refactoring of hash function

PHPOffice · Mar 10, 2017 · 483a167 · 483a167
1 parent 05387fa
commit 483a167
Showing 1 changed file with 141 additions and 65 deletions.
diff --git a/src/PhpWord/Metadata/Protection.php b/src/PhpWord/Metadata/Protection.php
@@ -76,6 +76,7 @@ class Protection
  [0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC],
  [0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4]
  ];
+ static $passwordMaxLength = 15;
 
  /**
  * Editing restriction none|readOnly|comments|trackedChanges|forms
@@ -85,12 +86,32 @@ class Protection
  */
  private $editing;
 
+ /**
+ * Hashed password
+ *
+ * @var string
+ */
  private $password;
 
+ /**
+ * Number of hashing iterations
+ *
+ * @var int
+ */
  private $spinCount = 100000;
 
+ /**
+ * Algorithm-SID according to self::$algorithmMapping
+ *
+ * @var int
+ */
  private $algorithmSid = 4;
 
+ /**
+ * Hashed salt
+ *
+ * @var string
+ */
  private $salt;
 
  /**
@@ -126,52 +147,103 @@ public function setEditing($editing = null)
  return $this;
  }
 
+ /**
+ * Get password hash
+ *
+ * @return string
+ */
  public function getPassword()
  {
  return $this->password;
  }
 
+ /**
+ * Set password
+ *
+ * @param $password
+ * @return self
+ */
  public function setPassword($password)
  {
  $this->password = $this->getPasswordHash($password);
 
  return $this;
  }
 
+ /**
+ * Get count for hash iterations
+ *
+ * @return int
+ */
  public function getSpinCount()
  {
  return $this->spinCount;
  }
 
+ /**
+ * Set count for hash iterations
+ *
+ * @param $spinCount
+ * @return self
+ */
  public function setSpinCount($spinCount)
  {
  $this->spinCount = $spinCount;
 
  return $this;
  }
 
+ /**
+ * Get algorithm-sid
+ *
+ * @return int
+ */
  public function getAlgorithmSid()
  {
  return $this->algorithmSid;
  }
 
+ /**
+ * Set algorithm-sid (see self::$algorithmMapping)
+ *
+ * @param $algorithmSid
+ * @return self
+ */
  public function setAlgorithmSid($algorithmSid)
  {
  $this->algorithmSid = $algorithmSid;
 
  return $this;
  }
 
- public function setSalt($salt)
+ /**
+ * Get salt hash
+ *
+ * @return string
+ */
+ public function getSalt()
  {
- $this->salt = $salt;
+ return $this->salt;
  }
 
- public function getSalt()
+ /**
+ * Set salt hash
+ *
+ * @param $salt
+ * @return self
+ */
+ public function setSalt($salt)
  {
- return $this->salt;
+ $this->salt = $salt;
+
+ return $this;
  }
 
+ /**
+ * Get algorithm from self::$algorithmMapping
+ *
+ * @return string
+ */
  private function getAlgorithm()
  {
  $algorithm = self::$algorithmMapping[$this->algorithmSid];
@@ -182,35 +254,76 @@ private function getAlgorithm()
  return $algorithm;
  }
 
+ /**
+ * Create a hashed password that MS Word will be able to work with
+ *
+ * @param string $password
+ * @return string
+ */
  private function getPasswordHash($password)
  {
+ $orig_encoding = mb_internal_encoding();
+ mb_internal_encoding("UTF-8");
+
  if (empty($password)) {
  return '';
  }
- $passwordMaxLength = 15;
 
- // Truncate the password to $passwordMaxLength characters
- $password = mb_substr($password, 0, min($passwordMaxLength, mb_strlen($password)));
+ $password = mb_substr($password, 0, min(self::$passwordMaxLength, mb_strlen($password)));
 
+ // Construct a new NULL-terminated string consisting of single-byte characters:
+ // Get the single-byte values by iterating through the Unicode characters of the truncated password.
+ // For each character, if the low byte is not equal to 0, take it. Otherwise, take the high byte.
+ $pass_utf8 = mb_convert_encoding($password, 'UCS-2LE', 'UTF-8');
  $byteChars = [];
-
- echo "password: '{$password}'(".mb_strlen($password).")";
-
- $pass_utf8 = mb_convert_encoding($password, 'UCS-2LE', 'UTF-8');
  for ($i = 0; $i < mb_strlen($password); $i++) {
- $byteChars[$i] = ord(substr($pass_utf8, $i*2, 1));
+ $byteChars[$i] = ord(substr($pass_utf8, $i * 2, 1));
  if ($byteChars[$i] == 0) {
- echo "hi!$i";
- $byteChars[$i] = ord(substr($pass_utf8, $i*2+1, 1));
+ $byteChars[$i] = ord(substr($pass_utf8, $i * 2 + 1, 1));
  }
  }
 
+ // build low-order word and hig-order word and combine them
+ $combinedKey = $this->buildCombinedKey($byteChars);
+ // build reversed hexadecimal string
+ $hex = strtoupper(dechex($combinedKey & 0xFFFFFFFF));
+ $reversedHex = $hex[6].$hex[7].$hex[4].$hex[5].$hex[2].$hex[3].$hex[0].$hex[1];
+
+ $generatedKey = mb_convert_encoding($reversedHex, 'UCS-2LE', 'UTF-8');
+
+ // Implementation Notes List:
+ // Word requires that the initial hash of the password with the salt not be considered in the count.
+ // The initial hash of salt + key is not included in the iteration count.
+ $generatedKey = hash($this->getAlgorithm(), base64_decode($this->getSalt()) . $generatedKey, true);
+ for ($i = 0; $i < $this->getSpinCount(); $i++) {
+ $generatedKey = hash($this->getAlgorithm(), $generatedKey . pack("CCCC", $i, $i>>8, $i>>16, $i>>24), true);
+ }
+ $generatedKey = base64_encode($generatedKey);
+
+ mb_internal_encoding($orig_encoding);
+
+ return $generatedKey;
+ }
+
+ /**
+ * Build combined key from low-order word and high-order word
+ *
+ * @param array $byteChars -> byte array representation of password
+ * @return int
+ */
+ private function buildCombinedKey($byteChars)
+ {
  // Compute the high-order word
+ // Initialize from the initial code array (see above), depending on the passwords length.
  $highOrderWord = self::$initialCodeArray[sizeof($byteChars) - 1];
+
+ // For each character in the password:
+ // For every bit in the character, starting with the least significant and progressing to (but excluding)
+ // the most significant, if the bit is set, XOR the key’s high-order word with the corresponding word from
+ // the Encryption Matrix
  for ($i = 0; $i < sizeof($byteChars); $i++) {
- $tmp = $passwordMaxLength - sizeof($byteChars) + $i;
+ $tmp = self::$passwordMaxLength - sizeof($byteChars) + $i;
  $matrixRow = self::$encryptionMatrix[$tmp];
-
  for ($intBit = 0; $intBit < 7; $intBit++) {
  if (($byteChars[$i] & (0x0001 << $intBit)) != 0) {
  $highOrderWord = ($highOrderWord ^ $matrixRow[$intBit]);
@@ -219,55 +332,26 @@ private function getPasswordHash($password)
  }
 
  // Compute low-order word
+ // Initialize with 0
  $lowOrderWord = 0;
+ // For each character in the password, going backwards
  for ($i = sizeof($byteChars) - 1; $i >= 0; $i--) {
+ // low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR character
  $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ $byteChars[$i]);
  }
+ // Lastly, low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR strPassword length XOR 0xCE4B.
  $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ sizeof($byteChars) ^ 0xCE4B);
 
- $combinedKey = $this->int32(($highOrderWord << 16) + $lowOrderWord);
- $generatedKey = [
- 0 => (($combinedKey & 0x000000FF) >> 0),
- 1 => (($combinedKey & 0x0000FF00) >> 8),
- 2 => (($combinedKey & 0x00FF0000) >> 16),
- 3 => (($combinedKey & 0xFF000000) >> 24),
- ];
-
- $tmpStr = '';
- for ($i = 0; $i < 4; $i++) {
- $tmpStr .= strtoupper(dechex($generatedKey[$i]));
- }
- $generatedKey = [];
- $tmpStr = mb_convert_encoding($tmpStr, 'UCS-2LE', 'UTF-8');
- for ($i = 0; $i < strlen($tmpStr); $i++) {
- $generatedKey[] = ord(substr($tmpStr, $i, 1));
- }
-
- $salt = unpack('C*', base64_decode($this->getSalt()));
- $algorithm = $this->getAlgorithm();
-
- $tmpArray1 = $generatedKey;
- $tmpArray2 = $salt;
- $generatedKey = array_merge($tmpArray2, $tmpArray1);
-
- $generatedKey = $this->hashByteArray($algorithm, $generatedKey);
-
- for ($i = 0; $i < $this->getSpinCount(); $i++) {
- $iterator = [
- 0 => (($i & 0x000000FF) >> 0),
- 1 => (($i & 0x0000FF00) >> 8),
- 2 => (($i & 0x00FF0000) >> 16),
- 3 => (($i & 0xFF000000) >> 24),
- ];
- $generatedKey = array_merge($generatedKey, $iterator);
- $generatedKey = $this->hashByteArray($algorithm, $generatedKey);
- }
-
- $hash = implode(array_map("chr", $generatedKey));
-
- return base64_encode($hash);
+ // Combine the Low and High Order Word
+ return $this->int32(($highOrderWord << 16) + $lowOrderWord);
  }
 
+ /**
+ * simulate behaviour of int32
+ *
+ * @param int $value
+ * @return int
+ */
  private function int32($value)
  {
  $value = ($value & 0xFFFFFFFF);
@@ -278,12 +362,4 @@ private function int32($value)
 
  return $value;
  }
-
- private function hashByteArray($algorithm, $array)
- {
- $string = implode(array_map("chr", $array));
- $string = hash($algorithm, $string, true);
-
- return unpack('C*', $string);
- }
 }