public override bool VerifyPassword(string password)
{
byte[] secretKey;
using (var hashAlgorithm = CryptoHelpers.Create(PasswordHashAlgorithm))
secretKey = HashPassword(password, PasswordSaltValue, hashAlgorithm, PasswordSpinCount);
var inputBlockKey = CryptoHelpers.HashBytes(
CryptoHelpers.Combine(secretKey, new byte[] { 0xfe, 0xa7, 0xd2, 0x76, 0x3b, 0x4b, 0x9e, 0x79 }),
PasswordHashAlgorithm);
Array.Resize(ref inputBlockKey, PasswordKeyBits / 8);
var valueBlockKey = CryptoHelpers.HashBytes(
CryptoHelpers.Combine(secretKey, new byte[] { 0xd7, 0xaa, 0x0f, 0x6d, 0x30, 0x61, 0x34, 0x4e }),
PasswordHashAlgorithm);
Array.Resize(ref valueBlockKey, PasswordKeyBits / 8);
using (var cipher = CryptoHelpers.CreateCipher(PasswordCipherAlgorithm, PasswordKeyBits, PasswordBlockSize * 8, PasswordCipherChaining))
{
var decryptedVerifier = CryptoHelpers.DecryptBytes(cipher, PasswordEncryptedVerifierHashInput, inputBlockKey, PasswordSaltValue);
var decryptedVerifierHash = CryptoHelpers.DecryptBytes(cipher, PasswordEncryptedVerifierHashValue, valueBlockKey, PasswordSaltValue);
var verifierHash = CryptoHelpers.HashBytes(decryptedVerifier, PasswordHashAlgorithm);
for (var i = 0; i < Math.Min(decryptedVerifierHash.Length, verifierHash.Length); ++i)
{
if (decryptedVerifierHash[i] != verifierHash[i])
{
return(false);
}
}
return(true);
}
}
private static byte[] GenerateSecretKey(string password, byte[] saltValue, HashIdentifier hashIdentifier, byte[] encryptedKeyValue, int spinCount, int keyBits, SymmetricAlgorithm cipher)
{
var block3 = new byte[] { 0x14, 0x6e, 0x0b, 0xe7, 0xab, 0xac, 0xd0, 0xd6 };
byte[] hash;
using (var hashAlgorithm = CryptoHelpers.Create(hashIdentifier))
{
hash = HashPassword(password, saltValue, hashAlgorithm, spinCount);
hash = CryptoHelpers.HashBytes(CryptoHelpers.Combine(hash, block3), hashIdentifier);
}
// Truncate or pad with 0x36
var hashSize = hash.Length;
Array.Resize(ref hash, keyBits / 8);
for (var i = hashSize; i < keyBits / 8; i++)
{
hash[i] = 0x36;
}
// NOTE: the stored salt is padded to a multiple of the block size which affects AES-192
var decryptedKeyValue = CryptoHelpers.DecryptBytes(cipher, encryptedKeyValue, hash, saltValue);
Array.Resize(ref decryptedKeyValue, keyBits / 8);
return(decryptedKeyValue);
}
public override bool VerifyPassword(string password)
{
// 2.3.6.4 Password Verification
var secretKey = GenerateSecretKey(password);
var blockKey = GenerateBlockKey(0, secretKey);
using (var cipher = CryptoHelpers.CreateCipher(CipherIdentifier.RC4, 0, 0, 0))
{
using (var transform = cipher.CreateDecryptor(blockKey, null))
{
var decryptedVerifier = CryptoHelpers.DecryptBytes(transform, EncryptedVerifier);
var decryptedVerifierHash = CryptoHelpers.DecryptBytes(transform, EncryptedVerifierHash);
var verifierHash = CryptoHelpers.HashBytes(decryptedVerifier, HashIdentifier.MD5);
for (var i = 0; i < 16; ++i)
{
if (decryptedVerifierHash[i] != verifierHash[i])
{
return(false);
}
}
return(true);
}
}
}
public override byte[] GenerateBlockKey(int blockNumber, byte[] secretKey)
{
var salt = CryptoHelpers.HashBytes(CryptoHelpers.Combine(secretKey, BitConverter.GetBytes(blockNumber)), HashAlgorithm);
Array.Resize(ref salt, BlockSize);
return(salt);
}
public override bool VerifyPassword(string password)
{
// 2.3.4.9 Password Verification (Standard Encryption)
// 2.3.5.6 Password Verification
var secretKey = GenerateSecretKey(password);
var blockKey = ((Flags & EncryptionHeaderFlags.AES) != 0) ? secretKey : GenerateBlockKey(0, secretKey);
using (var cipher = CryptoHelpers.CreateCipher(CipherAlgorithm, KeySize, BlockSize, CipherMode.ECB))
{
using (var transform = cipher.CreateDecryptor(blockKey, SaltValue))
{
var decryptedVerifier = CryptoHelpers.DecryptBytes(transform, Verifier);
var decryptedVerifierHash = CryptoHelpers.DecryptBytes(transform, VerifierHash);
var verifierHash = CryptoHelpers.HashBytes(decryptedVerifier, HashAlgorithm);
for (var i = 0; i < 16; ++i)
{
if (decryptedVerifierHash[i] != verifierHash[i])
{
return(false);
}
}
return(true);
}
}
}
public override byte[] GenerateBlockKey(int blockNumber, byte[] secretKey)
{
if ((Flags & EncryptionHeaderFlags.AES) != 0)
{
/*var salt = CryptoHelpers.Combine(secretKey, BitConverter.GetBytes(blockNumber));
* salt = CryptoHelpers.HashBytes(salt, HashAlgorithm);
* Array.Resize(ref salt, (int)KeySize / 8);
* return salt;*/
throw new Exception("Block key for ECMA-376 Standard Encryption not implemented");
}
else if ((Flags & EncryptionHeaderFlags.CryptoAPI) != 0)
{
var salt = CryptoHelpers.Combine(secretKey, BitConverter.GetBytes(blockNumber));
salt = CryptoHelpers.HashBytes(salt, HashAlgorithm);
Array.Resize(ref salt, (int)KeySize / 8);
if (KeySize == 40)
{
// 2.3.5.2: If keyLength is exactly 40 bits, the encryption key MUST be composed of the first 40 bits of Hfinal and 88 bits set to zero, creating a 128-bit key.
salt = CryptoHelpers.Combine(salt, new byte[] { 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 });
}
return(salt);
}
else
{
throw new InvalidOperationException("Unknown encryption type");
}
}
public static byte[] GenerateSecretKey(string password, byte[] salt)
{
if (password.Length > 16)
{
password = password.Substring(0, 16);
}
var h = CryptoHelpers.HashBytes(System.Text.Encoding.Unicode.GetBytes(password), HashIdentifier.MD5);
Array.Resize(ref h, 5);
// Combine h + salt 16 times:
h = CryptoHelpers.Combine(h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt, h, salt);
h = CryptoHelpers.HashBytes(h, HashIdentifier.MD5);
Array.Resize(ref h, 5);
return(h);
}
public override byte[] GenerateBlockKey(int blockNumber, byte[] secretKey)
{
var salt = CryptoHelpers.Combine(secretKey, BitConverter.GetBytes(blockNumber));
return(CryptoHelpers.HashBytes(salt, HashIdentifier.MD5));
}
/// <summary>
/// 2.3.5.2 RC4 CryptoAPI Encryption Key Generation
/// </summary>
private static byte[] GenerateCryptoApiSecretKey(string password, byte[] saltValue, HashIdentifier hashAlgorithm, int keySize)
{
return(CryptoHelpers.HashBytes(CryptoHelpers.Combine(saltValue, System.Text.Encoding.Unicode.GetBytes(password)), hashAlgorithm));
}
