private void FinishEncryption()
{
TEncryptionParameters EncParams = GetEncryptionParams(Protection);
AesManaged EncEngine = TEncryptionUtils.CreateEngine(EncParams);
TAgileEncryptionKey DataKey = TAgileEncryptionKey.CreateForWriting(null, EncEngine.KeySize / 8);
DataKey.Key = TEncryptionUtils.GetRandom(DataKey.KeySizeInBytes);
TAgileEncryptionKey KeyKey = TAgileEncryptionKey.CreateForWriting(Protection.OpenPassword, EncEngine.KeySize / 8);
byte[] WorkLen = new byte[8];
BitOps.SetCardinal(WorkLen, 0, WorkingStream.Length - WorkStreamZeroPos);
EncryptStream(EncEngine, DataKey, WorkLen);
using (MemoryStream ms = new MemoryStream())
{
using (TOle2File Ole2File = new TOle2File(GetEmptyEncryptedFile()))
{
Ole2File.PrepareForWrite(ms, XlsxConsts.EncryptionInfoString, new string[0]);
CreateInfoStream(Ole2File, EncEngine, EncParams, KeyKey, DataKey);
}
ms.Position = 0;
using (TOle2File Ole2File = new TOle2File(ms))
{
Ole2File.PrepareForWrite(TargetStream, XlsxConsts.ContentString, new string[0]);
WorkingStream.Position = 0;
TEncryptionUtils.CopyStream(WorkingStream, Ole2File);
}
}
}
private static Stream DecryptStream(TOle2File DataStream, TEncryptionParameters EncParams, TEncryptionKey Key)
{
DataStream.SelectStream(XlsxConsts.ContentString);
byte[] EncryptedSize = new byte[8];
DataStream.Read(EncryptedSize, EncryptedSize.Length);
AesManaged Engine = null;
ICryptoTransform Decryptor = null;
try
{
Engine = TEncryptionUtils.CreateEngine(EncParams);
if (!Key.VariableIV)
{
Decryptor = Engine.CreateDecryptor(Key.Key, Key.IV);
}
return(new TXlsxCryptoStreamReader(DataStream, BitOps.GetCardinal(EncryptedSize, 0), Engine, Decryptor, Key));
}
catch
{
if (Engine != null)
{
((IDisposable)Engine).Dispose();
}
if (Decryptor != null)
{
Decryptor.Dispose();
}
throw;
}
}
internal override bool VerifyPass(string Password, TEncryptionParameters EncParams, TEncryptionKey Key)
{
if (!base.VerifyPass(Password, EncParams, Key))
{
return(false);
}
Key.CalcKey(TStandardEncryptionKey.BlockKey, null);
byte[] DecriptedVerifier;
byte[] DecriptedVerifierHash;
using (AesManaged Engine = TEncryptionUtils.CreateEngine(EncParams))
{
using (ICryptoTransform Decryptor = Engine.CreateDecryptor(Key.Key, Key.IV))
{
DecriptedVerifier = DecryptBytes(EncryptedVerifier, Decryptor, -1);
DecriptedVerifierHash = DecryptBytes(EncryptedVerifierHash, Decryptor, -1);
}
}
using (HashAlgorithm hasher = TEncryptionKey.CreateHasher())
{
byte[] DecriptedVerifierHash2 = hasher.ComputeHash(DecriptedVerifier);
if (!FlxUtils.CompareMem(DecriptedVerifierHash, 0, DecriptedVerifierHash2, 0, VerifierHashSizeBytes))
{
return(false);
}
}
return(true);
}
internal override bool VerifyPass(string Password, TEncryptionParameters EncParams, TEncryptionKey Key)
{
if (!base.VerifyPass(Password, EncParams, Key))
{
return(false);
}
using (AesManaged Engine = TEncryptionUtils.CreateEngine(EncParams))
{
byte[] DecriptedVerifierHashInput;
Key.CalcKey(TAgileEncryptionKey.VerifierHashInputBlockKey, null);
using (ICryptoTransform Decryptor = Engine.CreateDecryptor(Key.Key, Key.IV))
{
DecriptedVerifierHashInput = DecryptBytes(EncryptedVerifierHashInput, Decryptor, Key.Salt.Length); //this is the value padded to a blocksize multiple. We want only the Salt.Length initial bytes.
DecriptedVerifierHashInput = Key.Hash(DecriptedVerifierHashInput);
}
byte[] DecriptedVerifierHashValue;
Key.CalcKey(TAgileEncryptionKey.VerifierHashValueBlockKey, null);
using (ICryptoTransform Decryptor = Engine.CreateDecryptor(Key.Key, Key.IV))
{
DecriptedVerifierHashValue = DecryptBytes(EncryptedVerifierHashValue, Decryptor, DecriptedVerifierHashInput.Length); //this is the 20 byte value of the hash + 12 "0" so it goes up to 32. (32 is 2*blocksize)
}
if (!FlxUtils.CompareMem(DecriptedVerifierHashValue, DecriptedVerifierHashInput))
{
return(false);
}
byte[] DecriptedKeyValue;
Key.CalcKey(TAgileEncryptionKey.VerifierKeyValueBlockKey, null);
using (ICryptoTransform Decryptor = Engine.CreateDecryptor(Key.Key, Key.IV))
{
DecriptedKeyValue = DecryptBytes(EncryptedKeyValue, Decryptor, Key.KeySizeInBytes);
}
Key.Key = DecriptedKeyValue;
}
return(true);
}