Bug ID: 390338
Summary: implementation of 19.697 table:protection-key doesn't
conform to ODF 1.2
Target Milestone: ---
tested version: calligra-sheets-3.0.1-16.fc27.x86_64
ODF 1.1 allowed these attributes to set passwords to "protect" spreadsheet
documents and sheets, and did not specify in any way what their string value
ODF 1.2 part 1 says about them:
... The password shall be provided as a sequence of bytes in UTF-8 encoding.
... Consumers shall support http://www.w3.org/2000/09/xmldsig#sha1, which is
the default, and http://www.w3.org/2000/09/xmldsig#sha256.
bugs vs. ODF 1.2:
1. apparently the implementation uses UTF-16 little-endian encoding for the
password, at least LibreOffice 5.4 can verify the password and it only uses
2. only SHA1 is supported, not the mandatory SHA256
verifying the above variants in addition to the currently implemented one would
be nice i guess.
see LO bug https://bugs.documentfoundation.org/show_bug.cgi?id=115483
and LO fix
for inspiration, particularly SvPasswordHelper::CompareHashPassword which does
all verification in one place.
You are receiving this mail because:
You are watching all bug changes.