You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@poi.apache.org by ki...@apache.org on 2013/12/25 02:04:30 UTC
svn commit: r1553342 - in /poi/trunk/src: java/org/apache/poi/poifs/crypt/
ooxml/java/org/apache/poi/poifs/crypt/agile/
ooxml/testcases/org/apache/poi/poifs/crypt/
Author: kiwiwings
Date: Wed Dec 25 01:04:29 2013
New Revision: 1553342
URL: http://svn.apache.org/r1553342
Log:
JCE policy fix
Modified:
poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java
poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java
poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java
poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestCertificateEncryption.java
poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java
Modified: poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java?rev=1553342&r1=1553341&r2=1553342&view=diff
==============================================================================
--- poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java (original)
+++ poi/trunk/src/java/org/apache/poi/poifs/crypt/CryptoFunctions.java Wed Dec 25 01:04:29 2013
@@ -22,12 +22,14 @@ import java.security.GeneralSecurityExce
import java.security.MessageDigest;
import java.security.Provider;
import java.security.Security;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.RC2ParameterSpec;
import org.apache.poi.EncryptedDocumentException;
import org.apache.poi.util.LittleEndian;
@@ -188,8 +190,13 @@ public class CryptoFunctions {
if (vec == null) {
cipher.init(cipherMode, key);
} else {
- IvParameterSpec iv = new IvParameterSpec(vec);
- cipher.init(cipherMode, key, iv);
+ AlgorithmParameterSpec aps;
+ if (cipherAlgorithm == CipherAlgorithm.rc2) {
+ aps = new RC2ParameterSpec(key.getEncoded().length*8, vec);
+ } else {
+ aps = new IvParameterSpec(vec);
+ }
+ cipher.init(cipherMode, key, aps);
}
return cipher;
} catch (GeneralSecurityException e) {
Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java?rev=1553342&r1=1553341&r2=1553342&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileDecryptor.java Wed Dec 25 01:04:29 2013
@@ -29,12 +29,14 @@ import java.security.GeneralSecurityExce
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.cert.X509Certificate;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.Arrays;
import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.poi.EncryptedDocumentException;
@@ -383,7 +385,14 @@ public class AgileDecryptor extends Decr
LittleEndian.putInt(blockKey, 0, index);
EncryptionHeader header = info.getHeader();
byte[] iv = generateIv(header.getHashAlgorithmEx(), header.getKeySalt(), blockKey, getBlockSizeInBytes());
- _cipher.init(Cipher.DECRYPT_MODE, getSecretKey(), new IvParameterSpec(iv));
+ AlgorithmParameterSpec aps;
+ if (header.getCipherAlgorithm() == CipherAlgorithm.rc2) {
+ aps = new RC2ParameterSpec(getSecretKey().getEncoded().length*8, iv);
+ } else {
+ aps = new IvParameterSpec(iv);
+ }
+
+ _cipher.init(Cipher.DECRYPT_MODE, getSecretKey(), aps);
if (_lastIndex != index)
_stream.skip((index - _lastIndex) << 12);
Modified: poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java?rev=1553342&r1=1553341&r2=1553342&view=diff
==============================================================================
--- poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java (original)
+++ poi/trunk/src/ooxml/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java Wed Dec 25 01:04:29 2013
@@ -41,6 +41,7 @@ import java.security.GeneralSecurityExce
import java.security.MessageDigest;
import java.security.SecureRandom;
import java.security.cert.CertificateEncodingException;
+import java.security.spec.AlgorithmParameterSpec;
import java.util.HashMap;
import java.util.Map;
import java.util.Random;
@@ -49,9 +50,11 @@ import javax.crypto.Cipher;
import javax.crypto.Mac;
import javax.crypto.SecretKey;
import javax.crypto.spec.IvParameterSpec;
+import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import org.apache.poi.EncryptedDocumentException;
+import org.apache.poi.poifs.crypt.CipherAlgorithm;
import org.apache.poi.poifs.crypt.CryptoFunctions;
import org.apache.poi.poifs.crypt.DataSpaceMapUtils;
import org.apache.poi.poifs.crypt.EncryptionHeader;
@@ -315,7 +318,14 @@ public class AgileEncryptor extends Encr
LittleEndian.putInt(blockKey, 0, index);
byte[] iv = generateIv(header.getHashAlgorithmEx(), header.getKeySalt(), blockKey, blockSize);
try {
- _cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(), new IvParameterSpec(iv));
+ AlgorithmParameterSpec aps;
+ if (header.getCipherAlgorithm() == CipherAlgorithm.rc2) {
+ aps = new RC2ParameterSpec(getSecretKey().getEncoded().length*8, iv);
+ } else {
+ aps = new IvParameterSpec(iv);
+ }
+
+ _cipher.init(Cipher.ENCRYPT_MODE, getSecretKey(), aps);
int ciLen = _cipher.doFinal(_chunk, 0, posInChunk, _chunk);
out.write(_chunk, 0, ciLen);
} catch (GeneralSecurityException e) {
Modified: poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java?rev=1553342&r1=1553341&r2=1553342&view=diff
==============================================================================
--- poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java (original)
+++ poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestAgileEncryptionParameters.java Wed Dec 25 01:04:29 2013
@@ -28,9 +28,12 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
+import javax.crypto.Cipher;
+
import org.apache.poi.POIDataSamples;
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.apache.poi.util.IOUtils;
+import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
@@ -77,6 +80,9 @@ public class TestAgileEncryptionParamete
@Test
public void testAgileEncryptionModes() throws Exception {
+ int maxKeyLen = Cipher.getMaxAllowedKeyLength(ca.jceId);
+ Assume.assumeTrue("Please install JCE Unlimited Strength Jurisdiction Policy files", maxKeyLen >= ca.defaultKeySize);
+
ByteArrayOutputStream bos = new ByteArrayOutputStream();
POIFSFileSystem fsEnc = new POIFSFileSystem();
Modified: poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestCertificateEncryption.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestCertificateEncryption.java?rev=1553342&r1=1553341&r2=1553342&view=diff
==============================================================================
--- poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestCertificateEncryption.java (original)
+++ poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestCertificateEncryption.java Wed Dec 25 01:04:29 2013
@@ -157,7 +157,7 @@ public class TestCertificateEncryption {
@Test
public void testCertificateEncryption() throws Exception {
POIFSFileSystem fs = new POIFSFileSystem();
- EncryptionInfo info = new EncryptionInfo(fs, EncryptionMode.agile, CipherAlgorithm.aes192, HashAlgorithm.sha1, -1, -1, ChainingMode.cbc);
+ EncryptionInfo info = new EncryptionInfo(fs, EncryptionMode.agile, CipherAlgorithm.aes128, HashAlgorithm.sha1, -1, -1, ChainingMode.cbc);
AgileEncryptionVerifier aev = (AgileEncryptionVerifier)info.getVerifier();
CertData certData = loadKeystore();
aev.addCertificate(certData.x509);
Modified: poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java
URL: http://svn.apache.org/viewvc/poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java?rev=1553342&r1=1553341&r2=1553342&view=diff
==============================================================================
--- poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java (original)
+++ poi/trunk/src/ooxml/testcases/org/apache/poi/poifs/crypt/TestEncryptor.java Wed Dec 25 01:04:29 2013
@@ -30,6 +30,8 @@ import java.io.InputStream;
import java.io.OutputStream;
import java.util.Iterator;
+import javax.crypto.Cipher;
+
import org.apache.poi.POIDataSamples;
import org.apache.poi.poifs.crypt.agile.AgileEncryptionHeader;
import org.apache.poi.poifs.filesystem.DirectoryNode;
@@ -39,11 +41,15 @@ import org.apache.poi.poifs.filesystem.N
import org.apache.poi.poifs.filesystem.POIFSFileSystem;
import org.apache.poi.util.BoundedInputStream;
import org.apache.poi.util.IOUtils;
+import org.junit.Assume;
import org.junit.Test;
public class TestEncryptor {
@Test
public void testAgileEncryption() throws Exception {
+ int maxKeyLen = Cipher.getMaxAllowedKeyLength("AES");
+ Assume.assumeTrue("Please install JCE Unlimited Strength Jurisdiction Policy files for AES 256", maxKeyLen == 2147483647);
+
File file = POIDataSamples.getDocumentInstance().getFile("bug53475-password-is-pass.docx");
String pass = "pass";
NPOIFSFileSystem nfs = new NPOIFSFileSystem(file);
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@poi.apache.org
For additional commands, e-mail: commits-help@poi.apache.org