PasswordEncoder::hashPassword() - Code Metrics - Inspection of "Merge pull request #29 from seamuslee001/libxml_im..." - PHPOffice/Common - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — develop ( 91b3d7...9e4d0d )

by Franck

created 2019-03-04 14:54 UTC

PasswordEncoder::hashPassword() A

↳ Parent: PasswordEncoder

Complexity

Conditions	4
Paths	6

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	21
CRAP Score	4

Importance

Changes

Metric	Value
dl	0
loc	43
ccs	21
cts	21
cp	1
rs	9.232
c	0
b	0
f	0
cc	4
nc	6
nop	4
crap	4

<?php
/**
 * This file is part of PHPOffice Common
 *
 * PHPOffice Common is free software distributed under the terms of the GNU Lesser
 * General Public License version 3 as published by the Free Software Foundation.
 *
 * For the full copyright and license information, please read the LICENSE
 * file that was distributed with this source code. For the full list of
 * contributors, visit https://github.com/PHPOffice/Common/contributors.
 *
 * @link        https://github.com/PHPOffice/Common
 * @copyright   2009-2016 PHPOffice Common contributors
 * @license     http://www.gnu.org/licenses/lgpl.txt LGPL version 3
 */

namespace PhpOffice\Common\Microsoft;

/**
 * Password encoder for microsoft office applications
 */
class PasswordEncoder
{
    const ALGORITHM_MD2 = 'MD2';
    const ALGORITHM_MD4 = 'MD4';
    const ALGORITHM_MD5 = 'MD5';
    const ALGORITHM_SHA_1 = 'SHA-1';
    const ALGORITHM_SHA_256 = 'SHA-256';
    const ALGORITHM_SHA_384 = 'SHA-384';
    const ALGORITHM_SHA_512 = 'SHA-512';
    const ALGORITHM_RIPEMD = 'RIPEMD';
    const ALGORITHM_RIPEMD_160 = 'RIPEMD-160';
    const ALGORITHM_MAC = 'MAC';
    const ALGORITHM_HMAC = 'HMAC';

    /**
     * Mapping between algorithm name and algorithm ID
     *
     * @var array
     * @see https://msdn.microsoft.com/en-us/library/documentformat.openxml.wordprocessing.writeprotection.cryptographicalgorithmsid(v=office.14).aspx
     */
    private static $algorithmMapping = array(
        self::ALGORITHM_MD2        => array(1, 'md2'),
        self::ALGORITHM_MD4        => array(2, 'md4'),
        self::ALGORITHM_MD5        => array(3, 'md5'),
        self::ALGORITHM_SHA_1      => array(4, 'sha1'),
        self::ALGORITHM_MAC        => array(5, ''), // 'mac' -> not possible with hash()
        self::ALGORITHM_RIPEMD     => array(6, 'ripemd'),
        self::ALGORITHM_RIPEMD_160 => array(7, 'ripemd160'),
        self::ALGORITHM_HMAC       => array(9, ''), //'hmac' -> not possible with hash()
        self::ALGORITHM_SHA_256    => array(12, 'sha256'),
        self::ALGORITHM_SHA_384    => array(13, 'sha384'),
        self::ALGORITHM_SHA_512    => array(14, 'sha512'),
    );

    private static $initialCodeArray = array(
        0xE1F0,
        0x1D0F,
        0xCC9C,
        0x84C0,
        0x110C,
        0x0E10,
        0xF1CE,
        0x313E,
        0x1872,
        0xE139,
        0xD40F,
        0x84F9,
        0x280C,
        0xA96A,
        0x4EC3,
    );

    private static $encryptionMatrix = array(
        array(0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09),
        array(0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF),
        array(0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0),
        array(0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40),
        array(0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5),
        array(0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A),
        array(0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9),
        array(0x47D3, 0x8FA6, 0x0F6D, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0),
        array(0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC),
        array(0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10),
        array(0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168),
        array(0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C),
        array(0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD),
        array(0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC),
        array(0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4),
    );

    private static $passwordMaxLength = 15;

    /**
     * Create a hashed password that MS Word will be able to work with
     * @see https://blogs.msdn.microsoft.com/vsod/2010/04/05/how-to-set-the-editing-restrictions-in-word-using-open-xml-sdk-2-0/
     *
     * @param string $password
     * @param string $algorithmName
     * @param string $salt
     * @param int $spinCount
     * @return string
     */
    public static function hashPassword($password, $algorithmName = self::ALGORITHM_SHA_1, $salt = null, $spinCount = 10000)
    {
        $origEncoding = mb_internal_encoding();
        mb_internal_encoding('UTF-8');

        $password = mb_substr($password, 0, min(self::$passwordMaxLength, mb_strlen($password)));

        //   Get the single-byte values by iterating through the Unicode characters of the truncated password.
        //   For each character, if the low byte is not equal to 0, take it. Otherwise, take the high byte.
        $passUtf8 = mb_convert_encoding($password, 'UCS-2LE', 'UTF-8');
        $byteChars = array();

        for ($i = 0; $i < mb_strlen($password); $i++) {
            $byteChars[$i] = ord(substr($passUtf8, $i * 2, 1));

            if ($byteChars[$i] == 0) {
                $byteChars[$i] = ord(substr($passUtf8, $i * 2 + 1, 1));
            }
        }

        // build low-order word and hig-order word and combine them
        $combinedKey = self::buildCombinedKey($byteChars);
        // build reversed hexadecimal string
        $hex = str_pad(strtoupper(dechex($combinedKey & 0xFFFFFFFF)), 8, '0', \STR_PAD_LEFT);
        $reversedHex = $hex[6] . $hex[7] . $hex[4] . $hex[5] . $hex[2] . $hex[3] . $hex[0] . $hex[1];

        $generatedKey = mb_convert_encoding($reversedHex, 'UCS-2LE', 'UTF-8');

        // Implementation Notes List:
        //   Word requires that the initial hash of the password with the salt not be considered in the count.
        //   The initial hash of salt + key is not included in the iteration count.
        $algorithm = self::getAlgorithm($algorithmName);
        $generatedKey = hash($algorithm, $salt . $generatedKey, true);

        for ($i = 0; $i < $spinCount; $i++) {
            $generatedKey = hash($algorithm, $generatedKey . pack('CCCC', $i, $i >> 8, $i >> 16, $i >> 24), true);
        }
        $generatedKey = base64_encode($generatedKey);

        mb_internal_encoding($origEncoding);

        return $generatedKey;
    }

    /**
     * Get algorithm from self::$algorithmMapping
     *
     * @param string $algorithmName
     * @return string
     */
    private static function getAlgorithm($algorithmName)
    {
        $algorithm = self::$algorithmMapping[$algorithmName][1];
        if ($algorithm == '') {
            $algorithm = 'sha1';
        }

        return $algorithm;
    }

    /**
     * Returns the algorithm ID
     *
     * @param string $algorithmName
     * @return int
     */
    public static function getAlgorithmId($algorithmName)
    {
        return self::$algorithmMapping[$algorithmName][0];
    }

    /**
     * Build combined key from low-order word and high-order word
     *
     * @param array $byteChars byte array representation of password
     * @return int
     */
    private static function buildCombinedKey($byteChars)
    {
        $byteCharsLength = count($byteChars);
        // Compute the high-order word
        // Initialize from the initial code array (see above), depending on the passwords length.
        $highOrderWord = self::$initialCodeArray[$byteCharsLength - 1];

        // For each character in the password:
        //   For every bit in the character, starting with the least significant and progressing to (but excluding)
        //   the most significant, if the bit is set, XOR the key’s high-order word with the corresponding word from
        //   the Encryption Matrix
        for ($i = 0; $i < $byteCharsLength; $i++) {
            $tmp = self::$passwordMaxLength - $byteCharsLength + $i;
            $matrixRow = self::$encryptionMatrix[$tmp];
            for ($intBit = 0; $intBit < 7; $intBit++) {
                if (($byteChars[$i] & (0x0001 << $intBit)) != 0) {
                    $highOrderWord = ($highOrderWord ^ $matrixRow[$intBit]);
                }
            }
        }

        // Compute low-order word
        // Initialize with 0
        $lowOrderWord = 0;
        // For each character in the password, going backwards
        for ($i = $byteCharsLength - 1; $i >= 0; $i--) {
            // low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR character
            $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ $byteChars[$i]);
        }
        // Lastly, low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR strPassword length XOR 0xCE4B.
        $lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) | (($lowOrderWord << 1) & 0x7FFF)) ^ $byteCharsLength ^ 0xCE4B);

        // Combine the Low and High Order Word
        return self::int32(($highOrderWord << 16) + $lowOrderWord);
    }

    /**
     * Simulate behaviour of (signed) int32
     *
     * @codeCoverageIgnore
     * @param int $value
     * @return int
     */
    private static function int32($value)
    {
        $value = ($value & 0xFFFFFFFF);

        if ($value & 0x80000000) {
            $value = -((~$value & 0xFFFFFFFF) + 1);
        }

        return $value;
    }
}


1		<?php
2		/**
3		* This file is part of PHPOffice Common
4		*
5		* PHPOffice Common is free software distributed under the terms of the GNU Lesser
6		* General Public License version 3 as published by the Free Software Foundation.
7		*
8		* For the full copyright and license information, please read the LICENSE
9		* file that was distributed with this source code. For the full list of
10		* contributors, visit https://github.com/PHPOffice/Common/contributors.
11		*
12		* @link https://github.com/PHPOffice/Common
13		* @copyright 2009-2016 PHPOffice Common contributors
14		* @license http://www.gnu.org/licenses/lgpl.txt LGPL version 3
15		*/
16
17		namespace PhpOffice\Common\Microsoft;
18
19		/**
20		* Password encoder for microsoft office applications
21		*/
22		class PasswordEncoder
23		{
24		const ALGORITHM_MD2 = 'MD2';
25		const ALGORITHM_MD4 = 'MD4';
26		const ALGORITHM_MD5 = 'MD5';
27		const ALGORITHM_SHA_1 = 'SHA-1';
28		const ALGORITHM_SHA_256 = 'SHA-256';
29		const ALGORITHM_SHA_384 = 'SHA-384';
30		const ALGORITHM_SHA_512 = 'SHA-512';
31		const ALGORITHM_RIPEMD = 'RIPEMD';
32		const ALGORITHM_RIPEMD_160 = 'RIPEMD-160';
33		const ALGORITHM_MAC = 'MAC';
34		const ALGORITHM_HMAC = 'HMAC';
35
36		/**
37		* Mapping between algorithm name and algorithm ID
38		*
39		* @var array
40		* @see https://msdn.microsoft.com/en-us/library/documentformat.openxml.wordprocessing.writeprotection.cryptographicalgorithmsid(v=office.14).aspx
41		*/
42		private static $algorithmMapping = array(
43		self::ALGORITHM_MD2 => array(1, 'md2'),
44		self::ALGORITHM_MD4 => array(2, 'md4'),
45		self::ALGORITHM_MD5 => array(3, 'md5'),
46		self::ALGORITHM_SHA_1 => array(4, 'sha1'),
47		self::ALGORITHM_MAC => array(5, ''), // 'mac' -> not possible with hash()
48		self::ALGORITHM_RIPEMD => array(6, 'ripemd'),
49		self::ALGORITHM_RIPEMD_160 => array(7, 'ripemd160'),
50		self::ALGORITHM_HMAC => array(9, ''), //'hmac' -> not possible with hash()
51		self::ALGORITHM_SHA_256 => array(12, 'sha256'),
52		self::ALGORITHM_SHA_384 => array(13, 'sha384'),
53		self::ALGORITHM_SHA_512 => array(14, 'sha512'),
54		);
55
56		private static $initialCodeArray = array(
57		0xE1F0,
58		0x1D0F,
59		0xCC9C,
60		0x84C0,
61		0x110C,
62		0x0E10,
63		0xF1CE,
64		0x313E,
65		0x1872,
66		0xE139,
67		0xD40F,
68		0x84F9,
69		0x280C,
70		0xA96A,
71		0x4EC3,
72		);
73
74		private static $encryptionMatrix = array(
75		array(0xAEFC, 0x4DD9, 0x9BB2, 0x2745, 0x4E8A, 0x9D14, 0x2A09),
76		array(0x7B61, 0xF6C2, 0xFDA5, 0xEB6B, 0xC6F7, 0x9DCF, 0x2BBF),
77		array(0x4563, 0x8AC6, 0x05AD, 0x0B5A, 0x16B4, 0x2D68, 0x5AD0),
78		array(0x0375, 0x06EA, 0x0DD4, 0x1BA8, 0x3750, 0x6EA0, 0xDD40),
79		array(0xD849, 0xA0B3, 0x5147, 0xA28E, 0x553D, 0xAA7A, 0x44D5),
80		array(0x6F45, 0xDE8A, 0xAD35, 0x4A4B, 0x9496, 0x390D, 0x721A),
81		array(0xEB23, 0xC667, 0x9CEF, 0x29FF, 0x53FE, 0xA7FC, 0x5FD9),
82		array(0x47D3, 0x8FA6, 0x0F6D, 0x1EDA, 0x3DB4, 0x7B68, 0xF6D0),
83		array(0xB861, 0x60E3, 0xC1C6, 0x93AD, 0x377B, 0x6EF6, 0xDDEC),
84		array(0x45A0, 0x8B40, 0x06A1, 0x0D42, 0x1A84, 0x3508, 0x6A10),
85		array(0xAA51, 0x4483, 0x8906, 0x022D, 0x045A, 0x08B4, 0x1168),
86		array(0x76B4, 0xED68, 0xCAF1, 0x85C3, 0x1BA7, 0x374E, 0x6E9C),
87		array(0x3730, 0x6E60, 0xDCC0, 0xA9A1, 0x4363, 0x86C6, 0x1DAD),
88		array(0x3331, 0x6662, 0xCCC4, 0x89A9, 0x0373, 0x06E6, 0x0DCC),
89		array(0x1021, 0x2042, 0x4084, 0x8108, 0x1231, 0x2462, 0x48C4),
90		);
91
92		private static $passwordMaxLength = 15;
93
94		/**
95		* Create a hashed password that MS Word will be able to work with
96		* @see https://blogs.msdn.microsoft.com/vsod/2010/04/05/how-to-set-the-editing-restrictions-in-word-using-open-xml-sdk-2-0/
97		*
98		* @param string $password
99		* @param string $algorithmName
100		* @param string $salt
101		* @param int $spinCount
102		* @return string
103		*/
104	4	public static function hashPassword($password, $algorithmName = self::ALGORITHM_SHA_1, $salt = null, $spinCount = 10000)
105		{
106	4	$origEncoding = mb_internal_encoding();
107	4	mb_internal_encoding('UTF-8');
108
109	4	$password = mb_substr($password, 0, min(self::$passwordMaxLength, mb_strlen($password)));
110
111		// Get the single-byte values by iterating through the Unicode characters of the truncated password.
112		// For each character, if the low byte is not equal to 0, take it. Otherwise, take the high byte.
113	4	$passUtf8 = mb_convert_encoding($password, 'UCS-2LE', 'UTF-8');
114	4	$byteChars = array();
115
116	4	for ($i = 0; $i < mb_strlen($password); $i++) {
117	4	$byteChars[$i] = ord(substr($passUtf8, $i * 2, 1));
118
119	4	if ($byteChars[$i] == 0) {
120	1	$byteChars[$i] = ord(substr($passUtf8, $i * 2 + 1, 1));
121		}
122		}
123
124		// build low-order word and hig-order word and combine them
125	4	$combinedKey = self::buildCombinedKey($byteChars);
126		// build reversed hexadecimal string
127	4	$hex = str_pad(strtoupper(dechex($combinedKey & 0xFFFFFFFF)), 8, '0', \STR_PAD_LEFT);
128	4	$reversedHex = $hex[6] . $hex[7] . $hex[4] . $hex[5] . $hex[2] . $hex[3] . $hex[0] . $hex[1];
129
130	4	$generatedKey = mb_convert_encoding($reversedHex, 'UCS-2LE', 'UTF-8');
131
132		// Implementation Notes List:
133		// Word requires that the initial hash of the password with the salt not be considered in the count.
134		// The initial hash of salt + key is not included in the iteration count.
135	4	$algorithm = self::getAlgorithm($algorithmName);
136	4	$generatedKey = hash($algorithm, $salt . $generatedKey, true);
137
138	4	for ($i = 0; $i < $spinCount; $i++) {
139	4	$generatedKey = hash($algorithm, $generatedKey . pack('CCCC', $i, $i >> 8, $i >> 16, $i >> 24), true);
140		}
141	4	$generatedKey = base64_encode($generatedKey);
142
143	4	mb_internal_encoding($origEncoding);
144
145	4	return $generatedKey;
146		}
147
148		/**
149		* Get algorithm from self::$algorithmMapping
150		*
151		* @param string $algorithmName
152		* @return string
153		*/
154	4	private static function getAlgorithm($algorithmName)
155		{
156	4	$algorithm = self::$algorithmMapping[$algorithmName][1];
157	4	if ($algorithm == '') {
158	2	$algorithm = 'sha1';
159		}
160
161	4	return $algorithm;
162		}
163
164		/**
165		* Returns the algorithm ID
166		*
167		* @param string $algorithmName
168		* @return int
169		*/
170		public static function getAlgorithmId($algorithmName)
171		{
172		return self::$algorithmMapping[$algorithmName][0];
173		}
174
175		/**
176		* Build combined key from low-order word and high-order word
177		*
178		* @param array $byteChars byte array representation of password
179		* @return int
180		*/
181	4	private static function buildCombinedKey($byteChars)
182		{
183	4	$byteCharsLength = count($byteChars);
184		// Compute the high-order word
185		// Initialize from the initial code array (see above), depending on the passwords length.
186	4	$highOrderWord = self::$initialCodeArray[$byteCharsLength - 1];
187
188		// For each character in the password:
189		// For every bit in the character, starting with the least significant and progressing to (but excluding)
190		// the most significant, if the bit is set, XOR the key’s high-order word with the corresponding word from
191		// the Encryption Matrix
192	4	for ($i = 0; $i < $byteCharsLength; $i++) {
193	4	$tmp = self::$passwordMaxLength - $byteCharsLength + $i;
194	4	$matrixRow = self::$encryptionMatrix[$tmp];
195	4	for ($intBit = 0; $intBit < 7; $intBit++) {
196	4	if (($byteChars[$i] & (0x0001 << $intBit)) != 0) {
197	4	$highOrderWord = ($highOrderWord ^ $matrixRow[$intBit]);
198		}
199		}
200		}
201
202		// Compute low-order word
203		// Initialize with 0
204	4	$lowOrderWord = 0;
205		// For each character in the password, going backwards
206	4	for ($i = $byteCharsLength - 1; $i >= 0; $i--) {
207		// low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR character
208	4	$lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) \| (($lowOrderWord << 1) & 0x7FFF)) ^ $byteChars[$i]);
209		}
210		// Lastly, low-order word = (((low-order word SHR 14) AND 0x0001) OR (low-order word SHL 1) AND 0x7FFF)) XOR strPassword length XOR 0xCE4B.
211	4	$lowOrderWord = (((($lowOrderWord >> 14) & 0x0001) \| (($lowOrderWord << 1) & 0x7FFF)) ^ $byteCharsLength ^ 0xCE4B);
212
213		// Combine the Low and High Order Word
214	4	return self::int32(($highOrderWord << 16) + $lowOrderWord);
215		}
216
217		/**
218		* Simulate behaviour of (signed) int32
219		*
220		* @codeCoverageIgnore
221		* @param int $value
222		* @return int
223		*/
224		private static function int32($value)
225		{
226		$value = ($value & 0xFFFFFFFF);
227
228		if ($value & 0x80000000) {
229		$value = -((~$value & 0xFFFFFFFF) + 1);
230		}
231
232		return $value;
233		}
234		}
235

PHPOffice / Common

Push — develop ( 91b3d7...9e4d0d )

PasswordEncoder::hashPassword() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like