1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
|
% Copyright (C) 1996-1998 Geoffrey Keating.
% Copyright (C) 2001-2008 Artifex Software, Inc.
% This file may be freely distributed with or without modifications,
% so long as modified versions are marked as such and copyright notices are
% not removed.
% $Id: pdf_sec.ps 9740 2009-05-13 23:37:28Z alexcher $
% Implementation of security hooks for PDF reader.
% This file contains the procedures that have to take encryption into
% account when reading a PDF file. It was originally distributed
% separately by Geoffrey Keating as an add-on to version 6 and earlier.
% Modified by Alex Cherepanov to work with GS 6.60 and higher.
% New versions of GS require explicit checks for /true, /false, and /null
% in .decpdfrun. This fix is backward-compatible.
% Modified by Raph Levien and Ralph Giles to use the new C
% implementations of md5 and arcfour in ghostscript 7.01, and to
% be compatible with PDF 1.4 128-bit encryption.
% Modified by Ralph Giles for PDF 1.6 AES encryption.
/.setlanguagelevel where { pop 2 .setlanguagelevel } if
.currentglobal true .setglobal
/pdfdict where { pop } { /pdfdict 100 dict def } ifelse
pdfdict begin
% Older ghostscript versions do not have .pdftoken, so we use 'token' instead.
/.pdftoken where { pop } { /.pdftoken /token load def } ifelse
% take a stream and arc4 decrypt it.
% <stream> <key> arc4decodefilter <stream>
/arc4decodefilter {
1 dict begin
/Key exch def
currentdict end /ArcfourDecode filter
} bind def
% <ciphertext> <key> arc4decode <plaintext>
/arc4decode {
1 index length 0 eq {
pop
} {
1 index length string 3 1 roll arc4decodefilter exch readstring pop
} ifelse
} bind def
% take a stream and aes decrypt it.
% <stream> <key> aesdecodefilter <stream>
/aesdecodefilter {
1 dict begin
/Key exch def
currentdict end
/AESDecode filter
} bind def
% <ciphertext> <key> aesdecode <plaintext>
/aesdecode {
1 index length 0 eq {
pop
} {
1 index length string 3 1 roll
aesdecodefilter exch readstring pop
} ifelse
} bind def
/md5 {
16 string dup /MD5Encode filter dup 4 3 roll writestring closefile
} bind def
/md5_trunk {
md5 0 pdf_key_length getinterval
} bind def
/pdf_padding_string
<28bf4e5e4e758a41 64004e56fffa0108
2e2e00b6d0683e80 2f0ca9fe6453697a>
def
% Pad a key out to 32 bytes.
/pdf_pad_key { % <key> pdf_pad_key <padded key>
dup length 32 gt { 0 32 getinterval } if
pdf_padding_string
0 32 3 index length sub getinterval
concatstrings
} bind def
/pdf_xorbytes { % <iter-num> <key> pdf_xorbytes <xored-key>
dup length dup string
exch 1 sub 0 1 3 2 roll {
% <iter-num> <key> <new-key> <byte-num>
dup 3 index exch get 4 index xor
% <iter-num> <key> <new-key> <byte-num> <byte>
3 copy put pop pop
} for
3 1 roll pop pop
} bind def
% Get length of encryption key in bytes
/pdf_key_length { % pdf_key_length <key_length>
Trailer /Encrypt oget
dup /V knownoget not { 0 } if 1 eq
{ pop 5 } % If V == 1 then always use 40 bits
{ /Length knownoget { -3 bitshift } { 5 } ifelse }
ifelse
} bind def
% Algorithm 3.2
/pdf_compute_encryption_key { % <password> pdf_compute_encryption_key <key>
% Step 1.
pdf_pad_key
% Step 2, 3.
Trailer /Encrypt oget dup /O oget
% <padded-key> <encrypt> <O>
% Step 4.
exch /P oget 4 string exch
2 copy 255 and 0 exch put
2 copy -8 bitshift 255 and 1 exch put
2 copy -16 bitshift 255 and 2 exch put
2 copy -24 bitshift 255 and 3 exch put pop
% <padded-key> <O> <P>
% Step 5.
Trailer /ID knownoget { 0 oget } {
()
( **** ID key in the trailer is required for encrypted files.\n) pdfformaterror
} ifelse
3 { concatstrings } repeat
% We will finish step 5 after possibly including step 6.
% The following only executed for /R equal to 3 or more
Trailer /Encrypt oget dup /R oget dup 3 ge {
% Step 6. If EncryptMetadata is false, pass 0xFFFFFFFF to md5 function
% The PDF 1.5 Spec says that EncryptMetadata is an undocumented
% feature of PDF 1.4. That implies that this piece of logic should
% be executed if R >= 3. However testing with Acrobat 5.0 and 6.0 shows
% that this step is not executed if R equal to 3. Thus we have a test for
% R being >= 4.
4 ge {
/EncryptMetadata knownoget % Get EncryptMetadata (if present)
not { true } if % Default is true
not { % If EncryptMetadata is false
<ff ff ff ff> concatstrings % Add 0xFFFFFFFF to working string
} if
} {
pop % Remove Encrypt dict
} ifelse
md5_trunk % Finish step 5 and 6.
% Step 7. Executed as part of step 6
% Step 8. (This step is defintely a part of PDF 1.4.)
50 { md5_trunk } repeat
} {
pop pop md5_trunk % Remove R, Encrypt dict, finish step 5
} ifelse
% Step 9 - Done in md5_trunk.
} bind def
% Algorithm 3.4
/pdf_gen_user_password_R2 { % <filekey> pdf_gen_user_password_R2 <U>
% Step 2.
pdf_padding_string exch arc4decode
} bind def
% Algorithm 3.5
/pdf_gen_user_password_R3 { % <filekey> pdf_gen_user_password_R3 <U>
% Step 2.
pdf_padding_string
% Step 3.
Trailer /ID knownoget { 0 oget } {
()
( **** ID key in the trailer is required for encrypted files.\n) pdfformaterror
} ifelse
concatstrings md5
% Step 4.
1 index arc4decode
% Step 5.
1 1 19 {
2 index pdf_xorbytes arc4decode
} for
exch pop
} bind def
/pdf_gen_user_password { % <password> pdf_gen_user_password <filekey> <U>
% common Step 1 of Algorithms 3.4 and 3.5.
pdf_compute_encryption_key dup
Trailer /Encrypt oget
/R oget dup 2 eq {
pop pdf_gen_user_password_R2
} {
dup 3 eq {
pop pdf_gen_user_password_R3
} {
dup 4 eq { % 4 uses the algorithm as 3
pop pdf_gen_user_password_R3
} {
( **** This file uses an unknown standard security handler revision: )
exch =string cvs concatstrings pdfformaterror printProducer
/pdf_check_user_password cvx /undefined signalerror
} ifelse
} ifelse
} ifelse
} bind def
% Algorithm 3.6
/pdf_check_user_password { % <password> pdf_check_user_password <filekey> true
% <password> pdf_check_user_password false
pdf_gen_user_password
Trailer /Encrypt oget /U oget
0 2 index length getinterval eq {
true
} {
pop false
} ifelse
} bind def
% Compute an owner key, ie the result of step 4 of Algorithm 3.3
/pdf_owner_key % <password> pdf_owner_key <owner-key>
{
% Step 1.
pdf_pad_key
% Step 2.
md5_trunk
% 3.3 Step 3. Only executed for /R equal to 3 or more
Trailer /Encrypt oget /R oget 3 ge {
50 { md5_trunk } repeat
} if
% Step 4 - Done in md5_trunk.
} bind def
% Algorithm 3.7
/pdf_check_owner_password { % <password> pdf_check_owner_password <filekey> true
% <password> pdf_check_owner_password false
% Step 1.
pdf_owner_key
% Step 2.
Trailer /Encrypt oget dup /O oget 2 index arc4decode
% <encryption-key> <encrypt-dict> <decrypted-O>
% Step 3. Only executed for /R equal to 3 or more
exch /R oget 3 ge {
1 1 19 {
2 index pdf_xorbytes arc4decode
} for
} if
exch pop
% <result-of-step-3>
pdf_check_user_password
} bind def
% Process the encryption information in the Trailer.
/pdf_process_Encrypt {
Trailer /Encrypt oget
/Filter oget /Standard eq not {
( **** This file uses an unknown security handler.\n) pdfformaterror
printProducer
/pdf_process_Encrypt cvx /undefined signalerror
} if
() pdf_check_user_password
{
/FileKey exch def
} {
/PDFPassword where {
pop PDFPassword pdf_check_user_password
{
/FileKey exch def
} {
PDFPassword pdf_check_owner_password
{
/FileKey exch def
} {
( **** Password did not work.\n) pdfformaterror
printProducer
/pdf_process_Encrypt cvx /invalidfileaccess signalerror
} ifelse
} ifelse
} {
( **** This file requires a password for access.\n) pdfformaterror
printProducer
/pdf_process_Encrypt cvx /invalidfileaccess signalerror
} ifelse
} ifelse
% Trailer /Encrypt oget /P oget 4 and 0 eq #? and
% { ( ****This owner of this file has requested you do not print it.\n)
% pdfformaterror printProducer
% /pdf_process_Encrypt cvx /invalidfileaccess signalerror
% }
% if
} bind def
% Calculate the key used to decrypt an object (to pass to .decpdfrun or
% put into a stream dictionary).
/computeobjkey % <object#> <generation#> computeobjkey <keystring>
{
exch
FileKey length 5 add string
dup 0 FileKey putinterval
exch
% stack: gen# string obj#
2 copy 255 and FileKey length exch put
2 copy -8 bitshift 255 and FileKey length 1 add exch put
2 copy -16 bitshift 255 and FileKey length 2 add exch put
pop exch
2 copy 255 and FileKey length 3 add exch put
2 copy -8 bitshift 255 and FileKey length 4 add exch put
pop
% this step is for the AES cipher only
Trailer /Encrypt oget
dup /StmF knownoget {
exch /CF knownoget {
exch oget /CFM oget /AESV2 eq {
(sAlT) concatstrings
} if
} {
pop
} ifelse
} {
pop
} ifelse
md5 0 FileKey length 5 add 2 index length .min getinterval
} bind def
% As .pdfrun, but decrypt strings with key <key>.
/PDFScanRules_true << /PDFScanRules true >> def
/PDFScanRules_null << /PDFScanRules null >> def
/.decpdfrun % <file> <keystring> <opdict> .decpdfrun -
{ % Construct a procedure with the file, opdict and key bound into it.
2 index cvlit mark
/PDFScanRules .getuserparam //null eq {
//PDFScanRules_true { setuserparams } 0 get % force PDF scanning mode
mark 7 4 roll
} {
mark 5 2 roll
} ifelse
{ .pdftoken not { (%%EOF) cvn cvx } if
dup xcheck
{ PDFDEBUG { dup == flush } if
3 -1 roll pop
2 copy .knownget
{ exch pop exch pop exec
}
{ exch pop
dup /true eq
{ pop //true
}
{ dup /false eq
{ pop //false
}
{ dup /null eq
{ pop //null
}
{ ( **** Unknown operator: )
exch =string cvs concatstrings (\n) concatstrings
pdfformaterror
}
ifelse
}
ifelse
}
ifelse
}
ifelse
}
{ exch pop PDFDEBUG { dup ==only ( ) print flush } if
dup type /stringtype eq
{
% Check if we have encrypted strings R=4 allows for
% selection of encryption on streams and strings
Trailer /Encrypt oget % Get encryption dictionary
dup /R oget 4 lt % only 4 has selectable
{ % R < 4 --> arc4 strings
pop 1 index arc4decode % Decrypt string
PDFDEBUG { (%Decrypted: ) print dup == flush } if
} { % Else R = 4
/StrF knownoget % Get StrF (if present)
{ % If StrF is present ...
dup /Identity eq not % Check if StrF != Identity
{ /StdCF eq
{ Trailer /Encrypt oget /CF knownoget {
/StdCF oget /CFM oget /AESV2 eq
} {
//false
} ifelse { % Decrypt string
1 index aesdecode
} {
1 index arc4decode
} ifelse
}
{ 1 index arc4decode }
ifelse % If StrF != StdCF
PDFDEBUG { (%Decrypted: ) print dup == flush } if
}
{ pop }
ifelse % If StrF != identity
}
if % If StrF is known
}
ifelse % Ifelse R < 4
}
if % If = stringtype
exch pop
}
ifelse
}
aload pop .packtomark cvx
{ loop } 0 get 2 packedarray cvx
{ stopped } 0 get
/PDFScanRules .getuserparam //null eq {
//PDFScanRules_null { setuserparams } 0 get % reset PDF scannig mode if it was off
} if
/PDFsource PDFsource
{ store { stop } if } aload pop .packtomark cvx
/PDFsource 3 -1 roll store exec
} bind def
currentdict /PDFScanRules_true undef
currentdict /PDFScanRules_null undef
% Run the code to resolve an object reference.
/pdf_run_resolve
{ /FileKey where % Check if the file is encrypted
{ pop % File is encrypted
2 copy computeobjkey dup 4 1 roll
PDFfile exch resolveopdict .decpdfrun
dup dup dup 5 2 roll
% stack: object object key object object
{ % Use loop to provide an exitable context.
xcheck exch type /dicttype eq and % Check if executable dictionary
not { % If object is not ...
pop pop % ignore object
exit % Exit 'loop' context
} if % If not possible stream
% Starting with PDF 1.4 (R = 3), there are some extra features
% which control encryption of streams. The EncryptMetadata entry
% in the Encrypt dict controls the encryption of metadata streams.
Trailer /Encrypt oget % Get encryption dictionary
dup /R oget dup 3 lt % Only PDF 1.4 and higher has options
{ % R < 3 --> all streams encrypted
pop pop /StreamKey exch put % Insert StreamKey in dictionary
exit % Exit 'loop' context
} if
% Check EncryptMeta. stack: object object key Encrypt R
exch dup /EncryptMetadata knownoget % Get EncryptMetadata (if present)
not { true } if % If not present default = true
not % Check if EncryptMetadata = false
{ % if false we need to check the stream type
3 index /Type knownoget % Get stream type (if present)
not { //null } if % If type not present use fake name
/Metadata eq % Check if the type is Metadata
{ pop pop pop pop % Type == Metadata --> no encryption
exit % Exit 'loop' context
} if
} if
% PDF 1.5 encryption (R == 4) has selectable encryption handlers. If
% this is not PDF 1.5 encryption (R < 4) then we are done checking and
% we need to decrypt the stream. stack: object object key R Encrypt
exch 4 lt % Check for less than PDF 1.5
{ pop /StreamKey exch put % Insert StreamKey in dictionary
exit % Exit 'loop' context
} if
% Check if the stream encryption handler (StmF) == Identity.
PDFDEBUG {
Trailer /Encrypt oget /CF knownoget {
/StdCF oget /CFM oget
(Encrypt StmF is StdCF with CFM ) print =
} if
} if
/StmF knownoget % Get StmF (if present)
not { /Identity } if % If StmF not present default = Identity
/Identity eq % Check if StmF == Identity
{ pop pop % Identity --> no encryption
exit % Exit 'loop' context
} if
% If we get here then we need to decrypt the stream.
/StreamKey exch put % Insert StreamKey into dictionary
exit % Exit 'loop' context, never loop
} loop % End of loop exitable context
} { % Else file is not encrypted
PDFfile resolveopdict .pdfrun
} ifelse % Ifelse encrypted
} bind def
% Prefix a decryption filter to a stream if needed.
% Stack: readdata? dict parms file/string filternames
% (both before and after).
/pdf_decrypt_stream
{ 3 index /StreamKey known % Check if the file is encrypted
{
exch
% Stack: readdata? dict parms filternames file/string
3 index /StreamKey get
Trailer /Encrypt oget
dup /StmF knownoget
{ % stack: key Encrypt StmF
exch /CF knownoget {
exch oget /CFM oget % stack: key StmF-CFM
/AESV2 eq
} { pop //false } ifelse
{ aesdecodefilter } % install the requested filter
{ arc4decodefilter }
ifelse
}
{ pop arc4decodefilter } % fallback for no StmF
ifelse
exch
} if
} bind def
end % pdfdict
.setglobal
|
