1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
8 #include "../../../include/fpdfapi/fpdf_parser.h"
9 #include "../../../include/fdrm/fx_crypt.h"
10 const FX_BYTE defpasscode[32] = {
11 0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
12 0x64, 0x00, 0x4e, 0x56, 0xff, 0xfa, 0x01, 0x08,
13 0x2e, 0x2e, 0x00, 0xb6, 0xd0, 0x68, 0x3e, 0x80,
14 0x2f, 0x0c, 0xa9, 0xfe, 0x64, 0x53, 0x69, 0x7a
16 void CalcEncryptKey(CPDF_Dictionary* pEncrypt, FX_LPCBYTE password, FX_DWORD pass_size,
17 FX_LPBYTE key, int keylen, FX_BOOL bIgnoreMeta, CPDF_Array* pIdArray)
19 int revision = pEncrypt->GetInteger(FX_BSTRC("R"));
21 for (FX_DWORD i = 0; i < 32; i ++) {
22 passcode[i] = i < pass_size ? password[i] : defpasscode[i - pass_size];
26 CRYPT_MD5Update(md5, passcode, 32);
27 CFX_ByteString okey = pEncrypt->GetString(FX_BSTRC("O"));
28 CRYPT_MD5Update(md5, (FX_LPBYTE)(FX_LPCSTR)okey, okey.GetLength());
29 FX_DWORD perm = pEncrypt->GetInteger(FX_BSTRC("P"));
30 CRYPT_MD5Update(md5, (FX_LPBYTE)&perm, 4);
32 CFX_ByteString id = pIdArray->GetString(0);
33 CRYPT_MD5Update(md5, (FX_LPBYTE)(FX_LPCSTR)id, id.GetLength());
35 if (!bIgnoreMeta && revision >= 3 && !pEncrypt->GetInteger(FX_BSTRC("EncryptMetadata"), 1)) {
36 FX_DWORD tag = (FX_DWORD) - 1;
37 CRYPT_MD5Update(md5, (FX_LPBYTE)&tag, 4);
40 CRYPT_MD5Finish(md5, digest);
41 FX_DWORD copy_len = keylen;
42 if (copy_len > sizeof(digest)) {
43 copy_len = sizeof(digest);
46 for (int i = 0; i < 50; i ++) {
47 CRYPT_MD5Generate(digest, copy_len, digest);
50 FXSYS_memset32(key, 0, keylen);
51 FXSYS_memcpy32(key, digest, copy_len);
53 CPDF_CryptoHandler* CPDF_StandardSecurityHandler::CreateCryptoHandler()
55 return FX_NEW CPDF_StandardCryptoHandler;
57 typedef struct _PDF_CRYPTOITEM : public CFX_Object {
61 CPDF_StandardCryptoHandler* m_pCryptoHandler;
63 CPDF_StandardSecurityHandler::CPDF_StandardSecurityHandler()
68 m_pEncryptDict = NULL;
71 m_Cipher = FXCIPHER_NONE;
74 CPDF_StandardSecurityHandler::~CPDF_StandardSecurityHandler()
77 FX_BOOL CPDF_StandardSecurityHandler::OnInit(CPDF_Parser* pParser, CPDF_Dictionary* pEncryptDict)
80 if (!LoadDict(pEncryptDict)) {
83 if (m_Cipher == FXCIPHER_NONE) {
86 return CheckSecurity(m_KeyLen);
88 FX_BOOL CPDF_StandardSecurityHandler::CheckSecurity(FX_INT32 key_len)
90 CFX_ByteString password = m_pParser->GetPassword();
91 if (CheckPassword(password, password.GetLength(), TRUE, m_EncryptKey, key_len)) {
92 if (password.IsEmpty()) {
93 if (!CheckPassword(password, password.GetLength(), FALSE, m_EncryptKey, key_len)) {
100 return CheckPassword(password, password.GetLength(), FALSE, m_EncryptKey, key_len);
102 FX_DWORD CPDF_StandardSecurityHandler::GetPermissions()
104 return m_Permissions;
106 static FX_BOOL _LoadCryptInfo(CPDF_Dictionary* pEncryptDict, FX_BSTR name, int& cipher, int& keylen)
108 int Version = pEncryptDict->GetInteger(FX_BSTRC("V"));
109 cipher = FXCIPHER_RC4;
112 CPDF_Dictionary* pCryptFilters = pEncryptDict->GetDict(FX_BSTRC("CF"));
113 if (pCryptFilters == NULL) {
116 if (name == FX_BSTRC("Identity")) {
117 cipher = FXCIPHER_NONE;
119 CPDF_Dictionary* pDefFilter = pCryptFilters->GetDict(name);
120 if (pDefFilter == NULL) {
125 nKeyBits = pDefFilter->GetInteger(FX_BSTRC("Length"), 0);
127 nKeyBits = pEncryptDict->GetInteger(FX_BSTRC("Length"), 128);
130 nKeyBits = pEncryptDict->GetInteger(FX_BSTRC("Length"), 256);
135 keylen = nKeyBits / 8;
136 CFX_ByteString cipher_name = pDefFilter->GetString(FX_BSTRC("CFM"));
137 if (cipher_name == FX_BSTRC("AESV2") || cipher_name == FX_BSTRC("AESV3")) {
138 cipher = FXCIPHER_AES;
142 keylen = Version > 1 ? pEncryptDict->GetInteger(FX_BSTRC("Length"), 40) / 8 : 5;
144 if (keylen > 32 || keylen < 0) {
149 FX_BOOL CPDF_StandardSecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict)
151 m_pEncryptDict = pEncryptDict;
153 m_Version = pEncryptDict->GetInteger(FX_BSTRC("V"));
154 m_Revision = pEncryptDict->GetInteger(FX_BSTRC("R"));
155 m_Permissions = pEncryptDict->GetInteger(FX_BSTRC("P"), -1);
157 return _LoadCryptInfo(pEncryptDict, CFX_ByteString(), m_Cipher, m_KeyLen);
159 CFX_ByteString stmf_name = pEncryptDict->GetString(FX_BSTRC("StmF"));
160 CFX_ByteString strf_name = pEncryptDict->GetString(FX_BSTRC("StrF"));
161 if (stmf_name != strf_name) {
164 if (!_LoadCryptInfo(pEncryptDict, strf_name, m_Cipher, m_KeyLen)) {
169 FX_BOOL CPDF_StandardSecurityHandler::LoadDict(CPDF_Dictionary* pEncryptDict, FX_DWORD type, int& cipher, int& key_len)
171 m_pEncryptDict = pEncryptDict;
173 m_Version = pEncryptDict->GetInteger(FX_BSTRC("V"));
174 m_Revision = pEncryptDict->GetInteger(FX_BSTRC("R"));
175 m_Permissions = pEncryptDict->GetInteger(FX_BSTRC("P"), -1);
176 CFX_ByteString strf_name, stmf_name;
177 if (m_Version >= 4) {
178 stmf_name = pEncryptDict->GetString(FX_BSTRC("StmF"));
179 strf_name = pEncryptDict->GetString(FX_BSTRC("StrF"));
180 if (stmf_name != strf_name) {
184 if (!_LoadCryptInfo(pEncryptDict, strf_name, cipher, key_len)) {
192 FX_BOOL CPDF_StandardSecurityHandler::GetCryptInfo(int& cipher, FX_LPCBYTE& buffer, int& keylen)
195 buffer = m_EncryptKey;
199 #define FX_GET_32WORD(n,b,i) \
201 (n) = (FX_DWORD)(( (FX_UINT64) (b)[(i)] << 24 ) \
202 | ( (FX_UINT64) (b)[(i) + 1] << 16 ) \
203 | ( (FX_UINT64) (b)[(i) + 2] << 8 ) \
204 | ( (FX_UINT64) (b)[(i) + 3] )); \
206 int BigOrder64BitsMod3(FX_LPBYTE data)
209 for (int i = 0; i < 4; ++i) {
211 FX_GET_32WORD(value, data, 4 * i);
218 void Revision6_Hash(FX_LPCBYTE password, FX_DWORD size, FX_LPCBYTE salt, FX_LPCBYTE vector, FX_LPBYTE hash)
222 CRYPT_SHA256Start(sha);
223 CRYPT_SHA256Update(sha, password, size);
224 CRYPT_SHA256Update(sha, salt, 8);
226 CRYPT_SHA256Update(sha, vector, 48);
229 CRYPT_SHA256Finish(sha, digest);
231 FX_LPBYTE input = digest;
232 FX_LPBYTE key = input;
233 FX_LPBYTE iv = input + 16;
234 FX_LPBYTE E = buf.GetBuffer();
235 int iBufLen = buf.GetLength();
236 CFX_ByteTextBuf interDigest;
238 FX_LPBYTE aes = FX_Alloc(FX_BYTE, 2048);
239 while (i < 64 || i < E[iBufLen - 1] + 32) {
240 int iRoundSize = size + iBlockSize;
244 iBufLen = iRoundSize * 64;
245 buf.EstimateSize(iBufLen);
247 CFX_ByteTextBuf content;
248 for (int j = 0; j < 64; ++j) {
249 content.AppendBlock(password, size);
250 content.AppendBlock(input, iBlockSize);
252 content.AppendBlock(vector, 48);
255 CRYPT_AESSetKey(aes, 16, key, 16, TRUE);
256 CRYPT_AESSetIV(aes, iv);
257 CRYPT_AESEncrypt(aes, E, content.GetBuffer(), iBufLen);
259 switch (BigOrder64BitsMod3(E)) {
273 interDigest.EstimateSize(iBlockSize);
274 input = interDigest.GetBuffer();
276 CRYPT_SHA256Generate(E, iBufLen, input);
277 } else if (iHash == 1) {
278 CRYPT_SHA384Generate(E, iBufLen, input);
279 } else if (iHash == 2) {
280 CRYPT_SHA512Generate(E, iBufLen, input);
288 FXSYS_memcpy32(hash, input, 32);
291 FX_BOOL CPDF_StandardSecurityHandler::AES256_CheckPassword(FX_LPCBYTE password, FX_DWORD size,
292 FX_BOOL bOwner, FX_LPBYTE key)
294 CFX_ByteString okey = m_pEncryptDict ? m_pEncryptDict->GetString(FX_BSTRC("O")) : CFX_ByteString();
295 if (okey.GetLength() < 48) {
298 CFX_ByteString ukey = m_pEncryptDict ? m_pEncryptDict->GetString(FX_BSTRC("U")) : CFX_ByteString();
299 if (ukey.GetLength() < 48) {
302 FX_LPCBYTE pkey = bOwner ? (FX_LPCBYTE)okey : (FX_LPCBYTE)ukey;
305 if (m_Revision >= 6) {
306 Revision6_Hash(password, size, (FX_LPCBYTE)pkey + 32, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest);
308 CRYPT_SHA256Start(sha);
309 CRYPT_SHA256Update(sha, password, size);
310 CRYPT_SHA256Update(sha, pkey + 32, 8);
312 CRYPT_SHA256Update(sha, ukey, 48);
314 CRYPT_SHA256Finish(sha, digest);
316 if (FXSYS_memcmp32(digest, pkey, 32) != 0) {
322 if (m_Revision >= 6) {
323 Revision6_Hash(password, size, (FX_LPCBYTE)pkey + 40, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest);
325 CRYPT_SHA256Start(sha);
326 CRYPT_SHA256Update(sha, password, size);
327 CRYPT_SHA256Update(sha, pkey + 40, 8);
329 CRYPT_SHA256Update(sha, ukey, 48);
331 CRYPT_SHA256Finish(sha, digest);
333 CFX_ByteString ekey = m_pEncryptDict ? m_pEncryptDict->GetString(bOwner ? FX_BSTRC("OE") : FX_BSTRC("UE")) : CFX_ByteString();
334 if (ekey.GetLength() < 32) {
337 FX_BYTE* aes = FX_Alloc(FX_BYTE, 2048);
338 CRYPT_AESSetKey(aes, 16, digest, 32, FALSE);
340 FXSYS_memset32(iv, 0, 16);
341 CRYPT_AESSetIV(aes, iv);
342 CRYPT_AESDecrypt(aes, key, ekey, 32);
343 CRYPT_AESSetKey(aes, 16, key, 32, FALSE);
344 CRYPT_AESSetIV(aes, iv);
345 CFX_ByteString perms = m_pEncryptDict->GetString(FX_BSTRC("Perms"));
346 if (perms.IsEmpty()) {
349 FX_BYTE perms_buf[16];
350 FXSYS_memset32(perms_buf, 0, sizeof(perms_buf));
351 FX_DWORD copy_len = sizeof(perms_buf);
352 if (copy_len > (FX_DWORD)perms.GetLength()) {
353 copy_len = perms.GetLength();
355 FXSYS_memcpy32(perms_buf, (FX_LPCBYTE)perms, copy_len);
357 CRYPT_AESDecrypt(aes, buf, perms_buf, 16);
359 if (buf[9] != 'a' || buf[10] != 'd' || buf[11] != 'b') {
362 if (FXDWORD_GET_LSBFIRST(buf) != m_Permissions) {
365 if ((buf[8] == 'T' && !IsMetadataEncrypted()) || (buf[8] == 'F' && IsMetadataEncrypted())) {
370 int CPDF_StandardSecurityHandler::CheckPassword(FX_LPCBYTE password, FX_DWORD pass_size, FX_BOOL bOwner, FX_LPBYTE key)
372 return CheckPassword(password, pass_size, bOwner, key, m_KeyLen);
374 int CPDF_StandardSecurityHandler::CheckPassword(FX_LPCBYTE password, FX_DWORD size, FX_BOOL bOwner, FX_LPBYTE key, FX_INT32 key_len)
376 if (m_Revision >= 5) {
377 return AES256_CheckPassword(password, size, bOwner, key);
384 return CheckOwnerPassword(password, size, key, key_len);
386 return CheckUserPassword(password, size, FALSE, key, key_len) || CheckUserPassword(password, size, TRUE, key, key_len);
388 FX_BOOL CPDF_StandardSecurityHandler::CheckUserPassword(FX_LPCBYTE password, FX_DWORD pass_size,
389 FX_BOOL bIgnoreEncryptMeta, FX_LPBYTE key, FX_INT32 key_len)
391 CalcEncryptKey(m_pEncryptDict, password, pass_size, key, key_len, bIgnoreEncryptMeta,
392 m_pParser->GetIDArray());
393 CFX_ByteString ukey = m_pEncryptDict ? m_pEncryptDict->GetString(FX_BSTRC("U")) : CFX_ByteString();
394 if (ukey.GetLength() < 16) {
398 if (m_Revision == 2) {
399 FXSYS_memcpy32(ukeybuf, defpasscode, 32);
400 CRYPT_ArcFourCryptBlock(ukeybuf, 32, key, key_len);
402 FX_BYTE test[32], tmpkey[32];
403 FX_DWORD copy_len = sizeof(test);
404 if (copy_len > (FX_DWORD)ukey.GetLength()) {
405 copy_len = ukey.GetLength();
407 FXSYS_memset32(test, 0, sizeof(test));
408 FXSYS_memset32(tmpkey, 0, sizeof(tmpkey));
409 FXSYS_memcpy32(test, (FX_LPCSTR)ukey, copy_len);
410 for (int i = 19; i >= 0; i --) {
411 for (int j = 0; j < key_len; j ++) {
412 tmpkey[j] = key[j] ^ i;
414 CRYPT_ArcFourCryptBlock(test, 32, tmpkey, key_len);
418 CRYPT_MD5Update(md5, defpasscode, 32);
419 CPDF_Array* pIdArray = m_pParser->GetIDArray();
421 CFX_ByteString id = pIdArray->GetString(0);
422 CRYPT_MD5Update(md5, (FX_LPBYTE)(FX_LPCSTR)id, id.GetLength());
424 CRYPT_MD5Finish(md5, ukeybuf);
425 return FXSYS_memcmp32(test, ukeybuf, 16) == 0;
427 if (FXSYS_memcmp32((FX_LPVOID)(FX_LPCSTR)ukey, ukeybuf, 16) == 0) {
432 CFX_ByteString CPDF_StandardSecurityHandler::GetUserPassword(FX_LPCBYTE owner_pass, FX_DWORD pass_size)
434 return GetUserPassword(owner_pass, pass_size, m_KeyLen);
436 CFX_ByteString CPDF_StandardSecurityHandler::GetUserPassword(FX_LPCBYTE owner_pass, FX_DWORD pass_size, FX_INT32 key_len)
438 CFX_ByteString okey = m_pEncryptDict->GetString(FX_BSTRC("O"));
439 FX_BYTE passcode[32];
441 for (i = 0; i < 32; i ++) {
442 passcode[i] = i < pass_size ? owner_pass[i] : defpasscode[i - pass_size];
445 CRYPT_MD5Generate(passcode, 32, digest);
446 if (m_Revision >= 3) {
447 for (int i = 0; i < 50; i ++) {
448 CRYPT_MD5Generate(digest, 16, digest);
452 FXSYS_memset32(enckey, 0, sizeof(enckey));
453 FX_DWORD copy_len = key_len;
454 if (copy_len > sizeof(digest)) {
455 copy_len = sizeof(digest);
457 FXSYS_memcpy32(enckey, digest, copy_len);
458 int okeylen = okey.GetLength();
463 FXSYS_memset32(okeybuf, 0, sizeof(okeybuf));
464 FXSYS_memcpy32(okeybuf, (FX_LPCSTR)okey, okeylen);
465 if (m_Revision == 2) {
466 CRYPT_ArcFourCryptBlock(okeybuf, okeylen, enckey, key_len);
468 for (int i = 19; i >= 0; i --) {
470 FXSYS_memset32(tempkey, 0, sizeof(tempkey));
471 for (int j = 0; j < m_KeyLen; j ++) {
472 tempkey[j] = enckey[j] ^ i;
474 CRYPT_ArcFourCryptBlock(okeybuf, okeylen, tempkey, key_len);
478 while (len && defpasscode[len - 1] == okeybuf[len - 1]) {
481 return CFX_ByteString(okeybuf, len);
483 FX_BOOL CPDF_StandardSecurityHandler::CheckOwnerPassword(FX_LPCBYTE password, FX_DWORD pass_size,
484 FX_LPBYTE key, FX_INT32 key_len)
486 CFX_ByteString user_pass = GetUserPassword(password, pass_size, key_len);
487 if (CheckUserPassword(user_pass, user_pass.GetLength(), FALSE, key, key_len)) {
490 return CheckUserPassword(user_pass, user_pass.GetLength(), TRUE, key, key_len);
492 FX_BOOL CPDF_StandardSecurityHandler::IsMetadataEncrypted()
494 return m_pEncryptDict->GetBoolean(FX_BSTRC("EncryptMetadata"), TRUE);
496 CPDF_SecurityHandler* FPDF_CreateStandardSecurityHandler()
498 return FX_NEW CPDF_StandardSecurityHandler;
500 void CPDF_StandardSecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, CPDF_Array* pIdArray,
501 FX_LPCBYTE user_pass, FX_DWORD user_size,
502 FX_LPCBYTE owner_pass, FX_DWORD owner_size, FX_BOOL bDefault, FX_DWORD type)
504 int cipher = 0, key_len = 0;
505 if (!LoadDict(pEncryptDict, type, cipher, key_len)) {
508 if (bDefault && (owner_pass == NULL || owner_size == 0)) {
509 owner_pass = user_pass;
510 owner_size = user_size;
512 if (m_Revision >= 5) {
513 int t = (int)time(NULL);
515 CRYPT_SHA256Start(sha);
516 CRYPT_SHA256Update(sha, (FX_BYTE*)&t, sizeof t);
517 CRYPT_SHA256Update(sha, m_EncryptKey, 32);
518 CRYPT_SHA256Update(sha, (FX_BYTE*)"there", 5);
519 CRYPT_SHA256Finish(sha, m_EncryptKey);
520 AES256_SetPassword(pEncryptDict, user_pass, user_size, FALSE, m_EncryptKey);
522 AES256_SetPassword(pEncryptDict, owner_pass, owner_size, TRUE, m_EncryptKey);
523 AES256_SetPerms(pEncryptDict, m_Permissions, pEncryptDict->GetBoolean(FX_BSTRC("EncryptMetadata"), TRUE), m_EncryptKey);
528 FX_BYTE passcode[32];
530 for (i = 0; i < 32; i ++) {
531 passcode[i] = i < owner_size ? owner_pass[i] : defpasscode[i - owner_size];
534 CRYPT_MD5Generate(passcode, 32, digest);
535 if (m_Revision >= 3) {
536 for (int i = 0; i < 50; i ++) {
537 CRYPT_MD5Generate(digest, 16, digest);
541 FXSYS_memcpy32(enckey, digest, key_len);
542 for (i = 0; i < 32; i ++) {
543 passcode[i] = i < user_size ? user_pass[i] : defpasscode[i - user_size];
545 CRYPT_ArcFourCryptBlock(passcode, 32, enckey, key_len);
547 if (m_Revision >= 3) {
548 for (i = 1; i <= 19; i ++) {
549 for (int j = 0; j < key_len; j ++) {
550 tempkey[j] = enckey[j] ^ (FX_BYTE)i;
552 CRYPT_ArcFourCryptBlock(passcode, 32, tempkey, key_len);
555 pEncryptDict->SetAtString(FX_BSTRC("O"), CFX_ByteString(passcode, 32));
557 CalcEncryptKey(m_pEncryptDict, (FX_LPBYTE)user_pass, user_size, m_EncryptKey, key_len, FALSE, pIdArray);
558 if (m_Revision < 3) {
560 FXSYS_memcpy32(tempbuf, defpasscode, 32);
561 CRYPT_ArcFourCryptBlock(tempbuf, 32, m_EncryptKey, key_len);
562 pEncryptDict->SetAtString(FX_BSTRC("U"), CFX_ByteString(tempbuf, 32));
566 CRYPT_MD5Update(md5, defpasscode, 32);
568 CFX_ByteString id = pIdArray->GetString(0);
569 CRYPT_MD5Update(md5, (FX_LPBYTE)(FX_LPCSTR)id, id.GetLength());
572 CRYPT_MD5Finish(md5, digest);
573 CRYPT_ArcFourCryptBlock(digest, 16, m_EncryptKey, key_len);
575 for (int i = 1; i <= 19; i ++) {
576 for (int j = 0; j < key_len; j ++) {
577 tempkey[j] = m_EncryptKey[j] ^ (FX_BYTE)i;
579 CRYPT_ArcFourCryptBlock(digest, 16, tempkey, key_len);
581 CRYPT_MD5Generate(digest, 16, digest + 16);
582 pEncryptDict->SetAtString(FX_BSTRC("U"), CFX_ByteString(digest, 32));
585 void CPDF_StandardSecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, CPDF_Array* pIdArray,
586 FX_LPCBYTE user_pass, FX_DWORD user_size,
587 FX_LPCBYTE owner_pass, FX_DWORD owner_size, FX_DWORD type)
589 OnCreate(pEncryptDict, pIdArray, user_pass, user_size, owner_pass, owner_size, TRUE, type);
591 void CPDF_StandardSecurityHandler::OnCreate(CPDF_Dictionary* pEncryptDict, CPDF_Array* pIdArray, FX_LPCBYTE user_pass, FX_DWORD user_size, FX_DWORD type)
593 OnCreate(pEncryptDict, pIdArray, user_pass, user_size, NULL, 0, FALSE, type);
595 void CPDF_StandardSecurityHandler::AES256_SetPassword(CPDF_Dictionary* pEncryptDict, FX_LPCBYTE password, FX_DWORD size, FX_BOOL bOwner, FX_LPCBYTE key)
598 CRYPT_SHA1Start(sha);
599 CRYPT_SHA1Update(sha, key, 32);
600 CRYPT_SHA1Update(sha, (FX_BYTE*)"hello", 5);
602 CRYPT_SHA1Finish(sha, digest);
603 CFX_ByteString ukey = pEncryptDict->GetString(FX_BSTRC("U"));
605 if (m_Revision >= 6) {
606 Revision6_Hash(password, size, digest, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest1);
608 CRYPT_SHA256Start(sha);
609 CRYPT_SHA256Update(sha, password, size);
610 CRYPT_SHA256Update(sha, digest, 8);
612 CRYPT_SHA256Update(sha, ukey, ukey.GetLength());
614 CRYPT_SHA256Finish(sha, digest1);
616 FXSYS_memcpy32(digest1 + 32, digest, 16);
617 pEncryptDict->SetAtString(bOwner ? FX_BSTRC("O") : FX_BSTRC("U"), CFX_ByteString(digest1, 48));
618 if (m_Revision >= 6) {
619 Revision6_Hash(password, size, digest + 8, (bOwner ? (FX_LPCBYTE)ukey : NULL), digest1);
621 CRYPT_SHA256Start(sha);
622 CRYPT_SHA256Update(sha, password, size);
623 CRYPT_SHA256Update(sha, digest + 8, 8);
625 CRYPT_SHA256Update(sha, ukey, ukey.GetLength());
627 CRYPT_SHA256Finish(sha, digest1);
629 FX_BYTE* aes = FX_Alloc(FX_BYTE, 2048);
630 CRYPT_AESSetKey(aes, 16, digest1, 32, TRUE);
632 FXSYS_memset32(iv, 0, 16);
633 CRYPT_AESSetIV(aes, iv);
634 CRYPT_AESEncrypt(aes, digest1, key, 32);
636 pEncryptDict->SetAtString(bOwner ? FX_BSTRC("OE") : FX_BSTRC("UE"), CFX_ByteString(digest1, 32));
638 void CPDF_StandardSecurityHandler::AES256_SetPerms(CPDF_Dictionary* pEncryptDict, FX_DWORD permissions,
639 FX_BOOL bEncryptMetadata, FX_LPCBYTE key)
642 buf[0] = (FX_BYTE)permissions;
643 buf[1] = (FX_BYTE)(permissions >> 8);
644 buf[2] = (FX_BYTE)(permissions >> 16);
645 buf[3] = (FX_BYTE)(permissions >> 24);
650 buf[8] = bEncryptMetadata ? 'T' : 'F';
654 FX_BYTE* aes = FX_Alloc(FX_BYTE, 2048);
655 CRYPT_AESSetKey(aes, 16, key, 32, TRUE);
656 FX_BYTE iv[16], buf1[16];
657 FXSYS_memset32(iv, 0, 16);
658 CRYPT_AESSetIV(aes, iv);
659 CRYPT_AESEncrypt(aes, buf1, buf, 16);
661 pEncryptDict->SetAtString(FX_BSTRC("Perms"), CFX_ByteString(buf1, 16));
663 void CPDF_StandardCryptoHandler::CryptBlock(FX_BOOL bEncrypt, FX_DWORD objnum, FX_DWORD gennum, FX_LPCBYTE src_buf, FX_DWORD src_size,
664 FX_LPBYTE dest_buf, FX_DWORD& dest_size)
666 if (m_Cipher == FXCIPHER_NONE) {
667 FXSYS_memcpy32(dest_buf, src_buf, src_size);
672 if (m_Cipher != FXCIPHER_AES || m_KeyLen != 32) {
674 FXSYS_memcpy32(key1, m_EncryptKey, m_KeyLen);
675 key1[m_KeyLen + 0] = (FX_BYTE)objnum;
676 key1[m_KeyLen + 1] = (FX_BYTE)(objnum >> 8);
677 key1[m_KeyLen + 2] = (FX_BYTE)(objnum >> 16);
678 key1[m_KeyLen + 3] = (FX_BYTE)gennum;
679 key1[m_KeyLen + 4] = (FX_BYTE)(gennum >> 8);
680 FXSYS_memcpy32(key1 + m_KeyLen, &objnum, 3);
681 FXSYS_memcpy32(key1 + m_KeyLen + 3, &gennum, 2);
682 if (m_Cipher == FXCIPHER_AES) {
683 FXSYS_memcpy32(key1 + m_KeyLen + 5, "sAlT", 4);
685 CRYPT_MD5Generate(key1, m_Cipher == FXCIPHER_AES ? m_KeyLen + 9 : m_KeyLen + 5, realkey);
686 realkeylen = m_KeyLen + 5;
687 if (realkeylen > 16) {
691 if (m_Cipher == FXCIPHER_AES) {
692 CRYPT_AESSetKey(m_pAESContext, 16, m_KeyLen == 32 ? m_EncryptKey : realkey, m_KeyLen, bEncrypt);
695 for (int i = 0; i < 16; i ++) {
696 iv[i] = (FX_BYTE)rand();
698 CRYPT_AESSetIV(m_pAESContext, iv);
699 FXSYS_memcpy32(dest_buf, iv, 16);
700 int nblocks = src_size / 16;
701 CRYPT_AESEncrypt(m_pAESContext, dest_buf + 16, src_buf, nblocks * 16);
703 FXSYS_memcpy32(padding, src_buf + nblocks * 16, src_size % 16);
704 FXSYS_memset8(padding + src_size % 16, 16 - src_size % 16, 16 - src_size % 16);
705 CRYPT_AESEncrypt(m_pAESContext, dest_buf + nblocks * 16 + 16, padding, 16);
706 dest_size = 32 + nblocks * 16;
708 CRYPT_AESSetIV(m_pAESContext, src_buf);
709 CRYPT_AESDecrypt(m_pAESContext, dest_buf, src_buf + 16, src_size - 16);
710 dest_size = src_size - 16;
711 dest_size -= dest_buf[dest_size - 1];
714 ASSERT(dest_size == src_size);
715 if (dest_buf != src_buf) {
716 FXSYS_memcpy32(dest_buf, src_buf, src_size);
718 CRYPT_ArcFourCryptBlock(dest_buf, dest_size, realkey, realkeylen);
721 typedef struct _AESCryptContext {
722 FX_BYTE m_Context[2048];
725 FX_DWORD m_BlockOffset;
727 FX_LPVOID CPDF_StandardCryptoHandler::CryptStart(FX_DWORD objnum, FX_DWORD gennum, FX_BOOL bEncrypt)
729 if (m_Cipher == FXCIPHER_NONE) {
732 if (m_Cipher == FXCIPHER_AES && m_KeyLen == 32) {
733 AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1);
734 pContext->m_bIV = TRUE;
735 pContext->m_BlockOffset = 0;
736 CRYPT_AESSetKey(pContext->m_Context, 16, m_EncryptKey, 32, bEncrypt);
738 for (int i = 0; i < 16; i ++) {
739 pContext->m_Block[i] = (FX_BYTE)rand();
741 CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block);
746 FXSYS_memcpy32(key1, m_EncryptKey, m_KeyLen);
747 FXSYS_memcpy32(key1 + m_KeyLen, &objnum, 3);
748 FXSYS_memcpy32(key1 + m_KeyLen + 3, &gennum, 2);
749 if (m_Cipher == FXCIPHER_AES) {
750 FXSYS_memcpy32(key1 + m_KeyLen + 5, "sAlT", 4);
753 CRYPT_MD5Generate(key1, m_Cipher == FXCIPHER_AES ? m_KeyLen + 9 : m_KeyLen + 5, realkey);
754 int realkeylen = m_KeyLen + 5;
755 if (realkeylen > 16) {
758 if (m_Cipher == FXCIPHER_AES) {
759 AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1);
760 pContext->m_bIV = TRUE;
761 pContext->m_BlockOffset = 0;
762 CRYPT_AESSetKey(pContext->m_Context, 16, realkey, 16, bEncrypt);
764 for (int i = 0; i < 16; i ++) {
765 pContext->m_Block[i] = (FX_BYTE)rand();
767 CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block);
771 void* pContext = FX_Alloc(FX_BYTE, 1040);
772 CRYPT_ArcFourSetup(pContext, realkey, realkeylen);
775 FX_BOOL CPDF_StandardCryptoHandler::CryptStream(FX_LPVOID context, FX_LPCBYTE src_buf, FX_DWORD src_size, CFX_BinaryBuf& dest_buf, FX_BOOL bEncrypt)
780 if (m_Cipher == FXCIPHER_NONE) {
781 dest_buf.AppendBlock(src_buf, src_size);
784 if (m_Cipher == FXCIPHER_RC4) {
785 int old_size = dest_buf.GetSize();
786 dest_buf.AppendBlock(src_buf, src_size);
787 CRYPT_ArcFourCrypt(context, dest_buf.GetBuffer() + old_size, src_size);
790 AESCryptContext* pContext = (AESCryptContext*)context;
791 if (pContext->m_bIV && bEncrypt) {
792 dest_buf.AppendBlock(pContext->m_Block, 16);
793 pContext->m_bIV = FALSE;
795 FX_DWORD src_off = 0;
796 FX_DWORD src_left = src_size;
798 FX_DWORD copy_size = 16 - pContext->m_BlockOffset;
799 if (copy_size > src_left) {
800 copy_size = src_left;
802 FXSYS_memcpy32(pContext->m_Block + pContext->m_BlockOffset, src_buf + src_off, copy_size);
803 src_off += copy_size;
804 src_left -= copy_size;
805 pContext->m_BlockOffset += copy_size;
806 if (pContext->m_BlockOffset == 16) {
807 if (!bEncrypt && pContext->m_bIV) {
808 CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block);
809 pContext->m_bIV = FALSE;
810 pContext->m_BlockOffset = 0;
811 } else if (src_off < src_size) {
812 FX_BYTE block_buf[16];
814 CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
816 CRYPT_AESDecrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
818 dest_buf.AppendBlock(block_buf, 16);
819 pContext->m_BlockOffset = 0;
828 FX_BOOL CPDF_StandardCryptoHandler::CryptFinish(FX_LPVOID context, CFX_BinaryBuf& dest_buf, FX_BOOL bEncrypt)
833 if (m_Cipher == FXCIPHER_NONE) {
836 if (m_Cipher == FXCIPHER_RC4) {
840 AESCryptContext* pContext = (AESCryptContext*)context;
842 FX_BYTE block_buf[16];
843 if (pContext->m_BlockOffset == 16) {
844 CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
845 dest_buf.AppendBlock(block_buf, 16);
846 pContext->m_BlockOffset = 0;
848 FXSYS_memset8(pContext->m_Block + pContext->m_BlockOffset, (FX_BYTE)(16 - pContext->m_BlockOffset), 16 - pContext->m_BlockOffset);
849 CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
850 dest_buf.AppendBlock(block_buf, 16);
851 } else if (pContext->m_BlockOffset == 16) {
852 FX_BYTE block_buf[16];
853 CRYPT_AESDecrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
854 if (block_buf[15] <= 16) {
855 dest_buf.AppendBlock(block_buf, 16 - block_buf[15]);
861 FX_LPVOID CPDF_StandardCryptoHandler::DecryptStart(FX_DWORD objnum, FX_DWORD gennum)
863 return CryptStart(objnum, gennum, FALSE);
865 FX_DWORD CPDF_StandardCryptoHandler::DecryptGetSize(FX_DWORD src_size)
867 return m_Cipher == FXCIPHER_AES ? src_size - 16 : src_size;
869 FX_BOOL CPDF_StandardCryptoHandler::Init(CPDF_Dictionary* pEncryptDict, CPDF_SecurityHandler* pSecurityHandler)
872 if (!pSecurityHandler->GetCryptInfo(m_Cipher, key, m_KeyLen)) {
875 if (m_KeyLen > 32 || m_KeyLen < 0) {
878 if (m_Cipher != FXCIPHER_NONE) {
879 FXSYS_memcpy32(m_EncryptKey, key, m_KeyLen);
881 if (m_Cipher == FXCIPHER_AES) {
882 m_pAESContext = FX_Alloc(FX_BYTE, 2048);
886 FX_BOOL CPDF_StandardCryptoHandler::Init(int cipher, FX_LPCBYTE key, int keylen)
888 if (cipher == FXCIPHER_AES) {
897 } else if (cipher == FXCIPHER_AES2) {
901 } else if (cipher == FXCIPHER_RC4) {
902 if (keylen < 5 || keylen > 16) {
912 FXSYS_memcpy32(m_EncryptKey, key, keylen);
913 if (m_Cipher == FXCIPHER_AES) {
914 m_pAESContext = FX_Alloc(FX_BYTE, 2048);
918 FX_BOOL CPDF_StandardCryptoHandler::DecryptStream(FX_LPVOID context, FX_LPCBYTE src_buf, FX_DWORD src_size,
919 CFX_BinaryBuf& dest_buf)
921 return CryptStream(context, src_buf, src_size, dest_buf, FALSE);
923 FX_BOOL CPDF_StandardCryptoHandler::DecryptFinish(FX_LPVOID context, CFX_BinaryBuf& dest_buf)
925 return CryptFinish(context, dest_buf, FALSE);
927 FX_DWORD CPDF_StandardCryptoHandler::EncryptGetSize(FX_DWORD objnum, FX_DWORD version, FX_LPCBYTE src_buf, FX_DWORD src_size)
929 if (m_Cipher == FXCIPHER_AES) {
930 return src_size + 32;
934 FX_BOOL CPDF_StandardCryptoHandler::EncryptContent(FX_DWORD objnum, FX_DWORD gennum, FX_LPCBYTE src_buf, FX_DWORD src_size,
935 FX_LPBYTE dest_buf, FX_DWORD& dest_size)
937 CryptBlock(TRUE, objnum, gennum, src_buf, src_size, dest_buf, dest_size);
940 void CPDF_CryptoHandler::Decrypt(FX_DWORD objnum, FX_DWORD gennum, CFX_ByteString& str)
942 CFX_BinaryBuf dest_buf;
943 FX_LPVOID context = DecryptStart(objnum, gennum);
944 DecryptStream(context, (FX_LPCBYTE)str, str.GetLength(), dest_buf);
945 DecryptFinish(context, dest_buf);
948 CPDF_StandardCryptoHandler::CPDF_StandardCryptoHandler()
950 m_pAESContext = NULL;
951 m_Cipher = FXCIPHER_NONE;
954 CPDF_StandardCryptoHandler::~CPDF_StandardCryptoHandler()
957 FX_Free(m_pAESContext);
projects / platform / framework / web / crosswalk.git / blob