You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@poi.apache.org by bu...@apache.org on 2009/08/06 11:56:38 UTC

DO NOT REPLY [Bug 47652] New: [PATCH] Initial support for encrypted workbooks

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652

           Summary: [PATCH] Initial support for encrypted workbooks
           Product: POI
           Version: 3.5-dev
          Platform: PC
        OS/Version: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: HSSF
        AssignedTo: dev@poi.apache.org
        ReportedBy: max.valjanski@gmail.com


--- Comment #0 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-06 02:56:38 PDT ---
Patch add support for RC4-encrypted workbooks (no CryptoAPI support and
XOR-obfuscation). Also this add support for reading write-protected workbooks
(that is encrypted with Excel built-in password)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #1 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-06 02:57:53 PDT ---
Created an attachment (id=24105)
patch

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #2 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-06 02:58:22 PDT ---
Created an attachment (id=24106)
src/java/org/apache/poi/hssf/record/RC4Header.java

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #3 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-06 02:58:41 PDT ---
Created an attachment (id=24107)
src/java/org/apache/poi/util/RC4InputStream.java

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #7 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-07 01:09:21 PDT ---
Yes, your implementation works for me

I used "Office Document Cryptography Structure Specification, v20090708" and
"Excel Binary File Format (.xls) Structure Specification, v20090708",
http://msdn.microsoft.com/en-us/library/cc313071.aspx ([MS-OFFCRYPTO].pdf and
[MS-XLS].pdf from complete zip file)

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #9 from Josh Micich <jo...@gildedtree.com> 2009-08-14 14:38:57 PDT ---
(In reply to comment #8)
> Created an attachment (id=24136) [details]
> Exception handling
> 
> This patch simplifies diagnostics when valid password was not supplied

Applied in svn r804381

I also improved the error message a little bit to help distinguish between use
of the default password versus supplying user password.

junits added

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #8 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-13 03:56:16 PDT ---
Created an attachment (id=24136)
Exception handling

This patch simplifies diagnostics when valid password was not supplied

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652


Josh Micich <jo...@gildedtree.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |FIXED


--- Comment #6 from Josh Micich <jo...@gildedtree.com> 2009-08-06 23:30:22 PDT ---
Fixed in svn r801890

I had independently worked a solution a few months back but hadn't got round to
submitting it.  The changes I have submitted are mostly based on my own work,
but I  also added some things from your patch that I had missed out:
  - a high level test case
  - better handling of first three ushort fields FILEPASS (BTW - where did you
get that info?)

Some stuff that I had already done:
  - low level unit tests for password/key verification, and key block changes
(the tested code is very hard to understand/maintain solely in the context of
high level use cases). 
  - handle the user password with a ThreadLocal instead of a plain static
field.  This should enable separate threads to decrypt independently.
  - management of which BIFF records get encrypted is managed down in Biff8RC4
(instead of RecordInputStream).  This will allow encrypting code (not done yet)
to use the same logic easily.

Please take a look a the combined changes which are already in svn trunk, and
let me know if it still meets your needs.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #4 from Maxim Valyanskiy <ma...@gmail.com> 2009-08-06 02:59:37 PDT ---
Created an attachment (id=24108)
src/testcases/org/apache/poi/hssf/data/password.xls

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org

DO NOT REPLY [Bug 47652] [PATCH] Initial support for encrypted workbooks

Posted by bu...@apache.org.

https://issues.apache.org/bugzilla/show_bug.cgi?id=47652



--- Comment #5 from Nick Burch <ni...@torchbox.com> 2009-08-06 03:45:32 PDT ---
Thanks for this patch. I've only had a quick glance, and it mostly seems ok,
though I'm slightly concerned about the password being a global static, as that
means that two different threads working on two different files will hit issues
:( Hopefully someone else can suggest something for this though

As this uses the java crypto libraries, which'd be our first use of them, I'll
file the appropriate notice as per http://www.apache.org/dev/crypto.html so
we're cleared to commit this once any tweaks are done.

-- 
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@poi.apache.org
For additional commands, e-mail: dev-help@poi.apache.org