public void AgileEncryption()
{
int maxKeyLen = Cipher.GetMaxAllowedKeyLength("AES");
Assume.That(maxKeyLen == 2147483647, "Please install JCE Unlimited Strength Jurisdiction Policy files for AES 256");
FileStream file = POIDataSamples.GetDocumentInstance().GetFile("bug53475-password-is-pass.docx");
String pass = "******";
NPOIFSFileSystem nfs = new NPOIFSFileSystem(file);
// Check the encryption details
EncryptionInfo infoExpected = new EncryptionInfo(nfs);
Decryptor decExpected = Decryptor.GetInstance(infoExpected);
bool passed = decExpected.VerifyPassword(pass);
Assert.IsTrue(passed, "Unable to Process: document is encrypted");
// extract the payload
Stream is1 = decExpected.GetDataStream(nfs);
byte[] payloadExpected = IOUtils.ToByteArray(is1);
is1.Close();
long decPackLenExpected = decExpected.GetLength();
Assert.AreEqual(decPackLenExpected, payloadExpected.Length);
is1 = nfs.Root.CreateDocumentInputStream(Decryptor.DEFAULT_POIFS_ENTRY);
///is1 = new BoundedInputStream(is1, is1.Available() - 16); // ignore pAdding block
///throw new NotImplementedException(BoundedInputStream);
byte[] encPackExpected = IOUtils.ToByteArray(is1);
is1.Close();
// listDir(nfs.Root, "orig", "");
nfs.Close();
// check that same verifier/salt lead to same hashes
byte[] verifierSaltExpected = infoExpected.Verifier.Salt;
byte[] verifierExpected = decExpected.GetVerifier();
byte[] keySalt = infoExpected.Header.KeySalt;
byte[] keySpec = decExpected.GetSecretKey().GetEncoded();
byte[] integritySalt = decExpected.GetIntegrityHmacKey();
// the hmacs of the file always differ, as we use PKCS5-pAdding to pad the bytes
// whereas office just uses random bytes
// byte integrityHash[] = d.IntegrityHmacValue;
POIFSFileSystem fs = new POIFSFileSystem();
EncryptionInfo infoActual = new EncryptionInfo(
EncryptionMode.Agile
, infoExpected.Verifier.CipherAlgorithm
, infoExpected.Verifier.HashAlgorithm
, infoExpected.Header.KeySize
, infoExpected.Header.BlockSize
, infoExpected.Verifier.ChainingMode
);
Encryptor e = Encryptor.GetInstance(infoActual);
e.ConfirmPassword(pass, keySpec, keySalt, verifierExpected, verifierSaltExpected, integritySalt);
Stream os = e.GetDataStream(fs);
IOUtils.Copy(new MemoryStream(payloadExpected), os);
os.Close();
MemoryStream bos = new MemoryStream();
fs.WriteFileSystem(bos);
nfs = new NPOIFSFileSystem(new MemoryStream(bos.ToArray()));
infoActual = new EncryptionInfo(nfs.Root);
Decryptor decActual = Decryptor.GetInstance(infoActual);
passed = decActual.VerifyPassword(pass);
Assert.IsTrue(passed, "Unable to Process: document is encrypted");
// extract the payload
is1 = decActual.GetDataStream(nfs);
byte[] payloadActual = IOUtils.ToByteArray(is1);
is1.Close();
long decPackLenActual = decActual.GetLength();
is1 = nfs.Root.CreateDocumentInputStream(Decryptor.DEFAULT_POIFS_ENTRY);
///is1 = new BoundedInputStream(is1, is1.Available() - 16); // ignore pAdding block
///throw new NotImplementedException(BoundedInputStream);
byte[] encPackActual = IOUtils.ToByteArray(is1);
is1.Close();
// listDir(nfs.Root, "copy", "");
nfs.Close();
AgileEncryptionHeader aehExpected = (AgileEncryptionHeader)infoExpected.Header;
AgileEncryptionHeader aehActual = (AgileEncryptionHeader)infoActual.Header;
CollectionAssert.AreEqual(aehExpected.GetEncryptedHmacKey(), aehActual.GetEncryptedHmacKey());
Assert.AreEqual(decPackLenExpected, decPackLenActual);
CollectionAssert.AreEqual(payloadExpected, payloadActual);
CollectionAssert.AreEqual(encPackExpected, encPackActual);
}
public void StandardEncryption()
{
FileStream file = POIDataSamples.GetDocumentInstance().GetFile("bug53475-password-is-solrcell.docx");
String pass = "******";
NPOIFSFileSystem nfs = new NPOIFSFileSystem(file);
// Check the encryption details
EncryptionInfo infoExpected = new EncryptionInfo(nfs);
Decryptor d = Decryptor.GetInstance(infoExpected);
bool passed = d.VerifyPassword(pass);
Assert.IsTrue(passed, "Unable to Process: document is encrypted");
// extract the payload
MemoryStream bos = new MemoryStream();
Stream is1 = d.GetDataStream(nfs);
IOUtils.Copy(is1, bos);
is1.Close();
nfs.Close();
byte[] payloadExpected = bos.ToArray();
// check that same verifier/salt lead to same hashes
byte[] verifierSaltExpected = infoExpected.Verifier.Salt;
byte[] verifierExpected = d.GetVerifier();
byte[] keySpec = d.GetSecretKey().GetEncoded();
byte[] keySalt = infoExpected.Header.KeySalt;
POIFSFileSystem fs = new POIFSFileSystem();
EncryptionInfo infoActual = new EncryptionInfo(
EncryptionMode.Standard
, infoExpected.Verifier.CipherAlgorithm
, infoExpected.Verifier.HashAlgorithm
, infoExpected.Header.KeySize
, infoExpected.Header.BlockSize
, infoExpected.Verifier.ChainingMode
);
Encryptor e = Encryptor.GetInstance(infoActual);
e.ConfirmPassword(pass, keySpec, keySalt, verifierExpected, verifierSaltExpected, null);
CollectionAssert.AreEqual(infoExpected.Verifier.EncryptedVerifier, infoActual.Verifier.EncryptedVerifier);
CollectionAssert.AreEqual(infoExpected.Verifier.EncryptedVerifierHash, infoActual.Verifier.EncryptedVerifierHash);
// now we use a newly generated salt/verifier and check
// if the file content is still the same
fs = new POIFSFileSystem();
infoActual = new EncryptionInfo(
EncryptionMode.Standard
, infoExpected.Verifier.CipherAlgorithm
, infoExpected.Verifier.HashAlgorithm
, infoExpected.Header.KeySize
, infoExpected.Header.BlockSize
, infoExpected.Verifier.ChainingMode
);
e = Encryptor.GetInstance(infoActual);
e.ConfirmPassword(pass);
Stream os = e.GetDataStream(fs);
IOUtils.Copy(new MemoryStream(payloadExpected), os);
os.Close();
bos.Seek(0, SeekOrigin.Begin); //bos.Reset();
fs.WriteFileSystem(bos);
ByteArrayInputStream bis = new ByteArrayInputStream(bos.ToArray());
// FileOutputStream fos = new FileOutputStream("encrypted.docx");
// IOUtils.Copy(bis, fos);
// fos.Close();
// bis.Reset();
nfs = new NPOIFSFileSystem(bis);
infoExpected = new EncryptionInfo(nfs);
d = Decryptor.GetInstance(infoExpected);
passed = d.VerifyPassword(pass);
Assert.IsTrue(passed, "Unable to Process: document is encrypted");
bos.Seek(0, SeekOrigin.Begin); //bos.Reset();
is1 = d.GetDataStream(nfs);
IOUtils.Copy(is1, bos);
is1.Close();
nfs.Close();
byte[] payloadActual = bos.ToArray();
CollectionAssert.AreEqual(payloadExpected, payloadActual);
//assertArrayEquals(payloadExpected, payloadActual);
}
