PowerPoint2007 Reader / ODPresentation Reader : Support for protection password

Progi1984 · Progi1984 · commit 5c58d3282725 · 2025-02-21T13:44:12.000+01:00
diff --git a/docs/changes/1.2.0.md b/docs/changes/1.2.0.md
@@ -10,6 +10,7 @@
 - `phpoffice/phpspreadsheet`: Allow version 3.0 by [@Progi1984](https://github.com/Progi1984) fixing [#836](https://github.com/PHPOffice/PHPPresentation/pull/836) in [#839](https://github.com/PHPOffice/PHPPresentation/pull/839)
 - `createAutoShape` : Add method to create geometric shapes by [@mhasanshahid](https://github.com/mhasanshahid) & [@Progi1984](https://github.com/Progi1984) in [#848](https://github.com/PHPOffice/PHPPresentation/pull/848)
 - Reader : Option to not load images by [@Progi1984](https://github.com/Progi1984) fixing [#795](https://github.com/PHPOffice/PHPPresentation/pull/795) in [#850](https://github.com/PHPOffice/PHPPresentation/pull/850)
+- PowerPoint2007 Reader / ODPresentation Reader : Support for protection password by [@Progi1984](https://github.com/Progi1984) fixing [#119](https://github.com/PHPOffice/PHPPresentation/pull/119) in [#208](https://github.com/PHPOffice/PHPPresentation/pull/208)
 
 ## Bug fixes
 
diff --git a/samples/Sample_23_Password.php b/samples/Sample_23_Password.php
@@ -0,0 +1,25 @@
+<?php
+
+include_once 'Sample_Header.php';
+
+use PhpOffice\PhpPresentation\IOFactory;
+
+echo '<h2>ODPresentation</h2>';
+$pptReader = IOFactory::createReader('ODPresentation');
+$pptReader->setPassword('motdepasse');
+$oPHPPresentation = $pptReader->load(__DIR__ . '/resources/SamplePassword.odp');
+
+$oTree = new PhpPptTree($oPHPPresentation);
+echo $oTree->display();
+
+echo '<h2>PowerPoint2007</h2>';
+$pptReader = IOFactory::createReader('PowerPoint2007');
+$pptReader->setPassword('motdepasse');
+$oPHPPresentation = $pptReader->load(__DIR__ . '/resources/SamplePassword.pptx');
+
+$oTree = new PhpPptTree($oPHPPresentation);
+echo $oTree->display();
+
+if (!CLI) {
+    include_once 'Sample_Footer.php';
+}
diff --git a/samples/Sample_Header.php b/samples/Sample_Header.php
@@ -17,6 +17,34 @@
 use PhpOffice\PhpPresentation\Style\Bullet;
 use PhpOffice\PhpPresentation\Style\Color;
 
+function hex_dump($data, $newline = "\n"): void
+{
+    static $from = '';
+    static $to = '';
+
+    static $width = 16; // number of bytes per line
+
+    static $pad = '.'; // padding for non-visible characters
+
+    if ($from === '') {
+        for ($i = 0; $i <= 0xFF; ++$i) {
+            $from .= chr($i);
+            $to .= ($i >= 0x20 && $i <= 0x7E) ? chr($i) : $pad;
+        }
+    }
+
+    $hex = str_split(bin2hex($data), $width * 2);
+    $chars = str_split(strtr($data, $from, $to), $width);
+
+    $offset = 0;
+    echo '<pre>';
+    foreach ($hex as $i => $line) {
+        echo sprintf('%6X', $offset) . ' : ' . implode(' ', str_split($line, 2)) . ' [' . $chars[$i] . ']' . $newline;
+        $offset += $width;
+    }
+    echo '</pre>';
+}
+
 error_reporting(E_ALL);
 define('CLI', (PHP_SAPI == 'cli') ? true : false);
 define('EOL', CLI ? PHP_EOL : '<br />');
@@ -195,7 +223,7 @@ function createTemplatedSlide(PhpPresentation $objPHPPresentation): Slide
     return $slide;
 }
 
-class Sample_Header
+class PhpPptTree
 {
     protected $oPhpPresentation;
 
@@ -478,42 +506,45 @@ protected function getConstantName($class, $search, $startWith = '')
         return $constName;
     }
 }
+
 ?>
-<title><?php echo $pageTitle; ?></title>
-<meta charset="utf-8">
-<meta http-equiv="X-UA-Compatible" content="IE=edge" />
-<meta name="viewport" content="width=device-width, initial-scale=1.0" />
-<link rel="stylesheet" href="bootstrap/css/bootstrap.min.css" />
-<link rel="stylesheet" href="bootstrap/css/font-awesome.min.css" />
-<link rel="stylesheet" href="bootstrap/css/phppresentation.css" />
-</head>
-<body>
+    <title><?php echo $pageTitle; ?></title>
+    <meta charset="utf-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge"/>
+    <meta name="viewport" content="width=device-width, initial-scale=1.0"/>
+    <link rel="stylesheet" href="bootstrap/css/bootstrap.min.css"/>
+    <link rel="stylesheet" href="bootstrap/css/font-awesome.min.css"/>
+    <link rel="stylesheet" href="bootstrap/css/phppresentation.css"/>
+    </head>
+    <body>
 <div class="container">
-<div class="navbar navbar-default" role="navigation">
-    <div class="container-fluid">
-        <div class="navbar-header">
-            <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
-            <span class="sr-only">Toggle navigation</span>
-            <span class="icon-bar"></span>
-            <span class="icon-bar"></span>
-            <span class="icon-bar"></span>
-            </button>
-            <a class="navbar-brand" href="./">PHPPresentation</a>
-        </div>
-        <div class="navbar-collapse collapse">
-            <ul class="nav navbar-nav">
+    <div class="navbar navbar-default" role="navigation">
+        <div class="container-fluid">
+            <div class="navbar-header">
+                <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse">
+                    <span class="sr-only">Toggle navigation</span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                    <span class="icon-bar"></span>
+                </button>
+                <a class="navbar-brand" href="./">PHPPresentation</a>
+            </div>
+            <div class="navbar-collapse collapse">
+                <ul class="nav navbar-nav">
                 <?php foreach ($files as $key => $groupfiles) { ?>
-                <li class="dropdown active">
-                    <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-code fa-lg"></i>&nbsp;Samples <?php echo $key; ?>x<strong class="caret"></strong></a>
-                    <ul class="dropdown-menu"><?php echo implode('', $groupfiles); ?></ul>
-                </li>
+                    <li class="dropdown active">
+                        <a href="#" class="dropdown-toggle" data-toggle="dropdown"><i class="fa fa-code fa-lg"></i>&nbsp;Samples <?php echo $key?>x<strong
+                                class="caret"></strong></a>
+                        <ul class="dropdown-menu"><?php echo implode('', $groupfiles); ?></ul>
+                    </li>
                 <?php } ?>
-            </ul>
-            <ul class="nav navbar-nav navbar-right">
-                <li><a href="https://github.com/PHPOffice/PHPPresentation"><i class="fa fa-github fa-lg" title="GitHub"></i>&nbsp;</a></li>
-                <li><a href="https://phpoffice.github.io/PHPPresentation/"><i class="fa fa-book fa-lg" title="Docs"></i>&nbsp;</a></li>
-                <li><a href="http://twitter.com/PHPOffice"><i class="fa fa-twitter fa-lg" title="Twitter"></i>&nbsp;</a></li>
-            </ul>
+                </ul>
+                <ul class="nav navbar-nav navbar-right">
+                    <li><a href="https://github.com/PHPOffice/PHPPresentation"><i class="fa fa-github fa-lg" title="GitHub"></i>&nbsp;</a></li>
+                    <li><a href="http://phppresentation.readthedocs.org/en/develop/"><i class="fa fa-book fa-lg" title="Docs"></i>&nbsp;</a></li>
+                    <li><a href="http://twitter.com/PHPOffice"><i class="fa fa-twitter fa-lg" title="Twitter"></i>&nbsp;</a></li>
+                </ul>
+            </div>
         </div>
     </div>
 </div>
diff --git a/samples/resources/SamplePassword.odp b/samples/resources/SamplePassword.odp
diff --git a/src/PhpPresentation/Reader/AbstractReader.php b/src/PhpPresentation/Reader/AbstractReader.php
@@ -0,0 +1,47 @@
+<?php
+
+/**
+ * This file is part of PHPPresentation - A pure PHP library for reading and writing
+ * presentations documents.
+ *
+ * PHPPresentation is free software distributed under the terms of the GNU Lesser
+ * General Public License version 3 as published by the Free Software Foundation.
+ *
+ * For the full copyright and license information, please read the LICENSE
+ * file that was distributed with this source code. For the full list of
+ * contributors, visit https://github.com/PHPOffice/PHPPresentation/contributors.
+ *
+ * @see        https://github.com/PHPOffice/PHPPresentation
+ *
+ * @license     http://www.gnu.org/licenses/lgpl.txt LGPL version 3
+ */
+
+namespace PhpOffice\PhpPresentation\Reader;
+
+abstract class AbstractReader
+{
+    /**
+     * @var string
+     */
+    protected $password;
+
+    /**
+     * @return string
+     */
+    public function getPassword()
+    {
+        return $this->password;
+    }
+
+    /**
+     * @param string $password
+     *
+     * @return AbstractReader
+     */
+    public function setPassword($password)
+    {
+        $this->password = $password;
+
+        return $this;
+    }
+}
diff --git a/src/PhpPresentation/Reader/ODPresentation.php b/src/PhpPresentation/Reader/ODPresentation.php
@@ -46,7 +46,7 @@
 /**
  * Serialized format reader.
  */
-class ODPresentation implements ReaderInterface
+class ODPresentation extends AbstractReader implements ReaderInterface
 {
     /**
      * Output Object.
@@ -62,6 +62,11 @@ class ODPresentation implements ReaderInterface
      */
     protected $oZip;
 
+    /**
+     * @var string
+     */
+    protected $filename;
+
     /**
      * @var array<string, array{alignment: null|Alignment, background: null, shadow: null|Shadow, fill: null|Fill, spacingAfter: null|int, spacingBefore: null|int, lineSpacingMode: null, lineSpacing: null, font: null, listStyle: null}>
      */
@@ -77,6 +82,11 @@ class ODPresentation implements ReaderInterface
      */
     protected $oXMLReader;
 
+    /**
+     * @var XMLReader
+     */
+    protected $oXMLMetaInfManifest;
+
     /**
      * @var int
      */
@@ -142,22 +152,21 @@ public function load(string $pFilename, int $flags = 0): PhpPresentation
      */
     protected function loadFile($pFilename)
     {
+        $this->filename = $pFilename;
+
         $this->oPhpPresentation = new PhpPresentation();
         $this->oPhpPresentation->removeSlideByIndex();
 
         $this->oZip = new ZipArchive();
-        $this->oZip->open($pFilename);
+        $this->oZip->open($this->filename);
 
-        $this->oXMLReader = new XMLReader();
-        if (false !== $this->oXMLReader->getDomFromZip($pFilename, 'meta.xml')) {
+        if ($this->loadFileFromODP('meta.xml') !== false) {
             $this->loadDocumentProperties();
         }
-        $this->oXMLReader = new XMLReader();
-        if (false !== $this->oXMLReader->getDomFromZip($pFilename, 'styles.xml')) {
+        if ($this->loadFileFromODP('styles.xml') !== false) {
             $this->loadStylesFile();
         }
-        $this->oXMLReader = new XMLReader();
-        if (false !== $this->oXMLReader->getDomFromZip($pFilename, 'content.xml')) {
+        if ($this->loadFileFromODP('content.xml') !== false) {
             $this->loadSlides();
             $this->loadPresentationProperties();
         }
@@ -762,6 +771,107 @@ protected function loadStylesFile(): void
         }
     }
 
+    /**
+     * @param string $filename
+     *
+     * @return bool
+     */
+    protected function loadFileFromODP($filename)
+    {
+        $bEncrypted = false;
+
+        if (!$this->oXMLMetaInfManifest) {
+            $this->oXMLMetaInfManifest = new XMLReader();
+            if ($this->oXMLMetaInfManifest->getDomFromZip($this->filename, 'META-INF/manifest.xml') === false) {
+                return false;
+            }
+        }
+        // Search file in META-INF/manifest.xml
+        $oElement = $this->oXMLMetaInfManifest->getElement('/manifest:manifest/manifest:file-entry[@manifest:full-path=\'' . $filename . '\']');
+        if (!$oElement) {
+            return false;
+        }
+        // Has it some manifest:encryption-data ?
+        $oElementEncryption = $this->oXMLMetaInfManifest->getElement('manifest:encryption-data', $oElement);
+        if ($oElementEncryption) {
+            $bEncrypted = true;
+        }
+
+        $fileContent = $this->oZip->getFromName($filename);
+        if (!$fileContent) {
+            return false;
+        }
+
+        // No Encrypted file
+        if (!$bEncrypted) {
+            $this->oXMLReader = new XMLReader();
+            $this->oXMLReader->getDomFromString($fileContent);
+
+            return true;
+        }
+        var_dump($filename);
+
+        //return false;
+        /*
+        <manifest:file-entry manifest:full-path="meta.xml" manifest:media-type="text/xml" manifest:size="2090">
+            <manifest:encryption-data
+                manifest:checksum-type="urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#sha256-1k"
+                manifest:checksum="BfB+taOY0kcVO/9WNi4DfqioRp3LMwVoNbqfAQ37yac=">
+            <manifest:algorithm
+                manifest:algorithm-name="http://www.w3.org/2001/04/xmlenc#aes256-cbc"
+                manifest:initialisation-vector="I7rMXmvuynJFxJtm+EQ5qA=="/>
+            <manifest:key-derivation
+                manifest:key-derivation-name="PBKDF2"
+                manifest:key-size="32"
+                manifest:iteration-count="1024"
+                manifest:salt="Mows9XX/YiNKNJ0qll3jgA=="/>
+            <manifest:start-key-generation
+                manifest:start-key-generation-name="http://www.w3.org/2000/09/xmldsig#sha256"
+                manifest:key-size="32"/>
+            </manifest:encryption-data>
+        </manifest:file-entry>
+         */
+        // Encrypted file
+        $checksum = $oElementEncryption->getAttribute('manifest:checksum');
+
+        $oEltKeyDerivation = $this->oXMLMetaInfManifest->getElement('manifest:key-derivation', $oElementEncryption);
+        $salt = $oEltKeyDerivation->getAttribute('manifest:salt');
+        //$salt = base64_decode($salt);
+        echo 'manifest:salt : ' . $salt . PHP_EOL;
+        $iterationCount = (int) $oEltKeyDerivation->getAttribute('manifest:iteration-count');
+        echo 'manifest:iteration-count : ' . $iterationCount . PHP_EOL;
+        $keySize = (int) $oEltKeyDerivation->getAttribute('manifest:key-size') ?? 16;
+        echo 'manifest:key-size : ' . $keySize . PHP_EOL;
+
+        $oEltAlgorithm = $this->oXMLMetaInfManifest->getElement('manifest:algorithm', $oElementEncryption);
+        $iv = $oEltAlgorithm->getAttribute('manifest:initialisation-vector');
+        $iv = base64_decode($iv);
+        echo 'manifest:initialisation-vector : ' . $iv . PHP_EOL;
+
+        // manifest:start-key-generation-name == sha256 sinon sha1
+        $pwdHash = hash('sha256', $this->getPassword());
+        echo 'sha256(' . $this->getPassword() . '): ' . $pwdHash . PHP_EOL;
+        //$pwdHash = substr($pwdHash, 0 , 32);
+        //var_dump($pwdHash);
+
+        // ifmanifest:key-derivation-name="PBKDF2" THEN PBKDF2WithHmacSHA1 SINON ?
+        $key = hash_pbkdf2('sha1', $pwdHash, $salt, $iterationCount, $keySize, true);
+        echo 'hash_pbkdf2 (sha1, hash, salt, iterationCount, $iterationCount) : ' . $key . PHP_EOL;
+        
+        $data = openssl_decrypt($fileContent, 'AES-256-CBC', $key, 0, $iv);
+        if (!$data) {
+            while ($msg = openssl_error_string()) {
+                var_dump($msg);
+            }
+            die();
+        }
+        var_dump($data);
+        $data = gzinflate($data);
+        var_dump($data);
+
+        return false;
+    }
+
     private function getExpressionUnit(string $expr): string
     {
         if (substr($expr, -1) == '%') {
diff --git a/src/PhpPresentation/Reader/PowerPoint2007.php b/src/PhpPresentation/Reader/PowerPoint2007.php
