ooxml_crypt 0.1.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (264) hide show
  1. checksums.yaml +7 -0
  2. data/Gemfile +4 -0
  3. data/LICENSE.txt +21 -0
  4. data/README.md +58 -0
  5. data/Rakefile +12 -0
  6. data/bin/console +15 -0
  7. data/bin/setup +8 -0
  8. data/ext/ooxml_crypt/extconf.rb +18 -0
  9. data/ext/ooxml_crypt/ooxml_crypt.c +27 -0
  10. data/ext/ooxml_crypt/ooxml_crypt.h +7 -0
  11. data/lib/ooxml_crypt/version.rb +5 -0
  12. data/lib/ooxml_crypt.rb +75 -0
  13. data/vendor/cybozulib/.github/workflows/main.yml +12 -0
  14. data/vendor/cybozulib/.gitignore +5 -0
  15. data/vendor/cybozulib/CMakeLists.txt +6 -0
  16. data/vendor/cybozulib/COPYRIGHT +27 -0
  17. data/vendor/cybozulib/Makefile +26 -0
  18. data/vendor/cybozulib/bin/libeay32.dll +0 -0
  19. data/vendor/cybozulib/bin/libmecab.dll +0 -0
  20. data/vendor/cybozulib/bin/ssleay32.dll +0 -0
  21. data/vendor/cybozulib/common.mk +116 -0
  22. data/vendor/cybozulib/common.props +25 -0
  23. data/vendor/cybozulib/cybozulib.sln +286 -0
  24. data/vendor/cybozulib/debug.props +14 -0
  25. data/vendor/cybozulib/include/cybozu/array.hpp +197 -0
  26. data/vendor/cybozulib/include/cybozu/atoi.hpp +238 -0
  27. data/vendor/cybozulib/include/cybozu/atomic.hpp +146 -0
  28. data/vendor/cybozulib/include/cybozu/base64.hpp +210 -0
  29. data/vendor/cybozulib/include/cybozu/benchmark.hpp +212 -0
  30. data/vendor/cybozulib/include/cybozu/bfd.hpp +105 -0
  31. data/vendor/cybozulib/include/cybozu/bit_operation.hpp +139 -0
  32. data/vendor/cybozulib/include/cybozu/bitvector.hpp +358 -0
  33. data/vendor/cybozulib/include/cybozu/condition_variable.hpp +113 -0
  34. data/vendor/cybozulib/include/cybozu/condition_variable_cs.hpp +74 -0
  35. data/vendor/cybozulib/include/cybozu/config.hpp +392 -0
  36. data/vendor/cybozulib/include/cybozu/critical_section.hpp +60 -0
  37. data/vendor/cybozulib/include/cybozu/crypto.hpp +321 -0
  38. data/vendor/cybozulib/include/cybozu/csucvector.hpp +624 -0
  39. data/vendor/cybozulib/include/cybozu/csv.hpp +294 -0
  40. data/vendor/cybozulib/include/cybozu/data_type.hpp +27 -0
  41. data/vendor/cybozulib/include/cybozu/endian.hpp +224 -0
  42. data/vendor/cybozulib/include/cybozu/env.hpp +63 -0
  43. data/vendor/cybozulib/include/cybozu/event.hpp +122 -0
  44. data/vendor/cybozulib/include/cybozu/exception.hpp +253 -0
  45. data/vendor/cybozulib/include/cybozu/file.hpp +626 -0
  46. data/vendor/cybozulib/include/cybozu/fmindex.hpp +291 -0
  47. data/vendor/cybozulib/include/cybozu/format.hpp +93 -0
  48. data/vendor/cybozulib/include/cybozu/frequency.hpp +264 -0
  49. data/vendor/cybozulib/include/cybozu/hash.hpp +67 -0
  50. data/vendor/cybozulib/include/cybozu/inttype.hpp +174 -0
  51. data/vendor/cybozulib/include/cybozu/itoa.hpp +336 -0
  52. data/vendor/cybozulib/include/cybozu/json.hpp +120 -0
  53. data/vendor/cybozulib/include/cybozu/line_stream.hpp +149 -0
  54. data/vendor/cybozulib/include/cybozu/link_libeay32.hpp +21 -0
  55. data/vendor/cybozulib/include/cybozu/link_mpir.hpp +18 -0
  56. data/vendor/cybozulib/include/cybozu/link_ssleay32.hpp +19 -0
  57. data/vendor/cybozulib/include/cybozu/log.hpp +237 -0
  58. data/vendor/cybozulib/include/cybozu/minixml.hpp +452 -0
  59. data/vendor/cybozulib/include/cybozu/mmap.hpp +143 -0
  60. data/vendor/cybozulib/include/cybozu/mutex.hpp +144 -0
  61. data/vendor/cybozulib/include/cybozu/nlp/mecab.hpp +96 -0
  62. data/vendor/cybozulib/include/cybozu/nlp/plsi.hpp +315 -0
  63. data/vendor/cybozulib/include/cybozu/nlp/random.hpp +74 -0
  64. data/vendor/cybozulib/include/cybozu/nlp/sparse.hpp +529 -0
  65. data/vendor/cybozulib/include/cybozu/nlp/svd.hpp +486 -0
  66. data/vendor/cybozulib/include/cybozu/nlp/tfidf.hpp +226 -0
  67. data/vendor/cybozulib/include/cybozu/nlp/top_score.hpp +75 -0
  68. data/vendor/cybozulib/include/cybozu/option.hpp +743 -0
  69. data/vendor/cybozulib/include/cybozu/parallel.hpp +88 -0
  70. data/vendor/cybozulib/include/cybozu/pcg.hpp +72 -0
  71. data/vendor/cybozulib/include/cybozu/process.hpp +324 -0
  72. data/vendor/cybozulib/include/cybozu/quit_signal_handler.hpp +66 -0
  73. data/vendor/cybozulib/include/cybozu/random_generator.hpp +144 -0
  74. data/vendor/cybozulib/include/cybozu/regex.hpp +463 -0
  75. data/vendor/cybozulib/include/cybozu/select8.hpp +279 -0
  76. data/vendor/cybozulib/include/cybozu/serializer.hpp +363 -0
  77. data/vendor/cybozulib/include/cybozu/sha1.hpp +209 -0
  78. data/vendor/cybozulib/include/cybozu/sha2.hpp +506 -0
  79. data/vendor/cybozulib/include/cybozu/siphash.hpp +105 -0
  80. data/vendor/cybozulib/include/cybozu/socket.hpp +785 -0
  81. data/vendor/cybozulib/include/cybozu/ssl.hpp +203 -0
  82. data/vendor/cybozulib/include/cybozu/stacktrace.hpp +291 -0
  83. data/vendor/cybozulib/include/cybozu/stream.hpp +269 -0
  84. data/vendor/cybozulib/include/cybozu/string.hpp +1746 -0
  85. data/vendor/cybozulib/include/cybozu/string_operation.hpp +365 -0
  86. data/vendor/cybozulib/include/cybozu/sucvector.hpp +378 -0
  87. data/vendor/cybozulib/include/cybozu/test.hpp +373 -0
  88. data/vendor/cybozulib/include/cybozu/thread.hpp +229 -0
  89. data/vendor/cybozulib/include/cybozu/time.hpp +281 -0
  90. data/vendor/cybozulib/include/cybozu/tls.hpp +115 -0
  91. data/vendor/cybozulib/include/cybozu/unordered_map.hpp +13 -0
  92. data/vendor/cybozulib/include/cybozu/unordered_set.hpp +13 -0
  93. data/vendor/cybozulib/include/cybozu/v128.hpp +376 -0
  94. data/vendor/cybozulib/include/cybozu/wavelet_matrix.hpp +345 -0
  95. data/vendor/cybozulib/include/cybozu/xorshift.hpp +189 -0
  96. data/vendor/cybozulib/include/cybozu/zlib.hpp +325 -0
  97. data/vendor/cybozulib/include/sais.hxx +364 -0
  98. data/vendor/cybozulib/misc/make_select8tbl.cpp +26 -0
  99. data/vendor/cybozulib/mk.bat +37 -0
  100. data/vendor/cybozulib/readme.md +29 -0
  101. data/vendor/cybozulib/release.props +12 -0
  102. data/vendor/cybozulib/sample/Makefile +30 -0
  103. data/vendor/cybozulib/sample/csucvector_smpl.cpp +42 -0
  104. data/vendor/cybozulib/sample/data/svd/org/test1.S +4 -0
  105. data/vendor/cybozulib/sample/data/svd/org/test1.U +4 -0
  106. data/vendor/cybozulib/sample/data/svd/org/test1.V +6 -0
  107. data/vendor/cybozulib/sample/data/svd/test1 +4 -0
  108. data/vendor/cybozulib/sample/data/svd/test2 +4 -0
  109. data/vendor/cybozulib/sample/desymbol.cpp +127 -0
  110. data/vendor/cybozulib/sample/exception_smpl.cpp +46 -0
  111. data/vendor/cybozulib/sample/fmindex_smpl.cpp +231 -0
  112. data/vendor/cybozulib/sample/log_smpl.cpp +19 -0
  113. data/vendor/cybozulib/sample/mecab_smpl.cpp +37 -0
  114. data/vendor/cybozulib/sample/option2_smpl.cpp +68 -0
  115. data/vendor/cybozulib/sample/option_smpl.cpp +42 -0
  116. data/vendor/cybozulib/sample/plsi_smpl.cpp +207 -0
  117. data/vendor/cybozulib/sample/proj/exception_smpl.vcproj +184 -0
  118. data/vendor/cybozulib/sample/proj/mecab_smpl.vcproj +184 -0
  119. data/vendor/cybozulib/sample/proj/ssl_smpl/ssl_smpl.vcxproj +85 -0
  120. data/vendor/cybozulib/sample/proj/ssl_smpl.vcproj +347 -0
  121. data/vendor/cybozulib/sample/proj/stacktrace_smpl/stacktrace_smpl.vcxproj +85 -0
  122. data/vendor/cybozulib/sample/proj/svd_smpl.vcproj +184 -0
  123. data/vendor/cybozulib/sample/quit_signal_handler.cpp +30 -0
  124. data/vendor/cybozulib/sample/serializer_smpl.cpp +196 -0
  125. data/vendor/cybozulib/sample/socket_smpl.cpp +82 -0
  126. data/vendor/cybozulib/sample/ssl_smpl.cpp +39 -0
  127. data/vendor/cybozulib/sample/stacktrace_smpl.cpp +52 -0
  128. data/vendor/cybozulib/sample/svd_bench_smpl.cpp +143 -0
  129. data/vendor/cybozulib/sample/svd_smpl.cpp +94 -0
  130. data/vendor/cybozulib/sample/wm_bench_smpl.cpp +182 -0
  131. data/vendor/cybozulib/sample/zlib_smpl.cpp +41 -0
  132. data/vendor/cybozulib/src/Makefile +8 -0
  133. data/vendor/cybozulib/src/base/Makefile +19 -0
  134. data/vendor/cybozulib/test/Makefile +12 -0
  135. data/vendor/cybozulib/test/base/Makefile +37 -0
  136. data/vendor/cybozulib/test/base/array_test.cpp +173 -0
  137. data/vendor/cybozulib/test/base/atoi_test.cpp +774 -0
  138. data/vendor/cybozulib/test/base/atomic_test.cpp +49 -0
  139. data/vendor/cybozulib/test/base/base64_test.cpp +113 -0
  140. data/vendor/cybozulib/test/base/bit_operation_test.cpp +134 -0
  141. data/vendor/cybozulib/test/base/bitvector_test.cpp +204 -0
  142. data/vendor/cybozulib/test/base/condition_variable_cs_test.cpp +92 -0
  143. data/vendor/cybozulib/test/base/condition_variable_test.cpp +88 -0
  144. data/vendor/cybozulib/test/base/config_test.cpp +236 -0
  145. data/vendor/cybozulib/test/base/crypto_test.cpp +122 -0
  146. data/vendor/cybozulib/test/base/csucvector_test.cpp +63 -0
  147. data/vendor/cybozulib/test/base/csv_test.cpp +182 -0
  148. data/vendor/cybozulib/test/base/data/a.xml +26 -0
  149. data/vendor/cybozulib/test/base/endian_test.cpp +56 -0
  150. data/vendor/cybozulib/test/base/env_test.cpp +22 -0
  151. data/vendor/cybozulib/test/base/event_test.cpp +41 -0
  152. data/vendor/cybozulib/test/base/file_test.cpp +233 -0
  153. data/vendor/cybozulib/test/base/fmindex_test.cpp +118 -0
  154. data/vendor/cybozulib/test/base/format_test.cpp +12 -0
  155. data/vendor/cybozulib/test/base/frequency_test.cpp +104 -0
  156. data/vendor/cybozulib/test/base/itoa_test.cpp +522 -0
  157. data/vendor/cybozulib/test/base/line_stream_test.cpp +208 -0
  158. data/vendor/cybozulib/test/base/mecab_test.cpp +41 -0
  159. data/vendor/cybozulib/test/base/minixml_test.cpp +103 -0
  160. data/vendor/cybozulib/test/base/mmap_test.cpp +15 -0
  161. data/vendor/cybozulib/test/base/option_test.cpp +487 -0
  162. data/vendor/cybozulib/test/base/parallel_test.cpp +48 -0
  163. data/vendor/cybozulib/test/base/proj/array_test/array_test.vcxproj +86 -0
  164. data/vendor/cybozulib/test/base/proj/atoi_test/atoi_test.vcxproj +86 -0
  165. data/vendor/cybozulib/test/base/proj/atomic_test/atomic_test.vcxproj +86 -0
  166. data/vendor/cybozulib/test/base/proj/base64_test/base64_test.vcxproj +86 -0
  167. data/vendor/cybozulib/test/base/proj/condition_variable_cs_test/condition_variable_cs_test.vcxproj +86 -0
  168. data/vendor/cybozulib/test/base/proj/condition_variable_test/condition_variable_test.vcxproj +86 -0
  169. data/vendor/cybozulib/test/base/proj/config_test/config_test.vcxproj +86 -0
  170. data/vendor/cybozulib/test/base/proj/csv_test/csv_test.vcxproj +86 -0
  171. data/vendor/cybozulib/test/base/proj/endian_test/endian_test.vcxproj +86 -0
  172. data/vendor/cybozulib/test/base/proj/env_test/env_test.vcxproj +86 -0
  173. data/vendor/cybozulib/test/base/proj/event_test/event_test.vcxproj +86 -0
  174. data/vendor/cybozulib/test/base/proj/file_test/file_test.vcxproj +86 -0
  175. data/vendor/cybozulib/test/base/proj/itoa_test/itoa_test.vcxproj +86 -0
  176. data/vendor/cybozulib/test/base/proj/mecab_test/mecab_test.vcxproj +88 -0
  177. data/vendor/cybozulib/test/base/proj/minixml_test/minixml_test.vcxproj +86 -0
  178. data/vendor/cybozulib/test/base/proj/mmap_test/mmap_test.vcxproj +86 -0
  179. data/vendor/cybozulib/test/base/proj/serializer_test/serializer_test.vcxproj +86 -0
  180. data/vendor/cybozulib/test/base/proj/sha1_test/sha1_test.vcxproj +86 -0
  181. data/vendor/cybozulib/test/base/proj/stream_test/stream_test.vcxproj +86 -0
  182. data/vendor/cybozulib/test/base/proj/string_operation_test/string_operation_test.vcxproj +86 -0
  183. data/vendor/cybozulib/test/base/proj/string_test/string_test.vcxproj +86 -0
  184. data/vendor/cybozulib/test/base/proj/thread_test/thread_test.vcxproj +86 -0
  185. data/vendor/cybozulib/test/base/proj/time_test/time_test.vcxproj +86 -0
  186. data/vendor/cybozulib/test/base/proj/tls_test/tls_test.vcxproj +86 -0
  187. data/vendor/cybozulib/test/base/proj/zlib_test/zlib_test.vcxproj +86 -0
  188. data/vendor/cybozulib/test/base/random_generator_test.cpp +28 -0
  189. data/vendor/cybozulib/test/base/regex_test.cpp +74 -0
  190. data/vendor/cybozulib/test/base/serializer_test.cpp +483 -0
  191. data/vendor/cybozulib/test/base/sha1_test.cpp +61 -0
  192. data/vendor/cybozulib/test/base/sha2_test.cpp +191 -0
  193. data/vendor/cybozulib/test/base/siphash_test.cpp +33 -0
  194. data/vendor/cybozulib/test/base/socket_test.cpp +76 -0
  195. data/vendor/cybozulib/test/base/stream_test.cpp +101 -0
  196. data/vendor/cybozulib/test/base/string_operation_test.cpp +340 -0
  197. data/vendor/cybozulib/test/base/string_test.cpp +1705 -0
  198. data/vendor/cybozulib/test/base/sucvector_test.cpp +312 -0
  199. data/vendor/cybozulib/test/base/thread_test.cpp +62 -0
  200. data/vendor/cybozulib/test/base/time_test.cpp +164 -0
  201. data/vendor/cybozulib/test/base/tls_test.cpp +50 -0
  202. data/vendor/cybozulib/test/base/wavelet_matrix_test.cpp +145 -0
  203. data/vendor/cybozulib/test/base/zlib_test.cpp +371 -0
  204. data/vendor/cybozulib/test/nlp/Makefile +27 -0
  205. data/vendor/cybozulib/test/nlp/proj/random_test.vcproj +184 -0
  206. data/vendor/cybozulib/test/nlp/proj/sparse_test.vcproj +184 -0
  207. data/vendor/cybozulib/test/nlp/proj/svd_test.vcproj +184 -0
  208. data/vendor/cybozulib/test/nlp/random_test.cpp +62 -0
  209. data/vendor/cybozulib/test/nlp/sparse_test.cpp +347 -0
  210. data/vendor/cybozulib/test/nlp/svd_test.cpp +234 -0
  211. data/vendor/cybozulib/test/nlp/top_score_test.cpp +40 -0
  212. data/vendor/cybozulib/tool/create_vcproj.py +186 -0
  213. data/vendor/cybozulib/tool/vcproj_tmpl.py +185 -0
  214. data/vendor/msoffice/COPYRIGHT +27 -0
  215. data/vendor/msoffice/Makefile +29 -0
  216. data/vendor/msoffice/bin/64/msoc.dll +0 -0
  217. data/vendor/msoffice/bin/64/msocsample.exe +0 -0
  218. data/vendor/msoffice/bin/64/msoffice-crypt.exe +0 -0
  219. data/vendor/msoffice/bin/msoc.dll +0 -0
  220. data/vendor/msoffice/bin/msocsample.exe +0 -0
  221. data/vendor/msoffice/bin/msoffice-crypt.exe +0 -0
  222. data/vendor/msoffice/common.mk +71 -0
  223. data/vendor/msoffice/common.props +26 -0
  224. data/vendor/msoffice/debug.props +14 -0
  225. data/vendor/msoffice/include/attack.hpp +211 -0
  226. data/vendor/msoffice/include/cfb.hpp +777 -0
  227. data/vendor/msoffice/include/crypto_util.hpp +450 -0
  228. data/vendor/msoffice/include/custom_sha1.hpp +342 -0
  229. data/vendor/msoffice/include/decode.hpp +240 -0
  230. data/vendor/msoffice/include/encode.hpp +221 -0
  231. data/vendor/msoffice/include/make_dataspace.hpp +316 -0
  232. data/vendor/msoffice/include/msoc.h +129 -0
  233. data/vendor/msoffice/include/resource.hpp +7 -0
  234. data/vendor/msoffice/include/standard_encryption.hpp +145 -0
  235. data/vendor/msoffice/include/uint32vec.hpp +179 -0
  236. data/vendor/msoffice/include/util.hpp +212 -0
  237. data/vendor/msoffice/lib/.emptydir +0 -0
  238. data/vendor/msoffice/misc/decrypt-xls.vbs +46 -0
  239. data/vendor/msoffice/mk.bat +1 -0
  240. data/vendor/msoffice/mkdll.bat +3 -0
  241. data/vendor/msoffice/msoc.def +13 -0
  242. data/vendor/msoffice/msocsample.py +178 -0
  243. data/vendor/msoffice/msoffice12.sln +31 -0
  244. data/vendor/msoffice/readme.md +110 -0
  245. data/vendor/msoffice/release.props +28 -0
  246. data/vendor/msoffice/src/Makefile +19 -0
  247. data/vendor/msoffice/src/attack.cpp +124 -0
  248. data/vendor/msoffice/src/cfb_test.cpp +77 -0
  249. data/vendor/msoffice/src/minisample.c +54 -0
  250. data/vendor/msoffice/src/msocdll.cpp +276 -0
  251. data/vendor/msoffice/src/msocsample.c +136 -0
  252. data/vendor/msoffice/src/msoffice-crypt.cpp +219 -0
  253. data/vendor/msoffice/src/proj/attack/attack.vcxproj +88 -0
  254. data/vendor/msoffice/src/proj/main/msoffice-crypt.vcxproj +88 -0
  255. data/vendor/msoffice/src/sha1.cpp +234 -0
  256. data/vendor/msoffice/test/Makefile +20 -0
  257. data/vendor/msoffice/test/cfb_test.cpp +74 -0
  258. data/vendor/msoffice/test/hash_test.cpp +59 -0
  259. data/vendor/msoffice/test/proj/cfb/cfb_test.vcxproj +90 -0
  260. data/vendor/msoffice/test/proj/hash/hash_test.vcxproj +90 -0
  261. data/vendor/msoffice/test/sampl.bat +8 -0
  262. data/vendor/msoffice/test_all.py +46 -0
  263. data/vendor/update +4 -0
  264. metadata +351 -0
@@ -0,0 +1,342 @@
1
+ #pragma once
2
+ /**
3
+ @file custom sha1
4
+ @brief simd version of sha1
5
+ Copyright (C) 2012 Cybozu Labs, Inc., all rights reserved.
6
+ */
7
+
8
+ //#define SHA1_DONT_USE_CYBOZULIB
9
+ #ifndef SHA1_DONT_USE_CYBOZULIB
10
+ #include <cybozu/endian.hpp>
11
+ #endif
12
+ #include <assert.h>
13
+ #include <string>
14
+
15
+ #define SHA1_USE_SIMD
16
+ #ifdef SHA1_USE_SIMD
17
+ #include "uint32vec.hpp"
18
+ #endif
19
+
20
+ #define SHA1_CALC0(f, W, K) \
21
+ { \
22
+ T tmp = S(a, 5) + f(b, c, d) + e + W + K; \
23
+ e = d; \
24
+ d = c; \
25
+ c = S(b, 30); \
26
+ b = a; \
27
+ a = tmp; \
28
+ }
29
+
30
+ #define SHA1_CALC1(i, f, K) SHA1_CALC0(f, W[i], K)
31
+
32
+ #define SHA1_CALC2(i, f, K) \
33
+ W[i] = S(W[i - 3] ^ W[i - 8] ^ W[i - 14] ^ W[i - 16], 1); \
34
+ SHA1_CALC1(i, f, K) \
35
+
36
+ #define SHA1_LOOP20(loopOne, offset, f, K) \
37
+ loopOne(offset + 0, f, K) \
38
+ loopOne(offset + 1, f, K) \
39
+ loopOne(offset + 2, f, K) \
40
+ loopOne(offset + 3, f, K) \
41
+ loopOne(offset + 4, f, K) \
42
+ loopOne(offset + 5, f, K) \
43
+ loopOne(offset + 6, f, K) \
44
+ loopOne(offset + 7, f, K) \
45
+ loopOne(offset + 8, f, K) \
46
+ loopOne(offset + 9, f, K) \
47
+ loopOne(offset +10, f, K) \
48
+ loopOne(offset +11, f, K) \
49
+ loopOne(offset +12, f, K) \
50
+ loopOne(offset +13, f, K) \
51
+ loopOne(offset +14, f, K) \
52
+ loopOne(offset +15, f, K) \
53
+ loopOne(offset +16, f, K) \
54
+ loopOne(offset +17, f, K) \
55
+ loopOne(offset +18, f, K) \
56
+ loopOne(offset +19, f, K)
57
+
58
+ #define SHA1_LOOP1(f, K) \
59
+ SHA1_CALC1( 0, f, K) \
60
+ SHA1_CALC1( 1, f, K) \
61
+ SHA1_CALC1( 2, f, K) \
62
+ SHA1_CALC1( 3, f, K) \
63
+ SHA1_CALC1( 4, f, K) \
64
+ SHA1_CALC1( 5, f, K) \
65
+ SHA1_CALC0( f, W_06, K) \
66
+ SHA1_CALC0( f, 0, K) \
67
+ SHA1_CALC0( f, 0, K) \
68
+ SHA1_CALC0( f, 0, K) \
69
+ SHA1_CALC0( f, 0, K) \
70
+ SHA1_CALC0( f, 0, K) \
71
+ SHA1_CALC0( f, 0, K) \
72
+ SHA1_CALC0( f, 0, K) \
73
+ SHA1_CALC0( f, 0, K) \
74
+ SHA1_CALC0( f, W_15, K) \
75
+ W[16] = S( W[ 2] ^ W[ 0], 1); \
76
+ SHA1_CALC1(16, f, K) \
77
+ W[17] = S( W[ 3] ^ W[ 1], 1); \
78
+ SHA1_CALC1(17, f, K) \
79
+ W[18] = S(W_15 ^ W[ 4] ^ W[ 2], 1); \
80
+ SHA1_CALC1(18, f, K) \
81
+ W[19] = S(W[16] ^ W[ 5] ^ W[ 3], 1); \
82
+ SHA1_CALC1(19, f, K)
83
+
84
+ #define SHA1_LOOP2(f, K) \
85
+ W[20] = S(W[17] ^ W_06 ^ W[ 4], 1); \
86
+ SHA1_CALC1(20, f, K) \
87
+ W[21] = S(W[18] ^ W[ 5], 1); \
88
+ SHA1_CALC1(21, f, K) \
89
+ W[22] = S(W[19] ^ W_06 , 1); \
90
+ SHA1_CALC1(22, f, K) \
91
+ W[23] = S(W[20] ^ W_15, 1); \
92
+ SHA1_CALC1(23, f, K) \
93
+ W[24] = S(W[21] ^ W[16], 1); \
94
+ SHA1_CALC1(24, f, K) \
95
+ W[25] = S(W[22] ^ W[17], 1); \
96
+ SHA1_CALC1(25, f, K) \
97
+ W[26] = S(W[23] ^ W[18], 1); \
98
+ SHA1_CALC1(26, f, K) \
99
+ W[27] = S(W[24] ^ W[19], 1); \
100
+ SHA1_CALC1(27, f, K) \
101
+ W[28] = S(W[25] ^ W[20], 1); \
102
+ SHA1_CALC1(28, f, K) \
103
+ W[29] = S(W[26] ^ W[21] ^ W_15, 1); \
104
+ SHA1_CALC1(29, f, K) \
105
+ W[30] = S(W[27] ^ W[22] ^ W[16], 1); \
106
+ SHA1_CALC1(30, f, K) \
107
+ W[31] = S(W[28] ^ W[23] ^ W[17] ^ W_15, 1); \
108
+ SHA1_CALC1(31, f, K) \
109
+ SHA1_CALC2(32, f, K) \
110
+ SHA1_CALC2(33, f, K) \
111
+ SHA1_CALC2(34, f, K) \
112
+ SHA1_CALC2(35, f, K) \
113
+ SHA1_CALC2(36, f, K) \
114
+ SHA1_CALC2(37, f, K) \
115
+ SHA1_CALC2(38, f, K) \
116
+ SHA1_CALC2(39, f, K)
117
+
118
+ #define SHA1_LOOP3(offset, f, K) SHA1_LOOP20(SHA1_CALC2, offset, f, K)
119
+
120
+ class CustomSha1 {
121
+ static inline uint32_t S(uint32_t x, int s)
122
+ {
123
+ #ifdef _MSC_VER
124
+ return _rotl(x, s);
125
+ #else
126
+ return (x << s) | (x >> (32 - s));
127
+ #endif
128
+ }
129
+ #ifdef SHA1_USE_SIMD
130
+ template<class T>
131
+ static inline T S(T x, int s)
132
+ {
133
+ return (x << s) | (x >> (32 - s));
134
+ }
135
+ #endif
136
+
137
+ static inline uint32_t getBE(const char *p)
138
+ {
139
+ #ifdef SHA1_DONT_USE_CYBOZULIB
140
+ uint32_t a = (uint8_t)p[0];
141
+ uint32_t b = (uint8_t)p[1];
142
+ uint32_t c = (uint8_t)p[2];
143
+ uint32_t d = (uint8_t)p[3];
144
+ return (a << 24) | (b << 16) | (c << 8) | d;
145
+ #else
146
+ return cybozu::Get32bitAsBE(p);
147
+ #endif
148
+ }
149
+
150
+ static inline void setBE(void *out, uint32_t x)
151
+ {
152
+ #ifdef SHA1_DONT_USE_CYBOZULIB
153
+ uint8_t *p = (uint8_t *)out;
154
+ p[0] = uint8_t(x >> 24);
155
+ p[1] = uint8_t(x >> 16);
156
+ p[2] = uint8_t(x >> 8);
157
+ p[3] = uint8_t(x);
158
+ #else
159
+ cybozu::Set32bitAsBE(out, x);
160
+ #endif
161
+ }
162
+ static uint32_t f0(uint32_t b, uint32_t c, uint32_t d) { return (b & c) | ((~b) & d); }
163
+ #ifdef SHA1_USE_SIMD
164
+ template<class T>
165
+ static T f0(T b, T c, T d) { return (b & c) | andn(b, d); }
166
+ #endif
167
+ template<class T>
168
+ static T f1(T b, T c, T d) { return b ^ c ^ d; }
169
+ template<class T>
170
+ static T f2(T b, T c, T d) { return (b & c) | (b & d) | (c & d); }
171
+ static inline int mod(int n) { return n & 15; }
172
+ /*
173
+ input : W[1..5]
174
+ */
175
+ template<class T>
176
+ static void digestOnce(T W[16])
177
+ {
178
+ T W_06 = 0x80000000;
179
+ T W_07, W_08, W_09, W_10, W_11, W_12, W_13, W_14;
180
+ T W_15 = 0xc0;
181
+
182
+ /*
183
+ input = W[0..5]
184
+ W[0] = index
185
+ W[1..5] = previous hash(input)
186
+ W_06 = 0x80000000
187
+ W_07..14= 0
188
+ W_15 = 0xc0
189
+ output : W[1..5]
190
+ */
191
+ const T H0 = 0x67452301;
192
+ const T H1 = 0xefcdab89;
193
+ const T H2 = 0x98badcfe;
194
+ const T H3 = 0x10325476;
195
+ const T H4 = 0xc3d2e1f0;
196
+ const T K0 = 0x5a827999;
197
+ const T K1 = 0x6ed9eba1;
198
+ const T K2 = 0x8f1bbcdc;
199
+ const T K3 = 0xca62c1d6;
200
+ T a = H0;
201
+ T b = H1;
202
+ T c = H2;
203
+ T d = H3;
204
+ T e = H4;
205
+
206
+ SHA1_CALC0(f0, W[0], K0)
207
+ SHA1_CALC0(f0, W[1], K0)
208
+ SHA1_CALC0(f0, W[2], K0)
209
+ SHA1_CALC0(f0, W[3], K0)
210
+ SHA1_CALC0(f0, W[4], K0)
211
+ SHA1_CALC0(f0, W[5], K0)
212
+ SHA1_CALC0(f0, W_06, K0)
213
+ SHA1_CALC0(f0, 0, K0)
214
+ SHA1_CALC0(f0, 0, K0)
215
+ SHA1_CALC0(f0, 0, K0)
216
+ SHA1_CALC0(f0, 0, K0)
217
+ SHA1_CALC0(f0, 0, K0)
218
+ SHA1_CALC0(f0, 0, K0)
219
+ SHA1_CALC0(f0, 0, K0)
220
+ SHA1_CALC0(f0, 0, K0)
221
+ SHA1_CALC0(f0, W_15, K0)
222
+ W[0] = S( W[2] ^ W[0], 1); SHA1_CALC0(f0, W[0], K0)
223
+ W[1] = S( W[3] ^ W[1], 1); SHA1_CALC0(f0, W[1], K0)
224
+ W[2] = S(W_15 ^ W[4] ^ W[2], 1); SHA1_CALC0(f0, W[2], K0)
225
+ W[3] = S(W[0] ^ W[5] ^ W[3], 1); SHA1_CALC0(f0, W[3], K0)
226
+ W[4] = S(W[1] ^ W_06 ^ W[4], 1); SHA1_CALC0(f1, W[4], K1)
227
+ W[5] = S(W[2] ^ W[5], 1); SHA1_CALC0(f1, W[5], K1)
228
+ W_06 = S(W[3] ^ W_06, 1); SHA1_CALC0(f1, W_06, K1)
229
+ W_07 = S(W[4] ^ W_15 , 1); SHA1_CALC0(f1, W_07, K1)
230
+ W_08 = S(W[5] ^ W[0] , 1); SHA1_CALC0(f1, W_08, K1)
231
+ W_09 = S(W_06 ^ W[1] , 1); SHA1_CALC0(f1, W_09, K1)
232
+ W_10 = S(W_07 ^ W[2] , 1); SHA1_CALC0(f1, W_10, K1)
233
+ W_11 = S(W_08 ^ W[3] , 1); SHA1_CALC0(f1, W_11, K1)
234
+ W_12 = S(W_09 ^ W[4] , 1); SHA1_CALC0(f1, W_12, K1)
235
+ W_13 = S(W_10 ^ W[5] ^ W_15 , 1); SHA1_CALC0(f1, W_13, K1)
236
+ W_14 = S(W_11 ^ W_06 ^ W[0] , 1); SHA1_CALC0(f1, W_14, K1)
237
+ W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f1, W_15, K1)
238
+ W[0] = S(W_13 ^ W_08 ^ W[2] ^ W[0], 1); SHA1_CALC0(f1, W[0], K1)
239
+ W[1] = S(W_14 ^ W_09 ^ W[3] ^ W[1], 1); SHA1_CALC0(f1, W[1], K1)
240
+ W[2] = S(W_15 ^ W_10 ^ W[4] ^ W[2], 1); SHA1_CALC0(f1, W[2], K1)
241
+ W[3] = S(W[0] ^ W_11 ^ W[5] ^ W[3], 1); SHA1_CALC0(f1, W[3], K1)
242
+ W[4] = S(W[1] ^ W_12 ^ W_06 ^ W[4], 1); SHA1_CALC0(f1, W[4], K1)
243
+ W[5] = S(W[2] ^ W_13 ^ W_07 ^ W[5], 1); SHA1_CALC0(f1, W[5], K1)
244
+ W_06 = S(W[3] ^ W_14 ^ W_08 ^ W_06, 1); SHA1_CALC0(f1, W_06, K1)
245
+ W_07 = S(W[4] ^ W_15 ^ W_09 ^ W_07, 1); SHA1_CALC0(f1, W_07, K1)
246
+ W_08 = S(W[5] ^ W[0] ^ W_10 ^ W_08, 1); SHA1_CALC0(f2, W_08, K2)
247
+ W_09 = S(W_06 ^ W[1] ^ W_11 ^ W_09, 1); SHA1_CALC0(f2, W_09, K2)
248
+ W_10 = S(W_07 ^ W[2] ^ W_12 ^ W_10, 1); SHA1_CALC0(f2, W_10, K2)
249
+ W_11 = S(W_08 ^ W[3] ^ W_13 ^ W_11, 1); SHA1_CALC0(f2, W_11, K2)
250
+ W_12 = S(W_09 ^ W[4] ^ W_14 ^ W_12, 1); SHA1_CALC0(f2, W_12, K2)
251
+ W_13 = S(W_10 ^ W[5] ^ W_15 ^ W_13, 1); SHA1_CALC0(f2, W_13, K2)
252
+ W_14 = S(W_11 ^ W_06 ^ W[0] ^ W_14, 1); SHA1_CALC0(f2, W_14, K2)
253
+ W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f2, W_15, K2)
254
+ W[0] = S(W_13 ^ W_08 ^ W[2] ^ W[0], 1); SHA1_CALC0(f2, W[0], K2)
255
+ W[1] = S(W_14 ^ W_09 ^ W[3] ^ W[1], 1); SHA1_CALC0(f2, W[1], K2)
256
+ W[2] = S(W_15 ^ W_10 ^ W[4] ^ W[2], 1); SHA1_CALC0(f2, W[2], K2)
257
+ W[3] = S(W[0] ^ W_11 ^ W[5] ^ W[3], 1); SHA1_CALC0(f2, W[3], K2)
258
+ W[4] = S(W[1] ^ W_12 ^ W_06 ^ W[4], 1); SHA1_CALC0(f2, W[4], K2)
259
+ W[5] = S(W[2] ^ W_13 ^ W_07 ^ W[5], 1); SHA1_CALC0(f2, W[5], K2)
260
+ W_06 = S(W[3] ^ W_14 ^ W_08 ^ W_06, 1); SHA1_CALC0(f2, W_06, K2)
261
+ W_07 = S(W[4] ^ W_15 ^ W_09 ^ W_07, 1); SHA1_CALC0(f2, W_07, K2)
262
+ W_08 = S(W[5] ^ W[0] ^ W_10 ^ W_08, 1); SHA1_CALC0(f2, W_08, K2)
263
+ W_09 = S(W_06 ^ W[1] ^ W_11 ^ W_09, 1); SHA1_CALC0(f2, W_09, K2)
264
+ W_10 = S(W_07 ^ W[2] ^ W_12 ^ W_10, 1); SHA1_CALC0(f2, W_10, K2)
265
+ W_11 = S(W_08 ^ W[3] ^ W_13 ^ W_11, 1); SHA1_CALC0(f2, W_11, K2)
266
+ W_12 = S(W_09 ^ W[4] ^ W_14 ^ W_12, 1); SHA1_CALC0(f1, W_12, K3)
267
+ W_13 = S(W_10 ^ W[5] ^ W_15 ^ W_13, 1); SHA1_CALC0(f1, W_13, K3)
268
+ W_14 = S(W_11 ^ W_06 ^ W[0] ^ W_14, 1); SHA1_CALC0(f1, W_14, K3)
269
+ W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f1, W_15, K3)
270
+ W[0] = S(W_13 ^ W_08 ^ W[2] ^ W[0], 1); SHA1_CALC0(f1, W[0], K3)
271
+ W[1] = S(W_14 ^ W_09 ^ W[3] ^ W[1], 1); SHA1_CALC0(f1, W[1], K3)
272
+ W[2] = S(W_15 ^ W_10 ^ W[4] ^ W[2], 1); SHA1_CALC0(f1, W[2], K3)
273
+ W[3] = S(W[0] ^ W_11 ^ W[5] ^ W[3], 1); SHA1_CALC0(f1, W[3], K3)
274
+ W[4] = S(W[1] ^ W_12 ^ W_06 ^ W[4], 1); SHA1_CALC0(f1, W[4], K3)
275
+ W[5] = S(W[2] ^ W_13 ^ W_07 ^ W[5], 1); SHA1_CALC0(f1, W[5], K3)
276
+ W_06 = S(W[3] ^ W_14 ^ W_08 ^ W_06, 1); SHA1_CALC0(f1, W_06, K3)
277
+ W_07 = S(W[4] ^ W_15 ^ W_09 ^ W_07, 1); SHA1_CALC0(f1, W_07, K3)
278
+ W_08 = S(W[5] ^ W[0] ^ W_10 ^ W_08, 1); SHA1_CALC0(f1, W_08, K3)
279
+ W_09 = S(W_06 ^ W[1] ^ W_11 ^ W_09, 1); SHA1_CALC0(f1, W_09, K3)
280
+ W_10 = S(W_07 ^ W[2] ^ W_12 ^ W_10, 1); SHA1_CALC0(f1, W_10, K3)
281
+ W_11 = S(W_08 ^ W[3] ^ W_13 ^ W_11, 1); SHA1_CALC0(f1, W_11, K3)
282
+ W_12 = S(W_09 ^ W[4] ^ W_14 ^ W_12, 1); SHA1_CALC0(f1, W_12, K3)
283
+ W_13 = S(W_10 ^ W[5] ^ W_15 ^ W_13, 1); SHA1_CALC0(f1, W_13, K3)
284
+ W_14 = S(W_11 ^ W_06 ^ W[0] ^ W_14, 1); SHA1_CALC0(f1, W_14, K3)
285
+ W_15 = S(W_12 ^ W_07 ^ W[1] ^ W_15, 1); SHA1_CALC0(f1, W_15, K3)
286
+
287
+ W[1] = a + H0;
288
+ W[2] = b + H1;
289
+ W[3] = c + H2;
290
+ W[4] = d + H3;
291
+ W[5] = e + H4;
292
+ }
293
+ public:
294
+ /*
295
+ input h[0..19]
296
+ output h[0..19]
297
+ */
298
+ static inline void digest(char *h, int spinCount)
299
+ {
300
+ uint32_t W[80];
301
+ for (int i = 1; i < 6; i++) {
302
+ W[i] = getBE(&h[(i - 1) * 4]);
303
+ }
304
+ for (int i = 0; i < spinCount; i++) {
305
+ // W[0]
306
+ setBE(W, i);
307
+ digestOnce<uint32_t>(W);
308
+ }
309
+ for (size_t i = 1; i < 6; i++) {
310
+ setBE(&h[(i - 1) * 4], W[i]);
311
+ }
312
+ }
313
+ #ifdef SHA1_USE_SIMD
314
+ /*
315
+ in/out out[n]
316
+ assume out[i].size() == 20
317
+ */
318
+ template<int n>
319
+ static inline void digestX(std::string out[n], int spinCount)
320
+ {
321
+ Uint32Vec W[80];
322
+ for (int i = 1; i < 6; i++) {
323
+ const int pos = (i - 1) * 4;
324
+ #ifdef UINT32VEC_USE_AVX2
325
+ W[i].set(getBE(&out[7][pos]), getBE(&out[6][pos]), getBE(&out[5][pos]), getBE(&out[4][pos]), getBE(&out[3][pos]), getBE(&out[2][pos]), getBE(&out[1][pos]), getBE(&out[0][pos]));
326
+ #else
327
+ W[i].set(getBE(&out[3][pos]), getBE(&out[2][pos]), getBE(&out[1][pos]), getBE(&out[0][pos]));
328
+ #endif
329
+ }
330
+ for (int i = 0; i < spinCount; i++) {
331
+ W[0] = cybozu::byteSwap(uint32_t(i));
332
+ digestOnce<Uint32Vec >(W);
333
+ }
334
+ for (size_t i = 1; i < 6; i++) {
335
+ for (int j = 0; j < n; j++) {
336
+ uint32_t x = getBE((const char*)&W[i] + j * 4);
337
+ memcpy(&out[j][(i - 1) * 4], &x, sizeof(x));
338
+ }
339
+ }
340
+ }
341
+ #endif
342
+ };
@@ -0,0 +1,240 @@
1
+ #pragma once
2
+ /**
3
+ @file
4
+ @brief MS Office encryption decoder
5
+ Copyright (C) 2012 Cybozu Labs, Inc., all rights reserved.
6
+ see [MS-OFFCRYPTO]
7
+ Office Document Cryptography Structure Specification
8
+ */
9
+ #include <fstream>
10
+ #include <cybozu/mmap.hpp>
11
+ #include <cybozu/file.hpp>
12
+ #include <cybozu/minixml.hpp>
13
+ #include <cybozu/atoi.hpp>
14
+ #include <cybozu/crypto.hpp>
15
+ #include <cybozu/random_generator.hpp>
16
+ #include "cfb.hpp"
17
+ #include "crypto_util.hpp"
18
+
19
+ namespace ms {
20
+
21
+ inline void DecContent(std::string& dec, const std::string& data, const CipherParam& param, const std::string& key, const std::string& salt)
22
+ {
23
+ const size_t blockSize = 4096;
24
+ dec.reserve(data.size());
25
+ const size_t n = (data.size() + blockSize - 1) / blockSize;
26
+ for (size_t i = 0; i < n; i++) {
27
+ const size_t len = (i < n - 1) ? blockSize : (data.size() % blockSize);
28
+ std::string blockKey(4, 0);
29
+ cybozu::Set32bitAsLE(&blockKey[0], static_cast<uint32_t>(i));
30
+ const std::string iv = generateKey(param, salt, blockKey);
31
+ dec.append(cipher(param.cipherName, data.c_str() + i * blockSize, len, key, iv, cybozu::crypto::Cipher::Decoding));
32
+ }
33
+ }
34
+
35
+ /*
36
+ split encryptedPackage as [uint64_t:encData]
37
+ */
38
+ inline uint64_t GetEncodedData(std::string& encData, const std::string& encryptedPackage)
39
+ {
40
+ if (encryptedPackage.size() < 8) {
41
+ throw cybozu::Exception("ms:GetEncodedData:tool small") << encryptedPackage.size();
42
+ }
43
+ const char *p = &encryptedPackage[0];
44
+ const uint64_t size = cybozu::Get64bitAsLE(p);
45
+ dprintf("package size:header %d encryptedPackage %d\n", (int)size, (int)encryptedPackage.size());
46
+ MS_ASSERT(encryptedPackage.size() - 8 >= size);
47
+ encData = encryptedPackage.substr(8);
48
+ return size;
49
+ }
50
+
51
+ inline const std::string& GetContensByName(const ms::cfb::CompoundFile& cfb, const std::string& name)
52
+ {
53
+ const cybozu::String16 wname = cybozu::ToUtf16(name);
54
+ const ms::cfb::DirectoryEntryVec& dirs = cfb.dirs;
55
+ for (size_t i = 0; i < dirs.size(); i++) {
56
+ const ms::cfb::DirectoryEntry& dir = dirs[i];
57
+ if (dir.directoryEntryName == wname) {
58
+ return dir.content;
59
+ }
60
+ }
61
+ throw cybozu::Exception("ms:GetContentsByName:name") << name;
62
+ }
63
+
64
+ /*
65
+ verify integrity
66
+ hmac = openssl dgst -sha1 -mac HMAC -macopt hexkey:hex(salt) encryptedpackage
67
+ hmac == hex(expected)
68
+ */
69
+ inline bool VerifyIntegrity(
70
+ const std::string& encryptedPackage,
71
+ const CipherParam& keyData,
72
+ const std::string& secretKey,
73
+ const std::string& saltValue,
74
+ const std::string& encryptedHmacKey,
75
+ const std::string& encryptedHmacValue)
76
+ {
77
+ const std::string iv1 = generateIv(keyData, ms::blkKey_dataIntegrity1, saltValue);
78
+ const std::string iv2 = generateIv(keyData, ms::blkKey_dataIntegrity2, saltValue);
79
+ const std::string salt = cipher(keyData.cipherName, encryptedHmacKey, secretKey, iv1, cybozu::crypto::Cipher::Decoding).substr(0, keyData.hashSize);
80
+ const std::string expected = cipher(keyData.cipherName, encryptedHmacValue, secretKey, iv2, cybozu::crypto::Cipher::Decoding).substr(0, keyData.hashSize);
81
+
82
+ cybozu::crypto::Hmac hmac(keyData.hashName);
83
+ std::string ret = hmac.eval(salt, encryptedPackage);
84
+ return ret == expected;
85
+ }
86
+
87
+ inline bool getAgileSecretKey(std::string& secretKey, const EncryptionInfo& info, const std::string& pass)
88
+ {
89
+ const CipherParam& keyData = info.keyData;
90
+ const CipherParam& encryptedKey = info.encryptedKey;
91
+ const std::string& iv = encryptedKey.saltValue;
92
+
93
+ const std::string pwHash = hashPassword(encryptedKey.hashName, iv, pass, info.spinCount);
94
+ const std::string skey1 = generateKey(encryptedKey, pwHash, ms::blkKey_VerifierHashInput);
95
+ const std::string skey2 = generateKey(encryptedKey, pwHash, ms::blkKey_encryptedVerifierHashValue);
96
+
97
+ const std::string verifierHashInput = cipher(encryptedKey.cipherName, info.encryptedVerifierHashInput, skey1, iv, cybozu::crypto::Cipher::Decoding);
98
+ const std::string hashedVerifier = cybozu::crypto::Hash::digest(encryptedKey.hashName, verifierHashInput);
99
+ const std::string verifierHash = cipher(encryptedKey.cipherName, info.encryptedVerifierHashValue, skey2, iv, cybozu::crypto::Cipher::Decoding).substr(0, hashedVerifier.size());
100
+
101
+ if (hashedVerifier != verifierHash) {
102
+ return false;
103
+ }
104
+ const std::string skey3 = generateKey(encryptedKey, pwHash, ms::blkKey_encryptedKeyValue);
105
+ secretKey = cipher(encryptedKey.cipherName, info.encryptedKeyValue, skey3, iv, cybozu::crypto::Cipher::Decoding);
106
+ if (isDebug()) {
107
+ printf("salt = "); dump(keyData.saltValue, false);
108
+ printf("secretKey = "); dump(secretKey, false);
109
+ }
110
+ return true;
111
+ }
112
+
113
+ inline bool decodeAgile(std::string& decData, const std::string& encryptedPackage, const EncryptionInfo& info, const std::string& pass, std::string& secretKey)
114
+ {
115
+ const CipherParam& keyData = info.keyData;
116
+ const CipherParam& encryptedKey = info.encryptedKey;
117
+ if (secretKey.empty()) {
118
+ if (!getAgileSecretKey(secretKey, info, pass)) return false;
119
+ if (putSecretKeyInstance()) {
120
+ printf("secretKey = "); ms::dump(secretKey, false);
121
+ }
122
+
123
+ if (!VerifyIntegrity(encryptedPackage, keyData, secretKey, keyData.saltValue, info.encryptedHmacKey, info.encryptedHmacValue)) {
124
+ printf("warning : mac err : data may be broken\n");
125
+ // return false;
126
+ }
127
+ }
128
+
129
+ std::string encData;
130
+ const uint64_t decodeSize = GetEncodedData(encData, encryptedPackage);
131
+
132
+ // decode
133
+ normalizeKey(secretKey, encryptedKey.keyBits / 8);
134
+ DecContent(decData, encData, encryptedKey, secretKey, keyData.saltValue);
135
+ decData.resize(size_t(decodeSize));
136
+ return true;
137
+ }
138
+
139
+ /*
140
+ 2.3.4.9
141
+ */
142
+ inline bool verifyStandardEncryption(std::string& encKey, const EncryptionHeader& header, const EncryptionVerifier& verifier, const std::string& pass)
143
+ {
144
+ const cybozu::crypto::Hash::Name hashName = cybozu::crypto::Hash::N_SHA1;
145
+ encKey = verifier.getEncryptionKey(pass).substr(0, header.keySize / 8);
146
+ const std::string iv;
147
+ const std::string decVerifier = cipher(header.cipherName, verifier.encryptedVerifier, encKey, iv, cybozu::crypto::Cipher::Decoding);
148
+ const std::string h = cybozu::crypto::Hash::digest(hashName, decVerifier);
149
+ std::string decVerifierHash = cipher(header.cipherName, verifier.encryptedVerifierHash, encKey, iv, cybozu::crypto::Cipher::Decoding);
150
+ decVerifierHash.resize(h.size());
151
+ return h == decVerifierHash;
152
+ }
153
+
154
+ inline bool decodeStandardEncryption(std::string& dec, const std::string& encryptedPackage, const EncryptionInfo& info, const std::string& pass, std::string secretKey)
155
+ {
156
+ const EncryptionHeader& header = info.seHeader;
157
+ const EncryptionVerifier& verifier = info.seVerifier;
158
+
159
+ if (secretKey.empty()) {
160
+ if (!verifyStandardEncryption(secretKey, header, verifier, pass)) {
161
+ return false;
162
+ }
163
+ }
164
+ if (isDebug()) {
165
+ printf("secretKey = "); dump(secretKey, false);
166
+ }
167
+
168
+ const char *p = encryptedPackage.data();
169
+ size_t decSize = cybozu::Get32bitAsLE(p);
170
+ p += 8;
171
+ const size_t dataSize = encryptedPackage.size();
172
+ if (decSize > dataSize) {
173
+ throw cybozu::Exception("ms:decodeStandardEncryption:bad decSize") << decSize << dataSize;
174
+ }
175
+ const size_t blockSize = 4096;
176
+ dec.reserve(dataSize);
177
+ const size_t n = (dataSize + blockSize - 1) / blockSize;
178
+ const std::string iv;
179
+ for (size_t i = 0; i < n; i++) {
180
+ const size_t len = (i < n - 1) ? blockSize : (dataSize % blockSize);
181
+ dec.append(cipher(header.cipherName, p + i * blockSize, len, secretKey, iv, cybozu::crypto::Cipher::Decoding));
182
+ }
183
+ dec.resize(decSize);
184
+ return true;
185
+ }
186
+
187
+ /*
188
+ secretKey will be set if it is empty
189
+ */
190
+ template<class String>
191
+ bool decode(const char *data, uint32_t dataSize, const String& outFile, const std::string& pass, std::string& secretKey, bool doView, int *pSpinCount = 0)
192
+ {
193
+ ms::cfb::CompoundFile cfb(data, dataSize);
194
+ cfb.put();
195
+
196
+ const std::string& encryptedPackage = GetContensByName(cfb, "EncryptedPackage"); // data
197
+ const EncryptionInfo info(GetContensByName(cfb, "EncryptionInfo")); // xml
198
+ if (pSpinCount) {
199
+ *pSpinCount = info.spinCount;
200
+ }
201
+ info.put();
202
+
203
+ std::string decData;
204
+ if (info.isStandardEncryption) {
205
+ if (!decodeStandardEncryption(decData, encryptedPackage, info, pass, secretKey)) return false;
206
+ } else {
207
+ if (!decodeAgile(decData, encryptedPackage, info, pass, secretKey)) return false;
208
+ }
209
+ if (!doView) {
210
+ DetectFormat(decData.c_str(), decData.size());
211
+ cybozu::File out;
212
+ out.openW(outFile);
213
+ out.write(decData.c_str(), decData.size());
214
+ }
215
+ return true;
216
+ }
217
+
218
+ inline std::string getSecretKey(const std::string& keyFile, const std::string& pass)
219
+ {
220
+ cybozu::Mmap m(keyFile);
221
+ const char *data = m.get();
222
+ if (m.size() > 0xffffffff) {
223
+ throw cybozu::Exception("getSecretKey:m.size") << m.size();
224
+ }
225
+ const uint32_t dataSize = static_cast<uint32_t>(m.size());
226
+ const ms::Format format = ms::DetectFormat(data, dataSize);
227
+ if (format != ms::fCfb) {
228
+ throw cybozu::Exception("getSecretKey:bad format") << keyFile;
229
+ }
230
+ ms::cfb::CompoundFile cfb(data, dataSize);
231
+ const EncryptionInfo info(GetContensByName(cfb, "EncryptionInfo")); // xml
232
+ info.put();
233
+
234
+ if (info.isStandardEncryption) throw cybozu::Exception("getSecretKey:not support") << keyFile;
235
+ std::string secretKey;
236
+ if (!getAgileSecretKey(secretKey, info, pass)) throw cybozu::Exception("getSecretKey:can't get") << keyFile;
237
+ return secretKey;
238
+ }
239
+
240
+ } // ms