align with pull request submitted in PHPOffice/Commom

src/PhpWord/Metadata/Protection.php

@@ -18,6 +18,7 @@
 namespace PhpOffice\PhpWord\Metadata;
 
 use PhpOffice\PhpWord\SimpleType\DocProtect;
+use PhpOffice\PhpWord\Shared\Microsoft\PasswordEncoder;
 
 /**
  * Document protection class
@@ -50,11 +51,11 @@ class Protection
  private $spinCount = 100000;
 
  /**
- * Cryptographic Hashing Algorithm (see to \PhpOffice\PhpWord\Writer\Word2007\Part\Settings::$algorithmMapping)
+ * Cryptographic Hashing Algorithm (see constants defined in \PhpOffice\PhpWord\Shared\Microsoft\PasswordEncoder)
  *
- * @var int
+ * @var string
  */
- private $mswordAlgorithmSid = 4;
+ private $algorithm = PasswordEncoder::ALGORITHM_SHA_1;
 
  /**
  * Salt for Password Verifier
@@ -146,24 +147,24 @@ public function setSpinCount($spinCount)
  }
 
  /**
- * Get algorithm-sid
+ * Get algorithm
  *
- * @return int
+ * @return string
  */
- public function getMswordAlgorithmSid()
+ public function getAlgorithm()
  {
- return $this->mswordAlgorithmSid;
+ return $this->algorithm;
  }
 
  /**
- * Set algorithm-sid (see \PhpOffice\PhpWord\Writer\Word2007\Part\Settings::$algorithmMapping)
+ * Set algorithm
  *
- * @param $mswordAlgorithmSid
+ * @param $algorithm
  * @return self
  */
- public function setMswordAlgorithmSid($mswordAlgorithmSid)
+ public function setMswordAlgorithmSid($algorithm)
  {
- $this->mswordAlgorithmSid = $mswordAlgorithmSid;
+ $this->algorithm = $algorithm;
 
  return $this;
  }

src/PhpWord/Shared/Microsoft/PasswordEncoder.php

@@ -22,21 +22,36 @@
  */
 class PasswordEncoder
 {
+ const ALGORITHM_MD2 = 'MD2';
+ const ALGORITHM_MD4 = 'MD4';
+ const ALGORITHM_MD5 = 'MD5';
+ const ALGORITHM_SHA_1 = 'SHA-1';
+ const ALGORITHM_SHA_256 = 'SHA-256';
+ const ALGORITHM_SHA_384 = 'SHA-384';
+ const ALGORITHM_SHA_512 = 'SHA-512';
+ const ALGORITHM_RIPEMD = 'RIPEMD';
+ const ALGORITHM_RIPEMD_160 = 'RIPEMD-160';
+ const ALGORITHM_MAC = 'MAC';
+ const ALGORITHM_HMAC= 'HMAC';
+
+ /**
+ * Mapping between algorithm name and algorithm ID
+ *
+ * @var array
+ * @see https://msdn.microsoft.com/en-us/library/documentformat.openxml.wordprocessing.writeprotection.cryptographicalgorithmsid(v=office.14).aspx
+ */
  private static $algorithmMapping = array(
- 1 => 'md2',
- 2 => 'md4',
- 3 => 'md5',
- 4 => 'sha1',
- 5 => '', // 'mac' -> not possible with hash()
- 6 => 'ripemd',
- 7 => 'ripemd160',
- 8 => '',
- 9 => '', //'hmac' -> not possible with hash()
- 10 => '',
- 11 => '',
- 12 => 'sha256',
- 13 => 'sha384',
- 14 => 'sha512',
+ self::ALGORITHM_MD2 => array(1, 'md2'),
+ self::ALGORITHM_MD4 => array(2, 'md4'),
+ self::ALGORITHM_MD5 => array(3, 'md5'),
+ self::ALGORITHM_SHA_1 => array(4, 'sha1'),
+ self::ALGORITHM_MAC => array(5, ''), // 'mac' -> not possible with hash()
+ self::ALGORITHM_RIPEMD => array(6, 'ripemd'),
+ self::ALGORITHM_RIPEMD_160 => array(7, 'ripemd160'),
+ self::ALGORITHM_HMAC => array(9, ''), //'hmac' -> not possible with hash()
+ self::ALGORITHM_SHA_256 => array(12, 'sha256'),
+ self::ALGORITHM_SHA_384 => array(13, 'sha384'),
+ self::ALGORITHM_SHA_512 => array(14, 'sha512'),
  );
 
  private static $initialCodeArray = array(
@@ -82,12 +97,12 @@ class PasswordEncoder
  * @see https://blogs.msdn.microsoft.com/vsod/2010/04/05/how-to-set-the-editing-restrictions-in-word-using-open-xml-sdk-2-0/
  *
  * @param string $password
- * @param number $algorithmSid
+ * @param string $algorithmName
  * @param string $salt
- * @param number $spinCount
+ * @param integer $spinCount
  * @return string
  */
- public static function hashPassword($password, $algorithmSid = 4, $salt = null, $spinCount = 10000)
+ public static function hashPassword($password, $algorithmName = PasswordEncoder::ALGORITHM_SHA_1, $salt = null, $spinCount = 10000)
  {
  $origEncoding = mb_internal_encoding();
  mb_internal_encoding('UTF-8');
@@ -118,7 +133,7 @@ public static function hashPassword($password, $algorithmSid = 4, $salt = null,
  // Implementation Notes List:
  // Word requires that the initial hash of the password with the salt not be considered in the count.
  // The initial hash of salt + key is not included in the iteration count.
- $algorithm = self::getAlgorithm($algorithmSid);
+ $algorithm = self::getAlgorithm($algorithmName);
  $generatedKey = hash($algorithm, $salt . $generatedKey, true);
 
  for ($i = 0; $i < $spinCount; $i++) {
@@ -134,12 +149,12 @@ public static function hashPassword($password, $algorithmSid = 4, $salt = null,
  /**
  * Get algorithm from self::$algorithmMapping
  *
- * @param int $sid
+ * @param string $algorithmName
  * @return string
  */
- private static function getAlgorithm($sid)
+ private static function getAlgorithm($algorithmName)
  {
- $algorithm = self::$algorithmMapping[$sid];
+ $algorithm = self::$algorithmMapping[$algorithmName][1];
  if ($algorithm == '') {
  $algorithm = 'sha1';
  }
@@ -155,16 +170,17 @@ private static function getAlgorithm($sid)
  */
  private static function buildCombinedKey($byteChars)
  {
+ $byteCharsLength = count($byteChars);
  // Compute the high-order word
  // Initialize from the initial code array (see above), depending on the passwords length.
- $highOrderWord = self::$initialCodeArray[count($byteChars) - 1];
+ $highOrderWord = self::$initialCodeArray[$byteCharsLength - 1];
 
  // For each character in the password:
  // For every bit in the character, starting with the least significant and progressing to (but excluding)
  // the most significant, if the bit is set, XOR the key’s high-order word with the corresponding word from
  // the Encryption Matrix
- for ($i = 0; $i < count($byteChars); $i++) {
- $tmp = self::$passwordMaxLength - count($byteChars) + $i;
+ for ($i = 0; $i < $byteCharsLength; $i++) {
+ $tmp = self::$passwordMaxLength - $byteCharsLength + $i;
  $matrixRow = self::$encryptionMatrix[$tmp];
  for ($intBit = 0; $intBit < 7; $intBit++) {
  if (($byteChars[$i] & (0x0001 << $intBit)) != 0) {
@@ -177,12 +193,12 @@ private static function buildCombinedKey($byteChars)
  // Initialize with 0
  $lowOrderWord = 0;
  // For each character in the password, going backwards
- for ($i = count($byteChars) - 1; $i >= 0; $i--) {
+ for ($i = $byteCharsLength - 1; $i >= 0; $i--) {
  // low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR character
  $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ $byteChars[$i]);
  }
  // Lastly, low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR strPassword length XOR 0xCE4B.
- $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ count($byteChars) ^ 0xCE4B);
+ $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ $byteCharsLength ^ 0xCE4B);
 
  // Combine the Low and High Order Word
  return self::int32(($highOrderWord << 16) + $lowOrderWord);

src/PhpWord/Writer/Word2007/Part/Settings.php

@@ -193,7 +193,7 @@ private function setDocumentProtection($documentProtection)
  if ($documentProtection->getSalt() == null) {
  $documentProtection->setSalt(openssl_random_pseudo_bytes(16));
  }
- $passwordHash = PasswordEncoder::hashPassword($documentProtection->getPassword(), $documentProtection->getMswordAlgorithmSid(), $documentProtection->getSalt(), $documentProtection->getSpinCount());
+ $passwordHash = PasswordEncoder::hashPassword($documentProtection->getPassword(), $documentProtection->getAlgorithm(), $documentProtection->getSalt(), $documentProtection->getSpinCount());
  $this->settings['w:documentProtection'] = array(
  '@attributes' => array(
  'w:enforcement' => 1,

tests/PhpWord/Shared/Microsoft/PasswordEncoderTest.php

@@ -51,7 +51,7 @@ public function testEncodePasswordWithSalt()
  $salt = base64_decode('uq81pJRRGFIY5U+E9gt8tA==');
 
  //when
- $hashPassword = PasswordEncoder::hashPassword($password, 4, $salt);
+ $hashPassword = PasswordEncoder::hashPassword($password, PasswordEncoder::ALGORITHM_SHA_1, $salt);
 
  //then
  TestCase::assertEquals('QiDOcpia1YzSVJPiKPwWebl9p/0=', $hashPassword);
@@ -67,7 +67,7 @@ public function testDafaultsToSha1IfUnsupportedAlgorithm()
  $salt = base64_decode('uq81pJRRGFIY5U+E9gt8tA==');
 
  //when
- $hashPassword = PasswordEncoder::hashPassword($password, 5, $salt);
+ $hashPassword = PasswordEncoder::hashPassword($password, PasswordEncoder::ALGORITHM_MAC, $salt);
 
  //then
  TestCase::assertEquals('QiDOcpia1YzSVJPiKPwWebl9p/0=', $hashPassword);
@@ -83,7 +83,7 @@ public function testEncodePasswordWithNullAsciiCodeInPassword()
  $salt = base64_decode('uq81pJRRGFIY5U+E9gt8tA==');
 
  //when
- $hashPassword = PasswordEncoder::hashPassword($password, 5, $salt, 1);
+ $hashPassword = PasswordEncoder::hashPassword($password, PasswordEncoder::ALGORITHM_MAC, $salt, 1);
 
  //then
  TestCase::assertEquals('rDV9sgdDsztoCQlvRCb1lF2wxNg=', $hashPassword);