115483 – implementation of 19.697 table:protection-key / 19.850 text:protection-key doesn't conform to ODF 1.2

Bug 115483 - implementation of 19.697 table:protection-key / 19.850 text:protection-key doesn't conform to ODF 1.2

Summary: implementation of 19.697 table:protection-key / 19.850 text:protection-key do...

Status:	RESOLVED FIXED

Alias:	None

Product:	LibreOffice
Classification:	Unclassified
Component:	filters and storage (show other bugs)
Version: (earliest affected)	Inherited From OOo
Hardware:	All All

Importance:	medium normal
Assignee:	Michael Stahl (allotropia)

URL:
Whiteboard:	odf target:6.1.0 target:6.0.2
Keywords:

Depends on:
Blocks:	ODF-import
	Show dependency tree / graph

Reported:	2018-02-06 09:47 UTC by Michael Stahl (allotropia)
Modified:	2018-02-15 10:18 UTC (History)
CC List:	4 users (show)

See Also:	114939
Crash report or crash signature:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Michael Stahl (allotropia) 2018-02-06 09:47:33 UTC

ODF 1.1 allowed these attributes to set passwords to "protect" sections,
indexes, spreadsheet documents and sheets, and did not specify
in any way what their string value means.

ODF 1.2 part 1 says about them:

19.851 text:protection-key-digest-algorithm

... The password shall be provided as a sequence of bytes in UTF-8 encoding.

... Consumers shall support http://www.w3.org/2000/09/xmldsig#sha1, which is the default, and http://www.w3.org/2000/09/xmldsig#sha256.

bugs:

1. the LO implementation uses UTF-16 little-endian encoding for the password
(while evidently some ancient OOo versions from 2003 or so actually used
UTF-16 *native* endian, so would use big-endian on e.g. SPARC)

2. only SHA1 is supported, not the mandatory SHA256

3. the SHA1 implementation is buggy, see bug 114939
   (although that should have little practical consequence,
   surely nobody is using 52-byte passwords for this)

Comment 1 Commit Notification 2018-02-07 17:04:13 UTC

Michael Stahl committed a patch related to this issue.
It has been pushed to "master":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=398275ba9f4d65bebcc78864e70eee6212a84397

tdf#115483 svl xmloff sc sw: verify all ODF 1.2 protection-key hashes

It will be available in 6.1.0.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.

Comment 2 Michael Stahl (allotropia) 2018-02-07 19:43:46 UTC

fixed on master, in that we can now verify & round-trip all required ODF 1.2 protection key hashes, but for now we continue to generate the same thing as before until the import code is more widely deployed

Comment 3 Michael Stahl (allotropia) 2018-02-07 20:07:41 UTC

forgot to mention:
in my testing, MS Office 2010, Gnumeric, Abiword, Calligra Words do not support these attributes.  Calligra Sheets does, and understands the same UTF-16 LE as legacy OOo/LO does.

MS Office 2016 claims to not support these attributes:

https://msdn.microsoft.com/en-us/library/hh695327

Comment 4 Commit Notification 2018-02-15 10:18:36 UTC

Michael Stahl committed a patch related to this issue.
It has been pushed to "libreoffice-6-0":

http://cgit.freedesktop.org/libreoffice/core/commit/?id=d28ceb7511a8df9345b1c9818baaad5532853a12&h=libreoffice-6-0

tdf#115483 svl xmloff sc sw: verify all ODF 1.2 protection-key hashes

It will be available in 6.0.2.

The patch should be included in the daily builds available at
http://dev-builds.libreoffice.org/daily/ in the next 24-48 hours. More
information about daily builds can be found at:
http://wiki.documentfoundation.org/Testing_Daily_Builds

Affected users are encouraged to test the fix and report feedback.