{"id":1111,"date":"2016-12-21T17:54:34","date_gmt":"2016-12-21T09:54:34","guid":{"rendered":"http:\/\/blog.axqd.net\/?p=1111"},"modified":"2016-12-21T17:54:34","modified_gmt":"2016-12-21T09:54:34","slug":"%e6%89%8b%e5%8a%a8%e8%a7%a3%e5%af%86%e5%be%ae%e8%bd%afagile-encryption%e7%9a%84ecma-376%e6%96%87%e6%a1%a3","status":"publish","type":"post","link":"https:\/\/blog.axqd.net\/?p=1111","title":{"rendered":"\u624b\u52a8\u89e3\u5bc6\u5fae\u8f6fAgile Encryption\u7684ECMA-376\u6587\u6863"},"content":{"rendered":"

\u5148\u7ed9\u4e00\u4e9b\u53c2\u8003\u8d44\u6599\uff0c\u5982\u679c\u6709\u6f0f\u6389\u7684\u90e8\u5206\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc\uff1a<\/p>\n

    \n
  1. [MS-OFFCRYPTO]: Office Document Cryptography Structure<\/a><\/li>\n
  2. [MS-CFB]: Compound File Binary File Format<\/a><\/li>\n
  3. Standard ECMA-376 Office Open XML File Formats<\/a><\/li>\n
  4. Apache POI Encryption Support<\/a><\/li>\n<\/ol>\n

    \u4e00 \u89e3\u6790CFB\u6587\u4ef6\u7ed3\u6784<\/h1>\n

    \u5148\u4ecb\u7ecd\u4e00\u4e0bCFB\u6587\u4ef6\u7ed3\u6784\uff0c\u4ee5\u4ece\u4e2d\u53d6\u51fa\u89e3\u5bc6\u9700\u8981\u7684\u4fe1\u606f\uff1a<\/p>\n

      \n
    1. CFB\u6587\u4ef6\u88ab\u5207\u5206\u4e3a\u7b49\u957f\u7684Sector\uff0c\u7136\u540e\u7528\u5982\u4e0b\u65b9\u5f0f\u7ec4\u7ec7\u8d77\u6765\uff1a
      \nHeader Sector + Sector #0 + Sector #1 + …
      \n\u7531\u4e8e\u6709Header\u7684\u5b58\u5728\uff0c\u7b97Sector\u504f\u79fb\u7684\u65f6\u5019\uff0cSector Number\u9700\u8981\u52a0\u4e00\u3002<\/li>\n
    2. Sector\u4e4b\u95f4\u7531FAT\u8868\u5173\u8054\uff0c\u5f62\u6210\u591a\u6761Sector\u94fe
      \nFAT[0] – Sector #0 \u7684\u4e0b\u4e00\u4e2aSector Number (4 bytes)
      \nFAT[1] – Sector #1 \u7684\u4e0b\u4e00\u4e2aSector Number
      \n…<\/p>\n

      \u8fd8\u6709\u4e00\u4e9b\u7279\u6b8a\u7684\u5185\u5bb9\uff0c\u6bd4\u5982\uff1a
      \nFAT Sector (0xFFFFFFFD)
      \n\u94fe\u7ed3\u5c3e (0xFFFFFFFE)
      \n\u7a7a\u7684\u5360\u4f4d\u7b26 (0xFFFFFFFF)<\/p>\n

      \u4f8b\u5b50\uff1a
      \nFAT[0]: fd ff ff ff
      \nFAT[1]: 04 00 00 00<\/li>\n

    3. FAT\u8868\u4e5f\u5b58\u50a8\u5728Sector\u91cc\uff0cFAT\u8868\u7531DIFAT\u8868\u5173\u8054\uff0c\u5173\u8054\u65b9\u5f0f\u548cFAT\u4e00\u81f4\uff0c\u552f\u4e00\u7684\u533a\u522b\u662f\u524d109\u4e2aDIFAT\u9879\uff0c\u88ab\u76f4\u63a5\u5b58\u50a8\u5728Header Sector\u91cc\u3002\n

      \u4f8b\u5b50\uff1a
      \nDIFAT[0]: 00 00 00 00
      \nDIFAT[1]: 07 00 00 00<\/li>\n

    4. Sector\u5185\u5b58\u50a8\u4e86\u5404\u79cd\u7c7b\u578b\u7684\u6570\u636e\uff0c\u5305\u62ec\u4e00\u4e2a\u7b80\u5355\u7684\u7c7b\u4f3c\u6587\u4ef6\u7cfb\u7edf\u7684\u6811\u72b6\u7ed3\u6784\u3002\n

      \u5176\u4e2d\uff0cStorage\u7c7b\u4f3c\u4e8e\u6587\u4ef6\u5939\uff0cStream\u7c7b\u4f3c\u4e8e\u6587\u4ef6\u3002
      \nRoot Storage\u662f\u552f\u4e00\u7684\u6839\u76ee\u5f55\uff0c\u4e0b\u9762\u6302\u5176\u4ed6\u7684Storage\u6216\u8005Stream\u3002<\/p>\n

      \u7531\u4e8eStream\u5927\u5c0f\u6bd4\u8f83\u5927\uff0c\u8fd8\u63d0\u4f9b\u4e86Mini Stream\uff0c\u7528\u4e8e\u5b58\u50a8\u6bd4\u8f83\u5c0f\u7684\u6570\u636e\u3002<\/li>\n

    5. Header\u7684\u7ed3\u6784\u53c2\u8003[MS-CFB] 2.2 Compound File Header\uff0c\u4e00\u4e9b\u5173\u952e\u4fe1\u606f\u5982\u4e0b\uff1a\n
        \n
      1. Byte Order – \u786e\u5b9a\u5b57\u8282\u5e8f (0xFFFE)<\/li>\n
      2. Sector Shift – \u5355\u4e2aSector\u7684\u5927\u5c0f 0x9 (512B) \u6216\u8005 0xc (4096B)<\/li>\n
      3. Mini Sector Shift – \u5355\u4e2aMini Sector\u7684\u5927\u5c0f 0x6 (64B)<\/li>\n
      4. Mini Stream Cutoff Size – \u5c0f\u4e8e\u8fd9\u4e2a\u5927\u5c0f\u7684\u6570\u636e\uff0c\u88ab\u653e\u5728Mini Stream\u91cc (4096B)<\/li>\n
      5. First Directory Sector Location – Directory Stream\u7684\u8d77\u59cbSector Number<\/li>\n
      6. First Mini FAT Sector Location – Mini FAT\u8868\u7684\u8d77\u59cbSector Number<\/li>\n
      7. First DIFAT Sector – DIFAT\u8868\u7684\u8d77\u59cbSector Number (\u5982\u679cHeader\u91cc\u7684109\u9879\u5df2\u7ecf\u591f\u7528\u4e86\uff0c\u5219\u4e3a\u94fe\u7ed3\u5c3e – 0xFFFFFFFE)<\/li>\n<\/ol>\n<\/li>\n
      8. \u63a5\u4e0b\u6765\u89e3\u6790Directory Stream\u6240\u5728\u7684\u8d77\u59cbSector\n
          \n
        1. \u504f\u79fb\uff1a[(Sector Number + 1) * Sector Shift]<\/li>\n
        2. \u6bcf\u4e2aDirectory Entry\u7684\u5927\u5c0f\u662f128B\uff0c\u5982\u679cSector\u5927\u5c0f\u4e3a512B\uff0c\u5219\u6bcf\u4e2aSector\u53ef\u4ee5\u653e\u56db\u4e2aDirectory Entry<\/li>\n
        3. Directory Entry\u7684\u7ed3\u6784\u53c2\u8003[MS-CFB]\u00a02.6.1 Compound File Directory Entry\uff0c\u4e00\u4e9b\u5173\u952e\u4fe1\u606f\u89e3\u91ca\u5982\u4e0b\uff1a\n
            \n
          1. Directory Entry Name – \u9879\u540d\u79f0 \u4e00\u822c\u7b2c\u4e00\u4e2a\u4e3aRoot Entry [UTF-16]<\/li>\n
          2. Object Type – 0x0 \u672a\u5206\u914d 0x1 Storage 0x2 Stream 0x5 Root Storage<\/li>\n
          3. Child ID\uff1a\u5b50\u9879Directory Entry\u7684ID (\u5982\u679c\u6ca1\u6709\u5b50\u9879\uff0c\u5219\u4e3a0xFFFFFFFF)<\/li>\n
          4. Left Sibling ID: \u5de6\u5144\u5f1f\u9879Directory Entry\u7684ID\u00a0(\u5982\u679c\u6ca1\u6709\u5de6\u5144\u5f1f\u9879\uff0c\u5219\u4e3a0xFFFFFFFF)<\/li>\n
          5. Right Sibling ID: \u53f3\u5144\u5f1f\u9879Directory Entry\u7684ID (\u5982\u679c\u6ca1\u6709\u53f3\u5144\u5f1f\u9879\uff0c\u5219\u4e3a0xFFFFFFFF)<\/li>\n
          6. Starting Sector Location – \u5bf9Stream\u800c\u8a00\uff0c\u8868\u793a\u8d77\u59cbSector Number\uff1b\u5bf9Root Storage\u800c\u8a00\uff0c\u5219\u6307\u793a\u4e86Mini Stream\u7684\u8d77\u59cbSector Number<\/li>\n
          7. Stream Size: \u5bf9Stream\u800c\u8a00\uff0c\u8868\u793a\u6570\u636e\u5927\u5c0f\uff1b\u5bf9Root Storage\u800c\u8a00\uff0c\u5219\u8868\u793aMini Stream\u7684\u5927\u5c0f<\/li>\n<\/ol>\n<\/li>\n
          8. \u4f8b\u5b50
            \nDirectory Entry [0]:
            \nDirectory Entry Name: 52 00 6f 00 6f 00 74 00 20 00 45 00 6e 00 74 00 72 00 79 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [UTF-16]
            \nDirectory Entry Name: Root Entry [UTF-16]
            \nDirectory Entry Name Length: 16 00
            \nObject Type: 05
            \nColor Flag: 00 [0x00 Red 0x01 Black]
            \nLeft Sibling ID: ff ff ff ff
            \nRight Sibling ID: ff ff ff ff
            \nChild ID: 0a 00 00 00
            \nCLSID: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
            \nState Bits: 00 00 00 00
            \nCreation Time: 00 00 00 00 00 00 00 00
            \nModified Time: 00 3d 2a 3d 8e 12 d2 01
            \nStarting Sector Location: 03 00 00 00
            \nStream Size: 00 08 00 00 00 00 00 00<\/li>\n<\/ol>\n<\/li>\n
          9. \u6839\u636e\u4ee5\u4e0a\u7684\u5185\u5bb9\uff0c\u6211\u4eec\u53ef\u4ee5\u5f97\u5230\u4e24\u4e2a\u5173\u952e\u7684Stream\n
              \n
            1. EncryptionInfo Stream\uff0c\u8fd9\u4e2aStream\u5305\u542b\u4e00\u4e2a\u660e\u6587\u7684XML\u5b57\u7b26\u4e32\uff0c\u5305\u542b\u6211\u4eec\u9700\u8981\u7684\u89e3\u5bc6\u76f8\u5173\u4fe1\u606f\n
                \n
              1. \u4ece\u63d0\u4f9b\u7684\u5bc6\u7801 \u548c EncryptedKeyValue\u91cc\u89e3\u5bc6\u4e2d\u95f4\u5bc6\u94a5 encryption\/keyEncryptors\/keyEncryptor\/encryptedKey\n
                  \n
                1. spinCount – \u52a0\u5bc6\u591a\u5c11\u8f6e\uff0c\u4f8b\u598210000<\/li>\n
                2. saltSize<\/li>\n
                3. blockSize<\/li>\n
                4. keyBits – \u51b3\u5b9aAES128 \u6216\u8005 AES256<\/li>\n
                5. hashSize<\/li>\n
                6. cipherAlgorithm – \u4f8b\u5982AES<\/li>\n
                7. cipherChaining – \u4f8b\u5982CBC<\/li>\n
                8. hashAlgorithm – \u4f8b\u5982SHA512<\/li>\n
                9. saltValue – \u7528\u4e8e\u52a0\u5bc6\u4e2d\u95f4\u5bc6\u94a5\u7684\u76d0\u503c (base64 \u7f16\u7801)<\/li>\n
                10. encryptedKeyValue – \u52a0\u5bc6\u540e\u7684\u4e2d\u95f4\u5bc6\u94a5 (base64 \u7f16\u7801)<\/li>\n<\/ol>\n<\/li>\n
                11. \u7528\u4e0a\u9762\u83b7\u5f97\u7684\u4e2d\u95f4\u5bc6\u94a5\u89e3\u5bc6\u5b9e\u9645\u6570\u636e encryption\/keyData\n
                    \n
                  1. saltSize<\/li>\n
                  2. blockSize<\/li>\n
                  3. keyBits<\/li>\n
                  4. hashSize<\/li>\n
                  5. cipherAlgorithm<\/li>\n
                  6. cipherChaining<\/li>\n
                  7. hashAlgorithm<\/li>\n
                  8. saltValue<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n
                  9. EncryptedPackage Stream\uff0c\u8fd9\u4e2aStream\u5305\u542b\u6211\u4eec\u5f85\u89e3\u5bc6\u7684\u6570\u636e\n
                      \n
                    1. Stream Size : 8 bytes (\u65e0\u7b26\u53f7\u6574\u6570)<\/li>\n
                    2. Encrypted Data: variable size<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n<\/li>\n<\/ol>\n

                      \u4e8c \u89e3\u5bc6\u4e2d\u95f4\u5bc6\u94a5<\/h1>\n

                      \u6211\u4eec\u7528AES256 + SHA512\u7684\u7ec4\u5408\u4e3e\u4f8b\uff0c AES256\u9700\u8981Key\u548c\u521d\u59cb\u5411\u91cfIV<\/p>\n

                        \n
                      1. \u9884\u5148\u5904\u7406\n
                          \n
                        1. Salt Value \u548c Encrypted Key Value \u5728XML\u91cc\u662fbase64\u7f16\u7801\u7684\uff0c\u6211\u4eec\u9700\u8981\u5148\u89e3\u7801\u4e3a\u4e8c\u8fdb\u5236 base64.b64decode()<\/li>\n
                        2. \u7528\u6237\u8f93\u5165\u7684\u5bc6\u7801\u4e5f\u9700\u8981\u7528utf-16\u5c0f\u5c3e\u7f16\u7801\u00a0“password”.encode(“utf-16le”)<\/li>\n<\/ol>\n<\/li>\n
                        3. \u83b7\u5f97Key\n
                            \n
                          1. SHA512\u7f16\u7801 (encryptedKey\/saltValue + \u7528\u6237\u8f93\u5165\u7684\u5bc6\u7801)
                            \npwHash = hashlib.sha512()
                            \npwHash.update(saltValue)
                            \npwHash.update(password)
                            \nkey = pwHash.digest()<\/li>\n
                          2. SHA512\u7f16\u7801spinCount\u8f6e Hn = H(count + Hn-1)
                            \n\u5176\u4e2dcount\u4e3a\u4ece0\u5f00\u59cb\u7684\u65e0\u7b26\u53f732\u4f4d\u6570
                            \nfor i in xrange(spinCount):
                            \npwHash = hashlib.sha512()
                            \npwHash.update(struct.pack(“<I”, i))
                            \npwHash.update(key)
                            \nkey = pwHash.digest()<\/li>\n
                          3. SHA512\u7f16\u7801 Hfinal = H(Hn + BlockKey)
                            \n\u5982\u679cHfinal\u5927\u4e8ekeyBits\uff0c\u5219\u9700\u8981\u6309keyBits\u622a\u65ad\uff1b
                            \n\u53cd\u4e4b\uff0c\u5982\u679c\u5c0f\u4e8e\uff0c\u5219\u9700\u8981\u75280x36\u6765append\u8865\u8db3
                            \npwHash = hashlib.sha512()
                            \npwHash.update(key)
                            \npwHash.update(struct.pack(‘<BBBBBBBB’, 0x14, 0x6e, 0x0b, 0xe7, 0xab, 0xac, 0xd0, 0xd6))
                            \nkey = pwHash.digest()[:32]<\/li>\n<\/ol>\n<\/li>\n
                          4. \u83b7\u5f97IV\n
                              \n
                            1. \u5c31\u662fencryptedKey\/saltValue<\/li>\n
                            2. \u5982\u679c\u5927\u4e8eblockSize\uff0c\u5219\u6309blockSize\u622a\u65ad<\/li>\n
                            3. \u53cd\u4e4b\uff0c\u5982\u679c\u5c0f\u4e8e\uff0c\u5219\u9700\u8981\u75280x36\u6765append\u8865\u8db3<\/li>\n<\/ol>\n<\/li>\n
                            4. \u89e3\u5bc6encryptedKey\/encryptedKeyValue\u5f97\u5230\u4e2d\u95f4\u5bc6\u94a5
                              \naes = AES.new(key, AES.MODE_CBC, iv)
                              \nsecretKey = aes.decrypt(encryptedKeyValue)<\/li>\n<\/ol>\n

                              \u4e09 \u89e3\u5bc6EncryptedPackage Stream<\/h1>\n

                              \u89e3\u5bc6\u7684\u65f6\u5019\uff0c\u6bcf4096B\u4e3a\u4e00\u4e2a\u89e3\u5bc6\u5355\u5143\uff0ccount\u4ece0\u5f00\u59cb\u768432\u4f4d\u65e0\u7b26\u53f7\u6574\u6570\u3002<\/p>\n

                                \n
                              1. \u83b7\u5f97IV H = H(keyData\/saltValue + count)
                                \ncontentHash = hashlib.sha512()
                                \ncontentHash.update(saltValue)
                                \ncontentHash.update(struct.pack(“<I”, count))
                                \niv = contentHash.digest()<\/li>\n
                              2. \u89e3\u5bc6\u5f53\u524d\u5355\u5143
                                \naes = AES.new(secretKey, AES.MODE_CBC, iv)
                                \ncontent = aes.decrypt(encryptedContent)<\/li>\n<\/ol>\n

                                 <\/p>\n","protected":false},"excerpt":{"rendered":"

                                \u5148\u7ed9\u4e00\u4e9b\u53c2\u8003\u8d44\u6599\uff0c\u5982\u679c\u6709\u6f0f\u6389\u7684\u90e8\u5206\uff0c\u53ef\u4ee5\u53c2\u8003\u8fd9\u91cc\uff1a [MS-OFFCRYPTO]: Office Docume … \u7ee7\u7eed\u9605\u8bfb\u201c\u624b\u52a8\u89e3\u5bc6\u5fae\u8f6fAgile Encryption\u7684ECMA-376\u6587\u6863\u201d<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11,6],"tags":[],"class_list":["post-1111","post","type-post","status-publish","format-standard","hentry","category-microsoft","category-tech"],"_links":{"self":[{"href":"https:\/\/blog.axqd.net\/index.php?rest_route=\/wp\/v2\/posts\/1111","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.axqd.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.axqd.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.axqd.net\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.axqd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1111"}],"version-history":[{"count":2,"href":"https:\/\/blog.axqd.net\/index.php?rest_route=\/wp\/v2\/posts\/1111\/revisions"}],"predecessor-version":[{"id":1113,"href":"https:\/\/blog.axqd.net\/index.php?rest_route=\/wp\/v2\/posts\/1111\/revisions\/1113"}],"wp:attachment":[{"href":"https:\/\/blog.axqd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1111"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.axqd.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1111"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.axqd.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1111"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}