| /* ==================================================================== |
| Licensed to the Apache Software Foundation (ASF) under one or more |
| contributor license agreements. See the NOTICE file distributed with |
| this work for additional information regarding copyright ownership. |
| The ASF licenses this file to You under the Apache License, Version 2.0 |
| (the "License"); you may not use this file except in compliance with |
| the License. You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| ==================================================================== */ |
| |
| package org.apache.poi.poifs.crypt; |
| |
| import org.apache.poi.EncryptedDocumentException; |
| |
| public enum CipherAlgorithm { |
| // key size for rc4: 0x00000028 - 0x00000080 (inclusive) with 8-bit increments |
| // no block size, because its a streaming cipher |
| rc4(CipherProvider.rc4, "RC4", 0x6801, 0x40, new int[]{0x28,0x30,0x38,0x40,0x48,0x50,0x58,0x60,0x68,0x70,0x78,0x80}, -1, 20, "RC4", false), |
| // aes has always a block size of 128 - only its keysize may vary |
| aes128(CipherProvider.aes, "AES", 0x660E, 128, new int[]{128}, 16, 32, "AES", false), |
| aes192(CipherProvider.aes, "AES", 0x660F, 192, new int[]{192}, 16, 32, "AES", false), |
| aes256(CipherProvider.aes, "AES", 0x6610, 256, new int[]{256}, 16, 32, "AES", false), |
| rc2(null, "RC2", -1, 0x80, new int[]{0x28,0x30,0x38,0x40,0x48,0x50,0x58,0x60,0x68,0x70,0x78,0x80}, 8, 20, "RC2", false), |
| des(null, "DES", -1, 64, new int[]{64}, 8/*for 56-bit*/, 32, "DES", false), |
| // desx is not supported. Not sure, if it can be simulated by des3 somehow |
| des3(null, "DESede", -1, 192, new int[]{192}, 8, 32, "3DES", false), |
| // need bouncycastle provider for this one ... |
| // see http://stackoverflow.com/questions/4436397/3des-des-encryption-using-the-jce-generating-an-acceptable-key |
| des3_112(null, "DESede", -1, 128, new int[]{128}, 8, 32, "3DES_112", true), |
| // only for digital signatures |
| rsa(null, "RSA", -1, 1024, new int[]{1024, 2048, 3072, 4096}, -1, -1, "", false); |
| |
| public final CipherProvider provider; |
| public final String jceId; |
| public final int ecmaId; |
| public final int defaultKeySize; |
| public final int[] allowedKeySize; |
| public final int blockSize; |
| public final int encryptedVerifierHashLength; |
| public final String xmlId; |
| public final boolean needsBouncyCastle; |
| |
| CipherAlgorithm(CipherProvider provider, String jceId, int ecmaId, int defaultKeySize, int[] allowedKeySize, int blockSize, int encryptedVerifierHashLength, String xmlId, boolean needsBouncyCastle) { |
| this.provider = provider; |
| this.jceId = jceId; |
| this.ecmaId = ecmaId; |
| this.defaultKeySize = defaultKeySize; |
| this.allowedKeySize = allowedKeySize.clone(); |
| this.blockSize = blockSize; |
| this.encryptedVerifierHashLength = encryptedVerifierHashLength; |
| this.xmlId = xmlId; |
| this.needsBouncyCastle = needsBouncyCastle; |
| } |
| |
| public static CipherAlgorithm fromEcmaId(int ecmaId) { |
| for (CipherAlgorithm ca : CipherAlgorithm.values()) { |
| if (ca.ecmaId == ecmaId) return ca; |
| } |
| throw new EncryptedDocumentException("cipher algorithm " + ecmaId + " not found"); |
| } |
| |
| public static CipherAlgorithm fromXmlId(String xmlId, int keySize) { |
| for (CipherAlgorithm ca : CipherAlgorithm.values()) { |
| if (!ca.xmlId.equals(xmlId)) continue; |
| for (int ks : ca.allowedKeySize) { |
| if (ks == keySize) return ca; |
| } |
| } |
| throw new EncryptedDocumentException("cipher algorithm " + xmlId + "/" + keySize + " not found"); |
| } |
| } |