EcmaCryptReader/Decoder - agile + standart

ASCOfficeDocFile/DocDocxConverter/MemoryStream.h

@@ -32,6 +32,7 @@
 #pragma once
 
 #include "IBinaryReader.h"
+#include "../Common/FormatUtils.h"
 
 class MemoryStream: public IBinaryReader
 {

Common/OfficeFileFormatChecker2.cpp

@@ -116,8 +116,15 @@ bool COfficeFileFormatChecker::isDocFormatFile	(POLE::Storage * storage)
 	POLE::Stream stream(storage, "WordDocument");	
 	
 	unsigned char buffer[10];
-	if (stream.read(buffer,10) >0)
+	if (stream.read(buffer,10) > 0)
+	{
+		//ms office 2007 encrypted contains stream WordDocument !!
+		std::list<std::string> entries = storage->entries("DataSpaces");
+		if (entries.size() > 0)
+			return false;
+
 		return true;
+	}
 
 	return false;
 }

OfficeCryptReader/source/CryptTransform.cpp

@@ -51,22 +51,6 @@ static const unsigned char encrDataIntegrityHmacValueBlockKey[8]	= { 0xa0, 0x67,
 
 ECMADecryptor::ECMADecryptor()
 {
-//default ms2010
-	cryptData.cipherAlgorithm	= CRYPT_METHOD::AES_CBC;
-	cryptData.hashAlgorithm		= CRYPT_METHOD::SHA1;
-	cryptData.spinCount			= 100000; 
-	cryptData.keySize			= 0x10;
-	cryptData.hashSize			= 0x14;
-	cryptData.blockSize			= 0x10;
-	cryptData.saltSize			= 0x10;
-//default ms2013/ms2016
-	//cryptData.cipherAlgorithm	= AES_CBC;
-	//cryptData.hashAlgorithm	= SHA256;
-	//cryptData.spinCount		= 100000; 
-	//cryptData.keySize			= 0x20;
-	//cryptData.hashSize		= 0x40;
-	//cryptData.blockSize		= 0x10;
-	//cryptData.saltSize		= 0x10;
 }
 
 class _buf
@@ -133,16 +117,12 @@ public:
 		return *this;
 	}
 
-	_buf& operator=(_buf& oSrc)
+	void Clear()
 	{
-		Clear();
+		if (bDelete && ptr) delete []ptr; 
+		ptr = NULL; size = 0;
 
-		size	= oSrc.size;
-		ptr		= new unsigned char [oSrc.size];
-		memcpy(ptr, oSrc.ptr, oSrc.size);
 		bDelete = true;
-
-		return *this;
 	}
 //----------------------------------------------------------------------
 private:
@@ -162,13 +142,6 @@ private:
 		}
 
 	}
-	void Clear()
-	{
-		if (bDelete && ptr) delete []ptr; 
-		ptr = NULL; size = 0;
-
-		bDelete = true;
-	}
 };
 
 bool operator==(const _buf& oBuf1, const _buf& oBuf2)
@@ -185,7 +158,8 @@ void CorrectHashSize(_buf & hashBuf, int size, unsigned char padding)
 		unsigned char *newPtr = new unsigned char[size];
 		memset(newPtr, padding, size);
 		memcpy(newPtr, hashBuf.ptr, hashBuf.size);
-		delete []hashBuf.ptr;
+		
+		hashBuf.Clear();
 		
 		hashBuf.ptr		= newPtr;
 		hashBuf.size	= size;
@@ -238,7 +212,7 @@ _buf HashAppend(_buf &  hashBuf, _buf & block, CRYPT_METHOD::_hashAlgorithm algo
 		return _buf();
 }
 
-_buf GenerateKey(_buf & salt, _buf & password, _buf & blockKey, int hashSize, int spin, CRYPT_METHOD::_hashAlgorithm algorithm)
+_buf GenerateAgileKey(_buf & salt, _buf & password, _buf & blockKey, int hashSize, int spin, CRYPT_METHOD::_hashAlgorithm algorithm)
 {
 	_buf pHashBuf = HashAppend(salt, password, algorithm);
 
@@ -255,20 +229,65 @@ _buf GenerateKey(_buf & salt, _buf & password, _buf & blockKey, int hashSize, in
 	return _buf(pHashBuf.ptr, pHashBuf.size);
 }
 
-bool DecryptAES(_buf & key, _buf & iv, _buf & data_inp, _buf & data_out)
+_buf GenerateHashKey(_buf & salt, _buf & password, int hashSize, int spin, CRYPT_METHOD::_hashAlgorithm algorithm)
+{
+	_buf empty (NULL, 0, false);
+	_buf pHashBuf = HashAppend(salt, password, algorithm);
+		
+	int i = 0;
+	for (i = 0; i < spin; i++)
+	{
+        _buf iterator((unsigned char*)&i, 4, false);
+        pHashBuf = HashAppend(iterator, pHashBuf, algorithm);
+	}
+	i = 0;
+    _buf iterator((unsigned char*)&i, 4, false);
+    pHashBuf = HashAppend(pHashBuf, iterator, algorithm);
+
+	_buf derivedKey(64);
+	for (int i = 0; i < derivedKey.size; i++)
+	{
+		derivedKey.ptr[i] = (i < pHashBuf.size ? 0x36 ^ pHashBuf.ptr[i] : 0x36);
+	}
+
+	pHashBuf = HashAppend(derivedKey, empty, algorithm);
+
+	return _buf(pHashBuf.ptr, hashSize);
+}
+
+bool DecryptCipher(_buf & key, _buf & iv, _buf & data_inp, _buf & data_out, CRYPT_METHOD::_cipherAlgorithm algorithm)
 {
+	if (algorithm == CRYPT_METHOD::RC4)
+	{
+	}
+	else
+	{
 		CryptoPP::AES::Decryption aesDecryption(key.ptr, key.size);
-	CryptoPP::CBC_Mode_ExternalCipher::Decryption	cbcDecryption( aesDecryption, iv.ptr );
+		CryptoPP::StreamTransformation *modeDecryption = NULL;
+
+		switch(algorithm)
+		{
+		case CRYPT_METHOD::AES_ECB:
+			 modeDecryption = new CryptoPP::ECB_Mode_ExternalCipher::Decryption(aesDecryption, iv.ptr ); 
+			 break;
+		case CRYPT_METHOD::AES_CBC:
+			 modeDecryption = new CryptoPP::CBC_Mode_ExternalCipher::Decryption(aesDecryption, iv.ptr ); 
+			 break;
+		}
+		if (!modeDecryption) return false;
 	    
 		if (!data_out.ptr)
 		{
 			data_out = _buf(data_inp.size);
 		}
-	CryptoPP::StreamTransformationFilter stfDecryptor(cbcDecryption, new CryptoPP::ArraySink( data_out.ptr, data_out.size), CryptoPP::StreamTransformationFilter::NO_PADDING);
+		CryptoPP::StreamTransformationFilter stfDecryptor(*modeDecryption, new CryptoPP::ArraySink( data_out.ptr, data_out.size), CryptoPP::StreamTransformationFilter::NO_PADDING);
 	 
 		stfDecryptor.Put( data_inp.ptr, data_inp.size );
 		stfDecryptor.MessageEnd();
 
+		delete modeDecryption;
+	}
+
 	return true;
 }
 
@@ -276,31 +295,58 @@ bool ECMADecryptor::SetPassword(std::wstring password_)
 {
 	password = password_;
 
+	if (cryptData.bAgile)
+	{	
 		_buf pPassword		(password);
 		_buf pSalt			(cryptData.saltValue);
 		_buf pInputBlockKey ((unsigned char*)encrVerifierHashInputBlockKey, 8);
 		_buf pValueBlockKey ((unsigned char*)encrVerifierHashValueBlockKey, 8);
+		_buf empty			(NULL, 0, false);
+		
+		_buf pEncVerInput	(cryptData.encryptedVerifierInput);
+ 		_buf pEncVerValue	(cryptData.encryptedVerifierValue);
+		
+		_buf verifierInputKey = GenerateAgileKey( pSalt, pPassword, pInputBlockKey, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm );
+		_buf decryptedVerifierHashInputBytes;
+		
+		DecryptCipher(verifierInputKey, pSalt, pEncVerInput, decryptedVerifierHashInputBytes, cryptData.cipherAlgorithm);
+	//--------------------------------------------
+
+		_buf hashBuf = HashAppend(decryptedVerifierHashInputBytes, empty, cryptData.hashAlgorithm);
+
+	//--------------------------------------------
+		_buf decryptedVerifierHashBytes;
+		
+		_buf verifierHashKey = GenerateAgileKey(pSalt, pPassword, pValueBlockKey, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm);
+		DecryptCipher(verifierHashKey, pSalt, pEncVerValue, decryptedVerifierHashBytes, cryptData.cipherAlgorithm);
+
+		return (decryptedVerifierHashBytes==hashBuf);
+	}
+	else
+	{
+		_buf pPassword		(password);
+		_buf pSalt			(cryptData.saltValue);
+		_buf empty			(NULL, 0, false);
 
 		_buf pEncVerInput	(cryptData.encryptedVerifierInput);
  		_buf pEncVerValue	(cryptData.encryptedVerifierValue);
 
+		_buf hashKey = GenerateHashKey(pSalt, pPassword, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm);
 		
-	_buf verifierInputKey = GenerateKey( pSalt, pPassword, pInputBlockKey, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm );
 		_buf decryptedVerifierHashInputBytes;		
+		DecryptCipher(hashKey, empty, pEncVerInput, decryptedVerifierHashInputBytes, cryptData.cipherAlgorithm);
 
-	DecryptAES(verifierInputKey, pSalt, pEncVerInput, decryptedVerifierHashInputBytes);
-//--------------------------------------------
+	//--------------------------------------------
 
-    _buf empty(NULL,0,false);
 		_buf hashBuf = HashAppend(decryptedVerifierHashInputBytes, empty, cryptData.hashAlgorithm);
 
-//--------------------------------------------
+	//--------------------------------------------
 		_buf decryptedVerifierHashBytes;
 		
-	_buf verifierHashKey = GenerateKey(pSalt, pPassword, pValueBlockKey, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm);
-	DecryptAES(verifierHashKey, pSalt, pEncVerValue, decryptedVerifierHashBytes);
+		DecryptCipher(hashKey, empty, pEncVerValue, decryptedVerifierHashBytes, cryptData.cipherAlgorithm);
 
 		return (decryptedVerifierHashBytes==hashBuf);
+	}
 }
 
 void ECMADecryptor::SetCryptData(_cryptData	&data)
@@ -312,25 +358,28 @@ void ECMADecryptor::Decrypt(unsigned char* data_inp, int  size, unsigned char*&
 {
 	data_out = NULL;
 	
-	_buf pBlockKey	((unsigned char*)encrKeyValueBlockKey, 8);
 	_buf pPassword	(password);
+	_buf pSalt		(cryptData.saltValue);
+	_buf empty		(NULL, 0, false);
+
+	data_out = new unsigned char[size];
 
+	if (cryptData.bAgile)
+	{	
+		_buf pBlockKey	((unsigned char*)encrKeyValueBlockKey, 8);	
 		_buf pDataSalt	(cryptData.dataSaltValue);
-	_buf pSalt		(cryptData.saltValue);
 		_buf pKeyValue	(cryptData.encryptedKeyValue);
 
-	_buf Key = GenerateKey( pSalt, pPassword, pBlockKey, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm);  
+		_buf agileKey = GenerateAgileKey( pSalt, pPassword, pBlockKey, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm);  
 
 		_buf pDecryptedKey;
-	DecryptAES( Key, pSalt, pKeyValue, pDecryptedKey);  
+		DecryptCipher( agileKey, pSalt, pKeyValue, pDecryptedKey, cryptData.cipherAlgorithm);  
 
 		_buf iv(cryptData.blockSize);
 		memset( iv.ptr, 0x00, cryptData.blockSize );
 
 		int i = 0, sz = 4096, pos = 0;
 		
-	data_out = new unsigned char[size];
-	
 		while (pos < size)
 		{
 			if (pos + sz > size) 
@@ -344,8 +393,18 @@ void ECMADecryptor::Decrypt(unsigned char* data_inp, int  size, unsigned char*&
 			_buf pInp(data_inp + pos, sz, false);
 			_buf pOut(data_out + pos, sz, false);
 				
-		DecryptAES(pDecryptedKey,  iv, pInp, pOut);
+			DecryptCipher(pDecryptedKey,  iv, pInp, pOut, cryptData.cipherAlgorithm);
 
 			pos += sz; i++;
 		}
+	}
+	else
+	{
+		_buf hashKey = GenerateHashKey(pSalt, pPassword, cryptData.keySize, cryptData.spinCount, cryptData.hashAlgorithm);
+		
+		_buf pInp(data_inp, size, false);
+		_buf pOut(data_out, size, false);
+		
+		DecryptCipher(hashKey, empty, pInp, pOut, cryptData.cipherAlgorithm);
+	}
 }

OfficeCryptReader/source/CryptTransform.h

@@ -50,7 +50,8 @@ namespace CRYPT_METHOD
 		XOR,
 		RC4,
 		AES_CBC,
-		AES_CFB
+		AES_CFB,
+		AES_ECB
 	};
 }
 
@@ -60,6 +61,14 @@ public:
 
 	struct _cryptData
 	{
+//default ms2010		
+		_cryptData() :	cipherAlgorithm(CRYPT_METHOD::AES_CBC), hashAlgorithm(CRYPT_METHOD::SHA1), spinCount(100000), 
+						keySize(0x10), hashSize(0x14), blockSize(0x10), saltSize(0x10), bAgile(true)
+//default ms2013/ms2016
+		//_cryptData(): cipherAlgorithm(CRYPT_METHOD::AES_CBC), hashAlgorithm(CRYPT_METHOD::SHA256), spinCount(100000), 
+		//				keySize(0x20), hashSize(0x40), blockSize(0x10), saltSize(0x10), bAgile(true)
+		{
+		}
 		CRYPT_METHOD::_cipherAlgorithm	cipherAlgorithm;
 		CRYPT_METHOD::_hashAlgorithm	hashAlgorithm;
 
@@ -78,6 +87,8 @@ public:
 		std::string encryptedHmacKey;
 		std::string encryptedHmacValue;
 
+		bool bAgile;
+
 //..........
 
 	};
@@ -86,8 +97,6 @@ public:
 
 	void Decrypt(unsigned char* data, int  size, unsigned char*& data_out);
 
-	bool IsVerify(){}
-
 	bool SetPassword(std::wstring password);
 
 	void SetCryptData(_cryptData	&data);

OfficeCryptReader/source/ECMACryptReader.h

@@ -39,29 +39,6 @@ class ECMACryptReader
 public:	
 	bool DecryptOfficeFile(std::wstring file_name_inp, std::wstring file_name_out, std::wstring password);
 
-	struct _keyEncryptor
-	{
-		std::string	spinCount;
-		std::string	saltSize;
-		std::string	blockSize;
-		std::string	keyBits;
-		std::string hashSize;
-
-		std::string cipherAlgorithm;
-		std::string cipherChaining;
-		std::string hashAlgorithm;
-
-		std::string saltValue;
-		std::string encryptedVerifierHashInput;
-		std::string encryptedVerifierHashValue;
-		std::string encryptedKeyValue;
-	};
-	struct _dataIntegrity
-	{
-		std::string	encryptedHmacKey;
-		std::string	encryptedHmacValue;
-	};
-
 	struct _refComponent
 	{
 		int				type;
@@ -72,13 +49,5 @@ public:
 		std::vector<_refComponent>	refComponents;
 		std::wstring				dataSpaceName;
 	};
-private:
-
-	bool ReadEncryptionInfo(const std::string & xmlString);
-
 	std::vector<_mapEntry>		mapEntries;
-//--------------------------------------------------------------
-	_keyEncryptor				keyData;
-	_dataIntegrity				dataIntegrity;
-	std::vector<_keyEncryptor>	keyEncryptors;
 };