odftoolkit icon indicating copy to clipboard operation
odftoolkit copied to clipboard
verified publisher icon tdf

Access to encrypted ODS file fails

Open lawern opened this issue 4 years ago • 2 comments

I have created an ODS file with LibreOffice Calc which I have protected with a password. I opened this file as follows:

odfPackage = OdfPackage.loadPackage(document.getFile(), openPassword, null);
odfDocument = OdfDocument.loadDocument(odfPackage);

This still works. After that I try to get the MasterPage as follows:

odfDocument.getOfficeMasterStyles().getMasterPage("Default");

Unfortunately, I get this exception:

java.security.InvalidAlgorithmParameterException: Wrong IV length: must be 8 bytes long
	at java.base/com.sun.crypto.provider.CipherCore.init(CipherCore.java:525)
	at java.base/com.sun.crypto.provider.BlowfishCipher.engineInit(BlowfishCipher.java:222)
	at java.base/javax.crypto.Cipher.implInit(Cipher.java:843)
	at java.base/javax.crypto.Cipher.chooseProvider(Cipher.java:901)
	at java.base/javax.crypto.Cipher.init(Cipher.java:1433)
	at java.base/javax.crypto.Cipher.init(Cipher.java:1364)
	at org.odftoolkit.odfdom.pkg.OdfPackage.decryptData(OdfPackage.java:2052)
	at org.odftoolkit.odfdom.pkg.OdfPackage.getBytes(OdfPackage.java:1870)
	at org.odftoolkit.odfdom.pkg.OdfPackage.getInputStream(OdfPackage.java:2172)
	at org.odftoolkit.odfdom.pkg.OdfFileDom.initialize(OdfFileDom.java:219)
	at org.odftoolkit.odfdom.dom.OdfStylesDom.initialize(OdfStylesDom.java:79)
	at org.odftoolkit.odfdom.pkg.OdfFileDom.<init>(OdfFileDom.java:102)
	at org.odftoolkit.odfdom.dom.OdfStylesDom.<init>(OdfStylesDom.java:64)
	at org.odftoolkit.odfdom.dom.OdfSchemaDocument.getStylesDom(OdfSchemaDocument.java:436)
	at org.odftoolkit.odfdom.dom.OdfSchemaDocument.getOfficeMasterStyles(OdfSchemaDocument.java:536)

I am using the current code from the Master Branch. During debugging, I became aware of the decryptData method in the OdfPackage. There, in line 2027, the AlgorithmElement is read from the manifest.xml. It has the following content in my file:

<manifest:algorithm manifest:algorithm-name="http://www.w3.org/2001/04/xmlenc#aes256-cbc" manifest:initialisation-vector="qiWmy8seRpFOREHbrzhbag=="/>

After the Base64 decoding in line 2033, iv is then 16 bytes long. Is it possible that in line 2048 we should use the algorithm from the manifest instead of the Blowfish? So in my case aes256-cbc?

Thanks, Lars

lawern avatar Nov 26 '21 16:11 lawern

yes, currently only the obsolete algorithms that were used > 10 years ago are implemented in ODF Toolkit; you'd need to add SHA256 and AES to read what current LibreOffice produces.

mistmist avatar Nov 26 '21 16:11 mistmist

Okay, I'll try to change that.

lawern avatar Nov 29 '21 11:11 lawern