Uploaded image for project: 'OASIS Open Document Format for Office Applications (OpenDocument) TC'
  1. OASIS Open Document Format for Office Applications (OpenDocument) TC
  2. OFFICE-2739

ODF 1.2 Part 3 4.8.5 manifest:initialisation-vector underspecified

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Applied
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2 CD 05
    • Fix Version/s: ODF 1.2 CD 06
    • Component/s: Packaging, Part 2 (Packages) [1.2: 3], Security
    • Labels:
      None
    • Environment:

      This issue applies for ODF 1.0/1.1/IS 26300 and drafts of ODF 1.2. The specific text and location that is addressed here is that in ODF 1.2 CD05 Part 3.

    • Proposal:
      Hide

      Replace the text of 4.8.5 manifest:inittialisation-vector with

      """
      The manifest:initialisation-vector attribute carries the value of a binary sequence employed in initializing encryption and decryption using the specified algorithm. The left-to-right sequence of octets that contains the successive, left-adjusted bits of the value are represented in the attribute value using base64binary encoding. There shall be enough bits in the value to satisfy the requirements of the specified algorithm.

      Note: The default Blowfish algorithm requires a 64-bit (8-octet) initialization vector for cipher-feedback (CFB) initialization. The initialization vector is used in CFB (and CBC) initialization to ensure that the same initial plaintext will not have the same initial ciphertext when the same derived key is used with more than one file. The initialization vector serves many of the same purposes as a key-derivation salt. Distinct initialization vectors derived from timestamps are useful for avoiding initialization-vector collisions. See [Blowfish] for more information on initialization vectors.
      """

      Show
      Replace the text of 4.8.5 manifest:inittialisation-vector with """ The manifest:initialisation-vector attribute carries the value of a binary sequence employed in initializing encryption and decryption using the specified algorithm. The left-to-right sequence of octets that contains the successive, left-adjusted bits of the value are represented in the attribute value using base64binary encoding. There shall be enough bits in the value to satisfy the requirements of the specified algorithm. Note: The default Blowfish algorithm requires a 64-bit (8-octet) initialization vector for cipher-feedback (CFB) initialization. The initialization vector is used in CFB (and CBC) initialization to ensure that the same initial plaintext will not have the same initial ciphertext when the same derived key is used with more than one file. The initialization vector serves many of the same purposes as a key-derivation salt. Distinct initialization vectors derived from timestamps are useful for avoiding initialization-vector collisions. See [Blowfish] for more information on initialization vectors. """
    • Resolution:
      Hide

      1. In the schema definition for algorithm-attlist, make the manifest:initialization-vector attribute optional.

      2. In section 4.8.5 manifest:initialisation-vector change the first sentence from
      """
      "The manifest:initialization vector specifies the byte-sequence used as an initialization vector to a encryption algorithm.
      """
      to
      """
      The optional manifest:initialisation-vector attribute value provides the byte-sequence for the initialization vector used by the encryption algorithm when delivery of a required initialization vector is not specified as part of the encryption algorithm definition.
      """

      Also in 4.8,5, add the final sentence:
      """
      The format and length of the initialization vector, in bytes, shall be as required by the encryption algorithm specification.
      """

      Show
      1. In the schema definition for algorithm-attlist, make the manifest:initialization-vector attribute optional. 2. In section 4.8.5 manifest:initialisation-vector change the first sentence from """ "The manifest:initialization vector specifies the byte-sequence used as an initialization vector to a encryption algorithm. """ to """ The optional manifest:initialisation-vector attribute value provides the byte-sequence for the initialization vector used by the encryption algorithm when delivery of a required initialization vector is not specified as part of the encryption algorithm definition. """ Also in 4.8,5, add the final sentence: """ The format and length of the initialization vector, in bytes, shall be as required by the encryption algorithm specification. """

      Description

      Section 4.8.5 does not indicate what the governing characteristics of the initialisation vector are and where the requirements for it are obtained.

        Attachments

          Activity

            People

            • Assignee:
              orcmid Dennis Hamilton (Inactive)
              Reporter:
              orcmid Dennis Hamilton (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: