public static void SetPassword(CT_SheetProtection xobj, String password, HashAlgorithm hashAlgo, String prefix) { if (password == null) { xobj.password = null; xobj.algorithmName = null; xobj.hashValue = null; xobj.saltValue = null; xobj.spinCount = null; return; } if (hashAlgo == null) { int hash = CryptoFunctions.CreateXorVerifier1(password); xobj.password = String.Format("{0:X4}", hash).ToUpper(); } else { SecureRandom random = new SecureRandom(); byte[] salt = random.GenerateSeed(16); int spinCount = 100000; byte[] hash = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCount, false); xobj.algorithmName = hashAlgo.jceId; xobj.hashValue = Convert.ToBase64String(hash); xobj.saltValue = Convert.ToBase64String(salt); xobj.spinCount = "" + spinCount; } }
public static bool ValidatePassword(CT_SheetProtection xobj, String password, String prefix) { if (password == null) { return(false); } string xorHashVal = xobj.password; string algoName = xobj.algorithmName; string hashVal = xobj.hashValue; string saltVal = xobj.saltValue; string spinCount = xobj.spinCount; if (xorHashVal != null) { int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber); int hash2 = CryptoFunctions.CreateXorVerifier1(password); return(hash1 == hash2); } else { if (hashVal == null || algoName == null || saltVal == null || spinCount == null) { return(false); } byte[] hash1 = Convert.FromBase64String(hashVal); HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName); byte[] salt = Convert.FromBase64String(saltVal); int spinCnt = Int32.Parse(spinCount); byte[] hash2 = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false); return(Arrays.Equals(hash1, hash2)); } }
/// <summary> /// protect a spreadsheet with a password (not encrypted, just sets protect flags and the password.) /// </summary> /// <param name="password">password to set;Pass <code>null</code> to remove all protection</param> /// <param name="shouldProtectObjects">shouldProtectObjects are protected</param> /// <param name="shouldProtectScenarios">shouldProtectScenarios are protected</param> public void ProtectSheet(String password, bool shouldProtectObjects, bool shouldProtectScenarios) { if (password == null) { _passwordRecord = null; _protectRecord = null; _objectProtectRecord = null; _scenarioProtectRecord = null; return; } ProtectRecord prec = this.Protect; PasswordRecord pass = this.Password; prec.Protect = true; pass.Password = (short)CryptoFunctions.CreateXorVerifier1(password); if (_objectProtectRecord == null && shouldProtectObjects) { ObjectProtectRecord rec = CreateObjectProtect(); rec.Protect = (true); _objectProtectRecord = rec; } if (_scenarioProtectRecord == null && shouldProtectScenarios) { ScenarioProtectRecord srec = CreateScenarioProtect(); srec.Protect = (true); _scenarioProtectRecord = srec; } }
/** * Validates the password, i.e. * calculates the hash of the given password and Compares it against the stored hash * * @param xobj the xmlbeans object which Contains the password attributes * @param password the password, if null the method will always return false, * even if there's no password Set * @param prefix the prefix of the password attributes, may be null * * @return true, if the hashes match */ public static bool ValidatePassword(XmlNode xobj, String password, String prefix) { // TODO: is "velvetSweatshop" the default password? if (password == null) { return(false); } XPathNavigator cur = xobj.CreateNavigator(); cur.MoveToAttribute("password", prefix); String xorHashVal = cur.Value; cur.MoveToAttribute("algorithmName", prefix); String algoName = cur.Value; cur.MoveToAttribute("hashValue", prefix); String hashVal = cur.Value; cur.MoveToAttribute("saltValue", prefix); String saltVal = cur.Value; cur.MoveToAttribute("spinCount", prefix); String spinCount = cur.Value; //cur.Dispose(); if (xorHashVal != null) { int hash1 = Int32.Parse(xorHashVal, NumberStyles.HexNumber); int hash2 = CryptoFunctions.CreateXorVerifier1(password); return(hash1 == hash2); } else { if (hashVal == null || algoName == null || saltVal == null || spinCount == null) { return(false); } byte[] hash1 = Convert.FromBase64String(hashVal); HashAlgorithm hashAlgo = HashAlgorithm.FromString(algoName); byte[] salt = Convert.FromBase64String(saltVal); int spinCnt = Int32.Parse(spinCount); byte[] hash2 = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCnt, false); return(Arrays.Equals(hash1, hash2)); } }
public void TestXorEncryption1() { // Xor-Password: abc // 2.5.343 XORObfuscation // key = 20810 // verifier = 52250 int verifier = CryptoFunctions.CreateXorVerifier1("abc"); int key = CryptoFunctions.CreateXorKey1("abc"); Assert.AreEqual(20810, key); Assert.AreEqual(52250, verifier); byte[] xorArrAct = CryptoFunctions.CreateXorArray1("abc"); byte[] xorArrExp = HexRead.ReadFromString("AC-CC-A4-AB-D6-BA-C3-BA-D6-A3-2B-45-D3-79-29-BB"); //assertThat(xorArrExp, EqualTo(xorArrAct)); Assert.That(xorArrExp, Is.EqualTo(xorArrAct)); }
/** * Sets the XORed or hashed password * * @param xobj the xmlbeans object which Contains the password attributes * @param password the password, if null, the password attributes will be Removed * @param hashAlgo the hash algorithm, if null the password will be XORed * @param prefix the prefix of the password attributes, may be null */ public static void SetPassword(XmlNode xobj, String password, HashAlgorithm hashAlgo, String prefix) { XPathNavigator cur = xobj.CreateNavigator(); if (password == null) { //dose the prefix is namespace? check it!!! if (cur.MoveToAttribute("password", prefix)) { cur.DeleteSelf(); } if (cur.MoveToAttribute("algorithmName", prefix)) { cur.DeleteSelf(); } if (cur.MoveToAttribute("hashValue", prefix)) { cur.DeleteSelf(); } if (cur.MoveToAttribute("saltValue", prefix)) { cur.DeleteSelf(); } if (cur.MoveToAttribute("spinCount", prefix)) { cur.DeleteSelf(); } return; } //cur.ToFirstContentToken(); if (hashAlgo == null) { int hash = CryptoFunctions.CreateXorVerifier1(password); cur.CreateAttribute(prefix, "password", null, String.Format("{0:X4}", hash).ToUpper()); //cur.InsertAttributeWithValue(GetAttrName(prefix, "password"), // String.Format("{0:X}", hash).ToUpper()); } else { SecureRandom random = new SecureRandom(); byte[] salt = random.GenerateSeed(16); // Iterations specifies the number of times the hashing function shall be iteratively run (using each // iteration's result as the input for the next iteration). int spinCount = 100000; // Implementation Notes List: // --> In this third stage, the reversed byte order legacy hash from the second stage shall // be Converted to Unicode hex string representation byte[] hash = CryptoFunctions.HashPassword(password, hashAlgo, salt, spinCount, false); cur.CreateAttribute(prefix, "algorithmName", null, hashAlgo.jceId); cur.CreateAttribute(prefix, "hashValue", null, Convert.ToBase64String(hash)); cur.CreateAttribute(prefix, "saltValue", null, Convert.ToBase64String(salt)); cur.CreateAttribute(prefix, "spinCount", null, "" + spinCount); //cur.InsertAttributeWithValue(GetAttrName(prefix, "algorithmName"), hashAlgo.jceId); //cur.InsertAttributeWithValue(GetAttrName(prefix, "hashValue"), Convert.ToBase64String(hash)); //cur.InsertAttributeWithValue(GetAttrName(prefix, "saltValue"), Convert.ToBase64String(salt)); //cur.InsertAttributeWithValue(GetAttrName(prefix, "spinCount"), "" + spinCount); } //cur.Dispose(); }