https://bugs.kde.org/show_bug.cgi?id=390338
Bug ID: 390338
Summary: implementation of 19.697 table:protection-key doesn't
conform to ODF 1.2
Product: calligrasheets
Version: 3.0.0
Platform: Other
OS: Linux
Status: UNCONFIRMED
Severity: normal
Priority: NOR
Component: opendocument
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
tested version: calligra-sheets-3.0.1-16.fc27.x86_64
ODF 1.1 allowed these attributes to set passwords to "protect" spreadsheet
documents and sheets, and did not specify in any way what their string value
means.
ODF 1.2 part 1 says about them:
19.851 text:protection-key-digest-algorithm
... The password shall be provided as a sequence of bytes in UTF-8 encoding.
... Consumers shall support http://www.w3.org/2000/09/xmldsig#sha1, which is
the default, and http://www.w3.org/2000/09/xmldsig#sha256.
bugs vs. ODF 1.2:
1. apparently the implementation uses UTF-16 little-endian encoding for the
password, at least LibreOffice 5.4 can verify the password and it only uses
UTF-16
2. only SHA1 is supported, not the mandatory SHA256
verifying the above variants in addition to the currently implemented one would
be nice i guess.
see LO bug https://bugs.documentfoundation.org/show_bug.cgi?id=115483
and LO fix
http://cgit.freedesktop.org/libreoffice/core/commit/?id=398275ba9f4d65bebcc78864e70eee6212a84397
for inspiration, particularly SvPasswordHelper::CompareHashPassword which does
all verification in one place.
--
You are receiving this mail because:
You are watching all bug changes.
