1 // Copyright 2014 PDFium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com 6 7 #include <time.h> 8 #include "../../../include/fpdfapi/fpdf_parser.h" 9 #include "../../../include/fdrm/fx_crypt.h" 10 const FX_BYTE defpasscode[32] = { 11 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41, 12 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08, 13 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80, 14 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a 15 }; 16 void CalcEncryptKey(CPDF_Dictionary* pEncrypt, FX_LPCBYTE password, FX_DWORD pass_size, 17 FX_LPBYTE key, int keylen, FX_BOOL bIgnoreMeta, CPDF_Array* pIdArray) 18 { 19 int revision = pEncrypt->GetInteger(FX_BSTRC("R")); 20 FX_BYTE passcode[32]; 21 for (FX_DWORD i = 0; i < 32; i ++) { 22 passcode[i] = i < pass_size ? password[i] : defpasscode[i - pass_size]; 23 } 24 FX_BYTE md5[100]; 25 CRYPT_MD5Start(md5); 26 CRYPT_MD5Update(md5, passcode, 32); 27 CFX_ByteString okey = pEncrypt->GetString(FX_BSTRC("O")); 28 CRYPT_MD5Update(md5, (FX_LPBYTE)okey.c_str(), okey.GetLength()); 29 FX_DWORD perm = pEncrypt->GetInteger(FX_BSTRC("P")); 30 CRYPT_MD5Update(md5, (FX_LPBYTE)&perm, 4); 31 if (pIdArray) { 32 CFX_ByteString id = pIdArray->GetString(0); 33 CRYPT_MD5Update(md5, (FX_LPBYTE)id.c_str(), id.GetLength()); 34 } 35 if (!bIgnoreMeta && revision >= 3 && !pEncrypt->GetInteger(FX_BSTRC("EncryptMetadata"), 1)) { 36 FX_DWORD tag = (FX_DWORD) - 1; 37 CRYPT_MD5Update(md5, (FX_LPBYTE)&tag, 4); 38 } 39 FX_BYTE digest[16]; 40 CRYPT_MD5Finish(md5, digest); 41 FX_DWORD copy_len = keylen; 42 if (copy_len > sizeof(digest)) { 43 copy_len = sizeof(digest); 44 } 45 if (revision >= 3) { 46 for (int i = 0; i < 50; i ++) { 47 CRYPT_MD5Generate(digest, copy_len, digest); 48 } 49 } 50 FXSYS_memset32(key, 0, keylen); 51 FXSYS_memcpy32(key, digest, copy_len); 52 } 53 CPDF_CryptoHandler* CPDF_StandardSecurityHandler::CreateCryptoHandler() 54 { 55 return new CPDF_StandardCryptoHandler; 56 } 57 typedef struct _PDF_CRYPTOITEM { 58 FX_INT32 m_Cipher; 59 FX_INT32 m_KeyLen; 60 FX_BOOL m_bChecked; 61 CPDF_StandardCryptoHandler* m_pCryptoHandler; 62 } PDF_CRYPTOITEM; 63 CPDF_StandardSecurityHandler::CPDF_StandardSecurityHandler() 64 { 65 m_Version = 0; 66 m_Revision = 0; 67 m_pParser = NULL; 68 m_pEncryptDict = NULL; 69 m_bOwner = FALSE; 70 m_Permissions = 0; 71 m_Cipher = FXCIPHER_NONE; 72 m_KeyLen = 0; 73 } 74 CPDF_StandardSecurityHandler::~CPDF_StandardSecurityHandler() 75 { 76 } 77 FX_BOOL CPDF_StandardSecurityHandler::OnInit(CPDF_Parser* pParser, CPDF_Dictionary* pEncryptDict) 78 { 79 m_pParser = pParser; 80 if (!LoadDict(pEncryptDict)) { 81 return FALSE; 82 } 83 if (m_Cipher == FXCIPHER_NONE) { 84 return TRUE; 85 } 86 return CheckSecurity(m_KeyLen); 87 } 88 FX_BOOL CPDF_StandardSecurityHandler::CheckSecurity(FX_INT32 key_len) 89 { 90 CFX_ByteString password = m_pParser->GetPassword(); 91 if (CheckPassword(password, password.GetLength(), TRUE, m_EncryptKey, key_len)) { 92 if (password.IsEmpty()) { 93 if (!CheckPassword(password, password.GetLength(), FALSE, m_EncryptKey, key_len)) { 94 return FALSE; 95 } 96 } 97 m_bOwner = TRUE; 98 return TRUE; 99 } 100 return CheckPassword(password, password.GetLength(), FALSE, m_EncryptKey, key_len); 101 } 102 FX_DWORD CPDF_StandardSecurityHandler::GetPermissions() 103 { 104 return m_Permissions; 105 } 106 static FX_BOOL _LoadCryptInfo(CPDF_Dictionary* pEncryptDict, FX_BSTR name, int& cipher, int& keylen) 107 { 108 int Version = pEncryptDict->GetInteger(FX_BSTRC("V")); 109 cipher = FXCIPHER_RC4; 110 keylen = 0; 111 if (Version >= 4) { 112 CPDF_Dictionary* pCryptFilters = pEncryptDict->GetDict(FX_BSTRC("CF")); 113 if (pCryptFilters == NULL) { 114 return FALSE; 115 } 116 if (name == FX_BSTRC("Identity")) { 117 cipher = FXCIPHER_NONE; 118 } else { 119 CPDF_Dictionary* pDefFilter = pCryptFilters->GetDict(name); 120 if (pDefFilter == NULL) { 121 return FALSE; 122 } 123 int nKeyBits = 0; 124 if (Version == 4) { 125 nKeyBits = pDefFilter->GetInteger(FX_BSTRC("Length"), 0); 126 if (nKeyBits == 0) { 127 nKeyBits = pEncryptDict->GetInteger(FX_BSTRC("Length"), 128); 128 } 129 } else { 130 nKeyBits = pEncryptDict->GetInteger(FX_BSTRC("Length"), 256); 131 } 132 if (nKeyBits < 40) { 133 nKeyBits *= 8; 134 } 135 keylen = nKeyBits / 8; 136 CFX_ByteString cipher_name = pDefFilter->GetString(FX_BSTRC("CFM")); 137 if (cipher_name == FX_BSTRC("AESV2") || cipher_name == FX_BSTRC("AESV3")) { 138 cipher = FXCIPHER_AES; 139 } 140 } 141 } else { 142 keylen = Version > 1 ? pEncryptDict->GetInteger(FX_BSTRC("Length"), 40) / 8 : 5; 143 } 144 if (keylen > 32 || keylen < 0) { 145 return FALSE; 146 } 147 return TRUE; 148 } 149 FX_BOOL CPDF_StandardSecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict) 150 { 151 m_pEncryptDict = pEncryptDict; 152 m_bOwner = FALSE; 153 m_Version = pEncryptDict->GetInteger(FX_BSTRC("V")); 154 m_Revision = pEncryptDict->GetInteger(FX_BSTRC("R")); 155 m_Permissions = pEncryptDict->GetInteger(FX_BSTRC("P"), -1); 156 if (m_Version < 4) { 157 return _LoadCryptInfo(pEncryptDict, CFX_ByteString(), m_Cipher, m_KeyLen); 158 } 159 CFX_ByteString stmf_name = pEncryptDict->GetString(FX_BSTRC("StmF")); 160 CFX_ByteString strf_name = pEncryptDict->GetString(FX_BSTRC("StrF")); 161 if (stmf_name != strf_name) { 162 return FALSE; 163 } 164 if (!_LoadCryptInfo(pEncryptDict, strf_name, m_Cipher, m_KeyLen)) { 165 return FALSE; 166 } 167 return TRUE; 168 } 169 FX_BOOL CPDF_StandardSecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict, FX_DWORD type, int& cipher, int& key_len) 170 { 171 m_pEncryptDict = pEncryptDict; 172 m_bOwner = FALSE; 173 m_Version = pEncryptDict->GetInteger(FX_BSTRC("V")); 174 m_Revision = pEncryptDict->GetInteger(FX_BSTRC("R")); 175 m_Permissions = pEncryptDict->GetInteger(FX_BSTRC("P"), -1); 176 CFX_ByteString strf_name, stmf_name; 177 if (m_Version >= 4) { 178 stmf_name = pEncryptDict->GetString(FX_BSTRC("StmF")); 179 strf_name = pEncryptDict->GetString(FX_BSTRC("StrF")); 180 if (stmf_name != strf_name) { 181 return FALSE; 182 } 183 } 184 if (!_LoadCryptInfo(pEncryptDict, strf_name, cipher, key_len)) { 185 return FALSE; 186 } 187 m_Cipher = cipher; 188 m_KeyLen = key_len; 189 return TRUE; 190 return TRUE; 191 } 192 FX_BOOL CPDF_StandardSecurityHandler::GetCryptInfo(int& cipher, FX_LPCBYTE& buffer, int& keylen) 193 { 194 cipher = m_Cipher; 195 buffer = m_EncryptKey; 196 keylen = m_KeyLen; 197 return TRUE; 198 } 199 #define FX_GET_32WORD(n,b,i) \ 200 { \ 201 (n) = (FX_DWORD)(( (FX_UINT64) (b)[(i)] << 24 ) \ 202 | ( (FX_UINT64) (b)[(i) + 1] << 16 ) \ 203 | ( (FX_UINT64) (b)[(i) + 2] << 8 ) \ 204 | ( (FX_UINT64) (b)[(i) + 3] )); \ 205 } 206 int BigOrder64BitsMod3(FX_LPBYTE data) 207 { 208 FX_UINT64 ret = 0; 209 for (int i = 0; i < 4; ++i) { 210 FX_DWORD value; 211 FX_GET_32WORD(value, data, 4 * i); 212 ret <<= 32; 213 ret |= value; 214 ret %= 3; 215 } 216 return (int)ret; 217 } 218 void Revision6_Hash(FX_LPCBYTE password, FX_DWORD size, FX_LPCBYTE salt, FX_LPCBYTE vector, FX_LPBYTE hash) 219 { 220 int iBlockSize = 32; 221 FX_BYTE sha[128]; 222 CRYPT_SHA256Start(sha); 223 CRYPT_SHA256Update(sha, password, size); 224 CRYPT_SHA256Update(sha, salt, 8); 225 if (vector) { 226 CRYPT_SHA256Update(sha, vector, 48); 227 } 228 FX_BYTE digest[32]; 229 CRYPT_SHA256Finish(sha, digest); 230 CFX_ByteTextBuf buf; 231 FX_LPBYTE input = digest; 232 FX_LPBYTE key = input; 233 FX_LPBYTE iv = input + 16; 234 FX_LPBYTE E = buf.GetBuffer(); 235 int iBufLen = buf.GetLength(); 236 CFX_ByteTextBuf interDigest; 237 int i = 0; 238 FX_LPBYTE aes = FX_Alloc(FX_BYTE, 2048); 239 while (i < 64 || i < E[iBufLen - 1] + 32) { 240 int iRoundSize = size + iBlockSize; 241 if (vector) { 242 iRoundSize += 48; 243 } 244 iBufLen = iRoundSize * 64; 245 buf.EstimateSize(iBufLen); 246 E = buf.GetBuffer(); 247 CFX_ByteTextBuf content; 248 for (int j = 0; j < 64; ++j) { 249 content.AppendBlock(password, size); 250 content.AppendBlock(input, iBlockSize); 251 if (vector) { 252 content.AppendBlock(vector, 48); 253 } 254 } 255 CRYPT_AESSetKey(aes, 16, key, 16, TRUE); 256 CRYPT_AESSetIV(aes, iv); 257 CRYPT_AESEncrypt(aes, E, content.GetBuffer(), iBufLen); 258 int iHash = 0; 259 switch (BigOrder64BitsMod3(E)) { 260 case 0: 261 iHash = 0; 262 iBlockSize = 32; 263 break; 264 case 1: 265 iHash = 1; 266 iBlockSize = 48; 267 break; 268 default: 269 iHash = 2; 270 iBlockSize = 64; 271 break; 272 } 273 interDigest.EstimateSize(iBlockSize); 274 input = interDigest.GetBuffer(); 275 if (iHash == 0) { 276 CRYPT_SHA256Generate(E, iBufLen, input); 277 } else if (iHash == 1) { 278 CRYPT_SHA384Generate(E, iBufLen, input); 279 } else if (iHash == 2) { 280 CRYPT_SHA512Generate(E, iBufLen, input); 281 } 282 key = input; 283 iv = input + 16; 284 ++i; 285 } 286 FX_Free(aes); 287 if (hash) { 288 FXSYS_memcpy32(hash, input, 32); 289 } 290 } 291 FX_BOOL CPDF_StandardSecurityHandler::AES256_CheckPassword(FX_LPCBYTE password, FX_DWORD size, 292 FX_BOOL bOwner, FX_LPBYTE key) 293 { 294 CFX_ByteString okey = m_pEncryptDict ? m_pEncryptDict->GetString(FX_BSTRC("O")) : CFX_ByteString(); 295 if (okey.GetLength() < 48) { 296 return FALSE; 297 } 298 CFX_ByteString ukey = m_pEncryptDict ? m_pEncryptDict->GetString(FX_BSTRC("U")) : CFX_ByteString(); 299 if (ukey.GetLength() < 48) { 300 return FALSE; 301 } 302 FX_LPCBYTE pkey = bOwner ? (FX_LPCBYTE)okey : (FX_LPCBYTE)ukey; 303 FX_BYTE sha[128]; 304 FX_BYTE digest[32]; 305 if (m_Revision >= 6) { 306 Revision6_Hash(password, size, (FX_LPCBYTE)pkey + 32, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest); 307 } else { 308 CRYPT_SHA256Start(sha); 309 CRYPT_SHA256Update(sha, password, size); 310 CRYPT_SHA256Update(sha, pkey + 32, 8); 311 if (bOwner) { 312 CRYPT_SHA256Update(sha, ukey, 48); 313 } 314 CRYPT_SHA256Finish(sha, digest); 315 } 316 if (FXSYS_memcmp32(digest, pkey, 32) != 0) { 317 return FALSE; 318 } 319 if (key == NULL) { 320 return TRUE; 321 } 322 if (m_Revision >= 6) { 323 Revision6_Hash(password, size, (FX_LPCBYTE)pkey + 40, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest); 324 } else { 325 CRYPT_SHA256Start(sha); 326 CRYPT_SHA256Update(sha, password, size); 327 CRYPT_SHA256Update(sha, pkey + 40, 8); 328 if (bOwner) { 329 CRYPT_SHA256Update(sha, ukey, 48); 330 } 331 CRYPT_SHA256Finish(sha, digest); 332 } 333 CFX_ByteString ekey = m_pEncryptDict ? m_pEncryptDict->GetString(bOwner ? FX_BSTRC("OE") : FX_BSTRC("UE")) : CFX_ByteString(); 334 if (ekey.GetLength() < 32) { 335 return FALSE; 336 } 337 FX_BYTE* aes = FX_Alloc(FX_BYTE, 2048); 338 CRYPT_AESSetKey(aes, 16, digest, 32, FALSE); 339 FX_BYTE iv[16]; 340 FXSYS_memset32(iv, 0, 16); 341 CRYPT_AESSetIV(aes, iv); 342 CRYPT_AESDecrypt(aes, key, ekey, 32); 343 CRYPT_AESSetKey(aes, 16, key, 32, FALSE); 344 CRYPT_AESSetIV(aes, iv); 345 CFX_ByteString perms = m_pEncryptDict->GetString(FX_BSTRC("Perms")); 346 if (perms.IsEmpty()) { 347 return FALSE; 348 } 349 FX_BYTE perms_buf[16]; 350 FXSYS_memset32(perms_buf, 0, sizeof(perms_buf)); 351 FX_DWORD copy_len = sizeof(perms_buf); 352 if (copy_len > (FX_DWORD)perms.GetLength()) { 353 copy_len = perms.GetLength(); 354 } 355 FXSYS_memcpy32(perms_buf, (FX_LPCBYTE)perms, copy_len); 356 FX_BYTE buf[16]; 357 CRYPT_AESDecrypt(aes, buf, perms_buf, 16); 358 FX_Free(aes); 359 if (buf[9] != 'a' || buf[10] != 'd' || buf[11] != 'b') { 360 return FALSE; 361 } 362 if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) { 363 return FALSE; 364 } 365 if ((buf[8] == 'T' && !IsMetadataEncrypted()) || (buf[8] == 'F' && IsMetadataEncrypted())) { 366 return FALSE; 367 } 368 return TRUE; 369 } 370 int CPDF_StandardSecurityHandler::CheckPassword(FX_LPCBYTE password, FX_DWORD pass_size, FX_BOOL bOwner, FX_LPBYTE key) 371 { 372 return CheckPassword(password, pass_size, bOwner, key, m_KeyLen); 373 } 374 int CPDF_StandardSecurityHandler::CheckPassword(FX_LPCBYTE password, FX_DWORD size, FX_BOOL bOwner, FX_LPBYTE key, FX_INT32 key_len) 375 { 376 if (m_Revision >= 5) { 377 return AES256_CheckPassword(password, size, bOwner, key); 378 } 379 FX_BYTE keybuf[32]; 380 if (key == NULL) { 381 key = keybuf; 382 } 383 if (bOwner) { 384 return CheckOwnerPassword(password, size, key, key_len); 385 } 386 return CheckUserPassword(password, size, FALSE, key, key_len) || CheckUserPassword(password, size, TRUE, key, key_len); 387 } 388 FX_BOOL CPDF_StandardSecurityHandler::CheckUserPassword(FX_LPCBYTE password, FX_DWORD pass_size, 389 FX_BOOL bIgnoreEncryptMeta, FX_LPBYTE key, FX_INT32 key_len) 390 { 391 CalcEncryptKey(m_pEncryptDict, password, pass_size, key, key_len, bIgnoreEncryptMeta, 392 m_pParser->GetIDArray()); 393 CFX_ByteString ukey = m_pEncryptDict ? m_pEncryptDict->GetString(FX_BSTRC("U")) : CFX_ByteString(); 394 if (ukey.GetLength() < 16) { 395 return FALSE; 396 } 397 FX_BYTE ukeybuf[32]; 398 if (m_Revision == 2) { 399 FXSYS_memcpy32(ukeybuf, defpasscode, 32); 400 CRYPT_ArcFourCryptBlock(ukeybuf, 32, key, key_len); 401 } else { 402 FX_BYTE test[32], tmpkey[32]; 403 FX_DWORD copy_len = sizeof(test); 404 if (copy_len > (FX_DWORD)ukey.GetLength()) { 405 copy_len = ukey.GetLength(); 406 } 407 FXSYS_memset32(test, 0, sizeof(test)); 408 FXSYS_memset32(tmpkey, 0, sizeof(tmpkey)); 409 FXSYS_memcpy32(test, ukey.c_str(), copy_len); 410 for (int i = 19; i >= 0; i --) { 411 for (int j = 0; j < key_len; j ++) { 412 tmpkey[j] = key[j] ^ i; 413 } 414 CRYPT_ArcFourCryptBlock(test, 32, tmpkey, key_len); 415 } 416 FX_BYTE md5[100]; 417 CRYPT_MD5Start(md5); 418 CRYPT_MD5Update(md5, defpasscode, 32); 419 CPDF_Array* pIdArray = m_pParser->GetIDArray(); 420 if (pIdArray) { 421 CFX_ByteString id = pIdArray->GetString(0); 422 CRYPT_MD5Update(md5, (FX_LPBYTE)id.c_str(), id.GetLength()); 423 } 424 CRYPT_MD5Finish(md5, ukeybuf); 425 return FXSYS_memcmp32(test, ukeybuf, 16) == 0; 426 } 427 if (FXSYS_memcmp32((FX_LPVOID)ukey.c_str(), ukeybuf, 16) == 0) { 428 return TRUE; 429 } 430 return FALSE; 431 } 432 CFX_ByteString CPDF_StandardSecurityHandler::GetUserPassword(FX_LPCBYTE owner_pass, FX_DWORD pass_size) 433 { 434 return GetUserPassword(owner_pass, pass_size, m_KeyLen); 435 } 436 CFX_ByteString CPDF_StandardSecurityHandler::GetUserPassword(FX_LPCBYTE owner_pass, FX_DWORD pass_size, FX_INT32 key_len) 437 { 438 CFX_ByteString okey = m_pEncryptDict->GetString(FX_BSTRC("O")); 439 FX_BYTE passcode[32]; 440 FX_DWORD i; 441 for (i = 0; i < 32; i ++) { 442 passcode[i] = i < pass_size ? owner_pass[i] : defpasscode[i - pass_size]; 443 } 444 FX_BYTE digest[16]; 445 CRYPT_MD5Generate(passcode, 32, digest); 446 if (m_Revision >= 3) { 447 for (int i = 0; i < 50; i ++) { 448 CRYPT_MD5Generate(digest, 16, digest); 449 } 450 } 451 FX_BYTE enckey[32]; 452 FXSYS_memset32(enckey, 0, sizeof(enckey)); 453 FX_DWORD copy_len = key_len; 454 if (copy_len > sizeof(digest)) { 455 copy_len = sizeof(digest); 456 } 457 FXSYS_memcpy32(enckey, digest, copy_len); 458 int okeylen = okey.GetLength(); 459 if (okeylen > 32) { 460 okeylen = 32; 461 } 462 FX_BYTE okeybuf[64]; 463 FXSYS_memset32(okeybuf, 0, sizeof(okeybuf)); 464 FXSYS_memcpy32(okeybuf, okey.c_str(), okeylen); 465 if (m_Revision == 2) { 466 CRYPT_ArcFourCryptBlock(okeybuf, okeylen, enckey, key_len); 467 } else { 468 for (int i = 19; i >= 0; i --) { 469 FX_BYTE tempkey[32]; 470 FXSYS_memset32(tempkey, 0, sizeof(tempkey)); 471 for (int j = 0; j < m_KeyLen; j ++) { 472 tempkey[j] = enckey[j] ^ i; 473 } 474 CRYPT_ArcFourCryptBlock(okeybuf, okeylen, tempkey, key_len); 475 } 476 } 477 int len = 32; 478 while (len && defpasscode[len - 1] == okeybuf[len - 1]) { 479 len --; 480 } 481 return CFX_ByteString(okeybuf, len); 482 } 483 FX_BOOL CPDF_StandardSecurityHandler::CheckOwnerPassword(FX_LPCBYTE password, FX_DWORD pass_size, 484 FX_LPBYTE key, FX_INT32 key_len) 485 { 486 CFX_ByteString user_pass = GetUserPassword(password, pass_size, key_len); 487 if (CheckUserPassword(user_pass, user_pass.GetLength(), FALSE, key, key_len)) { 488 return TRUE; 489 } 490 return CheckUserPassword(user_pass, user_pass.GetLength(), TRUE, key, key_len); 491 } 492 FX_BOOL CPDF_StandardSecurityHandler::IsMetadataEncrypted() 493 { 494 return m_pEncryptDict->GetBoolean(FX_BSTRC("EncryptMetadata"), TRUE); 495 } 496 CPDF_SecurityHandler* FPDF_CreateStandardSecurityHandler() 497 { 498 return new CPDF_StandardSecurityHandler; 499 } 500 void CPDF_StandardSecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, CPDF_Array* pIdArray, 501 FX_LPCBYTE user_pass, FX_DWORD user_size, 502 FX_LPCBYTE owner_pass, FX_DWORD owner_size, FX_BOOL bDefault, FX_DWORD type) 503 { 504 int cipher = 0, key_len = 0; 505 if (!LoadDict(pEncryptDict, type, cipher, key_len)) { 506 return; 507 } 508 if (bDefault && (owner_pass == NULL || owner_size == 0)) { 509 owner_pass = user_pass; 510 owner_size = user_size; 511 } 512 if (m_Revision >= 5) { 513 int t = (int)time(NULL); 514 FX_BYTE sha[128]; 515 CRYPT_SHA256Start(sha); 516 CRYPT_SHA256Update(sha, (FX_BYTE*)&t, sizeof t); 517 CRYPT_SHA256Update(sha, m_EncryptKey, 32); 518 CRYPT_SHA256Update(sha, (FX_BYTE*)"there", 5); 519 CRYPT_SHA256Finish(sha, m_EncryptKey); 520 AES256_SetPassword(pEncryptDict, user_pass, user_size, FALSE, m_EncryptKey); 521 if (bDefault) { 522 AES256_SetPassword(pEncryptDict, owner_pass, owner_size, TRUE, m_EncryptKey); 523 AES256_SetPerms(pEncryptDict, m_Permissions, pEncryptDict->GetBoolean(FX_BSTRC("EncryptMetadata"), TRUE), m_EncryptKey); 524 } 525 return; 526 } 527 if (bDefault) { 528 FX_BYTE passcode[32]; 529 FX_DWORD i; 530 for (i = 0; i < 32; i ++) { 531 passcode[i] = i < owner_size ? owner_pass[i] : defpasscode[i - owner_size]; 532 } 533 FX_BYTE digest[16]; 534 CRYPT_MD5Generate(passcode, 32, digest); 535 if (m_Revision >= 3) { 536 for (int i = 0; i < 50; i ++) { 537 CRYPT_MD5Generate(digest, 16, digest); 538 } 539 } 540 FX_BYTE enckey[32]; 541 FXSYS_memcpy32(enckey, digest, key_len); 542 for (i = 0; i < 32; i ++) { 543 passcode[i] = i < user_size ? user_pass[i] : defpasscode[i - user_size]; 544 } 545 CRYPT_ArcFourCryptBlock(passcode, 32, enckey, key_len); 546 FX_BYTE tempkey[32]; 547 if (m_Revision >= 3) { 548 for (i = 1; i <= 19; i ++) { 549 for (int j = 0; j < key_len; j ++) { 550 tempkey[j] = enckey[j] ^ (FX_BYTE)i; 551 } 552 CRYPT_ArcFourCryptBlock(passcode, 32, tempkey, key_len); 553 } 554 } 555 pEncryptDict->SetAtString(FX_BSTRC("O"), CFX_ByteString(passcode, 32)); 556 } 557 CalcEncryptKey(m_pEncryptDict, (FX_LPBYTE)user_pass, user_size, m_EncryptKey, key_len, FALSE, pIdArray); 558 if (m_Revision < 3) { 559 FX_BYTE tempbuf[32]; 560 FXSYS_memcpy32(tempbuf, defpasscode, 32); 561 CRYPT_ArcFourCryptBlock(tempbuf, 32, m_EncryptKey, key_len); 562 pEncryptDict->SetAtString(FX_BSTRC("U"), CFX_ByteString(tempbuf, 32)); 563 } else { 564 FX_BYTE md5[100]; 565 CRYPT_MD5Start(md5); 566 CRYPT_MD5Update(md5, defpasscode, 32); 567 if (pIdArray) { 568 CFX_ByteString id = pIdArray->GetString(0); 569 CRYPT_MD5Update(md5, (FX_LPBYTE)id.c_str(), id.GetLength()); 570 } 571 FX_BYTE digest[32]; 572 CRYPT_MD5Finish(md5, digest); 573 CRYPT_ArcFourCryptBlock(digest, 16, m_EncryptKey, key_len); 574 FX_BYTE tempkey[32]; 575 for (int i = 1; i <= 19; i ++) { 576 for (int j = 0; j < key_len; j ++) { 577 tempkey[j] = m_EncryptKey[j] ^ (FX_BYTE)i; 578 } 579 CRYPT_ArcFourCryptBlock(digest, 16, tempkey, key_len); 580 } 581 CRYPT_MD5Generate(digest, 16, digest + 16); 582 pEncryptDict->SetAtString(FX_BSTRC("U"), CFX_ByteString(digest, 32)); 583 } 584 } 585 void CPDF_StandardSecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, CPDF_Array* pIdArray, 586 FX_LPCBYTE user_pass, FX_DWORD user_size, 587 FX_LPCBYTE owner_pass, FX_DWORD owner_size, FX_DWORD type) 588 { 589 OnCreate(pEncryptDict, pIdArray, user_pass, user_size, owner_pass, owner_size, TRUE, type); 590 } 591 void CPDF_StandardSecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, CPDF_Array* pIdArray, FX_LPCBYTE user_pass, FX_DWORD user_size, FX_DWORD type) 592 { 593 OnCreate(pEncryptDict, pIdArray, user_pass, user_size, NULL, 0, FALSE, type); 594 } 595 void CPDF_StandardSecurityHandler::AES256_SetPassword(CPDF_Dictionary* pEncryptDict, FX_LPCBYTE password, FX_DWORD size, FX_BOOL bOwner, FX_LPCBYTE key) 596 { 597 FX_BYTE sha[128]; 598 CRYPT_SHA1Start(sha); 599 CRYPT_SHA1Update(sha, key, 32); 600 CRYPT_SHA1Update(sha, (FX_BYTE*)"hello", 5); 601 FX_BYTE digest[20]; 602 CRYPT_SHA1Finish(sha, digest); 603 CFX_ByteString ukey = pEncryptDict->GetString(FX_BSTRC("U")); 604 FX_BYTE digest1[48]; 605 if (m_Revision >= 6) { 606 Revision6_Hash(password, size, digest, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest1); 607 } else { 608 CRYPT_SHA256Start(sha); 609 CRYPT_SHA256Update(sha, password, size); 610 CRYPT_SHA256Update(sha, digest, 8); 611 if (bOwner) { 612 CRYPT_SHA256Update(sha, ukey, ukey.GetLength()); 613 } 614 CRYPT_SHA256Finish(sha, digest1); 615 } 616 FXSYS_memcpy32(digest1 + 32, digest, 16); 617 pEncryptDict->SetAtString(bOwner ? FX_BSTRC("O") : FX_BSTRC("U"), CFX_ByteString(digest1, 48)); 618 if (m_Revision >= 6) { 619 Revision6_Hash(password, size, digest + 8, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest1); 620 } else { 621 CRYPT_SHA256Start(sha); 622 CRYPT_SHA256Update(sha, password, size); 623 CRYPT_SHA256Update(sha, digest + 8, 8); 624 if (bOwner) { 625 CRYPT_SHA256Update(sha, ukey, ukey.GetLength()); 626 } 627 CRYPT_SHA256Finish(sha, digest1); 628 } 629 FX_BYTE* aes = FX_Alloc(FX_BYTE, 2048); 630 CRYPT_AESSetKey(aes, 16, digest1, 32, TRUE); 631 FX_BYTE iv[16]; 632 FXSYS_memset32(iv, 0, 16); 633 CRYPT_AESSetIV(aes, iv); 634 CRYPT_AESEncrypt(aes, digest1, key, 32); 635 FX_Free(aes); 636 pEncryptDict->SetAtString(bOwner ? FX_BSTRC("OE") : FX_BSTRC("UE"), CFX_ByteString(digest1, 32)); 637 } 638 void CPDF_StandardSecurityHandler::AES256_SetPerms(CPDF_Dictionary* pEncryptDict, FX_DWORD permissions, 639 FX_BOOL bEncryptMetadata, FX_LPCBYTE key) 640 { 641 FX_BYTE buf[16]; 642 buf[0] = (FX_BYTE)permissions; 643 buf[1] = (FX_BYTE)(permissions >> 8); 644 buf[2] = (FX_BYTE)(permissions >> 16); 645 buf[3] = (FX_BYTE)(permissions >> 24); 646 buf[4] = 0xff; 647 buf[5] = 0xff; 648 buf[6] = 0xff; 649 buf[7] = 0xff; 650 buf[8] = bEncryptMetadata ? 'T' : 'F'; 651 buf[9] = 'a'; 652 buf[10] = 'd'; 653 buf[11] = 'b'; 654 FX_BYTE* aes = FX_Alloc(FX_BYTE, 2048); 655 CRYPT_AESSetKey(aes, 16, key, 32, TRUE); 656 FX_BYTE iv[16], buf1[16]; 657 FXSYS_memset32(iv, 0, 16); 658 CRYPT_AESSetIV(aes, iv); 659 CRYPT_AESEncrypt(aes, buf1, buf, 16); 660 FX_Free(aes); 661 pEncryptDict->SetAtString(FX_BSTRC("Perms"), CFX_ByteString(buf1, 16)); 662 } 663 void CPDF_StandardCryptoHandler::CryptBlock(FX_BOOL bEncrypt, FX_DWORD objnum, FX_DWORD gennum, FX_LPCBYTE src_buf, FX_DWORD src_size, 664 FX_LPBYTE dest_buf, FX_DWORD& dest_size) 665 { 666 if (m_Cipher == FXCIPHER_NONE) { 667 FXSYS_memcpy32(dest_buf, src_buf, src_size); 668 return; 669 } 670 FX_BYTE realkey[16]; 671 int realkeylen = 16; 672 if (m_Cipher != FXCIPHER_AES || m_KeyLen != 32) { 673 FX_BYTE key1[32]; 674 FXSYS_memcpy32(key1, m_EncryptKey, m_KeyLen); 675 key1[m_KeyLen + 0] = (FX_BYTE)objnum; 676 key1[m_KeyLen + 1] = (FX_BYTE)(objnum >> 8); 677 key1[m_KeyLen + 2] = (FX_BYTE)(objnum >> 16); 678 key1[m_KeyLen + 3] = (FX_BYTE)gennum; 679 key1[m_KeyLen + 4] = (FX_BYTE)(gennum >> 8); 680 FXSYS_memcpy32(key1 + m_KeyLen, &objnum, 3); 681 FXSYS_memcpy32(key1 + m_KeyLen + 3, &gennum, 2); 682 if (m_Cipher == FXCIPHER_AES) { 683 FXSYS_memcpy32(key1 + m_KeyLen + 5, "sAlT", 4); 684 } 685 CRYPT_MD5Generate(key1, m_Cipher == FXCIPHER_AES ? m_KeyLen + 9 : m_KeyLen + 5, realkey); 686 realkeylen = m_KeyLen + 5; 687 if (realkeylen > 16) { 688 realkeylen = 16; 689 } 690 } 691 if (m_Cipher == FXCIPHER_AES) { 692 CRYPT_AESSetKey(m_pAESContext, 16, m_KeyLen == 32 ? m_EncryptKey : realkey, m_KeyLen, bEncrypt); 693 if (bEncrypt) { 694 FX_BYTE iv[16]; 695 for (int i = 0; i < 16; i ++) { 696 iv[i] = (FX_BYTE)rand(); 697 } 698 CRYPT_AESSetIV(m_pAESContext, iv); 699 FXSYS_memcpy32(dest_buf, iv, 16); 700 int nblocks = src_size / 16; 701 CRYPT_AESEncrypt(m_pAESContext, dest_buf + 16, src_buf, nblocks * 16); 702 FX_BYTE padding[16]; 703 FXSYS_memcpy32(padding, src_buf + nblocks * 16, src_size % 16); 704 FXSYS_memset8(padding + src_size % 16, 16 - src_size % 16, 16 - src_size % 16); 705 CRYPT_AESEncrypt(m_pAESContext, dest_buf + nblocks * 16 + 16, padding, 16); 706 dest_size = 32 + nblocks * 16; 707 } else { 708 CRYPT_AESSetIV(m_pAESContext, src_buf); 709 CRYPT_AESDecrypt(m_pAESContext, dest_buf, src_buf + 16, src_size - 16); 710 dest_size = src_size - 16; 711 dest_size -= dest_buf[dest_size - 1]; 712 } 713 } else { 714 ASSERT(dest_size == src_size); 715 if (dest_buf != src_buf) { 716 FXSYS_memcpy32(dest_buf, src_buf, src_size); 717 } 718 CRYPT_ArcFourCryptBlock(dest_buf, dest_size, realkey, realkeylen); 719 } 720 } 721 typedef struct _AESCryptContext { 722 FX_BYTE m_Context[2048]; 723 FX_BOOL m_bIV; 724 FX_BYTE m_Block[16]; 725 FX_DWORD m_BlockOffset; 726 } AESCryptContext; 727 FX_LPVOID CPDF_StandardCryptoHandler::CryptStart(FX_DWORD objnum, FX_DWORD gennum, FX_BOOL bEncrypt) 728 { 729 if (m_Cipher == FXCIPHER_NONE) { 730 return this; 731 } 732 if (m_Cipher == FXCIPHER_AES && m_KeyLen == 32) { 733 AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1); 734 pContext->m_bIV = TRUE; 735 pContext->m_BlockOffset = 0; 736 CRYPT_AESSetKey(pContext->m_Context, 16, m_EncryptKey, 32, bEncrypt); 737 if (bEncrypt) { 738 for (int i = 0; i < 16; i ++) { 739 pContext->m_Block[i] = (FX_BYTE)rand(); 740 } 741 CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block); 742 } 743 return pContext; 744 } 745 FX_BYTE key1[48]; 746 FXSYS_memcpy32(key1, m_EncryptKey, m_KeyLen); 747 FXSYS_memcpy32(key1 + m_KeyLen, &objnum, 3); 748 FXSYS_memcpy32(key1 + m_KeyLen + 3, &gennum, 2); 749 if (m_Cipher == FXCIPHER_AES) { 750 FXSYS_memcpy32(key1 + m_KeyLen + 5, "sAlT", 4); 751 } 752 FX_BYTE realkey[16]; 753 CRYPT_MD5Generate(key1, m_Cipher == FXCIPHER_AES ? m_KeyLen + 9 : m_KeyLen + 5, realkey); 754 int realkeylen = m_KeyLen + 5; 755 if (realkeylen > 16) { 756 realkeylen = 16; 757 } 758 if (m_Cipher == FXCIPHER_AES) { 759 AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1); 760 pContext->m_bIV = TRUE; 761 pContext->m_BlockOffset = 0; 762 CRYPT_AESSetKey(pContext->m_Context, 16, realkey, 16, bEncrypt); 763 if (bEncrypt) { 764 for (int i = 0; i < 16; i ++) { 765 pContext->m_Block[i] = (FX_BYTE)rand(); 766 } 767 CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block); 768 } 769 return pContext; 770 } 771 void* pContext = FX_Alloc(FX_BYTE, 1040); 772 CRYPT_ArcFourSetup(pContext, realkey, realkeylen); 773 return pContext; 774 } 775 FX_BOOL CPDF_StandardCryptoHandler::CryptStream(FX_LPVOID context, FX_LPCBYTE src_buf, FX_DWORD src_size, CFX_BinaryBuf& dest_buf, FX_BOOL bEncrypt) 776 { 777 if (!context) { 778 return FALSE; 779 } 780 if (m_Cipher == FXCIPHER_NONE) { 781 dest_buf.AppendBlock(src_buf, src_size); 782 return TRUE; 783 } 784 if (m_Cipher == FXCIPHER_RC4) { 785 int old_size = dest_buf.GetSize(); 786 dest_buf.AppendBlock(src_buf, src_size); 787 CRYPT_ArcFourCrypt(context, dest_buf.GetBuffer() + old_size, src_size); 788 return TRUE; 789 } 790 AESCryptContext* pContext = (AESCryptContext*)context; 791 if (pContext->m_bIV && bEncrypt) { 792 dest_buf.AppendBlock(pContext->m_Block, 16); 793 pContext->m_bIV = FALSE; 794 } 795 FX_DWORD src_off = 0; 796 FX_DWORD src_left = src_size; 797 while (1) { 798 FX_DWORD copy_size = 16 - pContext->m_BlockOffset; 799 if (copy_size > src_left) { 800 copy_size = src_left; 801 } 802 FXSYS_memcpy32(pContext->m_Block + pContext->m_BlockOffset, src_buf + src_off, copy_size); 803 src_off += copy_size; 804 src_left -= copy_size; 805 pContext->m_BlockOffset += copy_size; 806 if (pContext->m_BlockOffset == 16) { 807 if (!bEncrypt && pContext->m_bIV) { 808 CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block); 809 pContext->m_bIV = FALSE; 810 pContext->m_BlockOffset = 0; 811 } else if (src_off < src_size) { 812 FX_BYTE block_buf[16]; 813 if (bEncrypt) { 814 CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16); 815 } else { 816 CRYPT_AESDecrypt(pContext->m_Context, block_buf, pContext->m_Block, 16); 817 } 818 dest_buf.AppendBlock(block_buf, 16); 819 pContext->m_BlockOffset = 0; 820 } 821 } 822 if (!src_left) { 823 break; 824 } 825 } 826 return TRUE; 827 } 828 FX_BOOL CPDF_StandardCryptoHandler::CryptFinish(FX_LPVOID context, CFX_BinaryBuf& dest_buf, FX_BOOL bEncrypt) 829 { 830 if (!context) { 831 return FALSE; 832 } 833 if (m_Cipher == FXCIPHER_NONE) { 834 return TRUE; 835 } 836 if (m_Cipher == FXCIPHER_RC4) { 837 FX_Free(context); 838 return TRUE; 839 } 840 AESCryptContext* pContext = (AESCryptContext*)context; 841 if (bEncrypt) { 842 FX_BYTE block_buf[16]; 843 if (pContext->m_BlockOffset == 16) { 844 CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16); 845 dest_buf.AppendBlock(block_buf, 16); 846 pContext->m_BlockOffset = 0; 847 } 848 FXSYS_memset8(pContext->m_Block + pContext->m_BlockOffset, (FX_BYTE)(16 - pContext->m_BlockOffset), 16 - pContext->m_BlockOffset); 849 CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16); 850 dest_buf.AppendBlock(block_buf, 16); 851 } else if (pContext->m_BlockOffset == 16) { 852 FX_BYTE block_buf[16]; 853 CRYPT_AESDecrypt(pContext->m_Context, block_buf, pContext->m_Block, 16); 854 if (block_buf[15] <= 16) { 855 dest_buf.AppendBlock(block_buf, 16 - block_buf[15]); 856 } 857 } 858 FX_Free(pContext); 859 return TRUE; 860 } 861 FX_LPVOID CPDF_StandardCryptoHandler::DecryptStart(FX_DWORD objnum, FX_DWORD gennum) 862 { 863 return CryptStart(objnum, gennum, FALSE); 864 } 865 FX_DWORD CPDF_StandardCryptoHandler::DecryptGetSize(FX_DWORD src_size) 866 { 867 return m_Cipher == FXCIPHER_AES ? src_size - 16 : src_size; 868 } 869 FX_BOOL CPDF_StandardCryptoHandler::Init(CPDF_Dictionary* pEncryptDict, CPDF_SecurityHandler* pSecurityHandler) 870 { 871 FX_LPCBYTE key; 872 if (!pSecurityHandler->GetCryptInfo(m_Cipher, key, m_KeyLen)) { 873 return FALSE; 874 } 875 if (m_KeyLen > 32 || m_KeyLen < 0) { 876 return FALSE; 877 } 878 if (m_Cipher != FXCIPHER_NONE) { 879 FXSYS_memcpy32(m_EncryptKey, key, m_KeyLen); 880 } 881 if (m_Cipher == FXCIPHER_AES) { 882 m_pAESContext = FX_Alloc(FX_BYTE, 2048); 883 } 884 return TRUE; 885 } 886 FX_BOOL CPDF_StandardCryptoHandler::Init(int cipher, FX_LPCBYTE key, int keylen) 887 { 888 if (cipher == FXCIPHER_AES) { 889 switch(keylen) { 890 case 16: 891 case 24: 892 case 32: 893 break; 894 default: 895 return FALSE; 896 } 897 } else if (cipher == FXCIPHER_AES2) { 898 if (keylen != 32) { 899 return FALSE; 900 } 901 } else if (cipher == FXCIPHER_RC4) { 902 if (keylen < 5 || keylen > 16) { 903 return FALSE; 904 } 905 } else { 906 if (keylen > 32) { 907 keylen = 32; 908 } 909 } 910 m_Cipher = cipher; 911 m_KeyLen = keylen; 912 FXSYS_memcpy32(m_EncryptKey, key, keylen); 913 if (m_Cipher == FXCIPHER_AES) { 914 m_pAESContext = FX_Alloc(FX_BYTE, 2048); 915 } 916 return TRUE; 917 } 918 FX_BOOL CPDF_StandardCryptoHandler::DecryptStream(FX_LPVOID context, FX_LPCBYTE src_buf, FX_DWORD src_size, 919 CFX_BinaryBuf& dest_buf) 920 { 921 return CryptStream(context, src_buf, src_size, dest_buf, FALSE); 922 } 923 FX_BOOL CPDF_StandardCryptoHandler::DecryptFinish(FX_LPVOID context, CFX_BinaryBuf& dest_buf) 924 { 925 return CryptFinish(context, dest_buf, FALSE); 926 } 927 FX_DWORD CPDF_StandardCryptoHandler::EncryptGetSize(FX_DWORD objnum, FX_DWORD version, FX_LPCBYTE src_buf, FX_DWORD src_size) 928 { 929 if (m_Cipher == FXCIPHER_AES) { 930 return src_size + 32; 931 } 932 return src_size; 933 } 934 FX_BOOL CPDF_StandardCryptoHandler::EncryptContent(FX_DWORD objnum, FX_DWORD gennum, FX_LPCBYTE src_buf, FX_DWORD src_size, 935 FX_LPBYTE dest_buf, FX_DWORD& dest_size) 936 { 937 CryptBlock(TRUE, objnum, gennum, src_buf, src_size, dest_buf, dest_size); 938 return TRUE; 939 } 940 void CPDF_CryptoHandler::Decrypt(FX_DWORD objnum, FX_DWORD gennum, CFX_ByteString& str) 941 { 942 CFX_BinaryBuf dest_buf; 943 FX_LPVOID context = DecryptStart(objnum, gennum); 944 DecryptStream(context, (FX_LPCBYTE)str, str.GetLength(), dest_buf); 945 DecryptFinish(context, dest_buf); 946 str = dest_buf; 947 } 948 CPDF_StandardCryptoHandler::CPDF_StandardCryptoHandler() 949 { 950 m_pAESContext = NULL; 951 m_Cipher = FXCIPHER_NONE; 952 m_KeyLen = 0; 953 } 954 CPDF_StandardCryptoHandler::~CPDF_StandardCryptoHandler() 955 { 956 if (m_pAESContext) { 957 FX_Free(m_pAESContext); 958 } 959 } 960