use of org.apache.poi.poifs.crypt.EncryptionVerifier in project poi by apache.
the class StandardDecryptor method verifyPassword.
@Override
public boolean verifyPassword(String password) {
EncryptionVerifier ver = getEncryptionInfo().getVerifier();
SecretKey skey = generateSecretKey(password, ver, getKeySizeInBytes());
Cipher cipher = getCipher(skey);
try {
byte[] encryptedVerifier = ver.getEncryptedVerifier();
byte[] verifier = cipher.doFinal(encryptedVerifier);
setVerifier(verifier);
MessageDigest sha1 = CryptoFunctions.getMessageDigest(ver.getHashAlgorithm());
byte[] calcVerifierHash = sha1.digest(verifier);
byte[] encryptedVerifierHash = ver.getEncryptedVerifierHash();
byte[] decryptedVerifierHash = cipher.doFinal(encryptedVerifierHash);
// see 2.3.4.9 Password Verification (Standard Encryption)
// ... The number of bytes used by the encrypted Verifier hash MUST be 32 ...
// TODO: check and trim/pad the hashes to 32
byte[] verifierHash = Arrays.copyOf(decryptedVerifierHash, calcVerifierHash.length);
if (Arrays.equals(calcVerifierHash, verifierHash)) {
setSecretKey(skey);
return true;
} else {
return false;
}
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException(e);
}
}
use of org.apache.poi.poifs.crypt.EncryptionVerifier in project poi by apache.
the class CryptoAPIDecryptor method verifyPassword.
@Override
public boolean verifyPassword(String password) {
EncryptionVerifier ver = getEncryptionInfo().getVerifier();
SecretKey skey = generateSecretKey(password, ver);
try {
Cipher cipher = initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.DECRYPT_MODE);
byte[] encryptedVerifier = ver.getEncryptedVerifier();
byte[] verifier = new byte[encryptedVerifier.length];
cipher.update(encryptedVerifier, 0, encryptedVerifier.length, verifier);
setVerifier(verifier);
byte[] encryptedVerifierHash = ver.getEncryptedVerifierHash();
byte[] verifierHash = cipher.doFinal(encryptedVerifierHash);
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
byte[] calcVerifierHash = hashAlg.digest(verifier);
if (Arrays.equals(calcVerifierHash, verifierHash)) {
setSecretKey(skey);
return true;
}
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException(e);
}
return false;
}
use of org.apache.poi.poifs.crypt.EncryptionVerifier in project poi by apache.
the class CryptoAPIDecryptor method initCipherForBlock.
protected static Cipher initCipherForBlock(Cipher cipher, int block, EncryptionInfo encryptionInfo, SecretKey skey, int encryptMode) throws GeneralSecurityException {
EncryptionVerifier ver = encryptionInfo.getVerifier();
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
byte[] blockKey = new byte[4];
LittleEndian.putUInt(blockKey, 0, block);
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
hashAlg.update(skey.getEncoded());
byte[] encKey = hashAlg.digest(blockKey);
EncryptionHeader header = encryptionInfo.getHeader();
int keyBits = header.getKeySize();
encKey = CryptoFunctions.getBlock0(encKey, keyBits / 8);
if (keyBits == 40) {
encKey = CryptoFunctions.getBlock0(encKey, 16);
}
SecretKey key = new SecretKeySpec(encKey, skey.getAlgorithm());
if (cipher == null) {
cipher = CryptoFunctions.getCipher(key, header.getCipherAlgorithm(), null, null, encryptMode);
} else {
cipher.init(encryptMode, key);
}
return cipher;
}
Aggregations