Bug 55818 - Add encryption support
Summary: Add encryption support
Status: RESOLVED FIXED
Alias: None
Product: POI
Classification: Unclassified
Component: POIFS (show other bugs)
Version: 3.10-dev
Hardware: PC All
: P3 enhancement (vote)
Target Milestone: ---
Assignee: POI Developers List
URL:
Keywords:
Depends on:
Blocks: 51623 55544
  Show dependency tree
 
Reported: 2013-11-26 22:48 UTC by Andreas Beeker
Modified: 2014-04-21 16:18 UTC (History)
0 users



Attachments
patch for encryption support - Part 1 - refactor crypt code (24.93 KB, patch)
2013-11-26 22:52 UTC, Andreas Beeker
Details | Diff
patch for encryption support - Part 2 - xmlbeans for descriptor (50.49 KB, patch)
2013-11-26 23:41 UTC, Andreas Beeker
Details | Diff
patch for encryption support - Part 3 - standard encryption (64.04 KB, patch)
2013-12-07 00:46 UTC, Andreas Beeker
Details | Diff
patch for encryption support - Part 4 - agile encryption (76.66 KB, application/octet-stream)
2013-12-14 20:32 UTC, Andreas Beeker
Details
patch for encryption support - Part 5 - docs and certificate encryption (103.03 KB, patch)
2013-12-20 00:49 UTC, Andreas Beeker
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Andreas Beeker 2013-11-26 22:48:00 UTC
(As nick suggested in #53475, I'm opening this new bug to track the changes)

Currently POI only supports standard/agile decryption - my goal is to provide (mainly agile) encryption support
As this is a bigger change, I'll post changes as soon as a certain feature compiles/tests stable.

I plan the following parts:
- Part 1: refactor decryption code, so I can use it for encryption
- Part 2: xmlbeans support for encryption descriptor
- Part 3: encryption classes
- Part 4: more javadocs and updates to the documentation ;)

Currently the patches will be based on the trunk, so part X contains changes of part X-1,... I'll update the diffs, if predecessor parts have been applied
Comment 1 Andreas Beeker 2013-11-26 22:52:49 UTC
Created attachment 31077 [details]
patch for encryption support - Part 1 - refactor crypt code

For a starter I've refactored the used crypto helper functions, which will be reused for encryption
Comment 2 Andreas Beeker 2013-11-26 23:41:35 UTC
Created attachment 31079 [details]
patch for encryption support - Part 2 - xmlbeans for descriptor

The 2nd part introduces the xml schemas for the encryption descriptor, which is used in agile encryption.

The new xmlbeans classes made it necessary to also change the build. Furthermore there's a fix for OOXMLLite which didn't work with one of the recently introduced Junit4 tests.

I've tried to keep the public decryption interface, i.e. EncryptionInfo/Decryptor, but
I've split up the standard and agile classes, so one can use standard without xmlbeans support, i.e. these classes stay in the main-poi jar, whereas the agile classes have been moved to the ooxml area, because of the new xmlbeans dependency. As agile encryption is used for the X**F formats, one has to have xmlbeans anyway in the dependencies.

Before you apply the patch to the svn repo, please move the corresponding test classes in the repo, to keep the history.
Comment 3 Andreas Beeker 2013-12-07 00:46:20 UTC
Created attachment 31100 [details]
patch for encryption support - Part 3 - standard encryption

ok, here comes part 3, which contains standard encryption support

currently only AES has been tested, but maybe you already want to give it a try ...

Also comments about the interface are welcomed
Comment 4 Andreas Beeker 2013-12-14 20:32:40 UTC
Created attachment 31116 [details]
patch for encryption support - Part 4 - agile encryption

part 4 brings support for agile encryption.

I've tested most cipher/hash combinations with a ms word viewer, but couldn't validate the hashes ripemd* and whirlpool, because opposed to the full feature version, it doesn't support all encryptions. RC4 is currently also not supported, because I don't know how to handle a streaming cipher (i.e. IVs don't work the same way, as with block ciphers) and it's not recommended [1][2]

The code still lacks some (a lot?) of comments, so this is something for part 5 to come and some usage infos wouldn't hurt too ....

[1] http://msdn.microsoft.com/en-us/library/dd925810(v=office.12).aspx
[2] http://blogs.msdn.com/b/david_leblanc/archive/2010/04/16/don-t-use-office-rc4-encryption-really-just-don-t-do-it.aspx (although this focus actually on "Office Binary Document RC4 Encryption" ...)
Comment 5 Andreas Beeker 2013-12-20 00:49:24 UTC
Created attachment 31137 [details]
patch for encryption support - Part 5 - docs and certificate encryption

Part 5 brings a few javadocs / docu updates and an experimental certificate encryption support.

Currently I can't validate the certificate approach ... lets see what the msdn people come up with [1]

[1] social.msdn.microsoft.com/Forums/en-US/cc9092bb-0c82-4b5b-ae21-abf643bdb37c/agile-encryption-with-certificates
Comment 6 Andreas Beeker 2013-12-25 01:30:42 UTC
applied with SVN rev r1553336, r1553338, r1553339, r1553340, r1553342
sorry for that many submits, but I'm running on a jdk 7 locally, instead of a jdk 5