Code Coverage for /home/runner/work/PHPWord/PHPWord/src/PhpWord/Shared/Microsoft/PasswordEncoder.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	100.00% covered (success)	100.00%	38 / 38	100.00% covered (success)	100.00%	4 / 4	CRAP	100.00% covered (success)	100.00%	1 / 1
PasswordEncoder	100.00% covered (success)	100.00%	38 / 38	100.00% covered (success)	100.00%	4 / 4	14	100.00% covered (success)	100.00%	1 / 1
hashPassword	100.00% covered (success)	100.00%	20 / 20	100.00% covered (success)	100.00%	1 / 1	4
getAlgorithm	100.00% covered (success)	100.00%	4 / 4	100.00% covered (success)	100.00%	1 / 1	2
getAlgorithmId	100.00% covered (success)	100.00%	1 / 1	100.00% covered (success)	100.00%	1 / 1	1
buildCombinedKey	100.00% covered (success)	100.00%	13 / 13	100.00% covered (success)	100.00%	1 / 1	5
int32		n/a	0 / 0		n/a	0 / 0	2

1	<?php
2	/**
3	* This file is part of PHPWord - A pure PHP library for reading and writing
4	* word processing documents.
5	*
6	* PHPWord is free software distributed under the terms of the GNU Lesser
7	* General Public License version 3 as published by the Free Software Foundation.
8	*
9	* For the full copyright and license information, please read the LICENSE
10	* file that was distributed with this source code. For the full list of
11	* contributors, visit https://github.com/PHPOffice/PHPWord/contributors.
12	*
13	* @see https://github.com/PHPOffice/PHPWord
14	*
15	* @license http://www.gnu.org/licenses/lgpl.txt LGPL version 3
16	*/
17
18	namespace PhpOffice\PhpWord\Shared\Microsoft;
19
20	/**
21	* Password encoder for microsoft office applications.
22	*/
23	class PasswordEncoder
24	{
25	const ALGORITHM_MD2 = 'MD2';
26	const ALGORITHM_MD4 = 'MD4';
27	const ALGORITHM_MD5 = 'MD5';
28	const ALGORITHM_SHA_1 = 'SHA-1';
29	const ALGORITHM_SHA_256 = 'SHA-256';
30	const ALGORITHM_SHA_384 = 'SHA-384';
31	const ALGORITHM_SHA_512 = 'SHA-512';
32	const ALGORITHM_RIPEMD = 'RIPEMD';
33	const ALGORITHM_RIPEMD_160 = 'RIPEMD-160';
34	const ALGORITHM_MAC = 'MAC';
35	const ALGORITHM_HMAC = 'HMAC';
36
37	private const ALL_ONE_BITS = (PHP_INT_SIZE > 4) ? 0xFFFFFFFF : -1;
38	private const HIGH_ORDER_BIT = (PHP_INT_SIZE > 4) ? 0x80000000 : PHP_INT_MIN;
39
40	/**
41	* Mapping between algorithm name and algorithm ID.
42	*
43	* @var array
44	*
45	* @see https://msdn.microsoft.com/en-us/library/documentformat.openxml.wordprocessing.writeprotection.cryptographicalgorithmsid(v=office.14).aspx
46	*/
47	private static $algorithmMapping = [
48	self::ALGORITHM_MD2 => [1, 'md2'],
49	self::ALGORITHM_MD4 => [2, 'md4'],
50	self::ALGORITHM_MD5 => [3, 'md5'],
51	self::ALGORITHM_SHA_1 => [4, 'sha1'],
52	self::ALGORITHM_MAC => [5, ''], // 'mac' -> not possible with hash()
53	self::ALGORITHM_RIPEMD => [6, 'ripemd'],
54	self::ALGORITHM_RIPEMD_160 => [7, 'ripemd160'],
55	self::ALGORITHM_HMAC => [9, ''], //'hmac' -> not possible with hash()
56	self::ALGORITHM_SHA_256 => [12, 'sha256'],
57	self::ALGORITHM_SHA_384 => [13, 'sha384'],
58	self::ALGORITHM_SHA_512 => [14, 'sha512'],
59	];
60
61	private static $initialCodeArray = [
62	0xE1F0,
63	0x1D0F,
64	0xCC9C,
65	0x84C0,
66	0x110C,
67	0x0E10,
68	0xF1CE,
69	0x313E,
70	0x1872,
71	0xE139,
72	0xD40F,
73	0x84F9,
74	0x280C,
75	0xA96A,
76	0x4EC3,
77	];
78
79	private static $encryptionMatrix = [
80	[0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09],
81	[0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF],
82	[0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0],
83	[0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40],
84	[0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5],
85	[0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A],
86	[0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9],
87	[0x47D3, 0x8FA6, 0x0F6D, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0],
88	[0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC],
89	[0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10],
90	[0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168],
91	[0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C],
92	[0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD],
93	[0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC],
94	[0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4],
95	];
96
97	private static $passwordMaxLength = 15;
98
99	/**
100	* Create a hashed password that MS Word will be able to work with.
101	*
102	* @see https://blogs.msdn.microsoft.com/vsod/2010/04/05/how-to-set-the-editing-restrictions-in-word-using-open-xml-sdk-2-0/
103	*
104	* @param string $password
105	* @param string $algorithmName
106	* @param string $salt
107	* @param int $spinCount
108	*
109	* @return string
110	*/
111	public static function hashPassword($password, $algorithmName = self::ALGORITHM_SHA_1, $salt = null, $spinCount = 10000)
112	{
113	$origEncoding = mb_internal_encoding();
114	mb_internal_encoding('UTF-8');
115
116	$password = mb_substr($password, 0, min(self::$passwordMaxLength, mb_strlen($password)));
117
118	// Get the single-byte values by iterating through the Unicode characters of the truncated password.
119	// For each character, if the low byte is not equal to 0, take it. Otherwise, take the high byte.
120	$passUtf8 = mb_convert_encoding($password, 'UCS-2LE', 'UTF-8');
121	$byteChars = [];
122
123	for ($i = 0; $i < mb_strlen($password); ++$i) {
124	$byteChars[$i] = ord(substr($passUtf8, $i * 2, 1));
125
126	if ($byteChars[$i] == 0) {
127	$byteChars[$i] = ord(substr($passUtf8, $i * 2 + 1, 1));
128	}
129	}
130
131	// build low-order word and hig-order word and combine them
132	$combinedKey = self::buildCombinedKey($byteChars);
133	// build reversed hexadecimal string
134	$hex = str_pad(strtoupper(dechex($combinedKey & self::ALL_ONE_BITS)), 8, '0', \STR_PAD_LEFT);
135	$reversedHex = $hex[6] . $hex[7] . $hex[4] . $hex[5] . $hex[2] . $hex[3] . $hex[0] . $hex[1];
136
137	$generatedKey = mb_convert_encoding($reversedHex, 'UCS-2LE', 'UTF-8');
138
139	// Implementation Notes List:
140	// Word requires that the initial hash of the password with the salt not be considered in the count.
141	// The initial hash of salt + key is not included in the iteration count.
142	$algorithm = self::getAlgorithm($algorithmName);
143	$generatedKey = hash($algorithm, $salt . $generatedKey, true);
144
145	for ($i = 0; $i < $spinCount; ++$i) {
146	$generatedKey = hash($algorithm, $generatedKey . pack('CCCC', $i, $i >> 8, $i >> 16, $i >> 24), true);
147	}
148	$generatedKey = base64_encode($generatedKey);
149
150	mb_internal_encoding($origEncoding);
151
152	return $generatedKey;
153	}
154
155	/**
156	* Get algorithm from self::$algorithmMapping.
157	*
158	* @param string $algorithmName
159	*
160	* @return string
161	*/
162	private static function getAlgorithm($algorithmName)
163	{
164	$algorithm = self::$algorithmMapping[$algorithmName][1];
165	if ($algorithm == '') {
166	$algorithm = 'sha1';
167	}
168
169	return $algorithm;
170	}
171
172	/**
173	* Returns the algorithm ID.
174	*
175	* @param string $algorithmName
176	*
177	* @return int
178	*/
179	public static function getAlgorithmId($algorithmName)
180	{
181	return self::$algorithmMapping[$algorithmName][0];
182	}
183
184	/**
185	* Build combined key from low-order word and high-order word.
186	*
187	* @param array $byteChars byte array representation of password
188	*
189	* @return int
190	*/
191	private static function buildCombinedKey($byteChars)
192	{
193	$byteCharsLength = count($byteChars);
194	// Compute the high-order word
195	// Initialize from the initial code array (see above), depending on the passwords length.
196	$highOrderWord = self::$initialCodeArray[$byteCharsLength - 1];
197
198	// For each character in the password:
199	// For every bit in the character, starting with the least significant and progressing to (but excluding)
200	// the most significant, if the bit is set, XOR the key’s high-order word with the corresponding word from
201	// the Encryption Matrix
202	for ($i = 0; $i < $byteCharsLength; ++$i) {
203	$tmp = self::$passwordMaxLength - $byteCharsLength + $i;
204	$matrixRow = self::$encryptionMatrix[$tmp];
205	for ($intBit = 0; $intBit < 7; ++$intBit) {
206	if (($byteChars[$i] & (0x0001 << $intBit)) != 0) {
207	$highOrderWord = ($highOrderWord ^ $matrixRow[$intBit]);
208	}
209	}
210	}
211
212	// Compute low-order word
213	// Initialize with 0
214	$lowOrderWord = 0;
215	// For each character in the password, going backwards
216	for ($i = $byteCharsLength - 1; $i >= 0; --$i) {
217	// low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR character
218	$lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) \| (($lowOrderWord << 1) & 0x7FFF)) ^ $byteChars[$i]);
219	}
220	// Lastly, low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR strPassword length XOR 0xCE4B.
221	$lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) \| (($lowOrderWord << 1) & 0x7FFF)) ^ $byteCharsLength ^ 0xCE4B);
222
223	// Combine the Low and High Order Word
224	return self::int32(($highOrderWord << 16) + $lowOrderWord);
225	}
226
227	/**
228	* Simulate behaviour of (signed) int32.
229	*
230	* @codeCoverageIgnore
231	*
232	* @param int $value
233	*
234	* @return int
235	*/
236	private static function int32($value)
237	{
238	$value = $value & self::ALL_ONE_BITS;
239
240	if ($value & self::HIGH_ORDER_BIT) {
241	$value = -((~$value & self::ALL_ONE_BITS) + 1);
242	}
243
244	return $value;
245	}
246	}