@Override public String toString() { StringBuilder buffer = new StringBuilder(); buffer.append("[FILEPASS]\n"); buffer.append(" .type = ").append(HexDump.shortToHex(encryptionType)).append('\n'); String prefix = " ."+encryptionInfo.getEncryptionMode(); buffer.append(prefix+".info = ").append(HexDump.shortToHex(encryptionInfo.getVersionMajor())).append('\n'); buffer.append(prefix+".ver = ").append(HexDump.shortToHex(encryptionInfo.getVersionMinor())).append('\n'); buffer.append(prefix+".salt = ").append(HexDump.toHex(encryptionInfo.getVerifier().getSalt())).append('\n'); buffer.append(prefix+".verifier = ").append(HexDump.toHex(encryptionInfo.getVerifier().getEncryptedVerifier())).append('\n'); buffer.append(prefix+".verifierHash = ").append(HexDump.toHex(encryptionInfo.getVerifier().getEncryptedVerifierHash())).append('\n'); buffer.append("[/FILEPASS]\n"); return buffer.toString(); } }
protected void createEncryptionInfoEntry(DirectoryNode dir) throws IOException { final EncryptionInfo info = getEncryptionInfo(); final StandardEncryptionHeader header = (StandardEncryptionHeader)info.getHeader(); final StandardEncryptionVerifier verifier = (StandardEncryptionVerifier)info.getVerifier(); EncryptionRecord er = new EncryptionRecord(){ @Override public void write(LittleEndianByteArrayOutputStream bos) { bos.writeShort(info.getVersionMajor()); bos.writeShort(info.getVersionMinor()); bos.writeInt(info.getEncryptionFlags()); header.write(bos); verifier.write(bos); } }; createEncryptionEntry(dir, "EncryptionInfo", er); // TODO: any properties??? }
private Cipher getCipher(SecretKey key, String padding) { EncryptionVerifier ver = getEncryptionInfo().getVerifier(); return CryptoFunctions.getCipher(key, ver.getCipherAlgorithm(), ver.getChainingMode(), null, Cipher.ENCRYPT_MODE, padding); }
protected static Cipher initCipherForBlock(Cipher cipher, int block, EncryptionInfo encryptionInfo, SecretKey skey, int encryptMode) throws GeneralSecurityException { EncryptionVerifier ver = encryptionInfo.getVerifier(); HashAlgorithm hashAlgo = ver.getHashAlgorithm(); byte blockKey[] = new byte[4]; LittleEndian.putUInt(blockKey, 0, block); byte encKey[] = CryptoFunctions.generateKey(skey.getEncoded(), hashAlgo, blockKey, 16); SecretKey key = new SecretKeySpec(encKey, skey.getAlgorithm()); if (cipher == null) { EncryptionHeader em = encryptionInfo.getHeader(); cipher = CryptoFunctions.getCipher(key, em.getCipherAlgorithm(), null, null, encryptMode); } else { cipher.init(encryptMode, key); } return cipher; }
protected void createEncryptionInfoEntry(DirectoryNode dir) throws IOException { DataSpaceMapUtils.addDefaultDataSpace(dir); final EncryptionInfo info = getEncryptionInfo(); final BinaryRC4EncryptionHeader header = (BinaryRC4EncryptionHeader)info.getHeader(); final BinaryRC4EncryptionVerifier verifier = (BinaryRC4EncryptionVerifier)info.getVerifier(); EncryptionRecord er = new EncryptionRecord() { @Override public void write(LittleEndianByteArrayOutputStream bos) { bos.writeShort(info.getVersionMajor()); bos.writeShort(info.getVersionMinor()); header.write(bos); verifier.write(bos); } }; DataSpaceMapUtils.createEncryptionEntry(dir, "EncryptionInfo", er); }
protected static Cipher initCipherForBlock(Cipher cipher, int block, EncryptionInfo encryptionInfo, SecretKey skey, int encryptMode) throws GeneralSecurityException { EncryptionVerifier ver = encryptionInfo.getVerifier(); HashAlgorithm hashAlgo = ver.getHashAlgorithm(); byte blockKey[] = new byte[4]; LittleEndian.putUInt(blockKey, 0, block); MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo); hashAlg.update(skey.getEncoded()); byte encKey[] = hashAlg.digest(blockKey); EncryptionHeader header = encryptionInfo.getHeader(); int keyBits = header.getKeySize(); encKey = CryptoFunctions.getBlock0(encKey, keyBits / 8); if (keyBits == 40) { encKey = CryptoFunctions.getBlock0(encKey, 16); } SecretKey key = new SecretKeySpec(encKey, skey.getAlgorithm()); if (cipher == null) { cipher = CryptoFunctions.getCipher(key, header.getCipherAlgorithm(), null, null, encryptMode); } else { cipher.init(encryptMode, key); } return cipher; }
@Override public boolean verifyPassword(String password) { EncryptionVerifier ver = getEncryptionInfo().getVerifier(); SecretKey skey = generateSecretKey(password, ver, getKeySizeInBytes()); Cipher cipher = getCipher(skey); try { byte encryptedVerifier[] = ver.getEncryptedVerifier(); byte verifier[] = cipher.doFinal(encryptedVerifier); setVerifier(verifier); MessageDigest sha1 = CryptoFunctions.getMessageDigest(ver.getHashAlgorithm()); byte[] calcVerifierHash = sha1.digest(verifier); byte encryptedVerifierHash[] = ver.getEncryptedVerifierHash(); byte decryptedVerifierHash[] = cipher.doFinal(encryptedVerifierHash); // see 2.3.4.9 Password Verification (Standard Encryption) // ... The number of bytes used by the encrypted Verifier hash MUST be 32 ... // TODO: check and trim/pad the hashes to 32 byte[] verifierHash = Arrays.copyOf(decryptedVerifierHash, calcVerifierHash.length); if (Arrays.equals(calcVerifierHash, verifierHash)) { setSecretKey(skey); return true; } else { return false; } } catch (GeneralSecurityException e) { throw new EncryptedDocumentException(e); } }
@Override public boolean verifyPassword(String password) { EncryptionVerifier ver = getEncryptionInfo().getVerifier(); SecretKey skey = generateSecretKey(password, ver); try { Cipher cipher = initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.DECRYPT_MODE); byte encryptedVerifier[] = ver.getEncryptedVerifier(); byte verifier[] = new byte[encryptedVerifier.length]; cipher.update(encryptedVerifier, 0, encryptedVerifier.length, verifier); setVerifier(verifier); byte encryptedVerifierHash[] = ver.getEncryptedVerifierHash(); byte verifierHash[] = cipher.doFinal(encryptedVerifierHash); HashAlgorithm hashAlgo = ver.getHashAlgorithm(); MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo); byte calcVerifierHash[] = hashAlg.digest(verifier); if (Arrays.equals(calcVerifierHash, verifierHash)) { setSecretKey(skey); return true; } } catch (GeneralSecurityException e) { throw new EncryptedDocumentException(e); } return false; }
@Override public boolean verifyPassword(String password) { EncryptionVerifier ver = getEncryptionInfo().getVerifier(); SecretKey skey = generateSecretKey(password, ver); try { Cipher cipher = initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.DECRYPT_MODE); byte encryptedVerifier[] = ver.getEncryptedVerifier(); byte verifier[] = new byte[encryptedVerifier.length]; cipher.update(encryptedVerifier, 0, encryptedVerifier.length, verifier); setVerifier(verifier); byte encryptedVerifierHash[] = ver.getEncryptedVerifierHash(); byte verifierHash[] = cipher.doFinal(encryptedVerifierHash); HashAlgorithm hashAlgo = ver.getHashAlgorithm(); MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo); byte calcVerifierHash[] = hashAlg.digest(verifier); if (Arrays.equals(calcVerifierHash, verifierHash)) { setSecretKey(skey); return true; } } catch (GeneralSecurityException e) { throw new EncryptedDocumentException(e); } return false; }
@Override public void confirmPassword(String password, byte keySpec[], byte keySalt[], byte verifier[], byte verifierSalt[], byte integritySalt[]) { assert(verifier != null && verifierSalt != null); CryptoAPIEncryptionVerifier ver = (CryptoAPIEncryptionVerifier)getEncryptionInfo().getVerifier(); ver.setSalt(verifierSalt); SecretKey skey = CryptoAPIDecryptor.generateSecretKey(password, ver); setSecretKey(skey); try { Cipher cipher = initCipherForBlock(null, 0); byte encryptedVerifier[] = new byte[verifier.length]; cipher.update(verifier, 0, verifier.length, encryptedVerifier); ver.setEncryptedVerifier(encryptedVerifier); HashAlgorithm hashAlgo = ver.getHashAlgorithm(); MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo); byte calcVerifierHash[] = hashAlg.digest(verifier); byte encryptedVerifierHash[] = cipher.doFinal(calcVerifierHash); ver.setEncryptedVerifierHash(encryptedVerifierHash); } catch (GeneralSecurityException e) { throw new EncryptedDocumentException("Password confirmation failed", e); } }
@Override public void confirmPassword(String password) { int keyComp = CryptoFunctions.createXorKey1(password); int verifierComp = CryptoFunctions.createXorVerifier1(password); byte xorArray[] = CryptoFunctions.createXorArray1(password); byte shortBuf[] = new byte[2]; XOREncryptionVerifier ver = (XOREncryptionVerifier)getEncryptionInfo().getVerifier(); LittleEndian.putUShort(shortBuf, 0, keyComp); ver.setEncryptedKey(shortBuf); LittleEndian.putUShort(shortBuf, 0, verifierComp); ver.setEncryptedVerifier(shortBuf); setSecretKey(new SecretKeySpec(xorArray, "XOR")); }
@Override public boolean verifyPassword(String password) { XOREncryptionVerifier ver = (XOREncryptionVerifier)getEncryptionInfo().getVerifier(); int keyVer = LittleEndian.getUShort(ver.getEncryptedKey()); int verifierVer = LittleEndian.getUShort(ver.getEncryptedVerifier()); int keyComp = CryptoFunctions.createXorKey1(password); int verifierComp = CryptoFunctions.createXorVerifier1(password); if (keyVer == keyComp && verifierVer == verifierComp) { byte xorArray[] = CryptoFunctions.createXorArray1(password); setSecretKey(new SecretKeySpec(xorArray, "XOR")); return true; } else { return false; } }
@Override public void confirmPassword(String password, byte keySpec[], byte keySalt[], byte verifier[], byte verifierSalt[], byte integritySalt[]) { BinaryRC4EncryptionVerifier ver = (BinaryRC4EncryptionVerifier)getEncryptionInfo().getVerifier(); ver.setSalt(verifierSalt); SecretKey skey = BinaryRC4Decryptor.generateSecretKey(password, ver); setSecretKey(skey); try { Cipher cipher = BinaryRC4Decryptor.initCipherForBlock(null, 0, getEncryptionInfo(), skey, Cipher.ENCRYPT_MODE); byte encryptedVerifier[] = new byte[16]; cipher.update(verifier, 0, 16, encryptedVerifier); ver.setEncryptedVerifier(encryptedVerifier); HashAlgorithm hashAlgo = ver.getHashAlgorithm(); MessageDigest hashAlg = CryptoFunctions.getMessageDigest(hashAlgo); byte calcVerifierHash[] = hashAlg.digest(verifier); byte encryptedVerifierHash[] = cipher.doFinal(calcVerifierHash); ver.setEncryptedVerifierHash(encryptedVerifierHash); } catch (GeneralSecurityException e) { throw new EncryptedDocumentException("Password confirmation failed", e); } }
StandardEncryptionVerifier ver = (StandardEncryptionVerifier)getEncryptionInfo().getVerifier();
AgileEncryptionVerifier ver = (AgileEncryptionVerifier)getEncryptionInfo().getVerifier(); AgileEncryptionHeader header = (AgileEncryptionHeader)getEncryptionInfo().getHeader(); HashAlgorithm hashAlgo = header.getHashAlgorithm();
@SuppressWarnings("resource") @Override public void serialize(LittleEndianOutput out) { out.writeShort(encryptionType); byte data[] = new byte[1024]; LittleEndianByteArrayOutputStream bos = new LittleEndianByteArrayOutputStream(data, 0); // NOSONAR switch (encryptionInfo.getEncryptionMode()) { case xor: ((XOREncryptionHeader)encryptionInfo.getHeader()).write(bos); ((XOREncryptionVerifier)encryptionInfo.getVerifier()).write(bos); break; case binaryRC4: out.writeShort(encryptionInfo.getVersionMajor()); out.writeShort(encryptionInfo.getVersionMinor()); ((BinaryRC4EncryptionHeader)encryptionInfo.getHeader()).write(bos); ((BinaryRC4EncryptionVerifier)encryptionInfo.getVerifier()).write(bos); break; case cryptoAPI: out.writeShort(encryptionInfo.getVersionMajor()); out.writeShort(encryptionInfo.getVersionMinor()); out.writeInt(encryptionInfo.getEncryptionFlags()); ((CryptoAPIEncryptionHeader)encryptionInfo.getHeader()).write(bos); ((CryptoAPIEncryptionVerifier)encryptionInfo.getVerifier()).write(bos); break; default: throw new EncryptedDocumentException("not supported"); } out.write(data, 0, bos.getWriteIndex()); }
@Override public void confirmPassword(String password, byte keySpec[], byte keySalt[], byte verifier[], byte verifierSalt[], byte integritySalt[]) { AgileEncryptionVerifier ver = (AgileEncryptionVerifier)getEncryptionInfo().getVerifier(); AgileEncryptionHeader header = (AgileEncryptionHeader)getEncryptionInfo().getHeader();
AgileEncryptionVerifier ver = (AgileEncryptionVerifier)getEncryptionInfo().getVerifier(); AgileEncryptionHeader header = (AgileEncryptionHeader)getEncryptionInfo().getHeader();
EncryptionVerifier ver = ei.getVerifier(); byte encVer[] = ver.getEncryptedVerifier(); Decryptor dec = ei.getDecryptor();
protected EncryptionDocument createEncryptionDocument() { AgileEncryptionVerifier ver = (AgileEncryptionVerifier)getEncryptionInfo().getVerifier(); AgileEncryptionHeader header = (AgileEncryptionHeader)getEncryptionInfo().getHeader();