OLD | NEW |
1 // Copyright 2014 PDFium Authors. All rights reserved. | 1 // Copyright 2014 PDFium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com | 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com |
6 | 6 |
7 #include "core/fpdfapi/fpdf_parser/cpdf_security_handler.h" | 7 #include "core/fpdfapi/fpdf_parser/cpdf_security_handler.h" |
8 | 8 |
9 #include <time.h> | 9 #include <time.h> |
10 | 10 |
(...skipping 11 matching lines...) Expand all Loading... |
22 0x56, 0xff, 0xfa, 0x01, 0x08, 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, | 22 0x56, 0xff, 0xfa, 0x01, 0x08, 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, |
23 0x3e, 0x80, 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a}; | 23 0x3e, 0x80, 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a}; |
24 | 24 |
25 void CalcEncryptKey(CPDF_Dictionary* pEncrypt, | 25 void CalcEncryptKey(CPDF_Dictionary* pEncrypt, |
26 const uint8_t* password, | 26 const uint8_t* password, |
27 uint32_t pass_size, | 27 uint32_t pass_size, |
28 uint8_t* key, | 28 uint8_t* key, |
29 int keylen, | 29 int keylen, |
30 FX_BOOL bIgnoreMeta, | 30 FX_BOOL bIgnoreMeta, |
31 CPDF_Array* pIdArray) { | 31 CPDF_Array* pIdArray) { |
32 int revision = pEncrypt->GetIntegerBy("R"); | 32 int revision = pEncrypt->GetIntegerFor("R"); |
33 uint8_t passcode[32]; | 33 uint8_t passcode[32]; |
34 for (uint32_t i = 0; i < 32; i++) { | 34 for (uint32_t i = 0; i < 32; i++) { |
35 passcode[i] = i < pass_size ? password[i] : defpasscode[i - pass_size]; | 35 passcode[i] = i < pass_size ? password[i] : defpasscode[i - pass_size]; |
36 } | 36 } |
37 uint8_t md5[100]; | 37 uint8_t md5[100]; |
38 CRYPT_MD5Start(md5); | 38 CRYPT_MD5Start(md5); |
39 CRYPT_MD5Update(md5, passcode, 32); | 39 CRYPT_MD5Update(md5, passcode, 32); |
40 CFX_ByteString okey = pEncrypt->GetStringBy("O"); | 40 CFX_ByteString okey = pEncrypt->GetStringFor("O"); |
41 CRYPT_MD5Update(md5, (uint8_t*)okey.c_str(), okey.GetLength()); | 41 CRYPT_MD5Update(md5, (uint8_t*)okey.c_str(), okey.GetLength()); |
42 uint32_t perm = pEncrypt->GetIntegerBy("P"); | 42 uint32_t perm = pEncrypt->GetIntegerFor("P"); |
43 CRYPT_MD5Update(md5, (uint8_t*)&perm, 4); | 43 CRYPT_MD5Update(md5, (uint8_t*)&perm, 4); |
44 if (pIdArray) { | 44 if (pIdArray) { |
45 CFX_ByteString id = pIdArray->GetStringAt(0); | 45 CFX_ByteString id = pIdArray->GetStringAt(0); |
46 CRYPT_MD5Update(md5, (uint8_t*)id.c_str(), id.GetLength()); | 46 CRYPT_MD5Update(md5, (uint8_t*)id.c_str(), id.GetLength()); |
47 } | 47 } |
48 if (!bIgnoreMeta && revision >= 3 && | 48 if (!bIgnoreMeta && revision >= 3 && |
49 !pEncrypt->GetIntegerBy("EncryptMetadata", 1)) { | 49 !pEncrypt->GetIntegerFor("EncryptMetadata", 1)) { |
50 uint32_t tag = (uint32_t)-1; | 50 uint32_t tag = (uint32_t)-1; |
51 CRYPT_MD5Update(md5, (uint8_t*)&tag, 4); | 51 CRYPT_MD5Update(md5, (uint8_t*)&tag, 4); |
52 } | 52 } |
53 uint8_t digest[16]; | 53 uint8_t digest[16]; |
54 CRYPT_MD5Finish(md5, digest); | 54 CRYPT_MD5Finish(md5, digest); |
55 uint32_t copy_len = keylen; | 55 uint32_t copy_len = keylen; |
56 if (copy_len > sizeof(digest)) { | 56 if (copy_len > sizeof(digest)) { |
57 copy_len = sizeof(digest); | 57 copy_len = sizeof(digest); |
58 } | 58 } |
59 if (revision >= 3) { | 59 if (revision >= 3) { |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
108 } | 108 } |
109 | 109 |
110 uint32_t CPDF_SecurityHandler::GetPermissions() { | 110 uint32_t CPDF_SecurityHandler::GetPermissions() { |
111 return m_bOwnerUnlocked ? 0xFFFFFFFF : m_Permissions; | 111 return m_bOwnerUnlocked ? 0xFFFFFFFF : m_Permissions; |
112 } | 112 } |
113 | 113 |
114 static FX_BOOL LoadCryptInfo(CPDF_Dictionary* pEncryptDict, | 114 static FX_BOOL LoadCryptInfo(CPDF_Dictionary* pEncryptDict, |
115 const CFX_ByteString& name, | 115 const CFX_ByteString& name, |
116 int& cipher, | 116 int& cipher, |
117 int& keylen) { | 117 int& keylen) { |
118 int Version = pEncryptDict->GetIntegerBy("V"); | 118 int Version = pEncryptDict->GetIntegerFor("V"); |
119 cipher = FXCIPHER_RC4; | 119 cipher = FXCIPHER_RC4; |
120 keylen = 0; | 120 keylen = 0; |
121 if (Version >= 4) { | 121 if (Version >= 4) { |
122 CPDF_Dictionary* pCryptFilters = pEncryptDict->GetDictBy("CF"); | 122 CPDF_Dictionary* pCryptFilters = pEncryptDict->GetDictFor("CF"); |
123 if (!pCryptFilters) { | 123 if (!pCryptFilters) { |
124 return FALSE; | 124 return FALSE; |
125 } | 125 } |
126 if (name == "Identity") { | 126 if (name == "Identity") { |
127 cipher = FXCIPHER_NONE; | 127 cipher = FXCIPHER_NONE; |
128 } else { | 128 } else { |
129 CPDF_Dictionary* pDefFilter = pCryptFilters->GetDictBy(name); | 129 CPDF_Dictionary* pDefFilter = pCryptFilters->GetDictFor(name); |
130 if (!pDefFilter) { | 130 if (!pDefFilter) { |
131 return FALSE; | 131 return FALSE; |
132 } | 132 } |
133 int nKeyBits = 0; | 133 int nKeyBits = 0; |
134 if (Version == 4) { | 134 if (Version == 4) { |
135 nKeyBits = pDefFilter->GetIntegerBy("Length", 0); | 135 nKeyBits = pDefFilter->GetIntegerFor("Length", 0); |
136 if (nKeyBits == 0) { | 136 if (nKeyBits == 0) { |
137 nKeyBits = pEncryptDict->GetIntegerBy("Length", 128); | 137 nKeyBits = pEncryptDict->GetIntegerFor("Length", 128); |
138 } | 138 } |
139 } else { | 139 } else { |
140 nKeyBits = pEncryptDict->GetIntegerBy("Length", 256); | 140 nKeyBits = pEncryptDict->GetIntegerFor("Length", 256); |
141 } | 141 } |
142 if (nKeyBits < 40) { | 142 if (nKeyBits < 40) { |
143 nKeyBits *= 8; | 143 nKeyBits *= 8; |
144 } | 144 } |
145 keylen = nKeyBits / 8; | 145 keylen = nKeyBits / 8; |
146 CFX_ByteString cipher_name = pDefFilter->GetStringBy("CFM"); | 146 CFX_ByteString cipher_name = pDefFilter->GetStringFor("CFM"); |
147 if (cipher_name == "AESV2" || cipher_name == "AESV3") { | 147 if (cipher_name == "AESV2" || cipher_name == "AESV3") { |
148 cipher = FXCIPHER_AES; | 148 cipher = FXCIPHER_AES; |
149 } | 149 } |
150 } | 150 } |
151 } else { | 151 } else { |
152 keylen = Version > 1 ? pEncryptDict->GetIntegerBy("Length", 40) / 8 : 5; | 152 keylen = Version > 1 ? pEncryptDict->GetIntegerFor("Length", 40) / 8 : 5; |
153 } | 153 } |
154 if (keylen > 32 || keylen < 0) { | 154 if (keylen > 32 || keylen < 0) { |
155 return FALSE; | 155 return FALSE; |
156 } | 156 } |
157 return TRUE; | 157 return TRUE; |
158 } | 158 } |
159 | 159 |
160 FX_BOOL CPDF_SecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict) { | 160 FX_BOOL CPDF_SecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict) { |
161 m_pEncryptDict = pEncryptDict; | 161 m_pEncryptDict = pEncryptDict; |
162 m_Version = pEncryptDict->GetIntegerBy("V"); | 162 m_Version = pEncryptDict->GetIntegerFor("V"); |
163 m_Revision = pEncryptDict->GetIntegerBy("R"); | 163 m_Revision = pEncryptDict->GetIntegerFor("R"); |
164 m_Permissions = pEncryptDict->GetIntegerBy("P", -1); | 164 m_Permissions = pEncryptDict->GetIntegerFor("P", -1); |
165 if (m_Version < 4) | 165 if (m_Version < 4) |
166 return LoadCryptInfo(pEncryptDict, CFX_ByteString(), m_Cipher, m_KeyLen); | 166 return LoadCryptInfo(pEncryptDict, CFX_ByteString(), m_Cipher, m_KeyLen); |
167 | 167 |
168 CFX_ByteString stmf_name = pEncryptDict->GetStringBy("StmF"); | 168 CFX_ByteString stmf_name = pEncryptDict->GetStringFor("StmF"); |
169 CFX_ByteString strf_name = pEncryptDict->GetStringBy("StrF"); | 169 CFX_ByteString strf_name = pEncryptDict->GetStringFor("StrF"); |
170 if (stmf_name != strf_name) | 170 if (stmf_name != strf_name) |
171 return FALSE; | 171 return FALSE; |
172 | 172 |
173 return LoadCryptInfo(pEncryptDict, strf_name, m_Cipher, m_KeyLen); | 173 return LoadCryptInfo(pEncryptDict, strf_name, m_Cipher, m_KeyLen); |
174 } | 174 } |
175 | 175 |
176 FX_BOOL CPDF_SecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict, | 176 FX_BOOL CPDF_SecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict, |
177 uint32_t type, | 177 uint32_t type, |
178 int& cipher, | 178 int& cipher, |
179 int& key_len) { | 179 int& key_len) { |
180 m_pEncryptDict = pEncryptDict; | 180 m_pEncryptDict = pEncryptDict; |
181 m_Version = pEncryptDict->GetIntegerBy("V"); | 181 m_Version = pEncryptDict->GetIntegerFor("V"); |
182 m_Revision = pEncryptDict->GetIntegerBy("R"); | 182 m_Revision = pEncryptDict->GetIntegerFor("R"); |
183 m_Permissions = pEncryptDict->GetIntegerBy("P", -1); | 183 m_Permissions = pEncryptDict->GetIntegerFor("P", -1); |
184 | 184 |
185 CFX_ByteString strf_name; | 185 CFX_ByteString strf_name; |
186 CFX_ByteString stmf_name; | 186 CFX_ByteString stmf_name; |
187 if (m_Version >= 4) { | 187 if (m_Version >= 4) { |
188 stmf_name = pEncryptDict->GetStringBy("StmF"); | 188 stmf_name = pEncryptDict->GetStringFor("StmF"); |
189 strf_name = pEncryptDict->GetStringBy("StrF"); | 189 strf_name = pEncryptDict->GetStringFor("StrF"); |
190 if (stmf_name != strf_name) | 190 if (stmf_name != strf_name) |
191 return FALSE; | 191 return FALSE; |
192 } | 192 } |
193 if (!LoadCryptInfo(pEncryptDict, strf_name, cipher, key_len)) | 193 if (!LoadCryptInfo(pEncryptDict, strf_name, cipher, key_len)) |
194 return FALSE; | 194 return FALSE; |
195 | 195 |
196 m_Cipher = cipher; | 196 m_Cipher = cipher; |
197 m_KeyLen = key_len; | 197 m_KeyLen = key_len; |
198 return TRUE; | 198 return TRUE; |
199 } | 199 } |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
297 FX_Free(aes); | 297 FX_Free(aes); |
298 if (hash) { | 298 if (hash) { |
299 FXSYS_memcpy(hash, input, 32); | 299 FXSYS_memcpy(hash, input, 32); |
300 } | 300 } |
301 } | 301 } |
302 FX_BOOL CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password, | 302 FX_BOOL CPDF_SecurityHandler::AES256_CheckPassword(const uint8_t* password, |
303 uint32_t size, | 303 uint32_t size, |
304 FX_BOOL bOwner, | 304 FX_BOOL bOwner, |
305 uint8_t* key) { | 305 uint8_t* key) { |
306 CFX_ByteString okey = | 306 CFX_ByteString okey = |
307 m_pEncryptDict ? m_pEncryptDict->GetStringBy("O") : CFX_ByteString(); | 307 m_pEncryptDict ? m_pEncryptDict->GetStringFor("O") : CFX_ByteString(); |
308 if (okey.GetLength() < 48) { | 308 if (okey.GetLength() < 48) { |
309 return FALSE; | 309 return FALSE; |
310 } | 310 } |
311 CFX_ByteString ukey = | 311 CFX_ByteString ukey = |
312 m_pEncryptDict ? m_pEncryptDict->GetStringBy("U") : CFX_ByteString(); | 312 m_pEncryptDict ? m_pEncryptDict->GetStringFor("U") : CFX_ByteString(); |
313 if (ukey.GetLength() < 48) { | 313 if (ukey.GetLength() < 48) { |
314 return FALSE; | 314 return FALSE; |
315 } | 315 } |
316 const uint8_t* pkey = (bOwner ? okey : ukey).raw_str(); | 316 const uint8_t* pkey = (bOwner ? okey : ukey).raw_str(); |
317 uint8_t sha[128]; | 317 uint8_t sha[128]; |
318 uint8_t digest[32]; | 318 uint8_t digest[32]; |
319 if (m_Revision >= 6) { | 319 if (m_Revision >= 6) { |
320 Revision6_Hash(password, size, (const uint8_t*)pkey + 32, | 320 Revision6_Hash(password, size, (const uint8_t*)pkey + 32, |
321 bOwner ? ukey.raw_str() : nullptr, digest); | 321 bOwner ? ukey.raw_str() : nullptr, digest); |
322 } else { | 322 } else { |
(...skipping 17 matching lines...) Expand all Loading... |
340 } else { | 340 } else { |
341 CRYPT_SHA256Start(sha); | 341 CRYPT_SHA256Start(sha); |
342 CRYPT_SHA256Update(sha, password, size); | 342 CRYPT_SHA256Update(sha, password, size); |
343 CRYPT_SHA256Update(sha, pkey + 40, 8); | 343 CRYPT_SHA256Update(sha, pkey + 40, 8); |
344 if (bOwner) { | 344 if (bOwner) { |
345 CRYPT_SHA256Update(sha, ukey.raw_str(), 48); | 345 CRYPT_SHA256Update(sha, ukey.raw_str(), 48); |
346 } | 346 } |
347 CRYPT_SHA256Finish(sha, digest); | 347 CRYPT_SHA256Finish(sha, digest); |
348 } | 348 } |
349 CFX_ByteString ekey = m_pEncryptDict | 349 CFX_ByteString ekey = m_pEncryptDict |
350 ? m_pEncryptDict->GetStringBy(bOwner ? "OE" : "UE") | 350 ? m_pEncryptDict->GetStringFor(bOwner ? "OE" : "UE") |
351 : CFX_ByteString(); | 351 : CFX_ByteString(); |
352 if (ekey.GetLength() < 32) { | 352 if (ekey.GetLength() < 32) { |
353 return FALSE; | 353 return FALSE; |
354 } | 354 } |
355 uint8_t* aes = FX_Alloc(uint8_t, 2048); | 355 uint8_t* aes = FX_Alloc(uint8_t, 2048); |
356 CRYPT_AESSetKey(aes, 16, digest, 32, FALSE); | 356 CRYPT_AESSetKey(aes, 16, digest, 32, FALSE); |
357 uint8_t iv[16]; | 357 uint8_t iv[16]; |
358 FXSYS_memset(iv, 0, 16); | 358 FXSYS_memset(iv, 0, 16); |
359 CRYPT_AESSetIV(aes, iv); | 359 CRYPT_AESSetIV(aes, iv); |
360 CRYPT_AESDecrypt(aes, key, ekey.raw_str(), 32); | 360 CRYPT_AESDecrypt(aes, key, ekey.raw_str(), 32); |
361 CRYPT_AESSetKey(aes, 16, key, 32, FALSE); | 361 CRYPT_AESSetKey(aes, 16, key, 32, FALSE); |
362 CRYPT_AESSetIV(aes, iv); | 362 CRYPT_AESSetIV(aes, iv); |
363 CFX_ByteString perms = m_pEncryptDict->GetStringBy("Perms"); | 363 CFX_ByteString perms = m_pEncryptDict->GetStringFor("Perms"); |
364 if (perms.IsEmpty()) { | 364 if (perms.IsEmpty()) { |
365 return FALSE; | 365 return FALSE; |
366 } | 366 } |
367 uint8_t perms_buf[16]; | 367 uint8_t perms_buf[16]; |
368 FXSYS_memset(perms_buf, 0, sizeof(perms_buf)); | 368 FXSYS_memset(perms_buf, 0, sizeof(perms_buf)); |
369 uint32_t copy_len = sizeof(perms_buf); | 369 uint32_t copy_len = sizeof(perms_buf); |
370 if (copy_len > (uint32_t)perms.GetLength()) { | 370 if (copy_len > (uint32_t)perms.GetLength()) { |
371 copy_len = perms.GetLength(); | 371 copy_len = perms.GetLength(); |
372 } | 372 } |
373 FXSYS_memcpy(perms_buf, perms.raw_str(), copy_len); | 373 FXSYS_memcpy(perms_buf, perms.raw_str(), copy_len); |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
406 CheckUserPassword(password, size, TRUE, key, key_len); | 406 CheckUserPassword(password, size, TRUE, key, key_len); |
407 } | 407 } |
408 FX_BOOL CPDF_SecurityHandler::CheckUserPassword(const uint8_t* password, | 408 FX_BOOL CPDF_SecurityHandler::CheckUserPassword(const uint8_t* password, |
409 uint32_t pass_size, | 409 uint32_t pass_size, |
410 FX_BOOL bIgnoreEncryptMeta, | 410 FX_BOOL bIgnoreEncryptMeta, |
411 uint8_t* key, | 411 uint8_t* key, |
412 int32_t key_len) { | 412 int32_t key_len) { |
413 CalcEncryptKey(m_pEncryptDict, password, pass_size, key, key_len, | 413 CalcEncryptKey(m_pEncryptDict, password, pass_size, key, key_len, |
414 bIgnoreEncryptMeta, m_pParser->GetIDArray()); | 414 bIgnoreEncryptMeta, m_pParser->GetIDArray()); |
415 CFX_ByteString ukey = | 415 CFX_ByteString ukey = |
416 m_pEncryptDict ? m_pEncryptDict->GetStringBy("U") : CFX_ByteString(); | 416 m_pEncryptDict ? m_pEncryptDict->GetStringFor("U") : CFX_ByteString(); |
417 if (ukey.GetLength() < 16) { | 417 if (ukey.GetLength() < 16) { |
418 return FALSE; | 418 return FALSE; |
419 } | 419 } |
420 uint8_t ukeybuf[32]; | 420 uint8_t ukeybuf[32]; |
421 if (m_Revision == 2) { | 421 if (m_Revision == 2) { |
422 FXSYS_memcpy(ukeybuf, defpasscode, 32); | 422 FXSYS_memcpy(ukeybuf, defpasscode, 32); |
423 CRYPT_ArcFourCryptBlock(ukeybuf, 32, key, key_len); | 423 CRYPT_ArcFourCryptBlock(ukeybuf, 32, key, key_len); |
424 } else { | 424 } else { |
425 uint8_t test[32], tmpkey[32]; | 425 uint8_t test[32], tmpkey[32]; |
426 uint32_t copy_len = sizeof(test); | 426 uint32_t copy_len = sizeof(test); |
(...skipping 20 matching lines...) Expand all Loading... |
447 return FXSYS_memcmp(test, ukeybuf, 16) == 0; | 447 return FXSYS_memcmp(test, ukeybuf, 16) == 0; |
448 } | 448 } |
449 if (FXSYS_memcmp((void*)ukey.c_str(), ukeybuf, 16) == 0) { | 449 if (FXSYS_memcmp((void*)ukey.c_str(), ukeybuf, 16) == 0) { |
450 return TRUE; | 450 return TRUE; |
451 } | 451 } |
452 return FALSE; | 452 return FALSE; |
453 } | 453 } |
454 CFX_ByteString CPDF_SecurityHandler::GetUserPassword(const uint8_t* owner_pass, | 454 CFX_ByteString CPDF_SecurityHandler::GetUserPassword(const uint8_t* owner_pass, |
455 uint32_t pass_size, | 455 uint32_t pass_size, |
456 int32_t key_len) { | 456 int32_t key_len) { |
457 CFX_ByteString okey = m_pEncryptDict->GetStringBy("O"); | 457 CFX_ByteString okey = m_pEncryptDict->GetStringFor("O"); |
458 uint8_t passcode[32]; | 458 uint8_t passcode[32]; |
459 for (uint32_t i = 0; i < 32; i++) { | 459 for (uint32_t i = 0; i < 32; i++) { |
460 passcode[i] = i < pass_size ? owner_pass[i] : defpasscode[i - pass_size]; | 460 passcode[i] = i < pass_size ? owner_pass[i] : defpasscode[i - pass_size]; |
461 } | 461 } |
462 uint8_t digest[16]; | 462 uint8_t digest[16]; |
463 CRYPT_MD5Generate(passcode, 32, digest); | 463 CRYPT_MD5Generate(passcode, 32, digest); |
464 if (m_Revision >= 3) { | 464 if (m_Revision >= 3) { |
465 for (uint32_t i = 0; i < 50; i++) { | 465 for (uint32_t i = 0; i < 50; i++) { |
466 CRYPT_MD5Generate(digest, 16, digest); | 466 CRYPT_MD5Generate(digest, 16, digest); |
467 } | 467 } |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
504 CFX_ByteString user_pass = GetUserPassword(password, pass_size, key_len); | 504 CFX_ByteString user_pass = GetUserPassword(password, pass_size, key_len); |
505 if (CheckUserPassword(user_pass.raw_str(), user_pass.GetLength(), FALSE, key, | 505 if (CheckUserPassword(user_pass.raw_str(), user_pass.GetLength(), FALSE, key, |
506 key_len)) { | 506 key_len)) { |
507 return TRUE; | 507 return TRUE; |
508 } | 508 } |
509 return CheckUserPassword(user_pass.raw_str(), user_pass.GetLength(), TRUE, | 509 return CheckUserPassword(user_pass.raw_str(), user_pass.GetLength(), TRUE, |
510 key, key_len); | 510 key, key_len); |
511 } | 511 } |
512 | 512 |
513 bool CPDF_SecurityHandler::IsMetadataEncrypted() const { | 513 bool CPDF_SecurityHandler::IsMetadataEncrypted() const { |
514 return m_pEncryptDict->GetBooleanBy("EncryptMetadata", true); | 514 return m_pEncryptDict->GetBooleanFor("EncryptMetadata", true); |
515 } | 515 } |
516 | 516 |
517 void CPDF_SecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, | 517 void CPDF_SecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, |
518 CPDF_Array* pIdArray, | 518 CPDF_Array* pIdArray, |
519 const uint8_t* user_pass, | 519 const uint8_t* user_pass, |
520 uint32_t user_size, | 520 uint32_t user_size, |
521 const uint8_t* owner_pass, | 521 const uint8_t* owner_pass, |
522 uint32_t owner_size, | 522 uint32_t owner_size, |
523 FX_BOOL bDefault, | 523 FX_BOOL bDefault, |
524 uint32_t type) { | 524 uint32_t type) { |
(...skipping 11 matching lines...) Expand all Loading... |
536 CRYPT_SHA256Start(sha); | 536 CRYPT_SHA256Start(sha); |
537 CRYPT_SHA256Update(sha, (uint8_t*)&t, sizeof t); | 537 CRYPT_SHA256Update(sha, (uint8_t*)&t, sizeof t); |
538 CRYPT_SHA256Update(sha, m_EncryptKey, 32); | 538 CRYPT_SHA256Update(sha, m_EncryptKey, 32); |
539 CRYPT_SHA256Update(sha, (uint8_t*)"there", 5); | 539 CRYPT_SHA256Update(sha, (uint8_t*)"there", 5); |
540 CRYPT_SHA256Finish(sha, m_EncryptKey); | 540 CRYPT_SHA256Finish(sha, m_EncryptKey); |
541 AES256_SetPassword(pEncryptDict, user_pass, user_size, FALSE, m_EncryptKey); | 541 AES256_SetPassword(pEncryptDict, user_pass, user_size, FALSE, m_EncryptKey); |
542 if (bDefault) { | 542 if (bDefault) { |
543 AES256_SetPassword(pEncryptDict, owner_pass, owner_size, TRUE, | 543 AES256_SetPassword(pEncryptDict, owner_pass, owner_size, TRUE, |
544 m_EncryptKey); | 544 m_EncryptKey); |
545 AES256_SetPerms(pEncryptDict, m_Permissions, | 545 AES256_SetPerms(pEncryptDict, m_Permissions, |
546 pEncryptDict->GetBooleanBy("EncryptMetadata", true), | 546 pEncryptDict->GetBooleanFor("EncryptMetadata", true), |
547 m_EncryptKey); | 547 m_EncryptKey); |
548 } | 548 } |
549 return; | 549 return; |
550 } | 550 } |
551 if (bDefault) { | 551 if (bDefault) { |
552 uint8_t passcode[32]; | 552 uint8_t passcode[32]; |
553 for (uint32_t i = 0; i < 32; i++) { | 553 for (uint32_t i = 0; i < 32; i++) { |
554 passcode[i] = | 554 passcode[i] = |
555 i < owner_size ? owner_pass[i] : defpasscode[i - owner_size]; | 555 i < owner_size ? owner_pass[i] : defpasscode[i - owner_size]; |
556 } | 556 } |
(...skipping 10 matching lines...) Expand all Loading... |
567 } | 567 } |
568 CRYPT_ArcFourCryptBlock(passcode, 32, enckey, key_len); | 568 CRYPT_ArcFourCryptBlock(passcode, 32, enckey, key_len); |
569 uint8_t tempkey[32]; | 569 uint8_t tempkey[32]; |
570 if (m_Revision >= 3) { | 570 if (m_Revision >= 3) { |
571 for (uint8_t i = 1; i <= 19; i++) { | 571 for (uint8_t i = 1; i <= 19; i++) { |
572 for (int j = 0; j < key_len; j++) | 572 for (int j = 0; j < key_len; j++) |
573 tempkey[j] = enckey[j] ^ i; | 573 tempkey[j] = enckey[j] ^ i; |
574 CRYPT_ArcFourCryptBlock(passcode, 32, tempkey, key_len); | 574 CRYPT_ArcFourCryptBlock(passcode, 32, tempkey, key_len); |
575 } | 575 } |
576 } | 576 } |
577 pEncryptDict->SetAtString("O", CFX_ByteString(passcode, 32)); | 577 pEncryptDict->SetStringFor("O", CFX_ByteString(passcode, 32)); |
578 } | 578 } |
579 CalcEncryptKey(m_pEncryptDict, (uint8_t*)user_pass, user_size, m_EncryptKey, | 579 CalcEncryptKey(m_pEncryptDict, (uint8_t*)user_pass, user_size, m_EncryptKey, |
580 key_len, FALSE, pIdArray); | 580 key_len, FALSE, pIdArray); |
581 if (m_Revision < 3) { | 581 if (m_Revision < 3) { |
582 uint8_t tempbuf[32]; | 582 uint8_t tempbuf[32]; |
583 FXSYS_memcpy(tempbuf, defpasscode, 32); | 583 FXSYS_memcpy(tempbuf, defpasscode, 32); |
584 CRYPT_ArcFourCryptBlock(tempbuf, 32, m_EncryptKey, key_len); | 584 CRYPT_ArcFourCryptBlock(tempbuf, 32, m_EncryptKey, key_len); |
585 pEncryptDict->SetAtString("U", CFX_ByteString(tempbuf, 32)); | 585 pEncryptDict->SetStringFor("U", CFX_ByteString(tempbuf, 32)); |
586 } else { | 586 } else { |
587 uint8_t md5[100]; | 587 uint8_t md5[100]; |
588 CRYPT_MD5Start(md5); | 588 CRYPT_MD5Start(md5); |
589 CRYPT_MD5Update(md5, defpasscode, 32); | 589 CRYPT_MD5Update(md5, defpasscode, 32); |
590 if (pIdArray) { | 590 if (pIdArray) { |
591 CFX_ByteString id = pIdArray->GetStringAt(0); | 591 CFX_ByteString id = pIdArray->GetStringAt(0); |
592 CRYPT_MD5Update(md5, (uint8_t*)id.c_str(), id.GetLength()); | 592 CRYPT_MD5Update(md5, (uint8_t*)id.c_str(), id.GetLength()); |
593 } | 593 } |
594 uint8_t digest[32]; | 594 uint8_t digest[32]; |
595 CRYPT_MD5Finish(md5, digest); | 595 CRYPT_MD5Finish(md5, digest); |
596 CRYPT_ArcFourCryptBlock(digest, 16, m_EncryptKey, key_len); | 596 CRYPT_ArcFourCryptBlock(digest, 16, m_EncryptKey, key_len); |
597 uint8_t tempkey[32]; | 597 uint8_t tempkey[32]; |
598 for (uint8_t i = 1; i <= 19; i++) { | 598 for (uint8_t i = 1; i <= 19; i++) { |
599 for (int j = 0; j < key_len; j++) { | 599 for (int j = 0; j < key_len; j++) { |
600 tempkey[j] = m_EncryptKey[j] ^ i; | 600 tempkey[j] = m_EncryptKey[j] ^ i; |
601 } | 601 } |
602 CRYPT_ArcFourCryptBlock(digest, 16, tempkey, key_len); | 602 CRYPT_ArcFourCryptBlock(digest, 16, tempkey, key_len); |
603 } | 603 } |
604 CRYPT_MD5Generate(digest, 16, digest + 16); | 604 CRYPT_MD5Generate(digest, 16, digest + 16); |
605 pEncryptDict->SetAtString("U", CFX_ByteString(digest, 32)); | 605 pEncryptDict->SetStringFor("U", CFX_ByteString(digest, 32)); |
606 } | 606 } |
607 } | 607 } |
608 void CPDF_SecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, | 608 void CPDF_SecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, |
609 CPDF_Array* pIdArray, | 609 CPDF_Array* pIdArray, |
610 const uint8_t* user_pass, | 610 const uint8_t* user_pass, |
611 uint32_t user_size, | 611 uint32_t user_size, |
612 const uint8_t* owner_pass, | 612 const uint8_t* owner_pass, |
613 uint32_t owner_size, | 613 uint32_t owner_size, |
614 uint32_t type) { | 614 uint32_t type) { |
615 OnCreate(pEncryptDict, pIdArray, user_pass, user_size, owner_pass, owner_size, | 615 OnCreate(pEncryptDict, pIdArray, user_pass, user_size, owner_pass, owner_size, |
(...skipping 11 matching lines...) Expand all Loading... |
627 const uint8_t* password, | 627 const uint8_t* password, |
628 uint32_t size, | 628 uint32_t size, |
629 FX_BOOL bOwner, | 629 FX_BOOL bOwner, |
630 const uint8_t* key) { | 630 const uint8_t* key) { |
631 uint8_t sha[128]; | 631 uint8_t sha[128]; |
632 CRYPT_SHA1Start(sha); | 632 CRYPT_SHA1Start(sha); |
633 CRYPT_SHA1Update(sha, key, 32); | 633 CRYPT_SHA1Update(sha, key, 32); |
634 CRYPT_SHA1Update(sha, (uint8_t*)"hello", 5); | 634 CRYPT_SHA1Update(sha, (uint8_t*)"hello", 5); |
635 uint8_t digest[20]; | 635 uint8_t digest[20]; |
636 CRYPT_SHA1Finish(sha, digest); | 636 CRYPT_SHA1Finish(sha, digest); |
637 CFX_ByteString ukey = pEncryptDict->GetStringBy("U"); | 637 CFX_ByteString ukey = pEncryptDict->GetStringFor("U"); |
638 uint8_t digest1[48]; | 638 uint8_t digest1[48]; |
639 if (m_Revision >= 6) { | 639 if (m_Revision >= 6) { |
640 Revision6_Hash(password, size, digest, bOwner ? ukey.raw_str() : nullptr, | 640 Revision6_Hash(password, size, digest, bOwner ? ukey.raw_str() : nullptr, |
641 digest1); | 641 digest1); |
642 } else { | 642 } else { |
643 CRYPT_SHA256Start(sha); | 643 CRYPT_SHA256Start(sha); |
644 CRYPT_SHA256Update(sha, password, size); | 644 CRYPT_SHA256Update(sha, password, size); |
645 CRYPT_SHA256Update(sha, digest, 8); | 645 CRYPT_SHA256Update(sha, digest, 8); |
646 if (bOwner) { | 646 if (bOwner) { |
647 CRYPT_SHA256Update(sha, ukey.raw_str(), ukey.GetLength()); | 647 CRYPT_SHA256Update(sha, ukey.raw_str(), ukey.GetLength()); |
648 } | 648 } |
649 CRYPT_SHA256Finish(sha, digest1); | 649 CRYPT_SHA256Finish(sha, digest1); |
650 } | 650 } |
651 FXSYS_memcpy(digest1 + 32, digest, 16); | 651 FXSYS_memcpy(digest1 + 32, digest, 16); |
652 pEncryptDict->SetAtString(bOwner ? "O" : "U", CFX_ByteString(digest1, 48)); | 652 pEncryptDict->SetStringFor(bOwner ? "O" : "U", CFX_ByteString(digest1, 48)); |
653 if (m_Revision >= 6) { | 653 if (m_Revision >= 6) { |
654 Revision6_Hash(password, size, digest + 8, | 654 Revision6_Hash(password, size, digest + 8, |
655 bOwner ? ukey.raw_str() : nullptr, digest1); | 655 bOwner ? ukey.raw_str() : nullptr, digest1); |
656 } else { | 656 } else { |
657 CRYPT_SHA256Start(sha); | 657 CRYPT_SHA256Start(sha); |
658 CRYPT_SHA256Update(sha, password, size); | 658 CRYPT_SHA256Update(sha, password, size); |
659 CRYPT_SHA256Update(sha, digest + 8, 8); | 659 CRYPT_SHA256Update(sha, digest + 8, 8); |
660 if (bOwner) { | 660 if (bOwner) { |
661 CRYPT_SHA256Update(sha, ukey.raw_str(), ukey.GetLength()); | 661 CRYPT_SHA256Update(sha, ukey.raw_str(), ukey.GetLength()); |
662 } | 662 } |
663 CRYPT_SHA256Finish(sha, digest1); | 663 CRYPT_SHA256Finish(sha, digest1); |
664 } | 664 } |
665 uint8_t* aes = FX_Alloc(uint8_t, 2048); | 665 uint8_t* aes = FX_Alloc(uint8_t, 2048); |
666 CRYPT_AESSetKey(aes, 16, digest1, 32, TRUE); | 666 CRYPT_AESSetKey(aes, 16, digest1, 32, TRUE); |
667 uint8_t iv[16]; | 667 uint8_t iv[16]; |
668 FXSYS_memset(iv, 0, 16); | 668 FXSYS_memset(iv, 0, 16); |
669 CRYPT_AESSetIV(aes, iv); | 669 CRYPT_AESSetIV(aes, iv); |
670 CRYPT_AESEncrypt(aes, digest1, key, 32); | 670 CRYPT_AESEncrypt(aes, digest1, key, 32); |
671 FX_Free(aes); | 671 FX_Free(aes); |
672 pEncryptDict->SetAtString(bOwner ? "OE" : "UE", CFX_ByteString(digest1, 32)); | 672 pEncryptDict->SetStringFor(bOwner ? "OE" : "UE", CFX_ByteString(digest1, 32)); |
673 } | 673 } |
674 void CPDF_SecurityHandler::AES256_SetPerms(CPDF_Dictionary* pEncryptDict, | 674 void CPDF_SecurityHandler::AES256_SetPerms(CPDF_Dictionary* pEncryptDict, |
675 uint32_t permissions, | 675 uint32_t permissions, |
676 FX_BOOL bEncryptMetadata, | 676 FX_BOOL bEncryptMetadata, |
677 const uint8_t* key) { | 677 const uint8_t* key) { |
678 uint8_t buf[16]; | 678 uint8_t buf[16]; |
679 buf[0] = (uint8_t)permissions; | 679 buf[0] = (uint8_t)permissions; |
680 buf[1] = (uint8_t)(permissions >> 8); | 680 buf[1] = (uint8_t)(permissions >> 8); |
681 buf[2] = (uint8_t)(permissions >> 16); | 681 buf[2] = (uint8_t)(permissions >> 16); |
682 buf[3] = (uint8_t)(permissions >> 24); | 682 buf[3] = (uint8_t)(permissions >> 24); |
683 buf[4] = 0xff; | 683 buf[4] = 0xff; |
684 buf[5] = 0xff; | 684 buf[5] = 0xff; |
685 buf[6] = 0xff; | 685 buf[6] = 0xff; |
686 buf[7] = 0xff; | 686 buf[7] = 0xff; |
687 buf[8] = bEncryptMetadata ? 'T' : 'F'; | 687 buf[8] = bEncryptMetadata ? 'T' : 'F'; |
688 buf[9] = 'a'; | 688 buf[9] = 'a'; |
689 buf[10] = 'd'; | 689 buf[10] = 'd'; |
690 buf[11] = 'b'; | 690 buf[11] = 'b'; |
691 uint8_t* aes = FX_Alloc(uint8_t, 2048); | 691 uint8_t* aes = FX_Alloc(uint8_t, 2048); |
692 CRYPT_AESSetKey(aes, 16, key, 32, TRUE); | 692 CRYPT_AESSetKey(aes, 16, key, 32, TRUE); |
693 uint8_t iv[16], buf1[16]; | 693 uint8_t iv[16], buf1[16]; |
694 FXSYS_memset(iv, 0, 16); | 694 FXSYS_memset(iv, 0, 16); |
695 CRYPT_AESSetIV(aes, iv); | 695 CRYPT_AESSetIV(aes, iv); |
696 CRYPT_AESEncrypt(aes, buf1, buf, 16); | 696 CRYPT_AESEncrypt(aes, buf1, buf, 16); |
697 FX_Free(aes); | 697 FX_Free(aes); |
698 pEncryptDict->SetAtString("Perms", CFX_ByteString(buf1, 16)); | 698 pEncryptDict->SetStringFor("Perms", CFX_ByteString(buf1, 16)); |
699 } | 699 } |
OLD | NEW |