File: key_builder_v5.rb

package info (click to toggle)
ruby-pdf-reader 2.15.0-1
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 33,512 kB
  • sloc: ruby: 11,959; sh: 46; makefile: 11
file content (146 lines) | stat: -rw-r--r-- 4,754 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
 
# coding: utf-8
# typed: strict
# frozen_string_literal: true

require 'digest/md5'
require 'rc4'

class PDF::Reader

  # Processes the Encrypt dict from an encrypted PDF and a user provided
  # password and returns a key that can decrypt the file.
  #
  # This can generate a decryption key compatible with the following standard encryption algorithms:
  #
  # * Version 5 (AESV3)
  #
  class KeyBuilderV5

    #: (?Hash[Symbol, String]) -> void
    def initialize(opts = {})
      @key_length   = 256 #: Integer

      # hash(32B) + validation salt(8B) + key salt(8B)
      @owner_key    = opts[:owner_key] || "" #: String

      # hash(32B) + validation salt(8B) + key salt(8B)
      @user_key     = opts[:user_key] || "" #: String

      # decryption key, encrypted w/ owner password
      @owner_encryption_key = opts[:owner_encryption_key] || "" #: String

      # decryption key, encrypted w/ user password
      @user_encryption_key  = opts[:user_encryption_key] || "" #: String
    end

    # Takes a string containing a user provided password.
    #
    # If the password matches the file, then a string containing a key suitable for
    # decrypting the file will be returned. If the password doesn't match the file,
    # and exception will be raised.
    #
    #: (String) -> String
    def key(pass)
      pass = pass.byteslice(0...127).to_s   # UTF-8 encoded password. first 127 bytes

      encrypt_key   = auth_owner_pass(pass)
      encrypt_key ||= auth_user_pass(pass)
      encrypt_key ||= auth_owner_pass_r6(pass)
      encrypt_key ||= auth_user_pass_r6(pass)

      raise PDF::Reader::EncryptedPDFError, "Invalid password (#{pass})" if encrypt_key.nil?
      encrypt_key
    end

    private

    # Algorithm 3.2a - Computing an encryption key
    #
    # Defined in PDF 1.7 Extension Level 3
    #
    # if the string is a valid user/owner password, this will return the decryption key
    #
    #: (String) -> (String | nil)
    def auth_owner_pass(password)
      if Digest::SHA256.digest(password + @owner_key[32..39].to_s + @user_key) == @owner_key[0..31]
        cipher = OpenSSL::Cipher.new('AES-256-CBC')
        cipher.decrypt
        cipher.key = Digest::SHA256.digest(password + @owner_key[40..-1].to_s + @user_key)
        cipher.iv = "\x00" * 16
        cipher.padding = 0
        cipher.update(@owner_encryption_key) + cipher.final
      end
    end

    #: (String) -> (String | nil)
    def auth_user_pass(password)
      if Digest::SHA256.digest(password + @user_key[32..39].to_s) == @user_key[0..31]
        cipher = OpenSSL::Cipher.new('AES-256-CBC')
        cipher.decrypt
        cipher.key = Digest::SHA256.digest(password + @user_key[40..-1].to_s)
        cipher.iv = "\x00" * 16
        cipher.padding = 0
        cipher.update(@user_encryption_key) + cipher.final
      end
    end

    #: (String) -> (String | nil)
    def auth_owner_pass_r6(password)
      if r6_digest(password, @owner_key[32..39].to_s, @user_key[0,48].to_s) == @owner_key[0..31]
        cipher = OpenSSL::Cipher.new('AES-256-CBC')
        cipher.decrypt
        cipher.key = r6_digest(password, @owner_key[40,8].to_s, @user_key[0, 48].to_s)
        cipher.iv = "\x00" * 16
        cipher.padding = 0
        cipher.update(@owner_encryption_key) + cipher.final
      end
    end

    #: (String) -> (String | nil)
    def auth_user_pass_r6(password)
      if r6_digest(password, @user_key[32..39].to_s) == @user_key[0..31]
        cipher = OpenSSL::Cipher.new('AES-256-CBC')
        cipher.decrypt
        cipher.key = r6_digest(password, @user_key[40,8].to_s)
        cipher.iv = "\x00" * 16
        cipher.padding = 0
        cipher.update(@user_encryption_key) + cipher.final
      end
    end

    # PDF 2.0 spec, 7.6.4.3.4
    # Algorithm 2.B: Computing a hash (revision 6 and later)
    #: (String, String, ?String) -> String
    def r6_digest(password, salt, user_key = '')
      k = Digest::SHA256.digest(password + salt + user_key)
      e = ''

      i = 0
      while i < 64 or e.getbyte(-1).to_i > i - 32
        k1 = (password + k + user_key) * 64

        aes = OpenSSL::Cipher.new("aes-128-cbc").encrypt
        aes.key = k[0, 16].to_s
        aes.iv = k[16, 16].to_s
        aes.padding = 0
        e = String.new(aes.update(k1))
        k = case unpack_128bit_bigendian_int(e) % 3
            when 0 then Digest::SHA256.digest(e)
            when 1 then Digest::SHA384.digest(e)
            when 2 then Digest::SHA512.digest(e)
            end
        i = i + 1
      end

      k[0, 32].to_s
    end

    #: (String) -> Integer
    def unpack_128bit_bigendian_int(str)
      ints = str[0,16].to_s.unpack("N*")
      (ints[0].to_i << 96) + (ints[1].to_i << 64) + (ints[2].to_i << 32) + ints[3].to_i
    end

  end
end