Uploaded image for project: 'OASIS Open Document Format for Office Applications (OpenDocument) TC'
  1. OASIS Open Document Format for Office Applications (OpenDocument) TC
  2. OFFICE-2741

ODF 1.2 Part 3 Sections 4.6, 4.8.9 conflict on start-key-derivation

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Applied
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: ODF 1.2 CD 05
    • Fix Version/s: ODF 1.2 CD 06
    • Component/s: Packaging, Part 2 (Packages) [1.2: 3], Security
    • Labels:
      None
    • Environment:

      This issue applies to various recent drafts of ODF 1.2 Part 3. The issue is worded in terms of the specific text of ODF 1.2 CD05 Part 3.

    • Proposal:
      Hide

      In section 4.8.9 manifest:key-derivation-name, DELETE this final paragraph:

      """
      If the value of this attribute is PBKDF2 or urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#pbkdf2 the <manifest:encryption-data> 4.4 shall contain a <manifest:start-key-generation> 4.6 child element that specifies the start key for the PBKDF2 algorithm.
      """

      In section 4.6 <manifest:start-key-derviation> REPLACE the only text with the following:

      """
      The optional <manifest:start-key-generation> element specifies how the encryption start key is derived from the user specified password.

      When a <manifest:start-key-generation> element is absent as a child of a <manifest:encryption-data> element, interpretation is the same as if the element is present with attributes manifest:start-key-derivation-name="SHA1" and manifest:key-size="20". Note: Omission of the element in this case supports down-level compatibility with the default encryption algorithms (3.4.2) in implementations of earlier OpenDocument Format versions

      The password shall be provided to the start-key-generation algorithm as a sequence of bytes in UTF-8 encoding.
      """

      Show
      In section 4.8.9 manifest:key-derivation-name, DELETE this final paragraph: """ If the value of this attribute is PBKDF2 or urn:oasis:names:tc:opendocument:xmlns:manifest:1.0#pbkdf2 the <manifest:encryption-data> 4.4 shall contain a <manifest:start-key-generation> 4.6 child element that specifies the start key for the PBKDF2 algorithm. """ In section 4.6 <manifest:start-key-derviation> REPLACE the only text with the following: """ The optional <manifest:start-key-generation> element specifies how the encryption start key is derived from the user specified password. When a <manifest:start-key-generation> element is absent as a child of a <manifest:encryption-data> element, interpretation is the same as if the element is present with attributes manifest:start-key-derivation-name="SHA1" and manifest:key-size="20". Note: Omission of the element in this case supports down-level compatibility with the default encryption algorithms (3.4.2) in implementations of earlier OpenDocument Format versions The password shall be provided to the start-key-generation algorithm as a sequence of bytes in UTF-8 encoding. """
    • Resolution:
      Hide

      1. Replace the text of section 4.6 <manifest:start-key-generation> with
      """
      The optional <manifest:start-key-generation> element specifies how the encryption start key is derived from the user specified password. The password shall be provided as a sequence of bytes in UTF-encoding.

      When a <manifest:start-key-generation> element is absent as a child of a <manifest:encryption-data> element, interpretation is the same as if the element is present with default attribute values.
      """

      2. In section 4.8.6 mainfest:start-key-generation-name follow the list with a new paragraph having the single statement
      """
      The default value for this attribute is SHA1.
      """

      3. In section 4.8.7 manifest:key-size, add the following paragraphs:
      """
      For a <manifest:start-key-generation> element, the default value for this attribute is 20. [Note: the value used will need to be compatible with the result obtain from the start-key-generation algorithm and the input requirements of the key derivation algorithm.]

      For a <manifest:key-derivation> element, the default value for this attribute is 16. [Note: The value used will need to be one obtainable from the key-derivation algorithm and acceptable for the encryption algorithm being used.]
      """

      Show
      1. Replace the text of section 4.6 <manifest:start-key-generation> with """ The optional <manifest:start-key-generation> element specifies how the encryption start key is derived from the user specified password. The password shall be provided as a sequence of bytes in UTF-encoding. When a <manifest:start-key-generation> element is absent as a child of a <manifest:encryption-data> element, interpretation is the same as if the element is present with default attribute values. """ 2. In section 4.8.6 mainfest:start-key-generation-name follow the list with a new paragraph having the single statement """ The default value for this attribute is SHA1. """ 3. In section 4.8.7 manifest:key-size, add the following paragraphs: """ For a <manifest:start-key-generation> element, the default value for this attribute is 20. [Note: the value used will need to be compatible with the result obtain from the start-key-generation algorithm and the input requirements of the key derivation algorithm.] For a <manifest:key-derivation> element, the default value for this attribute is 16. [Note: The value used will need to be one obtainable from the key-derivation algorithm and acceptable for the encryption algorithm being used.] """

      Description

      In ODF 1.2 CD05 Part 3, sections 3.4.1 and 3.4.2 are clear that a digest of the user-provided password is always created and that it is used in a key-derivation procedure that is always performed.

      In ODF 1.2 CD05 Part 3, the new <manifest:start-key-derivation> attribute is optional and may specify a variety of digest algorithms and, optionally, a key size determining how much of the digest is taken as the password used in the key-derivation stage.

      The default behavior when there is no appearance of optional informational start-key information is quite clear. It is also compatible with documents encrypted by ODF 1.1 producers.

      Because the default behavior is quite clear, there seems to be no point in the provision in 4.8.9 manifest-key-derivation-name that when the default settings are present for that attribute, the appearance of the <manifest:start-key-derivation> element is mandatory. It also makes default encryptions from ODF 1.2 producers unacceptable to ODF 1.1 consumers for which <manifest:start-key-derivation> is no better than a foreign attribute and for which the fall-back behavior of simply ignoring it may or may not be successful. On the other hand, having the element be absent when the default interpretation is intended is always successful down-level.

        Attachments

          Activity

            People

            • Assignee:
              orcmid Dennis Hamilton (Inactive)
              Reporter:
              orcmid Dennis Hamilton (Inactive)
            • Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: