2009-10-17 03:14:47 +00:00
|
|
|
#include <qpdf/Pl_AES_PDF.hh>
|
|
|
|
#include <qpdf/QUtil.hh>
|
|
|
|
#include <cstring>
|
|
|
|
#include <assert.h>
|
|
|
|
#include <stdexcept>
|
2009-10-17 15:01:20 +00:00
|
|
|
#include <qpdf/rijndael.h>
|
2009-10-17 18:54:51 +00:00
|
|
|
#include <string>
|
|
|
|
#include <stdlib.h>
|
2009-10-18 00:12:35 +00:00
|
|
|
#include <qpdf/qpdf-config.h>
|
|
|
|
#ifndef HAVE_RANDOM
|
|
|
|
# define random rand
|
|
|
|
# define srandom srand
|
|
|
|
#endif
|
2009-10-17 03:14:47 +00:00
|
|
|
|
2009-10-19 00:36:51 +00:00
|
|
|
bool Pl_AES_PDF::use_static_iv = false;
|
|
|
|
|
2009-10-17 03:14:47 +00:00
|
|
|
Pl_AES_PDF::Pl_AES_PDF(char const* identifier, Pipeline* next,
|
2009-10-17 23:37:55 +00:00
|
|
|
bool encrypt, unsigned char const key[key_size]) :
|
2009-10-17 03:14:47 +00:00
|
|
|
Pipeline(identifier, next),
|
|
|
|
encrypt(encrypt),
|
2009-10-17 18:54:51 +00:00
|
|
|
cbc_mode(true),
|
|
|
|
first(true),
|
2009-10-17 15:01:20 +00:00
|
|
|
offset(0),
|
|
|
|
nrounds(0)
|
2009-10-17 03:14:47 +00:00
|
|
|
{
|
2009-10-17 15:01:20 +00:00
|
|
|
static int const keybits = 128;
|
|
|
|
assert(key_size == KEYLENGTH(keybits));
|
|
|
|
assert(sizeof(this->rk) / sizeof(uint32_t) == RKLENGTH(keybits));
|
|
|
|
std::memcpy(this->key, key, key_size);
|
|
|
|
std::memset(this->rk, 0, sizeof(this->rk));
|
|
|
|
std::memset(this->inbuf, 0, this->buf_size);
|
|
|
|
std::memset(this->outbuf, 0, this->buf_size);
|
2009-10-17 18:54:51 +00:00
|
|
|
std::memset(this->cbc_block, 0, this->buf_size);
|
2009-10-17 15:01:20 +00:00
|
|
|
if (encrypt)
|
|
|
|
{
|
|
|
|
this->nrounds = rijndaelSetupEncrypt(this->rk, this->key, keybits);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
this->nrounds = rijndaelSetupDecrypt(this->rk, this->key, keybits);
|
|
|
|
}
|
|
|
|
assert(this->nrounds == NROUNDS(keybits));
|
2009-10-17 03:14:47 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
Pl_AES_PDF::~Pl_AES_PDF()
|
|
|
|
{
|
2009-10-17 15:01:20 +00:00
|
|
|
// nothing needed
|
2009-10-17 03:14:47 +00:00
|
|
|
}
|
|
|
|
|
2009-10-17 18:54:51 +00:00
|
|
|
void
|
|
|
|
Pl_AES_PDF::disableCBC()
|
|
|
|
{
|
|
|
|
this->cbc_mode = false;
|
|
|
|
}
|
|
|
|
|
2009-10-19 00:36:51 +00:00
|
|
|
void
|
|
|
|
Pl_AES_PDF::useStaticIV()
|
|
|
|
{
|
|
|
|
use_static_iv = true;
|
|
|
|
}
|
|
|
|
|
2009-10-17 03:14:47 +00:00
|
|
|
void
|
2012-06-20 11:20:57 -04:00
|
|
|
Pl_AES_PDF::write(unsigned char* data, size_t len)
|
2009-10-17 03:14:47 +00:00
|
|
|
{
|
2012-06-20 11:20:57 -04:00
|
|
|
size_t bytes_left = len;
|
2009-10-17 03:14:47 +00:00
|
|
|
unsigned char* p = data;
|
|
|
|
|
|
|
|
while (bytes_left > 0)
|
|
|
|
{
|
|
|
|
if (this->offset == this->buf_size)
|
|
|
|
{
|
|
|
|
flush(false);
|
|
|
|
}
|
|
|
|
|
2012-06-20 11:20:57 -04:00
|
|
|
size_t available = this->buf_size - this->offset;
|
|
|
|
size_t bytes = (bytes_left < available ? bytes_left : available);
|
2009-10-17 03:14:47 +00:00
|
|
|
bytes_left -= bytes;
|
2009-10-17 15:01:20 +00:00
|
|
|
std::memcpy(this->inbuf + this->offset, p, bytes);
|
2009-10-17 03:14:47 +00:00
|
|
|
this->offset += bytes;
|
|
|
|
p += bytes;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
Pl_AES_PDF::finish()
|
|
|
|
{
|
|
|
|
if (this->encrypt)
|
|
|
|
{
|
|
|
|
if (this->offset == this->buf_size)
|
|
|
|
{
|
|
|
|
flush(false);
|
|
|
|
}
|
|
|
|
// Pad as described in section 3.5.1 of version 1.7 of the PDF
|
|
|
|
// specification, including providing an entire block of padding
|
|
|
|
// if the input was a multiple of 16 bytes.
|
2012-06-20 11:20:57 -04:00
|
|
|
unsigned char pad = (unsigned char) (this->buf_size - this->offset);
|
2009-10-17 15:01:20 +00:00
|
|
|
memset(this->inbuf + this->offset, pad, pad);
|
2009-10-17 03:14:47 +00:00
|
|
|
this->offset = this->buf_size;
|
|
|
|
flush(false);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
if (this->offset != this->buf_size)
|
|
|
|
{
|
2010-03-27 13:17:31 +00:00
|
|
|
// This is never supposed to happen as the output is
|
|
|
|
// always supposed to be padded. However, we have
|
|
|
|
// encountered files for which the output is not a
|
|
|
|
// multiple of the block size. In this case, pad with
|
|
|
|
// zeroes and hope for the best.
|
|
|
|
assert(this->buf_size > this->offset);
|
|
|
|
std::memset(this->inbuf + this->offset, 0,
|
|
|
|
this->buf_size - this->offset);
|
|
|
|
this->offset = this->buf_size;
|
2009-10-17 03:14:47 +00:00
|
|
|
}
|
|
|
|
flush(true);
|
|
|
|
}
|
|
|
|
getNext()->finish();
|
|
|
|
}
|
|
|
|
|
2009-10-17 18:54:51 +00:00
|
|
|
void
|
|
|
|
Pl_AES_PDF::initializeVector()
|
|
|
|
{
|
2009-10-18 14:09:10 +00:00
|
|
|
static bool seeded_random = false;
|
|
|
|
if (! seeded_random)
|
|
|
|
{
|
2009-10-18 16:03:10 +00:00
|
|
|
// Seed the random number generator with something simple, but
|
|
|
|
// just to be interesting, don't use the unmodified current
|
|
|
|
// time....
|
|
|
|
srandom((int)QUtil::get_current_time() ^ 0xcccc);
|
2009-10-18 14:09:10 +00:00
|
|
|
seeded_random = true;
|
|
|
|
}
|
2009-10-19 00:36:51 +00:00
|
|
|
if (use_static_iv)
|
|
|
|
{
|
|
|
|
for (unsigned int i = 0; i < this->buf_size; ++i)
|
|
|
|
{
|
|
|
|
this->cbc_block[i] = 14 * (1 + i);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
else
|
2009-10-17 18:54:51 +00:00
|
|
|
{
|
2009-10-19 00:36:51 +00:00
|
|
|
for (unsigned int i = 0; i < this->buf_size; ++i)
|
|
|
|
{
|
|
|
|
this->cbc_block[i] = (unsigned char)((random() & 0xff0) >> 4);
|
|
|
|
}
|
2009-10-17 18:54:51 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-10-17 03:14:47 +00:00
|
|
|
void
|
|
|
|
Pl_AES_PDF::flush(bool strip_padding)
|
|
|
|
{
|
|
|
|
assert(this->offset == this->buf_size);
|
2009-10-17 18:54:51 +00:00
|
|
|
|
|
|
|
if (first)
|
|
|
|
{
|
|
|
|
first = false;
|
|
|
|
if (this->cbc_mode)
|
|
|
|
{
|
|
|
|
if (encrypt)
|
|
|
|
{
|
|
|
|
// Set cbc_block to a random initialization vector and
|
|
|
|
// write it to the output stream
|
|
|
|
initializeVector();
|
|
|
|
getNext()->write(this->cbc_block, this->buf_size);
|
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
|
|
|
// Take the first block of input as the initialization
|
|
|
|
// vector. There's nothing to write at this time.
|
|
|
|
memcpy(this->cbc_block, this->inbuf, this->buf_size);
|
|
|
|
this->offset = 0;
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2009-10-17 03:14:47 +00:00
|
|
|
if (this->encrypt)
|
|
|
|
{
|
2009-10-17 18:54:51 +00:00
|
|
|
if (this->cbc_mode)
|
|
|
|
{
|
|
|
|
for (unsigned int i = 0; i < this->buf_size; ++i)
|
|
|
|
{
|
|
|
|
this->inbuf[i] ^= this->cbc_block[i];
|
|
|
|
}
|
|
|
|
}
|
2009-10-17 15:01:20 +00:00
|
|
|
rijndaelEncrypt(this->rk, this->nrounds, this->inbuf, this->outbuf);
|
2009-10-17 18:54:51 +00:00
|
|
|
if (this->cbc_mode)
|
|
|
|
{
|
|
|
|
memcpy(this->cbc_block, this->outbuf, this->buf_size);
|
|
|
|
}
|
2009-10-17 03:14:47 +00:00
|
|
|
}
|
|
|
|
else
|
|
|
|
{
|
2009-10-17 15:01:20 +00:00
|
|
|
rijndaelDecrypt(this->rk, this->nrounds, this->inbuf, this->outbuf);
|
2009-10-17 18:54:51 +00:00
|
|
|
if (this->cbc_mode)
|
|
|
|
{
|
|
|
|
for (unsigned int i = 0; i < this->buf_size; ++i)
|
|
|
|
{
|
|
|
|
this->outbuf[i] ^= this->cbc_block[i];
|
|
|
|
}
|
|
|
|
memcpy(this->cbc_block, this->inbuf, this->buf_size);
|
|
|
|
}
|
2009-10-17 03:14:47 +00:00
|
|
|
}
|
|
|
|
unsigned int bytes = this->buf_size;
|
|
|
|
if (strip_padding)
|
|
|
|
{
|
2009-10-17 15:01:20 +00:00
|
|
|
unsigned char last = this->outbuf[this->buf_size - 1];
|
2009-10-17 03:14:47 +00:00
|
|
|
if (last <= this->buf_size)
|
|
|
|
{
|
|
|
|
bool strip = true;
|
|
|
|
for (unsigned int i = 1; i <= last; ++i)
|
|
|
|
{
|
2009-10-17 15:01:20 +00:00
|
|
|
if (this->outbuf[this->buf_size - i] != last)
|
2009-10-17 03:14:47 +00:00
|
|
|
{
|
|
|
|
strip = false;
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (strip)
|
|
|
|
{
|
|
|
|
bytes -= last;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
2009-10-17 15:01:20 +00:00
|
|
|
getNext()->write(this->outbuf, bytes);
|
2009-10-17 03:14:47 +00:00
|
|
|
this->offset = 0;
|
|
|
|
}
|