Examples with CipherAlgorithm org.apache.poi.poifs.crypt.CipherAlgorithm used on opensource projects
Example 1 with CipherAlgorithm
use of org.apache.poi.poifs.crypt.CipherAlgorithm in project poi by apache.
the class AgileDecryptor method verifyPassword.
/**
* instead of a password, it's also possible to decrypt via certificate.
* Warning: this code is experimental and hasn't been validated
*
* @see <a href="http://social.msdn.microsoft.com/Forums/en-US/cc9092bb-0c82-4b5b-ae21-abf643bdb37c/agile-encryption-with-certificates">Agile encryption with certificates</a>
*
* @param keyPair
* @param x509
* @return true, when the data can be successfully decrypted with the given private key
* @throws GeneralSecurityException
*/
public boolean verifyPassword(KeyPair keyPair, X509Certificate x509) throws GeneralSecurityException {
AgileEncryptionVerifier ver = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
AgileEncryptionHeader header = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
HashAlgorithm hashAlgo = header.getHashAlgorithm();
CipherAlgorithm cipherAlgo = header.getCipherAlgorithm();
int blockSize = header.getBlockSize();
AgileCertificateEntry ace = null;
for (AgileCertificateEntry aceEntry : ver.getCertificates()) {
if (x509.equals(aceEntry.x509)) {
ace = aceEntry;
break;
}
}
if (ace == null) {
return false;
}
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, keyPair.getPrivate());
byte[] keyspec = cipher.doFinal(ace.encryptedKey);
SecretKeySpec secretKey = new SecretKeySpec(keyspec, ver.getCipherAlgorithm().jceId);
Mac x509Hmac = CryptoFunctions.getMac(hashAlgo);
x509Hmac.init(secretKey);
byte[] certVerifier = x509Hmac.doFinal(ace.x509.getEncoded());
byte[] vec = CryptoFunctions.generateIv(hashAlgo, header.getKeySalt(), kIntegrityKeyBlock, blockSize);
cipher = getCipher(secretKey, cipherAlgo, header.getChainingMode(), vec, Cipher.DECRYPT_MODE);
byte[] hmacKey = cipher.doFinal(header.getEncryptedHmacKey());
hmacKey = getBlock0(hmacKey, hashAlgo.hashSize);
vec = CryptoFunctions.generateIv(hashAlgo, header.getKeySalt(), kIntegrityValueBlock, blockSize);
cipher = getCipher(secretKey, cipherAlgo, header.getChainingMode(), vec, Cipher.DECRYPT_MODE);
byte[] hmacValue = cipher.doFinal(header.getEncryptedHmacValue());
hmacValue = getBlock0(hmacValue, hashAlgo.hashSize);
if (Arrays.equals(ace.certVerifier, certVerifier)) {
setSecretKey(secretKey);
setIntegrityHmacKey(hmacKey);
setIntegrityHmacValue(hmacValue);
return true;
} else {
return false;
}
}
Also used :
CipherAlgorithm(org.apache.poi.poifs.crypt.CipherAlgorithm)
AgileCertificateEntry(org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier.AgileCertificateEntry)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Cipher(javax.crypto.Cipher)
CryptoFunctions.getCipher(org.apache.poi.poifs.crypt.CryptoFunctions.getCipher)
Mac(javax.crypto.Mac)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Example 2 with CipherAlgorithm
use of org.apache.poi.poifs.crypt.CipherAlgorithm in project poi by apache.
the class AgileDecryptor method verifyPassword.
/**
* set decryption password
*/
@Override
public boolean verifyPassword(String password) throws GeneralSecurityException {
AgileEncryptionVerifier ver = (AgileEncryptionVerifier) getEncryptionInfo().getVerifier();
AgileEncryptionHeader header = (AgileEncryptionHeader) getEncryptionInfo().getHeader();
int blockSize = header.getBlockSize();
byte[] pwHash = hashPassword(password, ver.getHashAlgorithm(), ver.getSalt(), ver.getSpinCount());
/**
* encryptedVerifierHashInput: This attribute MUST be generated by using the following steps:
* 1. Generate a random array of bytes with the number of bytes used specified by the saltSize
* attribute.
* 2. Generate an encryption key as specified in section 2.3.4.11 by using the user-supplied password,
* the binary byte array used to create the saltValue attribute, and a blockKey byte array
* consisting of the following bytes: 0xfe, 0xa7, 0xd2, 0x76, 0x3b, 0x4b, 0x9e, and 0x79.
* 3. Encrypt the random array of bytes generated in step 1 by using the binary form of the saltValue
* attribute as an initialization vector as specified in section 2.3.4.12. If the array of bytes is not an
* integral multiple of blockSize bytes, pad the array with 0x00 to the next integral multiple of
* blockSize bytes.
* 4. Use base64 to encode the result of step 3.
*/
byte[] verfierInputEnc = hashInput(ver, pwHash, kVerifierInputBlock, ver.getEncryptedVerifier(), Cipher.DECRYPT_MODE);
setVerifier(verfierInputEnc);
MessageDigest hashMD = getMessageDigest(ver.getHashAlgorithm());
byte[] verifierHash = hashMD.digest(verfierInputEnc);
/**
* encryptedVerifierHashValue: This attribute MUST be generated by using the following steps:
* 1. Obtain the hash value of the random array of bytes generated in step 1 of the steps for
* encryptedVerifierHashInput.
* 2. Generate an encryption key as specified in section 2.3.4.11 by using the user-supplied password,
* the binary byte array used to create the saltValue attribute, and a blockKey byte array
* consisting of the following bytes: 0xd7, 0xaa, 0x0f, 0x6d, 0x30, 0x61, 0x34, and 0x4e.
* 3. Encrypt the hash value obtained in step 1 by using the binary form of the saltValue attribute as
* an initialization vector as specified in section 2.3.4.12. If hashSize is not an integral multiple of
* blockSize bytes, pad the hash value with 0x00 to an integral multiple of blockSize bytes.
* 4. Use base64 to encode the result of step 3.
*/
byte[] verifierHashDec = hashInput(ver, pwHash, kHashedVerifierBlock, ver.getEncryptedVerifierHash(), Cipher.DECRYPT_MODE);
verifierHashDec = getBlock0(verifierHashDec, ver.getHashAlgorithm().hashSize);
/**
* encryptedKeyValue: This attribute MUST be generated by using the following steps:
* 1. Generate a random array of bytes that is the same size as specified by the
* Encryptor.KeyData.keyBits attribute of the parent element.
* 2. Generate an encryption key as specified in section 2.3.4.11, using the user-supplied password,
* the binary byte array used to create the saltValue attribute, and a blockKey byte array
* consisting of the following bytes: 0x14, 0x6e, 0x0b, 0xe7, 0xab, 0xac, 0xd0, and 0xd6.
* 3. Encrypt the random array of bytes generated in step 1 by using the binary form of the saltValue
* attribute as an initialization vector as specified in section 2.3.4.12. If the array of bytes is not an
* integral multiple of blockSize bytes, pad the array with 0x00 to an integral multiple of
* blockSize bytes.
* 4. Use base64 to encode the result of step 3.
*/
byte[] keyspec = hashInput(ver, pwHash, kCryptoKeyBlock, ver.getEncryptedKey(), Cipher.DECRYPT_MODE);
keyspec = getBlock0(keyspec, header.getKeySize() / 8);
SecretKeySpec secretKey = new SecretKeySpec(keyspec, header.getCipherAlgorithm().jceId);
/**
* 1. Obtain the intermediate key by decrypting the encryptedKeyValue from a KeyEncryptor
* contained within the KeyEncryptors sequence. Use this key for encryption operations in the
* remaining steps of this section.
* 2. Generate a random array of bytes, known as Salt, of the same length as the value of the
* KeyData.hashSize attribute.
* 3. Encrypt the random array of bytes generated in step 2 by using the binary form of the
* KeyData.saltValue attribute and a blockKey byte array consisting of the following bytes: 0x5f,
* 0xb2, 0xad, 0x01, 0x0c, 0xb9, 0xe1, and 0xf6 used to form an initialization vector as specified in
* section 2.3.4.12. If the array of bytes is not an integral multiple of blockSize bytes, pad the
* array with 0x00 to the next integral multiple of blockSize bytes.
* 4. Assign the encryptedHmacKey attribute to the base64-encoded form of the result of step 3.
*/
byte[] vec = CryptoFunctions.generateIv(header.getHashAlgorithm(), header.getKeySalt(), kIntegrityKeyBlock, blockSize);
CipherAlgorithm cipherAlgo = header.getCipherAlgorithm();
Cipher cipher = getCipher(secretKey, cipherAlgo, header.getChainingMode(), vec, Cipher.DECRYPT_MODE);
byte[] hmacKey = cipher.doFinal(header.getEncryptedHmacKey());
hmacKey = getBlock0(hmacKey, header.getHashAlgorithm().hashSize);
/**
* 5. Generate an HMAC, as specified in [RFC2104], of the encrypted form of the data (message),
* which the DataIntegrity element will verify by using the Salt generated in step 2 as the key.
* Note that the entire EncryptedPackage stream (1), including the StreamSize field, MUST be
* used as the message.
* 6. Encrypt the HMAC as in step 3 by using a blockKey byte array consisting of the following bytes:
* 0xa0, 0x67, 0x7f, 0x02, 0xb2, 0x2c, 0x84, and 0x33.
* 7. Assign the encryptedHmacValue attribute to the base64-encoded form of the result of step 6.
*/
vec = CryptoFunctions.generateIv(header.getHashAlgorithm(), header.getKeySalt(), kIntegrityValueBlock, blockSize);
cipher = getCipher(secretKey, cipherAlgo, ver.getChainingMode(), vec, Cipher.DECRYPT_MODE);
byte[] hmacValue = cipher.doFinal(header.getEncryptedHmacValue());
hmacValue = getBlock0(hmacValue, header.getHashAlgorithm().hashSize);
if (Arrays.equals(verifierHashDec, verifierHash)) {
setSecretKey(secretKey);
setIntegrityHmacKey(hmacKey);
setIntegrityHmacValue(hmacValue);
return true;
} else {
return false;
}
}
Also used :
CipherAlgorithm(org.apache.poi.poifs.crypt.CipherAlgorithm)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
Cipher(javax.crypto.Cipher)
CryptoFunctions.getCipher(org.apache.poi.poifs.crypt.CryptoFunctions.getCipher)
MessageDigest(java.security.MessageDigest)
CryptoFunctions.getMessageDigest(org.apache.poi.poifs.crypt.CryptoFunctions.getMessageDigest)
Example 3 with CipherAlgorithm
use of org.apache.poi.poifs.crypt.CipherAlgorithm in project poi by apache.
the class AgileDecryptor method hashInput.
/* package */
static byte[] hashInput(AgileEncryptionVerifier ver, byte[] pwHash, byte[] blockKey, byte[] inputKey, int cipherMode) {
CipherAlgorithm cipherAlgo = ver.getCipherAlgorithm();
ChainingMode chainMode = ver.getChainingMode();
int keySize = ver.getKeySize() / 8;
int blockSize = ver.getBlockSize();
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
byte[] intermedKey = generateKey(pwHash, hashAlgo, blockKey, keySize);
SecretKey skey = new SecretKeySpec(intermedKey, cipherAlgo.jceId);
byte[] iv = generateIv(hashAlgo, ver.getSalt(), null, blockSize);
Cipher cipher = getCipher(skey, cipherAlgo, chainMode, iv, cipherMode);
byte[] hashFinal;
try {
inputKey = getBlock0(inputKey, getNextBlockSize(inputKey.length, blockSize));
hashFinal = cipher.doFinal(inputKey);
return hashFinal;
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException(e);
}
}
Also used :
CipherAlgorithm(org.apache.poi.poifs.crypt.CipherAlgorithm)
SecretKey(javax.crypto.SecretKey)
EncryptedDocumentException(org.apache.poi.EncryptedDocumentException)
ChainingMode(org.apache.poi.poifs.crypt.ChainingMode)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
GeneralSecurityException(java.security.GeneralSecurityException)
Cipher(javax.crypto.Cipher)
CryptoFunctions.getCipher(org.apache.poi.poifs.crypt.CryptoFunctions.getCipher)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Aggregations
Cipher (javax.crypto.Cipher)3
SecretKeySpec (javax.crypto.spec.SecretKeySpec)3
CipherAlgorithm (org.apache.poi.poifs.crypt.CipherAlgorithm)3
CryptoFunctions.getCipher (org.apache.poi.poifs.crypt.CryptoFunctions.getCipher)3
HashAlgorithm (org.apache.poi.poifs.crypt.HashAlgorithm)2
GeneralSecurityException (java.security.GeneralSecurityException)1
MessageDigest (java.security.MessageDigest)1
Mac (javax.crypto.Mac)1
SecretKey (javax.crypto.SecretKey)1
EncryptedDocumentException (org.apache.poi.EncryptedDocumentException)1
ChainingMode (org.apache.poi.poifs.crypt.ChainingMode)1
CryptoFunctions.getMessageDigest (org.apache.poi.poifs.crypt.CryptoFunctions.getMessageDigest)1
AgileCertificateEntry (org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier.AgileCertificateEntry)1
