W_07 ^ W[5], 1); SHA1_CALC0(f2, W[5], K2)
|
260
|
+
W_06 = S(W[3] ^ W_14 ^ W_08 ^ W_06, 1); SHA1_CALC0(f2, W_06, K2)
|
261
|
+
W_07 = S(W[4] ^ W_15 ^ W_09 ^ W_07, 1); SHA1_CALC0(f2, W_07, K2)
|
262
|
+
W_08 = S(W[5] ^ W[0] ^ W_10 ^ W_08, 1); SHA1_CALC0(f2, W_08, K2)
|
263
|
+
W_09 = S(W_06 ^ W[1] ^ W_11 ^ W_09, 1); SHA1_CALC0(f2, W_09, K2)
|
264
|
+
W_10 = S(W_07 ^ W[2] ^ W_12 ^ W_10, 1); SHA1_CALC0(f2, W_10, K2)
|
265
|
+
W_11 = S(W_08 ^ W[3] ^ W_13 ^ W_11, 1); SHA1_CALC0(f2, W_11, K2)
|
266
|
+
W_12 = S(W_09 ^ W[4] ^ W_14 ^ W_12, 1); SHA1_CALC0(f1, W_12, K3)
|
267
|
+
W_13 = S(W_10 ^ W[5] ^ W_15 ^ W_13, 1); SHA1_CALC0(f1, W_13, K3)
|
268
|
+
W_14 = S(W_11 ^ W_06 ^ W[0] ^ W_14, 1); SHA1_CALC0(f1, W_14, K3)
|
269
|
+
W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f1, W_15, K3)
|
270
|
+
W[0] = S(W_13 ^ W_08 ^ W[2] ^ W[0], 1); SHA1_CALC0(f1, W[0], K3)
|
271
|
+
W[1] = S(W_14 ^ W_09 ^ W[3] ^ W[1], 1); SHA1_CALC0(f1, W[1], K3)
|
272
|
+
W[2] = S(W_15 ^ W_10 ^ W[4] ^ W[2], 1); SHA1_CALC0(f1, W[2], K3)
|
273
|
+
W[3] = S(W[0] ^ W_11 ^ W[5] ^ W[3], 1); SHA1_CALC0(f1, W[3], K3)
|
274
|
+
W[4] = S(W[1] ^ W_12 ^ W_06 ^ W[4], 1); SHA1_CALC0(f1, W[4], K3)
|
275
|
+
W[5] = S(W[2] ^ W_13 ^ W_07 ^ W[5], 1); SHA1_CALC0(f1, W[5], K3)
|
276
|
+
W_06 = S(W[3] ^ W_14 ^ W_08 ^ W_06, 1); SHA1_CALC0(f1, W_06, K3)
|
277
|
+
W_07 = S(W[4] ^ W_15 ^ W_09 ^ W_07, 1); SHA1_CALC0(f1, W_07, K3)
|
278
|
+
W_08 = S(W[5] ^ W[0] ^ W_10 ^ W_08, 1); SHA1_CALC0(f1, W_08, K3)
|
279
|
+
W_09 = S(W_06 ^ W[1] ^ W_11 ^ W_09, 1); SHA1_CALC0(f1, W_09, K3)
|
280
|
+
W_10 = S(W_07 ^ W[2] ^ W_12 ^ W_10, 1); SHA1_CALC0(f1, W_10, K3)
|
281
|
+
W_11 = S(W_08 ^ W[3] ^ W_13 ^ W_11, 1); SHA1_CALC0(f1, W_11, K3)
|
282
|
+
W_12 = S(W_09 ^ W[4] ^ W_14 ^ W_12, 1); SHA1_CALC0(f1, W_12, K3)
|
283
|
+
W_13 = S(W_10 ^ W[5] ^ W_15 ^ W_13, 1); SHA1_CALC0(f1, W_13, K3)
|
284
|
+
W_14 = S(W_11 ^ W_06 ^ W[0] ^ W_14, 1); SHA1_CALC0(f1, W_14, K3)
|
285
|
+
W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f1, W_15, K3)
|
286
|
+
|
287
|
+
W[1] = a + H0;
|
288
|
+
W[2] = b + H1;
|
289
|
+
W[3] = c + H2;
|
290
|
+
W[4] = d + H3;
|
291
|
+
W[5] = e + H4;
|
292
|
+
}
|
293
|
+
public:
|
294
|
+
/*
|
295
|
+
input h[0..19]
|
296
|
+
output h[0..19]
|
297
|
+
*/
|
298
|
+
static inline void digest(char *h, int spinCount)
|
299
|
+
{
|
300
|
+
uint32_t W[80];
|
301
|
+
for (int i = 1; i < 6; i++) {
|
302
|
+
W[i] = getBE(&h[(i - 1) * 4]);
|
303
|
+
}
|
304
|
+
for (int i = 0; i < spinCount; i++) {
|
305
|
+
// W[0]
|
306
|
+
setBE(W, i);
|
307
|
+
digestOnce<uint32_t>(W);
|
308
|
+
}
|
309
|
+
for (size_t i = 1; i < 6; i++) {
|
310
|
+
setBE(&h[(i - 1) * 4], W[i]);
|
311
|
+
}
|
312
|
+
}
|
313
|
+
#ifdef SHA1_USE_SIMD
|
314
|
+
/*
|
315
|
+
in/out out[n]
|
316
|
+
assume out[i].size() == 20
|
317
|
+
*/
|
318
|
+
template<int n>
|
319
|
+
static inline void digestX(std::string out[n], int spinCount)
|
320
|
+
{
|
321
|
+
Uint32Vec W[80];
|
322
|
+
for (int i = 1; i < 6; i++) {
|
323
|
+
const int pos = (i - 1) * 4;
|
324
|
+
#ifdef UINT32VEC_USE_AVX2
|
325
|
+
W[i].set(getBE(&out[7][pos]), getBE(&out[6][pos]), getBE(&out[5][pos]), getBE(&out[4][pos]), getBE(&out[3][pos]), getBE(&out[2][pos]), getBE(&out[1][pos]), getBE(&out[0][pos]));
|
326
|
+
#else
|
327
|
+
W[i].set(getBE(&out[3][pos]), getBE(&out[2][pos]), getBE(&out[1][pos]), getBE(&out[0][pos]));
|
328
|
+
#endif
|
329
|
+
}
|
330
|
+
for (int i = 0; i < spinCount; i++) {
|
331
|
+
W[0] = cybozu::byteSwap(uint32_t(i));
|
332
|
+
digestOnce<Uint32Vec >(W);
|
333
|
+
}
|
334
|
+
for (size_t i = 1; i < 6; i++) {
|
335
|
+
for (int j = 0; j < n; j++) {
|
336
|
+
uint32_t x = getBE((const char*)&W[i] + j * 4);
|
337
|
+
memcpy(&out[j][(i - 1) * 4], &x, sizeof(x));
|
338
|
+
}
|
339
|
+
}
|
340
|
+
}
|
341
|
+
#endif
|
342
|
+
};
|
@@ -0,0 +1,240 @@
|
|
1
|
+
#pragma once
|
2
|
+
/**
|
3
|
+
@file
|
4
|
+
@brief MS Office encryption decoder
|
5
|
+
Copyright (C) 2012 Cybozu Labs, Inc., all rights reserved.
|
6
|
+
see [MS-OFFCRYPTO]
|
7
|
+
Office Document Cryptography Structure Specification
|
8
|
+
*/
|
9
|
+
#include <fstream>
|
10
|
+
#include <cybozu/mmap.hpp>
|
11
|
+
#include <cybozu/file.hpp>
|
12
|
+
#include <cybozu/minixml.hpp>
|
13
|
+
#include <cybozu/atoi.hpp>
|
14
|
+
#include <cybozu/crypto.hpp>
|
15
|
+
#include <cybozu/random_generator.hpp>
|
16
|
+
#include "cfb.hpp"
|
17
|
+
#include "crypto_util.hpp"
|
18
|
+
|
19
|
+
namespace ms {
|
20
|
+
|
21
|
+
inline void DecContent(std::string& dec, const std::string& data, const CipherParam& param, const std::string& key, const std::string& salt)
|
22
|
+
{
|
23
|
+
const size_t blockSize = 4096;
|
24
|
+
dec.reserve(data.size());
|
25
|
+
const size_t n = (data.size() + blockSize - 1) / blockSize;
|
26
|
+
for (size_t i = 0; i < n; i++) {
|
27
|
+
const size_t len = (i < n - 1) ? blockSize : (data.size() % blockSize);
|
28
|
+
std::string blockKey(4, 0);
|
29
|
+
cybozu::Set32bitAsLE(&blockKey[0], static_cast<uint32_t>(i));
|
30
|
+
const std::string iv = generateKey(param, salt, blockKey);
|
31
|
+
dec.append(cipher(param.cipherName, data.c_str() + i * blockSize, len, key, iv, cybozu::crypto::Cipher::Decoding));
|
32
|
+
}
|
33
|
+
}
|
34
|
+
|
35
|
+
/*
|
36
|
+
split encryptedPackage as [uint64_t:encData]
|
37
|
+
*/
|
38
|
+
inline uint64_t GetEncodedData(std::string& encData, const std::string& encryptedPackage)
|
39
|
+
{
|
40
|
+
if (encryptedPackage.size() < 8) {
|
41
|
+
throw cybozu::Exception("ms:GetEncodedData:tool small") << encryptedPackage.size();
|
42
|
+
}
|
43
|
+
const char *p = &encryptedPackage[0];
|
44
|
+
const uint64_t size = cybozu::Get64bitAsLE(p);
|
45
|
+
dprintf("package size:header %d encryptedPackage %d\n", (int)size, (int)encryptedPackage.size());
|
46
|
+
MS_ASSERT(encryptedPackage.size() - 8 >= size);
|
47
|
+
encData = encryptedPackage.substr(8);
|
48
|
+
return size;
|
49
|
+
}
|
50
|
+
|
51
|
+
inline const std::string& GetContensByName(const ms::cfb::CompoundFile& cfb, const std::string& name)
|
52
|
+
{
|
53
|
+
const cybozu::String16 wname = cybozu::ToUtf16(name);
|
54
|
+
const ms::cfb::DirectoryEntryVec& dirs = cfb.dirs;
|
55
|
+
for (size_t i = 0; i < dirs.size(); i++) {
|
56
|
+
const ms::cfb::DirectoryEntry& dir = dirs[i];
|
57
|
+
if (dir.directoryEntryName == wname) {
|
58
|
+
return dir.content;
|
59
|
+
}
|
60
|
+
}
|
61
|
+
throw cybozu::Exception("ms:GetContentsByName:name") << name;
|
62
|
+
}
|
63
|
+
|
64
|
+
/*
|
65
|
+
verify integrity
|
66
|
+
hmac = openssl dgst -sha1 -mac HMAC -macopt hexkey:hex(salt) encryptedpackage
|
67
|
+
hmac == hex(expected)
|
68
|
+
*/
|
69
|
+
inline bool VerifyIntegrity(
|
70
|
+
const std::string& encryptedPackage,
|
71
|
+
const CipherParam& keyData,
|
72
|
+
const std::string& secretKey,
|
73
|
+
const std::string& saltValue,
|
74
|
+
const std::string& encryptedHmacKey,
|
75
|
+
const std::string& encryptedHmacValue)
|
76
|
+
{
|
77
|
+
const std::string iv1 = generateIv(keyData, ms::blkKey_dataIntegrity1, saltValue);
|
78
|
+
const std::string iv2 = generateIv(keyData, ms::blkKey_dataIntegrity2, saltValue);
|
79
|
+
const std::string salt = cipher(keyData.cipherName, encryptedHmacKey, secretKey, iv1, cybozu::crypto::Cipher::Decoding).substr(0, keyData.hashSize);
|
80
|
+
const std::string expected = cipher(keyData.cipherName, encryptedHmacValue, secretKey, iv2, cybozu::crypto::Cipher::Decoding).substr(0, keyData.hashSize);
|
81
|
+
|
82
|
+
cybozu::crypto::Hmac hmac(keyData.hashName);
|
83
|
+
std::string ret = hmac.eval(salt, encryptedPackage);
|
84
|
+
return ret == expected;
|
85
|
+
}
|
86
|
+
|
87
|
+
inline bool getAgileSecretKey(std::string& secretKey, const EncryptionInfo& info, const std::string& pass)
|
88
|
+
{
|
89
|
+
const CipherParam& keyData = info.keyData;
|
90
|
+
const CipherParam& encryptedKey = info.encryptedKey;
|
91
|
+
const std::string& iv = encryptedKey.saltValue;
|
92
|
+
|
93
|
+
const std::string pwHash = hashPassword(encryptedKey.hashName, iv, pass, info.spinCount);
|
94
|
+
const std::string skey1 = generateKey(encryptedKey, pwHash, ms::blkKey_VerifierHashInput);
|
95
|
+
const std::string skey2 = generateKey(encryptedKey, pwHash, ms::blkKey_encryptedVerifierHashValue);
|
96
|
+
|
97
|
+
const std::string verifierHashInput = cipher(encryptedKey.cipherName, info.encryptedVerifierHashInput, skey1, iv, cybozu::crypto::Cipher::Decoding);
|
98
|
+
const std::string hashedVerifier = cybozu::crypto::Hash::digest(encryptedKey.hashName, verifierHashInput);
|
99
|
+
const std::string verifierHash = cipher(encryptedKey.cipherName, info.encryptedVerifierHashValue, skey2, iv, cybozu::crypto::Cipher::Decoding).substr(0, hashedVerifier.size());
|
100
|
+
|
101
|
+
if (hashedVerifier != verifierHash) {
|
102
|
+
return false;
|
103
|
+
}
|
104
|
+
const std::string skey3 = generateKey(encryptedKey, pwHash, ms::blkKey_encryptedKeyValue);
|
105
|
+
secretKey = cipher(encryptedKey.cipherName, info.encryptedKeyValue, skey3, iv, cybozu::crypto::Cipher::Decoding);
|
106
|
+
if (isDebug()) {
|
107
|
+
printf("salt = "); dump(keyData.saltValue, false);
|
108
|
+
printf("secretKey = "); dump(secretKey, false);
|
109
|
+
}
|
110
|
+
return true;
|
111
|
+
}
|
112
|
+
|
113
|
+
inline bool decodeAgile(std::string& decData, const std::string& encryptedPackage, const EncryptionInfo& info, const std::string& pass, std::string& secretKey)
|
114
|
+
{
|
115
|
+
const CipherParam& keyData = info.keyData;
|
116
|
+
const CipherParam& encryptedKey = info.encryptedKey;
|
117
|
+
if (secretKey.empty()) {
|
118
|
+
if (!getAgileSecretKey(secretKey, info, pass)) return false;
|
119
|
+
if (putSecretKeyInstance()) {
|
120
|
+
printf("secretKey = "); ms::dump(secretKey, false);
|
121
|
+
}
|
122
|
+
|
123
|
+
if (!VerifyIntegrity(encryptedPackage, keyData, secretKey, keyData.saltValue, info.encryptedHmacKey, info.encryptedHmacValue)) {
|
124
|
+
printf("warning : mac err : data may be broken\n");
|
125
|
+
// return false;
|
126
|
+
}
|
127
|
+
}
|
128
|
+
|
129
|
+
std::string encData;
|
130
|
+
const uint64_t decodeSize = GetEncodedData(encData, encryptedPackage);
|
131
|
+
|
132
|
+
// decode
|
133
|
+
normalizeKey(secretKey, encryptedKey.keyBits / 8);
|
134
|
+
DecContent(decData, encData, encryptedKey, secretKey, keyData.saltValue);
|
135
|
+
decData.resize(size_t(decodeSize));
|
136
|
+
return true;
|
137
|
+
}
|
138
|
+
|
139
|
+
/*
|
140
|
+
2.3.4.9
|
141
|
+
*/
|
142
|
+
inline bool verifyStandardEncryption(std::string& encKey, const EncryptionHeader& header, const EncryptionVerifier& verifier, const std::string& pass)
|
143
|
+
{
|
144
|
+
const cybozu::crypto::Hash::Name hashName = cybozu::crypto::Hash::N_SHA1;
|
145
|
+
encKey = verifier.getEncryptionKey(pass).substr(0, header.keySize / 8);
|
146
|
+
const std::string iv;
|
147
|
+
const std::string decVerifier = cipher(header.cipherName, verifier.encryptedVerifier, encKey, iv, cybozu::crypto::Cipher::Decoding);
|
148
|
+
const std::string h = cybozu::crypto::Hash::digest(hashName, decVerifier);
|
149
|
+
std::string decVerifierHash = cipher(header.cipherName, verifier.encryptedVerifierHash, encKey, iv, cybozu::crypto::Cipher::Decoding);
|
150
|
+
decVerifierHash.resize(h.size());
|
151
|
+
return h == decVerifierHash;
|
152
|
+
}
|
153
|
+
|
154
|
+
inline bool decodeStandardEncryption(std::string& dec, const std::string& encryptedPackage, const EncryptionInfo& info, const std::string& pass, std::string secretKey)
|
155
|
+
{
|
156
|
+
const EncryptionHeader& header = info.seHeader;
|
157
|
+
const EncryptionVerifier& verifier = info.seVerifier;
|
158
|
+
|
159
|
+
if (secretKey.empty()) {
|
160
|
+
if (!verifyStandardEncryption(secretKey, header, verifier, pass)) {
|
161
|
+
return false;
|
162
|
+
}
|
163
|
+
}
|
164
|
+
if (isDebug()) {
|
165
|
+
printf("secretKey = "); dump(secretKey, false);
|
166
|
+
}
|
167
|
+
|
168
|
+
const char *p = encryptedPackage.data();
|
169
|
+
size_t decSize = cybozu::Get32bitAsLE(p);
|
170
|
+
p += 8;
|
171
|
+
const size_t dataSize = encryptedPackage.size();
|
172
|
+
if (decSize > dataSize) {
|
173
|
+
throw cybozu::Exception("ms:decodeStandardEncryption:bad decSize") << decSize << dataSize;
|
174
|
+
}
|
175
|
+
const size_t blockSize = 4096;
|
176
|
+
dec.reserve(dataSize);
|
177
|
+
const size_t n = (dataSize + blockSize - 1) / blockSize;
|
178
|
+
const std::string iv;
|
179
|
+
for (size_t i = 0; i < n; i++) {
|
180
|
+
const size_t len = (i < n - 1) ? blockSize : (dataSize % blockSize);
|
181
|
+
dec.append(cipher(header.cipherName, p + i * blockSize, len, secretKey, iv, cybozu::crypto::Cipher::Decoding));
|
182
|
+
}
|
183
|
+
dec.resize(decSize);
|
184
|
+
return true;
|
185
|
+
}
|
186
|
+
|
187
|
+
/*
|
188
|
+
secretKey will be set if it is empty
|
189
|
+
*/
|
190
|
+
template<class String>
|
191
|
+
bool decode(const char *data, uint32_t dataSize, const String& outFile, const std::string& pass, std::string& secretKey, bool doView, int *pSpinCount = 0)
|
192
|
+
{
|
193
|
+
ms::cfb::CompoundFile cfb(data, dataSize);
|
194
|
+
cfb.put();
|
195
|
+
|
196
|
+
const std::string& encryptedPackage = GetContensByName(cfb, "EncryptedPackage"); // data
|
197
|
+
const EncryptionInfo info(GetContensByName(cfb, "EncryptionInfo")); // xml
|
198
|
+
if (pSpinCount) {
|
199
|
+
*pSpinCount = info.spinCount;
|
200
|
+
}
|
201
|
+
info.put();
|
202
|
+
|
203
|
+
std::string decData;
|
204
|
+
if (info.isStandardEncryption) {
|
205
|
+
if (!decodeStandardEncryption(decData, encryptedPackage, info, pass, secretKey)) return false;
|
206
|
+
} else {
|
207
|
+
if (!decodeAgile(decData, encryptedPackage, info, pass, secretKey)) return false;
|
208
|
+
}
|
209
|
+
if (!doView) {
|
210
|
+
DetectFormat(decData.c_str(), decData.size());
|
211
|
+
cybozu::File out;
|
212
|
+
out.openW(outFile);
|
213
|
+
out.write(decData.c_str(), decData.size());
|
214
|
+
}
|
215
|
+
return true;
|
216
|
+
}
|
217
|
+
|
218
|
+
inline std::string getSecretKey(const std::string& keyFile, const std::string& pass)
|
219
|
+
{
|
220
|
+
cybozu::Mmap m(keyFile);
|
221
|
+
const char *data = m.get();
|
222
|
+
if (m.size() > 0xffffffff) {
|
223
|
+
throw cybozu::Exception("getSecretKey:m.size") << m.size();
|
224
|
+
}
|
225
|
+
const uint32_t dataSize = static_cast<uint32_t>(m.size());
|
226
|
+
const ms::Format format = ms::DetectFormat(data, dataSize);
|
227
|
+
if (format != ms::fCfb) {
|
228
|
+
throw cybozu::Exception("getSecretKey:bad format") << keyFile;
|
229
|
+
}
|
230
|
+
ms::cfb::CompoundFile cfb(data, dataSize);
|
231
|
+
const EncryptionInfo info(GetContensByName(cfb, "EncryptionInfo")); // xml
|
232
|
+
info.put();
|
233
|
+
|
234
|
+
if (info.isStandardEncryption) throw cybozu::Exception("getSecretKey:not support") << keyFile;
|
235
|
+
std::string secretKey;
|
236
|
+
if (!getAgileSecretKey(secretKey, info, pass)) throw cybozu::Exception("getSecretKey:can't get") << keyFile;
|
237
|
+
return secretKey;
|
238
|
+
}
|
239
|
+
|
240
|
+
} // ms
|