Example 6 with HashAlgorithm
use of org.apache.poi.poifs.crypt.HashAlgorithm in project poi by apache.
the class XWPFSettings method validateProtectionPassword.
/**
* Validates the existing password
*
* @param password
* @return true, only if password was set and equals, false otherwise
*/
public boolean validateProtectionPassword(String password) {
BigInteger sid = safeGetDocumentProtection().getCryptAlgorithmSid();
byte[] hash = safeGetDocumentProtection().getHash();
byte[] salt = safeGetDocumentProtection().getSalt();
BigInteger spinCount = safeGetDocumentProtection().getCryptSpinCount();
if (sid == null || hash == null || salt == null || spinCount == null)
return false;
HashAlgorithm hashAlgo;
switch(sid.intValue()) {
case 1:
hashAlgo = HashAlgorithm.md2;
break;
case 2:
hashAlgo = HashAlgorithm.md4;
break;
case 3:
hashAlgo = HashAlgorithm.md5;
break;
case 4:
hashAlgo = HashAlgorithm.sha1;
break;
case 12:
hashAlgo = HashAlgorithm.sha256;
break;
case 13:
hashAlgo = HashAlgorithm.sha384;
break;
case 14:
hashAlgo = HashAlgorithm.sha512;
break;
default:
return false;
}
String legacyHash = CryptoFunctions.xorHashPasswordReversed(password);
// Implementation Notes List:
// --> In this third stage, the reversed byte order legacy hash from the second stage shall
// be converted to Unicode hex string representation
byte[] hash2 = CryptoFunctions.hashPassword(legacyHash, hashAlgo, salt, spinCount.intValue(), false);
return Arrays.equals(hash, hash2);
}
Also used :
BigInteger(java.math.BigInteger)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Example 7 with HashAlgorithm
use of org.apache.poi.poifs.crypt.HashAlgorithm in project poi by apache.
the class CryptoAPIDecryptor method verifyPassword.
@Override
public boolean verifyPassword(String password) {
EncryptionVerifier ver = getEncryptionInfo().getVerifier();
SecretKey skey = generateSecretKey(password, ver);
try {
Cipher cipher = initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.DECRYPT_MODE);
byte[] encryptedVerifier = ver.getEncryptedVerifier();
byte[] verifier = new byte[encryptedVerifier.length];
cipher.update(encryptedVerifier, 0, encryptedVerifier.length, verifier);
setVerifier(verifier);
byte[] encryptedVerifierHash = ver.getEncryptedVerifierHash();
byte[] verifierHash = cipher.doFinal(encryptedVerifierHash);
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
byte[] calcVerifierHash = hashAlg.digest(verifier);
if (Arrays.equals(calcVerifierHash, verifierHash)) {
setSecretKey(skey);
return true;
}
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException(e);
}
return false;
}
Also used :
EncryptionVerifier(org.apache.poi.poifs.crypt.EncryptionVerifier)
SecretKey(javax.crypto.SecretKey)
EncryptedDocumentException(org.apache.poi.EncryptedDocumentException)
GeneralSecurityException(java.security.GeneralSecurityException)
Cipher(javax.crypto.Cipher)
MessageDigest(java.security.MessageDigest)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Example 8 with HashAlgorithm
use of org.apache.poi.poifs.crypt.HashAlgorithm in project poi by apache.
the class CryptoAPIDecryptor method generateSecretKey.
protected static SecretKey generateSecretKey(String password, EncryptionVerifier ver) {
if (password.length() > 255) {
password = password.substring(0, 255);
}
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
hashAlg.update(ver.getSalt());
byte[] hash = hashAlg.digest(StringUtil.getToUnicodeLE(password));
SecretKey skey = new SecretKeySpec(hash, ver.getCipherAlgorithm().jceId);
return skey;
}
Also used :
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
MessageDigest(java.security.MessageDigest)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Example 9 with HashAlgorithm
use of org.apache.poi.poifs.crypt.HashAlgorithm in project poi by apache.
the class CryptoAPIDecryptor method initCipherForBlock.
protected static Cipher initCipherForBlock(Cipher cipher, int block, EncryptionInfo encryptionInfo, SecretKey skey, int encryptMode) throws GeneralSecurityException {
EncryptionVerifier ver = encryptionInfo.getVerifier();
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
byte[] blockKey = new byte[4];
LittleEndian.putUInt(blockKey, 0, block);
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
hashAlg.update(skey.getEncoded());
byte[] encKey = hashAlg.digest(blockKey);
EncryptionHeader header = encryptionInfo.getHeader();
int keyBits = header.getKeySize();
encKey = CryptoFunctions.getBlock0(encKey, keyBits / 8);
if (keyBits == 40) {
encKey = CryptoFunctions.getBlock0(encKey, 16);
}
SecretKey key = new SecretKeySpec(encKey, skey.getAlgorithm());
if (cipher == null) {
cipher = CryptoFunctions.getCipher(key, header.getCipherAlgorithm(), null, null, encryptMode);
} else {
cipher.init(encryptMode, key);
}
return cipher;
}
Also used :
EncryptionVerifier(org.apache.poi.poifs.crypt.EncryptionVerifier)
SecretKey(javax.crypto.SecretKey)
SecretKeySpec(javax.crypto.spec.SecretKeySpec)
MessageDigest(java.security.MessageDigest)
EncryptionHeader(org.apache.poi.poifs.crypt.EncryptionHeader)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Example 10 with HashAlgorithm
use of org.apache.poi.poifs.crypt.HashAlgorithm in project poi by apache.
the class CryptoAPIEncryptor method confirmPassword.
@Override
public void confirmPassword(String password, byte[] keySpec, byte[] keySalt, byte[] verifier, byte[] verifierSalt, byte[] integritySalt) {
assert (verifier != null && verifierSalt != null);
CryptoAPIEncryptionVerifier ver = (CryptoAPIEncryptionVerifier) getEncryptionInfo().getVerifier();
ver.setSalt(verifierSalt);
SecretKey skey = CryptoAPIDecryptor.generateSecretKey(password, ver);
setSecretKey(skey);
try {
Cipher cipher = initCipherForBlock(null, 0);
byte[] encryptedVerifier = new byte[verifier.length];
cipher.update(verifier, 0, verifier.length, encryptedVerifier);
ver.setEncryptedVerifier(encryptedVerifier);
HashAlgorithm hashAlgo = ver.getHashAlgorithm();
MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo);
byte[] calcVerifierHash = hashAlg.digest(verifier);
byte[] encryptedVerifierHash = cipher.doFinal(calcVerifierHash);
ver.setEncryptedVerifierHash(encryptedVerifierHash);
} catch (GeneralSecurityException e) {
throw new EncryptedDocumentException("Password confirmation failed", e);
}
}
Also used :
SecretKey(javax.crypto.SecretKey)
EncryptedDocumentException(org.apache.poi.EncryptedDocumentException)
GeneralSecurityException(java.security.GeneralSecurityException)
Cipher(javax.crypto.Cipher)
MessageDigest(java.security.MessageDigest)
HashAlgorithm(org.apache.poi.poifs.crypt.HashAlgorithm)
Aggregations
HashAlgorithm (org.apache.poi.poifs.crypt.HashAlgorithm)11
SecretKey (javax.crypto.SecretKey)7
Cipher (javax.crypto.Cipher)6
SecretKeySpec (javax.crypto.spec.SecretKeySpec)6
MessageDigest (java.security.MessageDigest)5
GeneralSecurityException (java.security.GeneralSecurityException)4
EncryptedDocumentException (org.apache.poi.EncryptedDocumentException)4
CryptoFunctions.getCipher (org.apache.poi.poifs.crypt.CryptoFunctions.getCipher)3
Mac (javax.crypto.Mac)2
CipherAlgorithm (org.apache.poi.poifs.crypt.CipherAlgorithm)2
EncryptionVerifier (org.apache.poi.poifs.crypt.EncryptionVerifier)2
STHashAlgorithm (com.microsoft.schemas.office.x2006.encryption.STHashAlgorithm)1
FileInputStream (java.io.FileInputStream)1
InputStream (java.io.InputStream)1
BigInteger (java.math.BigInteger)1
ChainingMode (org.apache.poi.poifs.crypt.ChainingMode)1
EncryptionHeader (org.apache.poi.poifs.crypt.EncryptionHeader)1
AgileCertificateEntry (org.apache.poi.poifs.crypt.agile.AgileEncryptionVerifier.AgileCertificateEntry)1
XmlCursor (org.apache.xmlbeans.XmlCursor)1
