Search in sources :

Example 1 with EncryptionVerifier

use of org.apache.poi.poifs.crypt.EncryptionVerifier in project poi by apache.

the class StandardDecryptor method verifyPassword.

@Override
public boolean verifyPassword(String password) {
    EncryptionVerifier ver = getEncryptionInfo().getVerifier();
    SecretKey skey = generateSecretKey(password, ver, getKeySizeInBytes());
    Cipher cipher = getCipher(skey);
    try {
        byte[] encryptedVerifier = ver.getEncryptedVerifier();
        byte[] verifier = cipher.doFinal(encryptedVerifier);
        setVerifier(verifier);
        MessageDigest sha1 = CryptoFunctions.getMessageDigest(ver.getHashAlgorithm());
        byte[] calcVerifierHash = sha1.digest(verifier);
        byte[] encryptedVerifierHash = ver.getEncryptedVerifierHash();
        byte[] decryptedVerifierHash = cipher.doFinal(encryptedVerifierHash);
        // see 2.3.4.9 Password Verification (Standard Encryption)
        // ... The number of bytes used by the encrypted Verifier hash MUST be 32 ...
        // TODO: check and trim/pad the hashes to 32
        byte[] verifierHash = Arrays.copyOf(decryptedVerifierHash, calcVerifierHash.length);
        if (Arrays.equals(calcVerifierHash, verifierHash)) {
            setSecretKey(skey);
            return true;
        } else {
            return false;
        }
    } catch (GeneralSecurityException e) {
        throw new EncryptedDocumentException(e);
    }
}
Also used : EncryptionVerifier(org.apache.poi.poifs.crypt.EncryptionVerifier) SecretKey(javax.crypto.SecretKey) EncryptedDocumentException(org.apache.poi.EncryptedDocumentException) GeneralSecurityException(java.security.GeneralSecurityException) Cipher(javax.crypto.Cipher) MessageDigest(java.security.MessageDigest)

Example 2 with EncryptionVerifier

use of org.apache.poi.poifs.crypt.EncryptionVerifier in project poi by apache.

the class CryptoAPIDecryptor method verifyPassword.

@Override
public boolean verifyPassword(String password) {
    EncryptionVerifier ver = getEncryptionInfo().getVerifier();
    SecretKey skey = generateSecretKey(password, ver);
    try {
        Cipher cipher = initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.DECRYPT_MODE);
        byte[] encryptedVerifier = ver.getEncryptedVerifier();
        byte[] verifier = new byte[encryptedVerifier.length];
        cipher.update(encryptedVerifier, 0, encryptedVerifier.length, verifier);
        setVerifier(verifier);
        byte[] encryptedVerifierHash = ver.getEncryptedVerifierHash();
        byte[] verifierHash = cipher.doFinal(encryptedVerifierHash);
        HashAlgorithm hashAlgo = ver.getHashAlgorithm();
        MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
        byte[] calcVerifierHash = hashAlg.digest(verifier);
        if (Arrays.equals(calcVerifierHash, verifierHash)) {
            setSecretKey(skey);
            return true;
        }
    } catch (GeneralSecurityException e) {
        throw new EncryptedDocumentException(e);
    }
    return false;
}
Also used : EncryptionVerifier(org.apache.poi.poifs.crypt.EncryptionVerifier) SecretKey(javax.crypto.SecretKey) EncryptedDocumentException(org.apache.poi.EncryptedDocumentException) GeneralSecurityException(java.security.GeneralSecurityException) Cipher(javax.crypto.Cipher) MessageDigest(java.security.MessageDigest) HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)

Example 3 with EncryptionVerifier

use of org.apache.poi.poifs.crypt.EncryptionVerifier in project poi by apache.

the class CryptoAPIDecryptor method initCipherForBlock.

protected static Cipher initCipherForBlock(Cipher cipher, int block, EncryptionInfo encryptionInfo, SecretKey skey, int encryptMode) throws GeneralSecurityException {
    EncryptionVerifier ver = encryptionInfo.getVerifier();
    HashAlgorithm hashAlgo = ver.getHashAlgorithm();
    byte[] blockKey = new byte[4];
    LittleEndian.putUInt(blockKey, 0, block);
    MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
    hashAlg.update(skey.getEncoded());
    byte[] encKey = hashAlg.digest(blockKey);
    EncryptionHeader header = encryptionInfo.getHeader();
    int keyBits = header.getKeySize();
    encKey = CryptoFunctions.getBlock0(encKey, keyBits / 8);
    if (keyBits == 40) {
        encKey = CryptoFunctions.getBlock0(encKey, 16);
    }
    SecretKey key = new SecretKeySpec(encKey, skey.getAlgorithm());
    if (cipher == null) {
        cipher = CryptoFunctions.getCipher(key, header.getCipherAlgorithm(), null, null, encryptMode);
    } else {
        cipher.init(encryptMode, key);
    }
    return cipher;
}
Also used : EncryptionVerifier(org.apache.poi.poifs.crypt.EncryptionVerifier) SecretKey(javax.crypto.SecretKey) SecretKeySpec(javax.crypto.spec.SecretKeySpec) MessageDigest(java.security.MessageDigest) EncryptionHeader(org.apache.poi.poifs.crypt.EncryptionHeader) HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)

Aggregations

MessageDigest (java.security.MessageDigest)3 SecretKey (javax.crypto.SecretKey)3 EncryptionVerifier (org.apache.poi.poifs.crypt.EncryptionVerifier)3 GeneralSecurityException (java.security.GeneralSecurityException)2 Cipher (javax.crypto.Cipher)2 EncryptedDocumentException (org.apache.poi.EncryptedDocumentException)2 HashAlgorithm (org.apache.poi.poifs.crypt.HashAlgorithm)2 SecretKeySpec (javax.crypto.spec.SecretKeySpec)1 EncryptionHeader (org.apache.poi.poifs.crypt.EncryptionHeader)1