From: Cédric Walter Date: Wed, 2 Apr 2014 07:15:48 +0000 (+0000) Subject: moved oxxml resources to module X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=57902078f6938ebd64b5d5c5d7e808b5e83c4f2e;p=poi.git moved oxxml resources to module git-svn-id: https://svn.apache.org/repos/asf/poi/branches/maven@1583904 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsd b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsd new file mode 100644 index 0000000000..7423c85de0 --- /dev/null +++ b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsd @@ -0,0 +1,39 @@ + + + + + + + + + + + + A base64-encoded value that specifies the encrypted form of the intermediate key, which is encrypted with the public key contained within the X509Certificate attribute. + + + A base64-encoded value that specifies a DER-encoded X.509 certificate (1) used to encrypt the intermediate key. The certificate (1) MUST contain only the public portion of the public-private key pair. + + + A base64-encoded value that specifies the HMAC of the binary data obtained by base64-decoding the X509Certificate attribute. The hashing algorithm used to derive the HMAC MUST be the hashing algorithm specified for the Encryption.keyData element. The secret key used to derive the HMAC MUST be the intermediate key. If the intermediate key is reset, any CertificateKeyEncryptor elements are also reset to contain the new intermediate key, except that the certVerifier attribute MUST match the value calculated using the current intermediate key, to verify that the CertificateKeyEncryptor element actually encrypted the current intermediate key. If a CertificateKeyEncryptor element does not have a correct certVerifier attribute, it MUST be discarded. + + + + diff --git a/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsdconfig b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsdconfig new file mode 100644 index 0000000000..73a27fa50a --- /dev/null +++ b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsdconfig @@ -0,0 +1,24 @@ + + + + + + + \ No newline at end of file diff --git a/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsd b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsd new file mode 100644 index 0000000000..5b08560c3a --- /dev/null +++ b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsd @@ -0,0 +1,259 @@ + + + + + + + + An unsigned integer that specifies the number of bytes used by a salt. It MUST be at least 1 and no greater than 65,536. + + + + + + + + + An unsigned integer that specifies the number of bytes used to encrypt one block of data. It MUST be at least 2, no greater than 4096, and a multiple of 2. + + + + + + + + + An unsigned integer that specifies the number of bits used by an encryption algorithm. It MUST be at least 8 and a multiple of 8. + + + + + + + + An unsigned integer that specifies the number of bytes used by a hash value. It MUST be at least 1, no greater than 65,536, and the same number of bytes as the hash algorithm emits. + + + + + + + + + An unsigned integer that specifies the number of times to iterate on a hash of a password. It MUST NOT be greater than 10,000,000. + + + + + + + + + modified for poi - list is restricted to given list in [ms-offcrypto] + A string that specifies the cipher algorithm. Values that are not defined MAY be used, and a compliant implementation is not required to support all defined values. Any algorithm that can be resolved by name by the underlying operating system can be used for hashing or encryption. Only block algorithms are supported for encryption. AES-128 is the default encryption algorithm, and SHA-1 is the default hashing algorithm if no other algorithms have been configured. + + + + + MUST conform to the AES algorithm. + + + + + MUST conform to the algorithm as specified in [RFC2268] (http://tools.ietf.org/html/rfc2268). The use of RC2 is not recommended. If RC2 is used with a key length of less than 128 bits, documents could interoperate incorrectly across different versions of Windows. + + + + + MUST NOT be used. + + + + + MUST conform to the DES algorithm. The use of DES is not recommended. If DES is used, the key length specified in the KeyBits element is required to be set to 64 for 56-bit encryption, and the key decrypted from encryptedKeyValue of KeyEncryptor is required to include the DES parity bits. + + + + + MUST conform to the algorithm as specified in [DRAFT-DESX] (http://tools.ietf.org/html/draft-ietf-ipsec-ciph-desx-00). The use of DESX is not recommended. If DESX is used, documents could interoperate incorrectly across different versions of Windows. + + + + + MUST conform to the algorithm as specified in [RFC1851] (http://tools.ietf.org/html/rfc1851). If 3DES or 3DES_112 is used, the key length specified in the KeyBits element is required to be set to 192 for 168-bit encryption and 128 for 112-bit encryption, and the key decrypted from encryptedKeyValue of KeyEncryptor is required to include the DES parity bits. + + + + + see 3DES + + + + + + + A string that specifies the chaining mode used by CipherAlgorithm. For more details about chaining modes, see [BCMO800-38A] (http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf). + + + + + block chaining (CBC) + + + + + Cipher feedback chaining (CFB), with an 8-bit window + + + + + + + modified for poi - list is restricted to given list in [ms-offcrypto] + A string specifying a hashing algorithm. Values that are not defined MAY be used, and a compliant implementation is not required to support all defined values. + + + + + MUST conform to the algorithm as specified in [RFC4634] (http://tools.ietf.org/html/rfc4634). + + + + + see SHA1 + + + + + see SHA1 + + + + + see SHA1 + + + + + MUST conform to MD5. + + + + + MUST conform to the algorithm as specified in [RFC1320] (http://tools.ietf.org/html/rfc1320). + + + + + MUST conform to the algorithm as specified in [RFC1319] (http://tools.ietf.org/html/rfc1319). + + + + + MUST conform to the hash functions specified in [ISO/IEC 10118]. (https://en.wikipedia.org/wiki/RIPEMD) + + + + + see RIPEMD-128 (https://en.wikipedia.org/wiki/RIPEMD) + + + + + see RIPEMD-128 (https://en.wikipedia.org/wiki/ISO/IEC_10118-3) + + + + + + + A complex type that specifies the encryption used within this element. The saltValue attribute is a base64-encoded binary value that is randomly generated. The number of bytes required to decode the saltValue attribute MUST be equal to the value of the saltSize attribute. + + + + + + + + + + + + + A complex type that specifies data used to verify whether the encrypted data passes an integrity check. It MUST be generated using the method specified in section 2.3.4.14 (http://msdn.microsoft.com/en-us/library/dd924068(v=office.12).aspx). + + + + A base64-encoded value that specifies an encrypted key used in calculating the encryptedHmacValue. + + + + + A base64-encoded value that specifies an HMAC derived from encryptedHmacKey and the encrypted data. + + + + + + modified for POI + A complex type that specifies the parameters used to encrypt an intermediate key, which is used to perform the final encryption of the document. To ensure extensibility, arbitrary elements can be defined to encrypt the intermediate key. The intermediate key MUST be the same for all KeyEncryptor elements. + + + + + + + + modified for POI + + + + + + + + + + + + A sequence of KeyEncryptor elements. Exactly one KeyEncryptors element MUST be present, and the KeyEncryptors element MUST contain at least one KeyEncryptor. + + + + + + + + + + + modified for POI + All ECMA-376 documents [ECMA-376] encrypted by Microsoft Office using agile encryption will have a DataIntegrity element present. The schema allows for a DataIntegrity element to not be present because the encryption schema can be used by applications that do not create ECMA-376 documents [ECMA-376]. + + + + + The KeyEncryptor element, which MUST be used when encrypting password-protected agile encryption documents, is either a PasswordKeyEncryptor or a CertificateKeyEncryptor. Exactly one PasswordKeyEncryptor MUST be present. Zero or more CertificateKeyEncryptor elements are contained within the KeyEncryptors element. + + + + + + diff --git a/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsdconfig b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsdconfig new file mode 100644 index 0000000000..c9474a0f3a --- /dev/null +++ b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsdconfig @@ -0,0 +1,25 @@ + + + + + + + + \ No newline at end of file diff --git a/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsd b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsd new file mode 100644 index 0000000000..79ae888a0e --- /dev/null +++ b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsd @@ -0,0 +1,66 @@ + + + + + + + + + + + + A SaltSize that specifies the size of the salt for a PasswordKeyEncryptor. + + + A BlockSize that specifies the block size for a PasswordKeyEncryptor. + + + A KeyBits that specifies the number of bits for a PasswordKeyEncryptor. + + + A HashSize that specifies the size of the binary form of the hash for a PasswordKeyEncryptor. + + + A CipherAlgorithm that specifies the cipher algorithm for a PasswordKeyEncryptor. The cipher algorithm specified MUST be the same as the cipher algorithm specified for the Encryption.keyData element. + + + A CipherChaining that specifies the cipher chaining mode for a PasswordKeyEncryptor. + + + A HashAlgorithm that specifies the hashing algorithm for a PasswordKeyEncryptor. The hashing algorithm specified MUST be the same as the hashing algorithm specified for the Encryption.keyData element. + + + A base64-encoded binary byte array that specifies the salt value for a PasswordKeyEncryptor. The number of bytes required by the decoded form of this element MUST be saltSize. + + + A SpinCount that specifies the spin count for a PasswordKeyEncryptor. + + + A base64-encoded value that specifies the encrypted verifier hash input for a PasswordKeyEncryptor used in password verification. + + + A base64-encoded value that specifies the encrypted verifier hash value for a PasswordKeyEncryptor used in password verification. + + + A base64-encoded value that specifies the encrypted form of the intermediate key. + + + + diff --git a/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsdconfig b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsdconfig new file mode 100644 index 0000000000..3a2bb2c8e9 --- /dev/null +++ b/poi-ooxml/src/main/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsdconfig @@ -0,0 +1,24 @@ + + + + + + + \ No newline at end of file diff --git a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsd b/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsd deleted file mode 100644 index 7423c85de0..0000000000 --- a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsd +++ /dev/null @@ -1,39 +0,0 @@ - - - - - - - - - - - - A base64-encoded value that specifies the encrypted form of the intermediate key, which is encrypted with the public key contained within the X509Certificate attribute. - - - A base64-encoded value that specifies a DER-encoded X.509 certificate (1) used to encrypt the intermediate key. The certificate (1) MUST contain only the public portion of the public-private key pair. - - - A base64-encoded value that specifies the HMAC of the binary data obtained by base64-decoding the X509Certificate attribute. The hashing algorithm used to derive the HMAC MUST be the hashing algorithm specified for the Encryption.keyData element. The secret key used to derive the HMAC MUST be the intermediate key. If the intermediate key is reset, any CertificateKeyEncryptor elements are also reset to contain the new intermediate key, except that the certVerifier attribute MUST match the value calculated using the current intermediate key, to verify that the CertificateKeyEncryptor element actually encrypted the current intermediate key. If a CertificateKeyEncryptor element does not have a correct certVerifier attribute, it MUST be discarded. - - - - diff --git a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsdconfig b/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsdconfig deleted file mode 100644 index 73a27fa50a..0000000000 --- a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionCertificate.xsdconfig +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - \ No newline at end of file diff --git a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsd b/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsd deleted file mode 100644 index 5b08560c3a..0000000000 --- a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsd +++ /dev/null @@ -1,259 +0,0 @@ - - - - - - - - An unsigned integer that specifies the number of bytes used by a salt. It MUST be at least 1 and no greater than 65,536. - - - - - - - - - An unsigned integer that specifies the number of bytes used to encrypt one block of data. It MUST be at least 2, no greater than 4096, and a multiple of 2. - - - - - - - - - An unsigned integer that specifies the number of bits used by an encryption algorithm. It MUST be at least 8 and a multiple of 8. - - - - - - - - An unsigned integer that specifies the number of bytes used by a hash value. It MUST be at least 1, no greater than 65,536, and the same number of bytes as the hash algorithm emits. - - - - - - - - - An unsigned integer that specifies the number of times to iterate on a hash of a password. It MUST NOT be greater than 10,000,000. - - - - - - - - - modified for poi - list is restricted to given list in [ms-offcrypto] - A string that specifies the cipher algorithm. Values that are not defined MAY be used, and a compliant implementation is not required to support all defined values. Any algorithm that can be resolved by name by the underlying operating system can be used for hashing or encryption. Only block algorithms are supported for encryption. AES-128 is the default encryption algorithm, and SHA-1 is the default hashing algorithm if no other algorithms have been configured. - - - - - MUST conform to the AES algorithm. - - - - - MUST conform to the algorithm as specified in [RFC2268] (http://tools.ietf.org/html/rfc2268). The use of RC2 is not recommended. If RC2 is used with a key length of less than 128 bits, documents could interoperate incorrectly across different versions of Windows. - - - - - MUST NOT be used. - - - - - MUST conform to the DES algorithm. The use of DES is not recommended. If DES is used, the key length specified in the KeyBits element is required to be set to 64 for 56-bit encryption, and the key decrypted from encryptedKeyValue of KeyEncryptor is required to include the DES parity bits. - - - - - MUST conform to the algorithm as specified in [DRAFT-DESX] (http://tools.ietf.org/html/draft-ietf-ipsec-ciph-desx-00). The use of DESX is not recommended. If DESX is used, documents could interoperate incorrectly across different versions of Windows. - - - - - MUST conform to the algorithm as specified in [RFC1851] (http://tools.ietf.org/html/rfc1851). If 3DES or 3DES_112 is used, the key length specified in the KeyBits element is required to be set to 192 for 168-bit encryption and 128 for 112-bit encryption, and the key decrypted from encryptedKeyValue of KeyEncryptor is required to include the DES parity bits. - - - - - see 3DES - - - - - - - A string that specifies the chaining mode used by CipherAlgorithm. For more details about chaining modes, see [BCMO800-38A] (http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf). - - - - - block chaining (CBC) - - - - - Cipher feedback chaining (CFB), with an 8-bit window - - - - - - - modified for poi - list is restricted to given list in [ms-offcrypto] - A string specifying a hashing algorithm. Values that are not defined MAY be used, and a compliant implementation is not required to support all defined values. - - - - - MUST conform to the algorithm as specified in [RFC4634] (http://tools.ietf.org/html/rfc4634). - - - - - see SHA1 - - - - - see SHA1 - - - - - see SHA1 - - - - - MUST conform to MD5. - - - - - MUST conform to the algorithm as specified in [RFC1320] (http://tools.ietf.org/html/rfc1320). - - - - - MUST conform to the algorithm as specified in [RFC1319] (http://tools.ietf.org/html/rfc1319). - - - - - MUST conform to the hash functions specified in [ISO/IEC 10118]. (https://en.wikipedia.org/wiki/RIPEMD) - - - - - see RIPEMD-128 (https://en.wikipedia.org/wiki/RIPEMD) - - - - - see RIPEMD-128 (https://en.wikipedia.org/wiki/ISO/IEC_10118-3) - - - - - - - A complex type that specifies the encryption used within this element. The saltValue attribute is a base64-encoded binary value that is randomly generated. The number of bytes required to decode the saltValue attribute MUST be equal to the value of the saltSize attribute. - - - - - - - - - - - - - A complex type that specifies data used to verify whether the encrypted data passes an integrity check. It MUST be generated using the method specified in section 2.3.4.14 (http://msdn.microsoft.com/en-us/library/dd924068(v=office.12).aspx). - - - - A base64-encoded value that specifies an encrypted key used in calculating the encryptedHmacValue. - - - - - A base64-encoded value that specifies an HMAC derived from encryptedHmacKey and the encrypted data. - - - - - - modified for POI - A complex type that specifies the parameters used to encrypt an intermediate key, which is used to perform the final encryption of the document. To ensure extensibility, arbitrary elements can be defined to encrypt the intermediate key. The intermediate key MUST be the same for all KeyEncryptor elements. - - - - - - - - modified for POI - - - - - - - - - - - - A sequence of KeyEncryptor elements. Exactly one KeyEncryptors element MUST be present, and the KeyEncryptors element MUST contain at least one KeyEncryptor. - - - - - - - - - - - modified for POI - All ECMA-376 documents [ECMA-376] encrypted by Microsoft Office using agile encryption will have a DataIntegrity element present. The schema allows for a DataIntegrity element to not be present because the encryption schema can be used by applications that do not create ECMA-376 documents [ECMA-376]. - - - - - The KeyEncryptor element, which MUST be used when encrypting password-protected agile encryption documents, is either a PasswordKeyEncryptor or a CertificateKeyEncryptor. Exactly one PasswordKeyEncryptor MUST be present. Zero or more CertificateKeyEncryptor elements are contained within the KeyEncryptors element. - - - - - - diff --git a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsdconfig b/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsdconfig deleted file mode 100644 index c9474a0f3a..0000000000 --- a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionInfo.xsdconfig +++ /dev/null @@ -1,25 +0,0 @@ - - - - - - - - \ No newline at end of file diff --git a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsd b/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsd deleted file mode 100644 index 79ae888a0e..0000000000 --- a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsd +++ /dev/null @@ -1,66 +0,0 @@ - - - - - - - - - - - - A SaltSize that specifies the size of the salt for a PasswordKeyEncryptor. - - - A BlockSize that specifies the block size for a PasswordKeyEncryptor. - - - A KeyBits that specifies the number of bits for a PasswordKeyEncryptor. - - - A HashSize that specifies the size of the binary form of the hash for a PasswordKeyEncryptor. - - - A CipherAlgorithm that specifies the cipher algorithm for a PasswordKeyEncryptor. The cipher algorithm specified MUST be the same as the cipher algorithm specified for the Encryption.keyData element. - - - A CipherChaining that specifies the cipher chaining mode for a PasswordKeyEncryptor. - - - A HashAlgorithm that specifies the hashing algorithm for a PasswordKeyEncryptor. The hashing algorithm specified MUST be the same as the hashing algorithm specified for the Encryption.keyData element. - - - A base64-encoded binary byte array that specifies the salt value for a PasswordKeyEncryptor. The number of bytes required by the decoded form of this element MUST be saltSize. - - - A SpinCount that specifies the spin count for a PasswordKeyEncryptor. - - - A base64-encoded value that specifies the encrypted verifier hash input for a PasswordKeyEncryptor used in password verification. - - - A base64-encoded value that specifies the encrypted verifier hash value for a PasswordKeyEncryptor used in password verification. - - - A base64-encoded value that specifies the encrypted form of the intermediate key. - - - - diff --git a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsdconfig b/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsdconfig deleted file mode 100644 index 3a2bb2c8e9..0000000000 --- a/src/ooxml/resources/org/apache/poi/poifs/crypt/encryptionPassword.xsdconfig +++ /dev/null @@ -1,24 +0,0 @@ - - - - - - - \ No newline at end of file