Example #1
0
 public static void SetPassword(CT_SheetProtection xobj, String password, HashAlgorithm hashAlgo, String prefix)
 {
     if (password == null)
     {
         xobj.password      = null;
         xobj.algorithmName = null;
         xobj.hashValue     = null;
         xobj.saltValue     = null;
         xobj.spinCount     = null;
         return;
     }
     if (hashAlgo == null)
     {
         int hash = CryptoFunctions.CreateXorVerifier1(password);
         xobj.password = String.Format("{0:X4}", hash).ToUpper();
     }
     else
     {
         SecureRandom random    = new SecureRandom();
         byte[]       salt      = random.GenerateSeed(16);
         int          spinCount = 100000;
         byte[]       hash      = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCount, false);
         xobj.algorithmName = hashAlgo.jceId;
         xobj.hashValue     = Convert.ToBase64String(hash);
         xobj.saltValue     = Convert.ToBase64String(salt);
         xobj.spinCount     = "" + spinCount;
     }
 }
Example #2
0
        public static bool ValidatePassword(CT_SheetProtection xobj, String password, String prefix)
        {
            if (password == null)
            {
                return(false);
            }

            string xorHashVal = xobj.password;
            string algoName   = xobj.algorithmName;
            string hashVal    = xobj.hashValue;
            string saltVal    = xobj.saltValue;
            string spinCount  = xobj.spinCount;

            if (xorHashVal != null)
            {
                int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber);
                int hash2 = CryptoFunctions.CreateXorVerifier1(password);
                return(hash1 == hash2);
            }
            else
            {
                if (hashVal == null || algoName == null || saltVal == null || spinCount == null)
                {
                    return(false);
                }

                byte[]        hash1    = Convert.FromBase64String(hashVal);
                HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName);
                byte[]        salt     = Convert.FromBase64String(saltVal);
                int           spinCnt  = Int32.Parse(spinCount);
                byte[]        hash2    = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false);
                return(Arrays.Equals(hash1, hash2));
            }
        }
Example #3
0
        /// <summary>
        /// protect a spreadsheet with a password (not encrypted, just sets protect flags and the password.)
        /// </summary>
        /// <param name="password">password to set;Pass <code>null</code> to remove all protection</param>
        /// <param name="shouldProtectObjects">shouldProtectObjects are protected</param>
        /// <param name="shouldProtectScenarios">shouldProtectScenarios are protected</param>
        public void ProtectSheet(String password, bool shouldProtectObjects,
                                 bool shouldProtectScenarios)
        {
            if (password == null)
            {
                _passwordRecord        = null;
                _protectRecord         = null;
                _objectProtectRecord   = null;
                _scenarioProtectRecord = null;
                return;
            }

            ProtectRecord  prec = this.Protect;
            PasswordRecord pass = this.Password;

            prec.Protect  = true;
            pass.Password = (short)CryptoFunctions.CreateXorVerifier1(password);
            if (_objectProtectRecord == null && shouldProtectObjects)
            {
                ObjectProtectRecord rec = CreateObjectProtect();
                rec.Protect          = (true);
                _objectProtectRecord = rec;
            }
            if (_scenarioProtectRecord == null && shouldProtectScenarios)
            {
                ScenarioProtectRecord srec = CreateScenarioProtect();
                srec.Protect           = (true);
                _scenarioProtectRecord = srec;
            }
        }
Example #4
0
        /**
         * Validates the password, i.e.
         * calculates the hash of the given password and Compares it against the stored hash
         *
         * @param xobj the xmlbeans object which Contains the password attributes
         * @param password the password, if null the method will always return false,
         *  even if there's no password Set
         * @param prefix the prefix of the password attributes, may be null
         *
         * @return true, if the hashes match
         */
        public static bool ValidatePassword(XmlNode xobj, String password, String prefix)
        {
            // TODO: is "velvetSweatshop" the default password?
            if (password == null)
            {
                return(false);
            }

            XPathNavigator cur = xobj.CreateNavigator();

            cur.MoveToAttribute("password", prefix);
            String xorHashVal = cur.Value;

            cur.MoveToAttribute("algorithmName", prefix);
            String algoName = cur.Value;

            cur.MoveToAttribute("hashValue", prefix);
            String hashVal = cur.Value;

            cur.MoveToAttribute("saltValue", prefix);
            String saltVal = cur.Value;

            cur.MoveToAttribute("spinCount", prefix);
            String spinCount = cur.Value;

            //cur.Dispose();

            if (xorHashVal != null)
            {
                int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber);
                int hash2 = CryptoFunctions.CreateXorVerifier1(password);
                return(hash1 == hash2);
            }
            else
            {
                if (hashVal == null || algoName == null || saltVal == null || spinCount == null)
                {
                    return(false);
                }

                byte[]        hash1    = Convert.FromBase64String(hashVal);
                HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName);
                byte[]        salt     = Convert.FromBase64String(saltVal);
                int           spinCnt  = Int32.Parse(spinCount);
                byte[]        hash2    = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false);
                return(Arrays.Equals(hash1, hash2));
            }
        }
Example #5
0
        public void TestXorEncryption1()
        {
            // Xor-Password: abc
            // 2.5.343 XORObfuscation
            // key = 20810
            // verifier = 52250
            int verifier = CryptoFunctions.CreateXorVerifier1("abc");
            int key      = CryptoFunctions.CreateXorKey1("abc");

            Assert.AreEqual(20810, key);
            Assert.AreEqual(52250, verifier);

            byte[] xorArrAct = CryptoFunctions.CreateXorArray1("abc");
            byte[] xorArrExp = HexRead.ReadFromString("AC-CC-A4-AB-D6-BA-C3-BA-D6-A3-2B-45-D3-79-29-BB");

            //assertThat(xorArrExp, EqualTo(xorArrAct));
            Assert.That(xorArrExp, Is.EqualTo(xorArrAct));
        }
Example #6
0
        /**
         * Sets the XORed or hashed password
         *
         * @param xobj the xmlbeans object which Contains the password attributes
         * @param password the password, if null, the password attributes will be Removed
         * @param hashAlgo the hash algorithm, if null the password will be XORed
         * @param prefix the prefix of the password attributes, may be null
         */
        public static void SetPassword(XmlNode xobj, String password, HashAlgorithm hashAlgo, String prefix)
        {
            XPathNavigator cur = xobj.CreateNavigator();

            if (password == null)
            {
                //dose the prefix is namespace? check it!!!
                if (cur.MoveToAttribute("password", prefix))
                {
                    cur.DeleteSelf();
                }
                if (cur.MoveToAttribute("algorithmName", prefix))
                {
                    cur.DeleteSelf();
                }
                if (cur.MoveToAttribute("hashValue", prefix))
                {
                    cur.DeleteSelf();
                }
                if (cur.MoveToAttribute("saltValue", prefix))
                {
                    cur.DeleteSelf();
                }
                if (cur.MoveToAttribute("spinCount", prefix))
                {
                    cur.DeleteSelf();
                }
                return;
            }

            //cur.ToFirstContentToken();
            if (hashAlgo == null)
            {
                int hash = CryptoFunctions.CreateXorVerifier1(password);
                cur.CreateAttribute(prefix, "password", null, String.Format("{0:X4}", hash).ToUpper());
                //cur.InsertAttributeWithValue(GetAttrName(prefix, "password"),
                //                             String.Format("{0:X}", hash).ToUpper());
            }
            else
            {
                SecureRandom random = new SecureRandom();
                byte[]       salt   = random.GenerateSeed(16);

                // Iterations specifies the number of times the hashing function shall be iteratively run (using each
                // iteration's result as the input for the next iteration).
                int spinCount = 100000;

                // Implementation Notes List:
                // --> In this third stage, the reversed byte order legacy hash from the second stage shall
                //     be Converted to Unicode hex string representation
                byte[] hash = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCount, false);
                cur.CreateAttribute(prefix, "algorithmName", null, hashAlgo.jceId);
                cur.CreateAttribute(prefix, "hashValue", null, Convert.ToBase64String(hash));
                cur.CreateAttribute(prefix, "saltValue", null, Convert.ToBase64String(salt));
                cur.CreateAttribute(prefix, "spinCount", null, "" + spinCount);
                //cur.InsertAttributeWithValue(GetAttrName(prefix, "algorithmName"), hashAlgo.jceId);
                //cur.InsertAttributeWithValue(GetAttrName(prefix, "hashValue"), Convert.ToBase64String(hash));
                //cur.InsertAttributeWithValue(GetAttrName(prefix, "saltValue"), Convert.ToBase64String(salt));
                //cur.InsertAttributeWithValue(GetAttrName(prefix, "spinCount"), "" + spinCount);
            }
            //cur.Dispose();
        }