github.com/pdfcpu/pdfcpu@v0.11.1/pkg/pdfcpu/crypto.go (about) 1 /* 2 Copyright 2018 The pdfcpu Authors. 3 4 Licensed under the Apache License, Version 2.0 (the "License"); 5 you may not use this file except in compliance with the License. 6 You may obtain a copy of the License at 7 8 http://www.apache.org/licenses/LICENSE-2.0 9 10 Unless required by applicable law or agreed to in writing, software 11 distributed under the License is distributed on an "AS IS" BASIS, 12 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 See the License for the specific language governing permissions and 14 limitations under the License. 15 */ 16 17 package pdfcpu 18 19 // Functions dealing with PDF encryption. 20 21 import ( 22 "bytes" 23 "crypto/aes" 24 "crypto/cipher" 25 "crypto/md5" 26 "crypto/rand" 27 "crypto/rc4" 28 "crypto/sha256" 29 "crypto/sha512" 30 "encoding/binary" 31 "encoding/hex" 32 "fmt" 33 "io" 34 "math/big" 35 "strconv" 36 "time" 37 38 "github.com/pdfcpu/pdfcpu/pkg/log" 39 "github.com/pdfcpu/pdfcpu/pkg/pdfcpu/model" 40 "github.com/pdfcpu/pdfcpu/pkg/pdfcpu/types" 41 "github.com/pkg/errors" 42 43 "golang.org/x/text/secure/precis" 44 "golang.org/x/text/unicode/norm" 45 ) 46 47 var ( 48 pad = []byte{ 49 0x28, 0xBF, 0x4E, 0x5E, 0x4E, 0x75, 0x8A, 0x41, 0x64, 0x00, 0x4E, 0x56, 0xFF, 0xFA, 0x01, 0x08, 50 0x2E, 0x2E, 0x00, 0xB6, 0xD0, 0x68, 0x3E, 0x80, 0x2F, 0x0C, 0xA9, 0xFE, 0x64, 0x53, 0x69, 0x7A, 51 } 52 53 nullPad32 = make([]byte, 32) 54 55 // Needed permission bits for pdfcpu commands. 56 perm = map[model.CommandMode]struct{ extract, modify int }{ 57 model.VALIDATE: {0, 0}, 58 model.LISTINFO: {0, 0}, 59 model.OPTIMIZE: {0, 0}, 60 model.SPLIT: {1, 0}, 61 model.SPLITBYPAGENR: {1, 0}, 62 model.MERGECREATE: {0, 0}, 63 model.MERGECREATEZIP: {0, 0}, 64 model.MERGEAPPEND: {0, 0}, 65 model.EXTRACTIMAGES: {1, 0}, 66 model.EXTRACTFONTS: {1, 0}, 67 model.EXTRACTPAGES: {1, 0}, 68 model.EXTRACTCONTENT: {1, 0}, 69 model.EXTRACTMETADATA: {1, 0}, 70 model.TRIM: {0, 1}, 71 model.LISTATTACHMENTS: {0, 0}, 72 model.EXTRACTATTACHMENTS: {1, 0}, 73 model.ADDATTACHMENTS: {0, 1}, 74 model.ADDATTACHMENTSPORTFOLIO: {0, 1}, 75 model.REMOVEATTACHMENTS: {0, 1}, 76 model.LISTPERMISSIONS: {0, 0}, 77 model.SETPERMISSIONS: {0, 0}, 78 model.ADDWATERMARKS: {0, 1}, 79 model.REMOVEWATERMARKS: {0, 1}, 80 model.IMPORTIMAGES: {0, 1}, 81 model.INSERTPAGESBEFORE: {0, 1}, 82 model.INSERTPAGESAFTER: {0, 1}, 83 model.REMOVEPAGES: {0, 1}, 84 model.LISTKEYWORDS: {0, 0}, 85 model.ADDKEYWORDS: {0, 1}, 86 model.REMOVEKEYWORDS: {0, 1}, 87 model.LISTPROPERTIES: {0, 0}, 88 model.ADDPROPERTIES: {0, 1}, 89 model.REMOVEPROPERTIES: {0, 1}, 90 model.COLLECT: {1, 0}, 91 model.CROP: {0, 1}, 92 model.LISTBOXES: {0, 0}, 93 model.ADDBOXES: {0, 1}, 94 model.REMOVEBOXES: {0, 1}, 95 model.LISTANNOTATIONS: {0, 1}, 96 model.ADDANNOTATIONS: {0, 1}, 97 model.REMOVEANNOTATIONS: {0, 1}, 98 model.ROTATE: {0, 1}, 99 model.NUP: {0, 1}, 100 model.BOOKLET: {0, 1}, 101 model.LISTBOOKMARKS: {0, 0}, 102 model.ADDBOOKMARKS: {0, 1}, 103 model.REMOVEBOOKMARKS: {0, 1}, 104 model.IMPORTBOOKMARKS: {0, 1}, 105 model.EXPORTBOOKMARKS: {0, 1}, 106 model.LISTIMAGES: {0, 1}, 107 model.UPDATEIMAGES: {0, 1}, 108 model.CREATE: {0, 0}, 109 model.DUMP: {0, 1}, 110 model.LISTFORMFIELDS: {0, 0}, 111 model.REMOVEFORMFIELDS: {0, 1}, 112 model.LOCKFORMFIELDS: {0, 1}, 113 model.UNLOCKFORMFIELDS: {0, 1}, 114 model.RESETFORMFIELDS: {0, 1}, 115 model.EXPORTFORMFIELDS: {0, 1}, 116 model.FILLFORMFIELDS: {0, 1}, 117 model.LISTPAGELAYOUT: {0, 1}, 118 model.SETPAGELAYOUT: {0, 1}, 119 model.RESETPAGELAYOUT: {0, 1}, 120 model.LISTPAGEMODE: {0, 1}, 121 model.SETPAGEMODE: {0, 1}, 122 model.RESETPAGEMODE: {0, 1}, 123 model.LISTVIEWERPREFERENCES: {0, 1}, 124 model.SETVIEWERPREFERENCES: {0, 1}, 125 model.RESETVIEWERPREFERENCES: {0, 1}, 126 model.ZOOM: {0, 1}, 127 } 128 129 ErrUnknownEncryption = errors.New("pdfcpu: unknown encryption") 130 ) 131 132 // NewEncryptDict creates a new EncryptDict using the standard security handler. 133 func newEncryptDict(v model.Version, needAES bool, keyLength int, permissions int16) types.Dict { 134 d := types.NewDict() 135 136 d.Insert("Filter", types.Name("Standard")) 137 138 if keyLength >= 128 { 139 d.Insert("Length", types.Integer(keyLength)) 140 i := 4 141 if keyLength == 256 { 142 i = 5 143 } 144 d.Insert("V", types.Integer(i)) 145 if v == model.V20 { 146 i++ 147 } 148 d.Insert("R", types.Integer(i)) 149 } else { 150 d.Insert("R", types.Integer(2)) 151 d.Insert("V", types.Integer(1)) 152 } 153 154 // Set user access permission flags. 155 d.Insert("P", types.Integer(permissions)) 156 157 d.Insert("StmF", types.Name("StdCF")) 158 d.Insert("StrF", types.Name("StdCF")) 159 160 d1 := types.NewDict() 161 d1.Insert("AuthEvent", types.Name("DocOpen")) 162 163 if needAES { 164 n := "AESV2" 165 if keyLength == 256 { 166 n = "AESV3" 167 } 168 d1.Insert("CFM", types.Name(n)) 169 } else { 170 d1.Insert("CFM", types.Name("V2")) 171 } 172 173 d1.Insert("Length", types.Integer(keyLength/8)) 174 175 d2 := types.NewDict() 176 d2.Insert("StdCF", d1) 177 178 d.Insert("CF", d2) 179 180 if keyLength == 256 { 181 d.Insert("U", types.NewHexLiteral(make([]byte, 48))) 182 d.Insert("O", types.NewHexLiteral(make([]byte, 48))) 183 d.Insert("UE", types.NewHexLiteral(make([]byte, 32))) 184 d.Insert("OE", types.NewHexLiteral(make([]byte, 32))) 185 d.Insert("Perms", types.NewHexLiteral(make([]byte, 16))) 186 } else { 187 d.Insert("U", types.NewHexLiteral(make([]byte, 32))) 188 d.Insert("O", types.NewHexLiteral(make([]byte, 32))) 189 } 190 191 return d 192 } 193 194 func encKey(userpw string, e *model.Enc) (key []byte) { 195 // 2a 196 pw := []byte(userpw) 197 if len(pw) >= 32 { 198 pw = pw[:32] 199 } else { 200 pw = append(pw, pad[:32-len(pw)]...) 201 } 202 203 // 2b 204 h := md5.New() 205 h.Write(pw) 206 207 // 2c 208 h.Write(e.O) 209 210 // 2d 211 var q = uint32(e.P) 212 h.Write([]byte{byte(q), byte(q >> 8), byte(q >> 16), byte(q >> 24)}) 213 214 // 2e 215 h.Write(e.ID) 216 217 // 2f 218 if e.R == 4 && !e.Emd { 219 h.Write([]byte{0xff, 0xff, 0xff, 0xff}) 220 } 221 222 // 2g 223 key = h.Sum(nil) 224 225 // 2h 226 if e.R >= 3 { 227 for i := 0; i < 50; i++ { 228 h.Reset() 229 h.Write(key[:e.L/8]) 230 key = h.Sum(nil) 231 } 232 } 233 234 // 2i 235 if e.R >= 3 { 236 key = key[:e.L/8] 237 } else { 238 key = key[:5] 239 } 240 241 return key 242 } 243 244 // validateUserPassword validates the user password aka document open password. 245 func validateUserPassword(ctx *model.Context) (ok bool, err error) { 246 if ctx.E.R == 5 { 247 return validateUserPasswordAES256(ctx) 248 } 249 250 if ctx.E.R == 6 { 251 return validateUserPasswordAES256Rev6(ctx) 252 } 253 254 // Alg.4/5 p63 255 // 4a/5a create encryption key using Alg.2 p61 256 257 u, key, err := u(ctx) 258 if err != nil { 259 return false, err 260 } 261 262 ctx.EncKey = key 263 264 switch ctx.E.R { 265 266 case 2: 267 ok = bytes.Equal(ctx.E.U, u) 268 269 case 3, 4: 270 ok = bytes.HasPrefix(ctx.E.U, u[:16]) 271 } 272 273 return ok, nil 274 } 275 276 func key(ownerpw, userpw string, r, l int) (key []byte) { 277 // 3a 278 pw := []byte(ownerpw) 279 if len(pw) == 0 { 280 pw = []byte(userpw) 281 } 282 if len(pw) >= 32 { 283 pw = pw[:32] 284 } else { 285 pw = append(pw, pad[:32-len(pw)]...) 286 } 287 288 // 3b 289 h := md5.New() 290 h.Write(pw) 291 key = h.Sum(nil) 292 293 // 3c 294 if r >= 3 { 295 for i := 0; i < 50; i++ { 296 h.Reset() 297 h.Write(key) 298 key = h.Sum(nil) 299 } 300 } 301 302 // 3d 303 if r >= 3 { 304 key = key[:l/8] 305 } else { 306 key = key[:5] 307 } 308 309 return key 310 } 311 312 // O calculates the owner password digest. 313 func o(ctx *model.Context) ([]byte, error) { 314 ownerpw := ctx.OwnerPW 315 userpw := ctx.UserPW 316 317 e := ctx.E 318 319 // 3a-d 320 key := key(ownerpw, userpw, e.R, e.L) 321 322 // 3e 323 o := []byte(userpw) 324 if len(o) >= 32 { 325 o = o[:32] 326 } else { 327 o = append(o, pad[:32-len(o)]...) 328 } 329 330 // 3f 331 c, err := rc4.NewCipher(key) 332 if err != nil { 333 return nil, err 334 } 335 c.XORKeyStream(o, o) 336 337 // 3g 338 if e.R >= 3 { 339 for i := 1; i <= 19; i++ { 340 keynew := make([]byte, len(key)) 341 copy(keynew, key) 342 343 for j := range keynew { 344 keynew[j] ^= byte(i) 345 } 346 347 c, err := rc4.NewCipher(keynew) 348 if err != nil { 349 return nil, err 350 } 351 c.XORKeyStream(o, o) 352 } 353 } 354 355 return o, nil 356 } 357 358 // U calculates the user password digest. 359 func u(ctx *model.Context) (u []byte, key []byte, err error) { 360 // The PW string is generated from OS codepage characters by first converting the string to PDFDocEncoding. 361 // If input is Unicode, first convert to a codepage encoding , and then to PDFDocEncoding for backward compatibility. 362 userpw := ctx.UserPW 363 //fmt.Printf("U userpw=ctx.UserPW=%s\n", userpw) 364 365 e := ctx.E 366 367 key = encKey(userpw, e) 368 369 c, err := rc4.NewCipher(key) 370 if err != nil { 371 return nil, nil, err 372 } 373 374 switch e.R { 375 376 case 2: 377 // 4b 378 u = make([]byte, 32) 379 copy(u, pad) 380 c.XORKeyStream(u, u) 381 382 case 3, 4: 383 // 5b 384 h := md5.New() 385 h.Reset() 386 h.Write(pad) 387 388 // 5c 389 h.Write(e.ID) 390 u = h.Sum(nil) 391 392 // 5ds 393 c.XORKeyStream(u, u) 394 395 // 5e 396 for i := 1; i <= 19; i++ { 397 keynew := make([]byte, len(key)) 398 copy(keynew, key) 399 400 for j := range keynew { 401 keynew[j] ^= byte(i) 402 } 403 404 c, err = rc4.NewCipher(keynew) 405 if err != nil { 406 return nil, nil, err 407 } 408 c.XORKeyStream(u, u) 409 } 410 } 411 412 if len(u) < 32 { 413 u = append(u, nullPad32[:32-len(u)]...) 414 } 415 416 return u, key, nil 417 } 418 419 func validationSalt(bb []byte) []byte { 420 return bb[32:40] 421 } 422 423 func keySalt(bb []byte) []byte { 424 return bb[40:48] 425 } 426 427 func decryptOE(ctx *model.Context, opw []byte) error { 428 b := append(opw, keySalt(ctx.E.O)...) 429 b = append(b, ctx.E.U...) 430 key := sha256.Sum256(b) 431 432 cb, err := aes.NewCipher(key[:]) 433 if err != nil { 434 return err 435 } 436 437 iv := make([]byte, 16) 438 ctx.EncKey = make([]byte, 32) 439 440 mode := cipher.NewCBCDecrypter(cb, iv) 441 mode.CryptBlocks(ctx.EncKey, ctx.E.OE) 442 443 return nil 444 } 445 446 func validateOwnerPasswordAES256(ctx *model.Context) (ok bool, err error) { 447 if len(ctx.OwnerPW) == 0 { 448 return false, nil 449 } 450 451 opw, err := processInput(ctx.OwnerPW) 452 if err != nil { 453 return false, err 454 } 455 456 if len(opw) > 127 { 457 opw = opw[:127] 458 } 459 460 // Algorithm 3.2a 3. 461 b := append(opw, validationSalt(ctx.E.O)...) 462 b = append(b, ctx.E.U...) 463 s := sha256.Sum256(b) 464 465 if !bytes.HasPrefix(ctx.E.O, s[:]) { 466 return false, nil 467 } 468 469 if err := decryptOE(ctx, opw); err != nil { 470 return false, err 471 } 472 473 return true, nil 474 } 475 476 func decryptUE(ctx *model.Context, upw []byte) error { 477 key := sha256.Sum256(append(upw, keySalt(ctx.E.U)...)) 478 479 cb, err := aes.NewCipher(key[:]) 480 if err != nil { 481 return err 482 } 483 484 iv := make([]byte, 16) 485 ctx.EncKey = make([]byte, 32) 486 487 mode := cipher.NewCBCDecrypter(cb, iv) 488 mode.CryptBlocks(ctx.EncKey, ctx.E.UE) 489 490 return nil 491 } 492 493 func validateUserPasswordAES256(ctx *model.Context) (ok bool, err error) { 494 upw, err := processInput(ctx.UserPW) 495 if err != nil { 496 return false, err 497 } 498 499 if len(upw) > 127 { 500 upw = upw[:127] 501 } 502 503 // Algorithm 3.2a 4, 504 s := sha256.Sum256(append(upw, validationSalt(ctx.E.U)...)) 505 506 if !bytes.HasPrefix(ctx.E.U, s[:]) { 507 return false, nil 508 } 509 510 if err := decryptUE(ctx, upw); err != nil { 511 return false, err 512 } 513 514 return true, nil 515 } 516 517 func processInput(input string) ([]byte, error) { 518 // Create a new Precis profile for SASLprep 519 p := precis.NewIdentifier( 520 precis.BidiRule, 521 precis.Norm(norm.NFKC), 522 ) 523 524 output, err := p.String(input) 525 if err != nil { 526 return nil, err 527 } 528 529 return []byte(output), nil 530 } 531 532 func hashRev6(input, pw, U []byte) ([]byte, int, error) { 533 // 7.6.4.3.4 Algorithm 2.B returns 32 bytes. 534 535 mod3 := new(big.Int).SetUint64(3) 536 537 k0 := sha256.Sum256(input) 538 k := k0[:] 539 540 var e []byte 541 j := 0 542 543 for ; j < 64 || e[len(e)-1] > byte(j-32); j++ { 544 var k1 []byte 545 bb := append(pw, k...) 546 if len(U) > 0 { 547 bb = append(bb, U...) 548 } 549 for i := 0; i < 64; i++ { 550 k1 = append(k1, bb...) 551 } 552 553 cb, err := aes.NewCipher(k[:16]) 554 if err != nil { 555 return nil, -1, err 556 } 557 558 iv := k[16:32] 559 e = make([]byte, len(k1)) 560 mode := cipher.NewCBCEncrypter(cb, iv) 561 mode.CryptBlocks(e, k1) 562 563 num := new(big.Int).SetBytes(e[:16]) 564 r := (new(big.Int).Mod(num, mod3)).Uint64() 565 566 switch r { 567 case 0: 568 k0 := sha256.Sum256(e) 569 k = k0[:] 570 case 1: 571 k0 := sha512.Sum384(e) 572 k = k0[:] 573 case 2: 574 k0 := sha512.Sum512(e) 575 k = k0[:] 576 } 577 578 } 579 580 return k[:32], j, nil 581 } 582 583 func validateOwnerPasswordAES256Rev6(ctx *model.Context) (ok bool, err error) { 584 if len(ctx.OwnerPW) == 0 { 585 return false, nil 586 } 587 588 // Process PW with SASLPrep profile (RFC 4013) of stringprep (RFC 3454). 589 opw, err := processInput(ctx.OwnerPW) 590 if err != nil { 591 return false, err 592 } 593 594 if len(opw) > 127 { 595 opw = opw[:127] 596 } 597 598 // Algorithm 12 599 bb := append(opw, validationSalt(ctx.E.O)...) 600 bb = append(bb, ctx.E.U...) 601 s, _, err := hashRev6(bb, opw, ctx.E.U) 602 if err != nil { 603 return false, err 604 } 605 606 if !bytes.HasPrefix(ctx.E.O, s[:]) { 607 return false, nil 608 } 609 610 bb = append(opw, keySalt(ctx.E.O)...) 611 bb = append(bb, ctx.E.U...) 612 key, _, err := hashRev6(bb, opw, ctx.E.U) 613 if err != nil { 614 return false, err 615 } 616 617 cb, err := aes.NewCipher(key[:]) 618 if err != nil { 619 return false, err 620 } 621 622 iv := make([]byte, 16) 623 ctx.EncKey = make([]byte, 32) 624 625 mode := cipher.NewCBCDecrypter(cb, iv) 626 mode.CryptBlocks(ctx.EncKey, ctx.E.OE) 627 628 return true, nil 629 } 630 631 func validateUserPasswordAES256Rev6(ctx *model.Context) (bool, error) { 632 if len(ctx.E.UE) != 32 { 633 return false, errors.New("UE: invalid length") 634 } 635 636 upw, err := processInput(ctx.UserPW) 637 if err != nil { 638 return false, err 639 } 640 if len(upw) > 127 { 641 upw = upw[:127] 642 } 643 644 // Validate U prefix 645 bb := append([]byte{}, upw...) 646 bb = append(bb, validationSalt(ctx.E.U)...) 647 s, _, err := hashRev6(bb, upw, nil) 648 if err != nil { 649 return false, err 650 } 651 if !bytes.HasPrefix(ctx.E.U, s) { 652 return false, nil 653 } 654 655 // Derive decryption key 656 bb = append([]byte{}, upw...) 657 bb = append(bb, keySalt(ctx.E.U)...) 658 key, _, err := hashRev6(bb, upw, nil) 659 if err != nil { 660 return false, err 661 } 662 663 block, err := aes.NewCipher(key) 664 if err != nil { 665 return false, err 666 } 667 668 iv := make([]byte, 16) 669 encKey := make([]byte, 32) 670 cipher.NewCBCDecrypter(block, iv).CryptBlocks(encKey, ctx.E.UE) 671 ctx.EncKey = encKey 672 673 return true, nil 674 } 675 676 // ValidateOwnerPassword validates the owner password aka change permissions password. 677 func validateOwnerPassword(ctx *model.Context) (ok bool, err error) { 678 e := ctx.E 679 680 if e.R == 5 { 681 return validateOwnerPasswordAES256(ctx) 682 } 683 684 if e.R == 6 { 685 return validateOwnerPasswordAES256Rev6(ctx) 686 } 687 688 ownerpw := ctx.OwnerPW 689 userpw := ctx.UserPW 690 691 // 7a: Alg.3 p62 a-d 692 key := key(ownerpw, userpw, e.R, e.L) 693 694 // 7b 695 upw := make([]byte, len(e.O)) 696 copy(upw, e.O) 697 698 var c *rc4.Cipher 699 700 switch e.R { 701 702 case 2: 703 c, err = rc4.NewCipher(key) 704 if err != nil { 705 return 706 } 707 c.XORKeyStream(upw, upw) 708 709 case 3, 4: 710 for i := 19; i >= 0; i-- { 711 712 keynew := make([]byte, len(key)) 713 copy(keynew, key) 714 715 for j := range keynew { 716 keynew[j] ^= byte(i) 717 } 718 719 c, err = rc4.NewCipher(keynew) 720 if err != nil { 721 return false, err 722 } 723 724 c.XORKeyStream(upw, upw) 725 } 726 } 727 728 // Save user pw 729 upws := ctx.UserPW 730 731 ctx.UserPW = string(upw) 732 ok, err = validateUserPassword(ctx) 733 734 // Restore user pw 735 ctx.UserPW = upws 736 737 return ok, err 738 } 739 740 func validateCFLength(len int, cfm *string) bool { 741 // See table 25 Length 742 743 if cfm != nil { 744 if (*cfm == "AESV2" && len != 16) || (*cfm == "AESV3" && len != 32) { 745 return false 746 } 747 } 748 749 // Standard security handler expresses in bytes. 750 minBytes, maxBytes := 5, 32 751 if len < minBytes { 752 return false 753 } 754 if len <= maxBytes { 755 return true 756 } 757 758 // Public security handler expresses in bits. 759 minBits, maxBits := 40, 256 760 if len < minBits || len > maxBits { 761 return false 762 } 763 764 if len%8 > 0 { 765 return false 766 } 767 768 return true 769 } 770 771 func supportedCFEntry(d types.Dict) (bool, error) { 772 cfm := d.NameEntry("CFM") 773 if cfm != nil && *cfm != "V2" && *cfm != "AESV2" && *cfm != "AESV3" { 774 return false, errors.New("pdfcpu: supportedCFEntry: invalid entry \"CFM\"") 775 } 776 777 aes := cfm != nil && (*cfm == "AESV2" || *cfm == "AESV3") 778 779 ae := d.NameEntry("AuthEvent") 780 if ae != nil && *ae != "DocOpen" { 781 return aes, errors.New("pdfcpu: supportedCFEntry: invalid entry \"AuthEvent\"") 782 } 783 784 len := d.IntEntry("Length") 785 if len == nil { 786 return aes, nil 787 } 788 789 if !validateCFLength(*len, cfm) { 790 s := "" 791 if cfm != nil { 792 s = *cfm 793 } 794 return false, errors.Errorf("pdfcpu: supportedCFEntry: invalid entry \"Length\" %d %s", *len, s) 795 } 796 797 return aes, nil 798 } 799 800 func perms(p int) (list []string) { 801 list = append(list, fmt.Sprintf("permission bits: %012b (x%03X)", uint32(p)&0x0F3C, uint32(p)&0x0F3C)) 802 list = append(list, fmt.Sprintf("Bit 3: %t (print(rev2), print quality(rev>=3))", p&0x0004 > 0)) 803 list = append(list, fmt.Sprintf("Bit 4: %t (modify other than controlled by bits 6,9,11)", p&0x0008 > 0)) 804 list = append(list, fmt.Sprintf("Bit 5: %t (extract(rev2), extract other than controlled by bit 10(rev>=3))", p&0x0010 > 0)) 805 list = append(list, fmt.Sprintf("Bit 6: %t (add or modify annotations)", p&0x0020 > 0)) 806 list = append(list, fmt.Sprintf("Bit 9: %t (fill in form fields(rev>=3)", p&0x0100 > 0)) 807 list = append(list, fmt.Sprintf("Bit 10: %t (extract(rev>=3))", p&0x0200 > 0)) 808 list = append(list, fmt.Sprintf("Bit 11: %t (modify(rev>=3))", p&0x0400 > 0)) 809 list = append(list, fmt.Sprintf("Bit 12: %t (print high-level(rev>=3))", p&0x0800 > 0)) 810 return list 811 } 812 813 // PermissionsList returns a list of set permissions. 814 func PermissionsList(p int) (list []string) { 815 if p == 0 { 816 return append(list, "Full access") 817 } 818 819 return perms(p) 820 } 821 822 // Permissions returns a list of set permissions. 823 func Permissions(ctx *model.Context) (list []string) { 824 p := 0 825 if ctx.E != nil { 826 p = ctx.E.P 827 } 828 829 return PermissionsList(p) 830 } 831 832 func validatePermissions(ctx *model.Context) (bool, error) { 833 // Algorithm 3.2a 5. 834 835 if ctx.E.R != 5 && ctx.E.R != 6 { 836 return true, nil 837 } 838 839 cb, err := aes.NewCipher(ctx.EncKey[:]) 840 if err != nil { 841 return false, err 842 } 843 844 p := make([]byte, len(ctx.E.Perms)) 845 cb.Decrypt(p, ctx.E.Perms) 846 if string(p[9:12]) != "adb" { 847 return false, nil 848 } 849 850 b := binary.LittleEndian.Uint32(p[:4]) 851 return int32(b) == int32(ctx.E.P), nil 852 } 853 854 func writePermissions(ctx *model.Context, d types.Dict) error { 855 // Algorithm 3.10 856 857 if ctx.E.R != 5 && ctx.E.R != 6 { 858 return nil 859 } 860 861 b := make([]byte, 16) 862 binary.LittleEndian.PutUint64(b, uint64(ctx.E.P)) 863 864 b[4] = 0xFF 865 b[5] = 0xFF 866 b[6] = 0xFF 867 b[7] = 0xFF 868 869 var c byte = 'F' 870 if ctx.E.Emd { 871 c = 'T' 872 } 873 b[8] = c 874 875 b[9] = 'a' 876 b[10] = 'd' 877 b[11] = 'b' 878 879 cb, err := aes.NewCipher(ctx.EncKey[:]) 880 if err != nil { 881 return err 882 } 883 884 cb.Encrypt(ctx.E.Perms, b) 885 d.Update("Perms", types.HexLiteral(hex.EncodeToString(ctx.E.Perms))) 886 887 return nil 888 } 889 890 func logP(enc *model.Enc) { 891 if !log.InfoEnabled() { 892 return 893 } 894 for _, s := range perms(enc.P) { 895 log.Info.Println(s) 896 } 897 898 } 899 900 func maskExtract(mode model.CommandMode, secHandlerRev int) int { 901 p, ok := perm[mode] 902 903 // no permissions defined or don't need extract permission 904 if !ok || p.extract == 0 { 905 return 0 906 } 907 908 // need extract permission 909 910 if secHandlerRev >= 3 { 911 return 0x0200 // need bit 10 912 } 913 914 return 0x0010 // need bit 5 915 } 916 917 func maskModify(mode model.CommandMode, secHandlerRev int) int { 918 p, ok := perm[mode] 919 920 // no permissions defined or don't need modify permission 921 if !ok || p.modify == 0 { 922 return 0 923 } 924 925 // need modify permission 926 927 if secHandlerRev >= 3 { 928 return 0x0400 // need bit 11 929 } 930 931 return 0x0008 // need bit 4 932 } 933 934 // HasNeededPermissions returns true if permissions for pdfcpu processing are present. 935 func hasNeededPermissions(mode model.CommandMode, enc *model.Enc) bool { 936 // see 7.6.3.2 937 938 logP(enc) 939 940 m := maskExtract(mode, enc.R) 941 if m > 0 { 942 if enc.P&m == 0 { 943 return false 944 } 945 } 946 947 m = maskModify(mode, enc.R) 948 if m > 0 { 949 if enc.P&m == 0 { 950 return false 951 } 952 } 953 954 return true 955 } 956 957 func getV(ctx *model.Context, d types.Dict, l int) (*int, error) { 958 v := d.IntEntry("V") 959 960 if v == nil || (*v != 1 && *v != 2 && *v != 4 && *v != 5) { 961 return nil, errors.Errorf("getV: \"V\" must be one of 1,2,4,5") 962 } 963 964 if *v == 5 { 965 if l != 256 { 966 return nil, errors.Errorf("getV: \"V\" 5 invalid length, must be 256, got %d", l) 967 } 968 if ctx.XRefTable.Version() != model.V20 && ctx.XRefTable.ValidationMode == model.ValidationStrict { 969 return nil, errors.New("getV: 5 valid for PDF 2.0 only") 970 } 971 } 972 973 return v, nil 974 } 975 func checkStmf(ctx *model.Context, stmf *string, cfDict types.Dict) error { 976 if stmf != nil && *stmf != "Identity" { 977 978 d := cfDict.DictEntry(*stmf) 979 if d == nil { 980 return errors.Errorf("pdfcpu: checkStmf: entry \"%s\" missing in \"CF\"", *stmf) 981 } 982 983 aes, err := supportedCFEntry(d) 984 if err != nil { 985 return errors.Wrapf(err, "pdfcpu: checkStmv: unsupported \"%s\" entry in \"CF\"", *stmf) 986 } 987 ctx.AES4Streams = aes 988 } 989 990 return nil 991 } 992 993 func checkV(ctx *model.Context, d types.Dict, l int) (*int, error) { 994 v, err := getV(ctx, d, l) 995 if err != nil { 996 return nil, err 997 } 998 999 // v == 2 implies RC4 1000 if *v != 4 && *v != 5 { 1001 return v, nil 1002 } 1003 1004 // CF 1005 cfDict := d.DictEntry("CF") 1006 if cfDict == nil { 1007 return nil, errors.Errorf("pdfcpu: checkV: required entry \"CF\" missing.") 1008 } 1009 1010 // StmF 1011 stmf := d.NameEntry("StmF") 1012 err = checkStmf(ctx, stmf, cfDict) 1013 if err != nil { 1014 return nil, err 1015 } 1016 1017 // StrF 1018 strf := d.NameEntry("StrF") 1019 if strf != nil && *strf != "Identity" { 1020 d1 := cfDict.DictEntry(*strf) 1021 if d1 == nil { 1022 return nil, errors.Errorf("pdfcpu: checkV: entry \"%s\" missing in \"CF\"", *strf) 1023 } 1024 aes, err := supportedCFEntry(d1) 1025 if err != nil { 1026 return nil, errors.Wrapf(err, "checkV: unsupported \"%s\" entry in \"CF\"", *strf) 1027 } 1028 ctx.AES4Strings = aes 1029 } 1030 1031 // EFF 1032 eff := d.NameEntry("EFF") 1033 if eff != nil && *eff != "Identity" { 1034 d := cfDict.DictEntry(*eff) 1035 if d == nil { 1036 return nil, errors.Errorf("pdfcpu: checkV: entry \"%s\" missing in \"CF\"", *eff) 1037 } 1038 aes, err := supportedCFEntry(d) 1039 if err != nil { 1040 return nil, errors.Wrapf(err, "checkV: unsupported \"%s\" entry in \"CF\"", *eff) 1041 } 1042 ctx.AES4EmbeddedStreams = aes 1043 } 1044 1045 return v, nil 1046 } 1047 1048 func length(d types.Dict) (int, error) { 1049 l := d.IntEntry("Length") 1050 if l == nil { 1051 return 40, nil 1052 } 1053 1054 if (*l < 40 || *l > 128 || *l%8 > 0) && *l != 256 { 1055 return 0, errors.Errorf("pdfcpu: length: \"Length\" %d not supported\n", *l) 1056 } 1057 1058 return *l, nil 1059 } 1060 1061 func getR(ctx *model.Context, d types.Dict) (int, error) { 1062 maxR := 5 1063 if ctx.XRefTable.Version() == model.V20 || ctx.XRefTable.ValidationMode == model.ValidationRelaxed { 1064 maxR = 6 1065 } 1066 1067 r := d.IntEntry("R") 1068 if r == nil || *r < 2 || *r > maxR { 1069 return 0, ErrUnknownEncryption 1070 } 1071 1072 return *r, nil 1073 } 1074 1075 func validateAlgorithm(ctx *model.Context) (ok bool) { 1076 k := ctx.EncryptKeyLength 1077 1078 if ctx.XRefTable.Version() == model.V20 { 1079 return ctx.EncryptUsingAES && k == 256 1080 } 1081 1082 if ctx.EncryptUsingAES { 1083 return k == 40 || k == 128 || k == 256 1084 } 1085 1086 return k == 40 || k == 128 1087 } 1088 1089 func validateAES256Parameters(d types.Dict) (oe, ue, perms []byte, err error) { 1090 // OE 1091 oe, err = d.StringEntryBytes("OE") 1092 if err != nil { 1093 return nil, nil, nil, err 1094 } 1095 if len(oe) != 32 { 1096 return nil, nil, nil, errors.New("pdfcpu: encryption dictionary: 'OE' entry missing or not 32 bytes") 1097 } 1098 1099 // UE 1100 ue, err = d.StringEntryBytes("UE") 1101 if err != nil { 1102 return nil, nil, nil, err 1103 } 1104 if len(ue) != 32 { 1105 return nil, nil, nil, errors.New("pdfcpu: encryption dictionary: 'UE' entry missing or not 32 bytes") 1106 } 1107 1108 // Perms 1109 perms, err = d.StringEntryBytes("Perms") 1110 if err != nil { 1111 return nil, nil, nil, err 1112 } 1113 if len(perms) != 16 { 1114 return nil, nil, nil, errors.New("pdfcpu: encryption dictionary: 'Perms' entry missing or not 16 bytes") 1115 } 1116 1117 return oe, ue, perms, nil 1118 } 1119 1120 func validateOAndU(ctx *model.Context, d types.Dict, r int) (o, u []byte, err error) { 1121 // O, 32 bytes long if the value of R is 4 or less and 48 bytes long if the value of R is 6. 1122 o, err = d.StringEntryBytes("O") 1123 if err != nil { 1124 return nil, nil, err 1125 } 1126 1127 if ctx.XRefTable.ValidationMode == model.ValidationStrict { 1128 if r == 6 && len(o) < 48 { 1129 return nil, nil, errors.New("pdfcpu: unsupported encryption: missing or invalid required entry \"O\"") 1130 } 1131 if r <= 4 && len(o) < 32 { 1132 return nil, nil, errors.New("pdfcpu: unsupported encryption: missing or invalid required entry \"O\"") 1133 } 1134 } 1135 1136 // if l := len(o); l != 32 && l != 48 { 1137 // if ctx.XRefTable.ValidationMode == model.ValidationStrict || l < 48 { 1138 // return nil, nil, errors.New("pdfcpu: unsupported encryption: missing or invalid required entry \"O\"") 1139 // } 1140 // o = o[:48] // len(o) > 48, truncate 1141 // } 1142 1143 // U, 32 bytes long if the value of R is 4 or less and 48 bytes long if the value of R is 6. 1144 u, err = d.StringEntryBytes("U") 1145 if err != nil { 1146 return nil, nil, err 1147 } 1148 1149 if ctx.XRefTable.ValidationMode == model.ValidationStrict { 1150 if r == 6 && len(u) < 48 { 1151 return nil, nil, errors.New("pdfcpu: unsupported encryption: missing or invalid required entry \"O\"") 1152 } 1153 if r <= 4 && len(u) < 32 { 1154 return nil, nil, errors.New("pdfcpu: unsupported encryption: missing or invalid required entry \"O\"") 1155 } 1156 } 1157 1158 // if l := len(u); l != 32 && l != 48 { 1159 // if ctx.XRefTable.ValidationMode == model.ValidationStrict || l < 48 { // Fix 1163 1160 // return nil, nil, errors.New("pdfcpu: unsupported encryption: missing or invalid required entry \"U\"") 1161 // } 1162 // u = u[:48] 1163 // } 1164 1165 return o, u, nil 1166 } 1167 1168 // SupportedEncryption returns a pointer to a struct encapsulating used encryption. 1169 func supportedEncryption(ctx *model.Context, d types.Dict) (*model.Enc, error) { 1170 // Filter 1171 filter := d.NameEntry("Filter") 1172 if filter == nil || *filter != "Standard" { 1173 return nil, errors.New("pdfcpu: unsupported encryption: filter must be \"Standard\"") 1174 } 1175 1176 // SubFilter 1177 if d.NameEntry("SubFilter") != nil { 1178 return nil, errors.New("pdfcpu: unsupported encryption: \"SubFilter\" not supported") 1179 } 1180 1181 // Length 1182 l, err := length(d) 1183 if err != nil { 1184 return nil, err 1185 } 1186 1187 // V 1188 v, err := checkV(ctx, d, l) 1189 if err != nil { 1190 return nil, err 1191 } 1192 1193 // R 1194 r, err := getR(ctx, d) 1195 if err != nil { 1196 return nil, err 1197 } 1198 1199 o, u, err := validateOAndU(ctx, d, r) 1200 if err != nil { 1201 return nil, err 1202 } 1203 1204 var oe, ue, perms []byte 1205 if r == 5 || r == 6 { 1206 oe, ue, perms, err = validateAES256Parameters(d) 1207 if err != nil { 1208 return nil, err 1209 } 1210 } 1211 1212 // P 1213 p := d.IntEntry("P") 1214 if p == nil { 1215 return nil, errors.New("pdfcpu: unsupported encryption: required entry \"P\" missing") 1216 } 1217 1218 // EncryptMetadata 1219 encMeta := true 1220 emd := d.BooleanEntry("EncryptMetadata") 1221 if emd != nil { 1222 encMeta = *emd 1223 } 1224 1225 return &model.Enc{ 1226 O: o, 1227 OE: oe, 1228 U: u, 1229 UE: ue, 1230 L: l, 1231 P: *p, 1232 Perms: perms, 1233 R: r, 1234 V: *v, 1235 Emd: encMeta}, 1236 nil 1237 } 1238 1239 func decryptKey(objNumber, generation int, key []byte, aes bool) []byte { 1240 m := md5.New() 1241 1242 nr := uint32(objNumber) 1243 b1 := []byte{byte(nr), byte(nr >> 8), byte(nr >> 16)} 1244 b := append(key, b1...) 1245 1246 gen := uint16(generation) 1247 b2 := []byte{byte(gen), byte(gen >> 8)} 1248 b = append(b, b2...) 1249 1250 m.Write(b) 1251 1252 if aes { 1253 m.Write([]byte("sAlT")) 1254 } 1255 1256 dk := m.Sum(nil) 1257 1258 l := len(key) + 5 1259 if l < 16 { 1260 dk = dk[:l] 1261 } 1262 1263 return dk 1264 } 1265 1266 // EncryptBytes encrypts s using RC4 or AES. 1267 func encryptBytes(b []byte, objNr, genNr int, encKey []byte, needAES bool, r int) ([]byte, error) { 1268 if needAES { 1269 k := encKey 1270 if r != 5 && r != 6 { 1271 k = decryptKey(objNr, genNr, encKey, needAES) 1272 } 1273 return encryptAESBytes(b, k) 1274 } 1275 1276 return applyRC4CipherBytes(b, objNr, genNr, encKey, needAES) 1277 } 1278 1279 // decryptBytes decrypts bb using RC4 or AES. 1280 func decryptBytes(b []byte, objNr, genNr int, encKey []byte, needAES bool, r int) ([]byte, error) { 1281 if needAES { 1282 k := encKey 1283 if r != 5 && r != 6 { 1284 k = decryptKey(objNr, genNr, encKey, needAES) 1285 } 1286 return decryptAESBytes(b, k) 1287 } 1288 1289 return applyRC4CipherBytes(b, objNr, genNr, encKey, needAES) 1290 } 1291 1292 func applyRC4CipherBytes(b []byte, objNr, genNr int, key []byte, needAES bool) ([]byte, error) { 1293 c, err := rc4.NewCipher(decryptKey(objNr, genNr, key, needAES)) 1294 if err != nil { 1295 return nil, err 1296 } 1297 1298 c.XORKeyStream(b, b) 1299 1300 return b, nil 1301 } 1302 1303 func encrypt(m map[string]types.Object, k string, v types.Object, objNr, genNr int, key []byte, needAES bool, r int) error { 1304 s, err := encryptDeepObject(v, objNr, genNr, key, needAES, r) 1305 if err != nil { 1306 return err 1307 } 1308 1309 if s != nil { 1310 m[k] = s 1311 } 1312 1313 return nil 1314 } 1315 1316 func encryptDict(d types.Dict, objNr, genNr int, key []byte, needAES bool, r int) error { 1317 isSig := false 1318 ft := d["FT"] 1319 if ft == nil { 1320 ft = d["Type"] 1321 } 1322 if ft != nil { 1323 if ftv, ok := ft.(types.Name); ok && (ftv == "Sig" || ftv == "DocTimeStamp") { 1324 isSig = true 1325 } 1326 } 1327 for k, v := range d { 1328 if isSig && k == "Contents" { 1329 continue 1330 } 1331 err := encrypt(d, k, v, objNr, genNr, key, needAES, r) 1332 if err != nil { 1333 return err 1334 } 1335 } 1336 1337 return nil 1338 } 1339 1340 func encryptStringLiteral(sl types.StringLiteral, objNr, genNr int, key []byte, needAES bool, r int) (*types.StringLiteral, error) { 1341 bb, err := types.Unescape(sl.Value()) 1342 if err != nil { 1343 return nil, err 1344 } 1345 1346 bb, err = encryptBytes(bb, objNr, genNr, key, needAES, r) 1347 if err != nil { 1348 return nil, err 1349 } 1350 1351 s, err := types.Escape(string(bb)) 1352 if err != nil { 1353 return nil, err 1354 } 1355 1356 sl = types.StringLiteral(*s) 1357 1358 return &sl, nil 1359 } 1360 1361 func decryptStringLiteral(sl types.StringLiteral, objNr, genNr int, key []byte, needAES bool, r int) (*types.StringLiteral, error) { 1362 if sl.Value() == "" { 1363 return &sl, nil 1364 } 1365 bb, err := types.Unescape(sl.Value()) 1366 if err != nil { 1367 return nil, err 1368 } 1369 1370 bb, err = decryptBytes(bb, objNr, genNr, key, needAES, r) 1371 if err != nil { 1372 return nil, err 1373 } 1374 1375 s, err := types.Escape(string(bb)) 1376 if err != nil { 1377 return nil, err 1378 } 1379 1380 sl = types.StringLiteral(*s) 1381 1382 return &sl, nil 1383 } 1384 1385 func encryptHexLiteral(hl types.HexLiteral, objNr, genNr int, key []byte, needAES bool, r int) (*types.HexLiteral, error) { 1386 bb, err := hl.Bytes() 1387 if err != nil { 1388 return nil, err 1389 } 1390 1391 bb, err = encryptBytes(bb, objNr, genNr, key, needAES, r) 1392 if err != nil { 1393 return nil, err 1394 } 1395 1396 hl = types.NewHexLiteral(bb) 1397 1398 return &hl, nil 1399 } 1400 1401 func decryptHexLiteral(hl types.HexLiteral, objNr, genNr int, key []byte, needAES bool, r int) (*types.HexLiteral, error) { 1402 if hl.Value() == "" { 1403 return &hl, nil 1404 } 1405 bb, err := hl.Bytes() 1406 if err != nil { 1407 return nil, err 1408 } 1409 1410 bb, err = decryptBytes(bb, objNr, genNr, key, needAES, r) 1411 if err != nil { 1412 return nil, err 1413 } 1414 1415 hl = types.NewHexLiteral(bb) 1416 1417 return &hl, nil 1418 } 1419 1420 // EncryptDeepObject recurses over non trivial PDF objects and encrypts all strings encountered. 1421 func encryptDeepObject(objIn types.Object, objNr, genNr int, key []byte, needAES bool, r int) (types.Object, error) { 1422 _, ok := objIn.(types.IndirectRef) 1423 if ok { 1424 return nil, nil 1425 } 1426 1427 switch obj := objIn.(type) { 1428 1429 case types.StreamDict: 1430 err := encryptDict(obj.Dict, objNr, genNr, key, needAES, r) 1431 if err != nil { 1432 return nil, err 1433 } 1434 1435 case types.Dict: 1436 err := encryptDict(obj, objNr, genNr, key, needAES, r) 1437 if err != nil { 1438 return nil, err 1439 } 1440 1441 case types.Array: 1442 for i, v := range obj { 1443 s, err := encryptDeepObject(v, objNr, genNr, key, needAES, r) 1444 if err != nil { 1445 return nil, err 1446 } 1447 if s != nil { 1448 obj[i] = s 1449 } 1450 } 1451 1452 case types.StringLiteral: 1453 sl, err := encryptStringLiteral(obj, objNr, genNr, key, needAES, r) 1454 if err != nil { 1455 return nil, err 1456 } 1457 return *sl, nil 1458 1459 case types.HexLiteral: 1460 hl, err := encryptHexLiteral(obj, objNr, genNr, key, needAES, r) 1461 if err != nil { 1462 return nil, err 1463 } 1464 return *hl, nil 1465 1466 default: 1467 1468 } 1469 1470 return nil, nil 1471 } 1472 1473 func decryptDict(d types.Dict, objNr, genNr int, key []byte, needAES bool, r int) error { 1474 isSig := false 1475 ft := d["FT"] 1476 if ft == nil { 1477 ft = d["Type"] 1478 } 1479 if ft != nil { 1480 if ftv, ok := ft.(types.Name); ok && (ftv == "Sig" || ftv == "DocTimeStamp") { 1481 isSig = true 1482 } 1483 } 1484 for k, v := range d { 1485 if isSig && k == "Contents" { 1486 continue 1487 } 1488 s, err := decryptDeepObject(v, objNr, genNr, key, needAES, r) 1489 if err != nil { 1490 return err 1491 } 1492 if s != nil { 1493 d[k] = s 1494 } 1495 } 1496 return nil 1497 } 1498 1499 func decryptDeepObject(objIn types.Object, objNr, genNr int, key []byte, needAES bool, r int) (types.Object, error) { 1500 _, ok := objIn.(types.IndirectRef) 1501 if ok { 1502 return nil, nil 1503 } 1504 1505 switch obj := objIn.(type) { 1506 1507 case types.Dict: 1508 if err := decryptDict(obj, objNr, genNr, key, needAES, r); err != nil { 1509 return nil, err 1510 } 1511 1512 case types.Array: 1513 for i, v := range obj { 1514 s, err := decryptDeepObject(v, objNr, genNr, key, needAES, r) 1515 if err != nil { 1516 return nil, err 1517 } 1518 if s != nil { 1519 obj[i] = s 1520 } 1521 } 1522 1523 case types.StringLiteral: 1524 sl, err := decryptStringLiteral(obj, objNr, genNr, key, needAES, r) 1525 if err != nil { 1526 return nil, err 1527 } 1528 return *sl, nil 1529 1530 case types.HexLiteral: 1531 hl, err := decryptHexLiteral(obj, objNr, genNr, key, needAES, r) 1532 if err != nil { 1533 return nil, err 1534 } 1535 return *hl, nil 1536 1537 default: 1538 1539 } 1540 1541 return nil, nil 1542 } 1543 1544 // EncryptStream encrypts a stream buffer using RC4 or AES. 1545 func encryptStream(buf []byte, objNr, genNr int, encKey []byte, needAES bool, r int) ([]byte, error) { 1546 k := encKey 1547 if r != 5 && r != 6 { 1548 k = decryptKey(objNr, genNr, encKey, needAES) 1549 } 1550 1551 if needAES { 1552 return encryptAESBytes(buf, k) 1553 } 1554 1555 return applyRC4Bytes(buf, k) 1556 } 1557 1558 // decryptStream decrypts a stream buffer using RC4 or AES. 1559 func decryptStream(buf []byte, objNr, genNr int, encKey []byte, needAES bool, r int) ([]byte, error) { 1560 k := encKey 1561 if r != 5 && r != 6 { 1562 k = decryptKey(objNr, genNr, encKey, needAES) 1563 } 1564 1565 if needAES { 1566 return decryptAESBytes(buf, k) 1567 } 1568 1569 return applyRC4Bytes(buf, k) 1570 } 1571 1572 func applyRC4Bytes(buf, key []byte) ([]byte, error) { 1573 c, err := rc4.NewCipher(key) 1574 if err != nil { 1575 return nil, err 1576 } 1577 1578 var b bytes.Buffer 1579 1580 r := &cipher.StreamReader{S: c, R: bytes.NewReader(buf)} 1581 1582 _, err = io.Copy(&b, r) 1583 if err != nil { 1584 return nil, err 1585 } 1586 1587 return b.Bytes(), nil 1588 } 1589 1590 func encryptAESBytes(b, key []byte) ([]byte, error) { 1591 // pad b to aes.Blocksize 1592 l := len(b) % aes.BlockSize 1593 c := 0x10 1594 if l > 0 { 1595 c = aes.BlockSize - l 1596 } 1597 b = append(b, bytes.Repeat([]byte{byte(c)}, aes.BlockSize-l)...) 1598 1599 if len(b) < aes.BlockSize { 1600 return nil, errors.New("pdfcpu: encryptAESBytes: Ciphertext too short") 1601 } 1602 1603 if len(b)%aes.BlockSize > 0 { 1604 return nil, errors.New("pdfcpu: encryptAESBytes: Ciphertext not a multiple of block size") 1605 } 1606 1607 data := make([]byte, aes.BlockSize+len(b)) 1608 iv := data[:aes.BlockSize] 1609 1610 _, err := io.ReadFull(rand.Reader, iv) 1611 if err != nil { 1612 return nil, err 1613 } 1614 1615 cb, err := aes.NewCipher(key) 1616 if err != nil { 1617 return nil, err 1618 } 1619 1620 mode := cipher.NewCBCEncrypter(cb, iv) 1621 mode.CryptBlocks(data[aes.BlockSize:], b) 1622 1623 return data, nil 1624 } 1625 1626 func decryptAESBytes(b, key []byte) ([]byte, error) { 1627 if len(b) < aes.BlockSize { 1628 return nil, errors.New("pdfcpu: decryptAESBytes: Ciphertext too short") 1629 } 1630 1631 if len(b)%aes.BlockSize > 0 { 1632 return nil, errors.New("pdfcpu: decryptAESBytes: Ciphertext not a multiple of block size") 1633 } 1634 1635 cb, err := aes.NewCipher(key) 1636 if err != nil { 1637 return nil, err 1638 } 1639 1640 iv := make([]byte, aes.BlockSize) 1641 copy(iv, b[:aes.BlockSize]) 1642 1643 data := b[aes.BlockSize:] 1644 mode := cipher.NewCBCDecrypter(cb, iv) 1645 mode.CryptBlocks(data, data) 1646 1647 // Remove padding. 1648 // Note: For some reason not all AES ciphertexts are padded. 1649 if len(data) > 0 && data[len(data)-1] <= 0x10 { 1650 e := len(data) - int(data[len(data)-1]) 1651 data = data[:e] 1652 } 1653 1654 return data, nil 1655 } 1656 1657 func fileID(ctx *model.Context) (types.HexLiteral, error) { 1658 // see also 14.4 File Identifiers. 1659 1660 // The calculation of the file identifier need not be reproducible; 1661 // all that matters is that the identifier is likely to be unique. 1662 // For example, two implementations of the preceding algorithm might use different formats for the current time, 1663 // causing them to produce different file identifiers for the same file created at the same time, 1664 // but the uniqueness of the identifier is not affected. 1665 1666 h := md5.New() 1667 1668 // Current timestamp. 1669 h.Write([]byte(time.Now().String())) 1670 1671 // File location - ignore, we don't have this. 1672 1673 // File size. 1674 h.Write([]byte(strconv.Itoa(ctx.Read.ReadFileSize()))) 1675 1676 // All values of the info dict which is assumed to be there at this point. 1677 if ctx.XRefTable.Version() < model.V20 { 1678 d, err := ctx.DereferenceDict(*ctx.Info) 1679 if err != nil { 1680 return "", err 1681 } 1682 for _, v := range d { 1683 o, err := ctx.Dereference(v) 1684 if err != nil { 1685 return "", err 1686 } 1687 h.Write([]byte(o.String())) 1688 } 1689 } 1690 1691 m := h.Sum(nil) 1692 1693 return types.HexLiteral(hex.EncodeToString(m)), nil 1694 } 1695 1696 func calcFileEncKey(ctx *model.Context) error { 1697 ctx.EncKey = make([]byte, 32) 1698 _, err := io.ReadFull(rand.Reader, ctx.EncKey) 1699 return err 1700 } 1701 1702 func calcOAndUAES256(ctx *model.Context, d types.Dict) (err error) { 1703 b := make([]byte, 16) 1704 _, err = io.ReadFull(rand.Reader, b) 1705 if err != nil { 1706 return err 1707 } 1708 1709 u := append(make([]byte, 32), b...) 1710 upw := []byte(ctx.UserPW) 1711 h := sha256.Sum256(append(upw, validationSalt(u)...)) 1712 1713 ctx.E.U = append(h[:], b...) 1714 d.Update("U", types.HexLiteral(hex.EncodeToString(ctx.E.U))) 1715 1716 /////////////////////////////////// 1717 1718 b = make([]byte, 16) 1719 _, err = io.ReadFull(rand.Reader, b) 1720 if err != nil { 1721 return err 1722 } 1723 1724 o := append(make([]byte, 32), b...) 1725 opw := []byte(ctx.OwnerPW) 1726 c := append(opw, validationSalt(o)...) 1727 h = sha256.Sum256(append(c, ctx.E.U...)) 1728 ctx.E.O = append(h[:], b...) 1729 d.Update("O", types.HexLiteral(hex.EncodeToString(ctx.E.O))) 1730 1731 ////////////////////////////////// 1732 1733 if err := calcFileEncKey(ctx); err != nil { 1734 return err 1735 } 1736 1737 ////////////////////////////////// 1738 1739 h = sha256.Sum256(append(upw, keySalt(u)...)) 1740 cb, err := aes.NewCipher(h[:]) 1741 if err != nil { 1742 return err 1743 } 1744 1745 iv := make([]byte, 16) 1746 mode := cipher.NewCBCEncrypter(cb, iv) 1747 mode.CryptBlocks(ctx.E.UE, ctx.EncKey) 1748 d.Update("UE", types.HexLiteral(hex.EncodeToString(ctx.E.UE))) 1749 1750 ////////////////////////////////// 1751 1752 c = append(opw, keySalt(o)...) 1753 h = sha256.Sum256(append(c, ctx.E.U...)) 1754 cb, err = aes.NewCipher(h[:]) 1755 if err != nil { 1756 return err 1757 } 1758 1759 mode = cipher.NewCBCEncrypter(cb, iv) 1760 mode.CryptBlocks(ctx.E.OE, ctx.EncKey) 1761 d.Update("OE", types.HexLiteral(hex.EncodeToString(ctx.E.OE))) 1762 1763 return nil 1764 } 1765 1766 func calcOAndUAES256Rev6(ctx *model.Context, d types.Dict) (err error) { 1767 b := make([]byte, 16) 1768 _, err = io.ReadFull(rand.Reader, b) 1769 if err != nil { 1770 return err 1771 } 1772 1773 u := append(make([]byte, 32), b...) 1774 upw := []byte(ctx.UserPW) 1775 h, _, err := hashRev6(append(upw, validationSalt(u)...), upw, nil) 1776 if err != nil { 1777 return err 1778 } 1779 1780 ctx.E.U = append(h[:], b...) 1781 d.Update("U", types.HexLiteral(hex.EncodeToString(ctx.E.U))) 1782 1783 /////////////////////////// 1784 1785 b = make([]byte, 16) 1786 _, err = io.ReadFull(rand.Reader, b) 1787 if err != nil { 1788 return err 1789 } 1790 1791 o := append(make([]byte, 32), b...) 1792 opw := []byte(ctx.OwnerPW) 1793 c := append(opw, validationSalt(o)...) 1794 h, _, err = hashRev6(append(c, ctx.E.U...), opw, ctx.E.U) 1795 if err != nil { 1796 return err 1797 } 1798 1799 ctx.E.O = append(h[:], b...) 1800 d.Update("O", types.HexLiteral(hex.EncodeToString(ctx.E.O))) 1801 1802 /////////////////////////// 1803 1804 if err := calcFileEncKey(ctx); err != nil { 1805 return err 1806 } 1807 1808 /////////////////////////// 1809 1810 h, _, err = hashRev6(append(upw, keySalt(u)...), upw, nil) 1811 if err != nil { 1812 return err 1813 } 1814 1815 cb, err := aes.NewCipher(h[:]) 1816 if err != nil { 1817 return err 1818 } 1819 1820 iv := make([]byte, 16) 1821 mode := cipher.NewCBCEncrypter(cb, iv) 1822 mode.CryptBlocks(ctx.E.UE, ctx.EncKey) 1823 d.Update("UE", types.HexLiteral(hex.EncodeToString(ctx.E.UE))) 1824 1825 ////////////////////////////// 1826 1827 c = append(opw, keySalt(o)...) 1828 h, _, err = hashRev6(append(c, ctx.E.U...), opw, ctx.E.U) 1829 if err != nil { 1830 return err 1831 } 1832 1833 cb, err = aes.NewCipher(h[:]) 1834 if err != nil { 1835 return err 1836 } 1837 1838 mode = cipher.NewCBCEncrypter(cb, iv) 1839 mode.CryptBlocks(ctx.E.OE, ctx.EncKey) 1840 d.Update("OE", types.HexLiteral(hex.EncodeToString(ctx.E.OE))) 1841 1842 return nil 1843 } 1844 1845 func calcOAndU(ctx *model.Context, d types.Dict) (err error) { 1846 if ctx.E.R == 5 { 1847 return calcOAndUAES256(ctx, d) 1848 } 1849 1850 if ctx.E.R == 6 { 1851 return calcOAndUAES256Rev6(ctx, d) 1852 } 1853 1854 ctx.E.O, err = o(ctx) 1855 if err != nil { 1856 return err 1857 } 1858 1859 ctx.E.U, ctx.EncKey, err = u(ctx) 1860 if err != nil { 1861 return err 1862 } 1863 1864 d.Update("U", types.HexLiteral(hex.EncodeToString(ctx.E.U))) 1865 d.Update("O", types.HexLiteral(hex.EncodeToString(ctx.E.O))) 1866 1867 return nil 1868 }