Class: Origami::Encryption::Standard::Dictionary

Inherits:

EncryptionDictionary

• Object
• Hash
• Dictionary
• EncryptionDictionary
• Origami::Encryption::Standard::Dictionary

Defined in:

lib/origami/encryption.rb

Overview

Class defining a standard encryption dictionary.

Constant Summary

Constants included from StandardObject

StandardObject::DEFAULT_ATTRIBUTES

Constants inherited from Dictionary

Dictionary::TOKENS

Constants included from Object

Object::TOKENS

Instance Attribute Summary

Attributes inherited from Dictionary

#names_cache, #strings_cache, #xref_cache

Attributes included from Object

#file_offset, #generation, #no, #objstm_offset, #parent

Instance Method Summary

• #compute_owner_encryption_key(ownerpassword) ⇒ Object

  Computes the key that will be used to encrypt/decrypt the document contents with owner password.

• #compute_user_encryption_key(userpassword, fileid) ⇒ Object

  Computes the key that will be used to encrypt/decrypt the document contents with user password.

• #is_owner_password?(pass, salt) ⇒ Boolean

  Checks owner password.

• #is_user_password?(pass, salt) ⇒ Boolean

  Checks user password.

• #pdf_version_required ⇒ Object

  :nodoc:.

• #retrieve_user_password(ownerpassword) ⇒ Object

  Retrieve user password from owner password.

• #set_passwords(ownerpassword, userpassword, salt = nil) ⇒ Object

  Set up document passwords.

Methods included from StandardObject

#do_type_check, #has_field?, included, #pre_build, #set_default_value, #set_default_values

Methods inherited from Dictionary

#[], #[]=, #delete, #has_key?, #initialize, #map!, #merge, #method_missing, parse, #real_type, #to_obfuscated_str, #to_s

Methods included from Object

#<=>, #copy, #indirect_parent, #initialize, #is_indirect?, parse, #pdf, #post_build, #pre_build, #reference, #set_indirect, #set_pdf, #size, skip_until_next_obj, #solve, #to_o, #to_s, #type, typeof, #xrefs

Methods inherited from Hash

#to_o

Constructor Details

This class inherits a constructor from Origami::Dictionary

Dynamic Method Handling

This class handles dynamic methods through the method_missing method in the class Origami::Dictionary

Instance Method Details

#compute_owner_encryption_key(ownerpassword) ⇒ Object

Computes the key that will be used to encrypt/decrypt the document contents with owner password. Revision 5 and above.

# File 'lib/origami/encryption.rb', line 1133

def compute_owner_encryption_key(ownerpassword)
  if self.R >= 5
    passwd = password_to_utf8(ownerpassword)

    oks = self.O[40, 8]

    if self.R == 5
      okey = Digest::SHA256.digest(passwd + oks)
    else
      okey = compute_hardened_hash(passwd, oks)
    end

    iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
    AES.new(okey, nil, false).decrypt(iv + self.OE.value)
  end
end

#compute_user_encryption_key(userpassword, fileid) ⇒ Object

Computes the key that will be used to encrypt/decrypt the document contents with user password.

# File 'lib/origami/encryption.rb', line 1091

def compute_user_encryption_key(userpassword, fileid)
 
  if self.R < 5
    padded = pad_password(userpassword)

    padded << self.O
    padded << [ self.P ].pack("i")
    
    padded << fileid
    
    encrypt_metadata = self.EncryptMetadata != false
    padded << "\xFF\xFF\xFF\xFF" if self.R >= 4 and not encrypt_metadata

    key = Digest::MD5.digest(padded)

    50.times { key = Digest::MD5.digest(key[0, self.Length / 8]) } if self.R >= 3

    if self.R == 2
      key[0, 5]
    elsif self.R >= 3
      key[0, self.Length / 8]
    end
  else
    passwd = password_to_utf8(userpassword)
    
    uks = self.U[40, 8]
    
    if self.R == 5
      ukey = Digest::SHA256.digest(passwd + uks)
    else
      ukey = compute_hardened_hash(passwd, uks)
    end
    
    iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
    AES.new(ukey, nil, false).decrypt(iv + self.UE.value)
  end
end

#is_owner_password?(pass, salt) ⇒ Boolean

Checks owner password. For version 2,3 and 4, salt is the document ID. For version 5, salt is (Owner Key Salt + U)

Returns:

• (Boolean)

# File 'lib/origami/encryption.rb', line 1228

def is_owner_password?(pass, salt)

  if self.R < 5
    user_password = retrieve_user_password(pass)
    is_user_password?(user_password, salt)
  elsif self.R == 5
    ovs = self.O[32, 8]
    Digest::SHA256.digest(password_to_utf8(pass) + ovs + self.U) == self.O[0, 32]
  elsif self.R == 6
    ovs = self.O[32, 8]
    compute_hardened_hash(password_to_utf8(pass), ovs, self.U[0,48]) == self.O[0, 32]
  end
end

#is_user_password?(pass, salt) ⇒ Boolean

Checks user password. For version 2,3 and 4, salt is the document ID. For version 5 and 6, salt is the User Key Salt.

Returns:

• (Boolean)

# File 'lib/origami/encryption.rb', line 1209

def is_user_password?(pass, salt)
  if self.R == 2 
    compute_user_password(pass, salt) == self.U
  elsif self.R == 3 or self.R == 4
    compute_user_password(pass, salt)[0, 16] == self.U[0, 16]
  elsif self.R == 5
    uvs = self.U[32, 8]
    Digest::SHA256.digest(password_to_utf8(pass) + uvs) == self.U[0, 32]
  elsif self.R == 6
    uvs = self.U[32, 8]
    compute_hardened_hash(password_to_utf8(pass), uvs) == self.U[0, 32]
  end
end

#pdf_version_required ⇒ Object

:nodoc:

# File 'lib/origami/encryption.rb', line 1080

def pdf_version_required #:nodoc:
  if self.R > 5
    [ 1.7, 8 ]
  else
    super
  end
end

#retrieve_user_password(ownerpassword) ⇒ Object

Retrieve user password from owner password. Cannot be used with revision 5.

# File 'lib/origami/encryption.rb', line 1246

def retrieve_user_password(ownerpassword)
  key = compute_owner_key(ownerpassword)

  if self.R == 2
    ARC4.decrypt(key, self.O)
  elsif self.R == 3 or self.R == 4
    user_password = ARC4.decrypt(xor(key, 19), self.O)
    19.times { |i| user_password = ARC4.decrypt(xor(key, 18-i), user_password) }
    
    user_password 
  end
end

#set_passwords(ownerpassword, userpassword, salt = nil) ⇒ Object

Set up document passwords.

# File 'lib/origami/encryption.rb', line 1153

def set_passwords(ownerpassword, userpassword, salt = nil)
  if self.R < 5
    key = compute_owner_key(ownerpassword)
    upadded = pad_password(userpassword)
    
    owner_key = ARC4.encrypt(key, upadded)
    19.times { |i| owner_key = ARC4.encrypt(xor(key,i+1), owner_key) } if self.R >= 3
  
    self.O = owner_key
    self.U = compute_user_password(userpassword, salt)
  
  else
    upass = password_to_utf8(userpassword)
    opass = password_to_utf8(ownerpassword)

    uvs, uks, ovs, oks = ::Array.new(4) { ::Array.new(8) { rand(255) }.pack("C*") }
    file_key = ::Array.new(32) { rand(256) }.pack("C*")
    iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*")
    
    if self.R == 5
      ukey = Digest::SHA256.digest(upass + uks)
      okey = Digest::SHA256.digest(opass + oks)
    else
      ukey = compute_hardened_hash(upass, uks)
      okey = compute_hardened_hash(upass, oks)
    end

    self.UE = AES.new(ukey, iv, false).encrypt(file_key)[iv.size, 32]
    self.OE = AES.new(okey, iv, false).encrypt(file_key)[iv.size, 32]
      
    if self.R == 5
      self.U = Digest::SHA256.digest(upass + uvs) + uvs + uks
      self.O = Digest::SHA256.digest(opass + ovs + self.U) + ovs + oks
    else
      self.U = compute_hardened_hash(upass, uvs) + uvs + uks
      self.O = compute_hardened_hash(opass, ovs, self.U) + ovs + oks
    end

    perms = 
      [ self.P ].pack("V") +                              # 0-3
      "\xff" * 4 +                                        # 4-7
      (self.EncryptMetadata == true ? "T" : "F") +        # 8
      "adb" +                                             # 9-11
      "\x00" * 4                                          # 12-15

    self.Perms = AES.new(file_key, iv, false).encrypt(perms)[iv.size, 16]

    file_key
  end
end