/* * (c) Copyright Ascensio System SIA 2010-2023 * * This program is a free software product. You can redistribute it and/or * modify it under the terms of the GNU Affero General Public License (AGPL) * version 3 as published by the Free Software Foundation. In accordance with * Section 7(a) of the GNU AGPL its Section 15 shall be amended to the effect * that Ascensio System SIA expressly excludes the warranty of non-infringement * of any third-party rights. * * This program is distributed WITHOUT ANY WARRANTY; without even the implied * warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. For * details, see the GNU AGPL at: http://www.gnu.org/licenses/agpl-3.0.html * * You can contact Ascensio System SIA at 20A-6 Ernesta Birznieka-Upish * street, Riga, Latvia, EU, LV-1050. * * The interactive user interfaces in modified source and object code versions * of the Program must display Appropriate Legal Notices, as required under * Section 5 of the GNU AGPL version 3. * * Pursuant to Section 7(b) of the License you must retain the original Product * logo when distributing the program. Pursuant to Section 7(e) we decline to * grant you any rights under trademark law for use of our trademarks. * * All the Product's GUI elements, including illustrations and icon sets, as * well as technical writing content are licensed under the terms of the * Creative Commons Attribution-ShareAlike 4.0 International. See the License * terms at http://creativecommons.org/licenses/by-sa/4.0/legalcode * */ #include "EncryptionHeader.h" #define GETBIT(from, num) ((from & (1 << num)) != 0) namespace DocFileFormat { EncryptionHeader::EncryptionHeader( FileInformationBlock* fib, POLE::Stream* tableStream ) : bStandard(false), bXOR(false), bAES(false) { VirtualStreamReader tStream( tableStream, 0, fib->m_nWordVersion); if (fib->m_FibBase.fObfuscation || fib->m_nWordVersion > 0) { bXOR = true; crypt_data_xor.key = fib->m_FibBase.lKey >> 16; crypt_data_xor.hash = fib->m_FibBase.lKey - (crypt_data_xor.key << 16); } else { unsigned short vMajor = tStream.ReadUInt16(); unsigned short vMinor = tStream.ReadUInt16(); if(0x0001 == vMajor) // RC4 encryption header structure {// fib->m_FibBase.lKey == 52 bStandard = true; crypt_data_rc4.Salt.b1 = tStream.ReadUInt32(); crypt_data_rc4.Salt.b2 = tStream.ReadUInt32(); crypt_data_rc4.Salt.b3 = tStream.ReadUInt32(); crypt_data_rc4.Salt.b4 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifier.b1 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifier.b2 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifier.b3 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifier.b4 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifierHash.b1 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifierHash.b2 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifierHash.b3 = tStream.ReadUInt32(); crypt_data_rc4.EncryptedVerifierHash.b4 = tStream.ReadUInt32(); } else { bAES = true; crypt_data_aes.bAgile = false; unsigned short flags = tStream.ReadUInt32(); unsigned char *pDataRead = NULL; bool fCryptoAPI = GETBIT(flags, 1); crypt_data_aes.fDocProps = GETBIT(flags, 2); bool fExternal = GETBIT(flags, 3); bool fAES = GETBIT(flags, 4); //EncryptionHeader int HeaderSize = tStream.ReadUInt32(); int Flags = tStream.ReadUInt32(); int SizeExtra = tStream.ReadUInt32(); int AlgID = tStream.ReadUInt32(); int AlgIDHash = tStream.ReadUInt32(); int KeySize = tStream.ReadUInt32(); int ProviderType= tStream.ReadUInt32(); int Reserved1 = tStream.ReadUInt32(); int Reserved2 = tStream.ReadUInt32(); int pos = tStream.GetPosition(); int size = tStream.GetSize(); std::vector dataCSPName; while(pos < size - 1) { dataCSPName.push_back(tStream.ReadByte()); dataCSPName.push_back(tStream.ReadByte()); if (dataCSPName[dataCSPName.size() - 1] == 0 && dataCSPName[dataCSPName.size() - 2] == 0) { break; } pos+=2;//unicode null-terminate string } //EncryptionVerifier crypt_data_aes.saltSize = tStream.ReadUInt32(); pDataRead = tStream.ReadBytes(crypt_data_aes.saltSize, true); if (pDataRead) { crypt_data_aes.saltValue = std::string((char*)pDataRead, crypt_data_aes.saltSize); delete pDataRead; } pDataRead = tStream.ReadBytes(0x10, true); if (pDataRead) { crypt_data_aes.encryptedVerifierInput = std::string((char*)pDataRead, 0x10); delete pDataRead; } crypt_data_aes.hashSize = tStream.ReadUInt32(); int szEncryptedVerifierHash = (ProviderType == 0x0001) ? 0x14 : 0x20; pDataRead = tStream.ReadBytes(szEncryptedVerifierHash, true); if (pDataRead) { crypt_data_aes.encryptedVerifierValue = std::string((char*)pDataRead, szEncryptedVerifierHash); delete pDataRead; } pos = tStream.GetPosition(); //------------------------------------------------------------------------------------------ switch(AlgIDHash) { case 0x8003: crypt_data_aes.hashAlgorithm = CRYPT_METHOD::MD5; break; case 0x0000: case 0x8004: crypt_data_aes.hashAlgorithm = CRYPT_METHOD::SHA1; break; } crypt_data_aes.spinCount = 0; switch(AlgID) { case 0x0000: if (fAES) crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::AES_ECB; if (fCryptoAPI) crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::RC4; crypt_data_aes.keySize = KeySize / 8; case 0x6801: crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::RC4; crypt_data_aes.keySize = KeySize / 8; if (crypt_data_aes.keySize == 0) crypt_data_aes.keySize = 5; // 40 bit break; case 0x660E: crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::AES_ECB; crypt_data_aes.keySize = 128 /8; break; case 0x660F: crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::AES_ECB; crypt_data_aes.keySize = 192 /8; break; case 0x6610: crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::AES_ECB; crypt_data_aes.keySize = 256 /8; break; } //switch(ProviderType) //{ // case 0x0001: crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::RC4; break; // case 0x0018: crypt_data_aes.cipherAlgorithm = CRYPT_METHOD::AES_ECB; break; //} } } } }