/**
* does magical things to the shit in the input buffer of the given size and
* secretes it into the output buffer of the same size. also if something bad
* happens it crashes lol
*
* note: the output buffer needs to be 64 bytes bigger than the input buffer to
* accomodate the generated IV
*/
EXPORT void cryptoshit_encrypt(void *key, void *in, size_t inSz, void *out, size_t outSz) {
// check the output buffer size !!!
size_t inSzUp = (inSz & 0xF) ? ((inSz & (~0xF)) + 0xF) : inSz;
size_t minOutSz = inSzUp + IV_LENGTH;
if(outSz < minOutSz) {
printf("ur stupid the out buffer must be %lu, it's actually %lu (kill urself)\n", minOutSz, outSz);
abort();
}
// genearte iv
void *iv = out;
uint64_t *plainSzPtr = (uint64_t *) (((uint8_t *) iv) + IV_LENGTH);
uint64_t *cryptoSzPtr = (uint64_t *) (((uint8_t *) plainSzPtr) + 8);
void *cryptoText = ((uint8_t *) cryptoSzPtr) + 8;
*plainSzPtr = (uint64_t) inSz;
generateIv(iv);
// encrypt lol
int bytesEncrypted = encrypt(in, inSz, key, iv, cryptoText);
// get the crypto size
*cryptoSzPtr = (uint64_t) bytesEncrypted;
}
/*
verify integrity
hmac = openssl dgst -sha1 -mac HMAC -macopt hexkey:hex(salt) encryptedpackage
hmac == hex(expected)
*/
inline bool VerifyIntegrity(
const std::string& encryptedPackage,
const CipherParam& keyData,
const std::string& secretKey,
const std::string& saltValue,
const std::string& encryptedHmacKey,
const std::string& encryptedHmacValue)
{
const std::string iv1 = generateIv(keyData, ms::blkKey_dataIntegrity1, saltValue);
const std::string iv2 = generateIv(keyData, ms::blkKey_dataIntegrity2, saltValue);
const std::string salt = cipher(keyData.cipherName, encryptedHmacKey, secretKey, iv1, cybozu::crypto::Cipher::Decoding).substr(0, keyData.hashSize);
const std::string expected = cipher(keyData.cipherName, encryptedHmacValue, secretKey, iv2, cybozu::crypto::Cipher::Decoding).substr(0, keyData.hashSize);
cybozu::crypto::Hmac hmac(keyData.hashName);
std::string ret = hmac.eval(salt, encryptedPackage);
return ret == expected;
}
/*
[MS-OFFCRYPTO] 2.3.4.14
*/
inline void GenerateIntegrityParameter(
std::string& encryptedHmacKey,
std::string& encryptedHmacValue,
const std::string& encryptedPackage,
const CipherParam& keyData,
const std::string& secretKey,
const std::string& saltValue)
{
std::string salt;
FillRand(salt, keyData.hashSize);
#ifdef SAME_KEY
salt = fromHex("C9FACA5436849906B600DE95E155B47A01ABEDD0");
#endif
const std::string iv1 = generateIv(keyData, ms::blkKey_dataIntegrity1, saltValue);
const std::string iv2 = generateIv(keyData, ms::blkKey_dataIntegrity2, saltValue);
encryptedHmacKey = cipher(keyData.cipherName, salt, secretKey, iv1, cybozu::crypto::Cipher::Encoding);
cybozu::crypto::Hmac hmac(keyData.hashName);
std::string ret = hmac.eval(salt, encryptedPackage);
encryptedHmacValue = cipher(keyData.cipherName, ret, secretKey, iv2, cybozu::crypto::Cipher::Encoding);
}
int main()
try
{
cybozu::Mmap xmlFile("EncryptionInfo");
cybozu::MiniXml xml(xmlFile.get() + 8, xmlFile.get() + xmlFile.size());
const cybozu::minixml::Node *keyData = xml.get().getFirstTagByName("keyData");
const std::string keyData_saltValue(dec64(keyData->attr["saltValue"]));
const cybozu::minixml::Node *dataIntegrity = xml.get().getFirstTagByName("dataIntegrity");
const std::string encryptedHmacKey(dec64(dataIntegrity->attr["encryptedHmacKey"]));
const std::string encryptedHmacValue(dec64(dataIntegrity->attr["encryptedHmacValue"]));
// keyEncryptors
const cybozu::minixml::Node *p_encryptedKey = xml.get().getFirstTagByName("p:encryptedKey");
const int spinCount = cybozu::atoi(p_encryptedKey->attr["spinCount"]);
const std::string encryptedKey_saltValue(dec64(p_encryptedKey->attr["saltValue"]));
const std::string encryptedVerifierHashInput(dec64(p_encryptedKey->attr["encryptedVerifierHashInput"]));
const std::string encryptedVerifierHashValue(dec64(p_encryptedKey->attr["encryptedVerifierHashValue"]));
const std::string encryptedKeyValue(dec64(p_encryptedKey->attr["encryptedKeyValue"]));
std::string pass("t\x00""e\x00""s\x00""t\x00", 8);
const std::string kV("\xfe" "\xa7" "\xd2" "\x76" "\x3b" "\x4b" "\x9e" "\x79", 8);
const std::string kH("\xd7" "\xaa" "\x0f" "\x6d" "\x30" "\x61" "\x34" "\x4e", 8);
const std::string kC("\x14" "\x6e" "\x0b" "\xe7" "\xab" "\xac" "\xd0" "\xd6", 8);
puts("pass"); dump(pass);
const std::string pwHash = hashPassword(encryptedKey_saltValue, pass, spinCount);
const std::string iv = encryptedKey_saltValue;
const std::string skey1 = generateKey(pwHash, kV);
const std::string verifierHashInput = cipher(encryptedVerifierHashInput, skey1, iv);
puts("verifierHashInput");
dump(verifierHashInput);
const std::string hashedVerifier = hash(verifierHashInput);
puts("hashedVerifier"); dump(hashedVerifier);
const std::string skey2 = generateKey(pwHash, kH);
const std::string verifierHash = cipher(encryptedVerifierHashValue, skey2, iv).substr(0, hashedVerifier.size());
puts("verifierHash"); dump(verifierHash);
if (hashedVerifier != verifierHash) {
puts("miss");
return 1;
}
const std::string skey3 = generateKey(pwHash, kC);
std::string secretKey = cipher(encryptedKeyValue, skey3, iv);
puts("secretKey"); dump(secretKey);
cybozu::Mmap m("EncryptedPackage");
uint64_t fileSize = cybozu::Get64bitAsLE(m.get());
printf("fileSize=%d\n", (int)fileSize);
std::string encData(m.get() + 8, (int)m.size() - 8);
printf("encData.size=%d\n", (int)encData.size());
// decode
std::string decData = decContent(encData, secretKey, keyData_saltValue);
{
std::ofstream ofs("dec.pptx", std::ios::binary);
ofs.write(decData.c_str(), (int)fileSize);
}
// integrity
{
const std::string b1("\x5f" "\xb2" "\xad" "\x01" "\x0c" "\xb9" "\xe1" "\xf6", 8);
const std::string iv1 = generateIv(keyData_saltValue, b1);
const std::string salt = cipher(encryptedHmacKey, secretKey, iv1).substr(0, 20);
printf("salt=%s\n", hex(salt).c_str());
}
{
const std::string b2("\xa0" "\x67" "\x7f" "\x02" "\xb2" "\x2c" "\x84" "\x33", 8);
const std::string iv2 = generateIv(keyData_saltValue, b2);
const std::string r2 = cipher(encryptedHmacValue, secretKey, iv2).substr(0, 20);
printf(" r2=%s\n", hex(r2).c_str());
}
} catch (cybozu::Exception& e) {
printf("ERR %s\n", e.what());
}
