Class: Origami::Encryption::Standard::Dictionary
- Inherits:
-
EncryptionDictionary
- Object
- Hash
- Dictionary
- EncryptionDictionary
- Origami::Encryption::Standard::Dictionary
- Defined in:
- lib/origami/encryption.rb
Overview
Class defining a standard encryption dictionary.
Constant Summary
Constants included from StandardObject
StandardObject::DEFAULT_ATTRIBUTES
Constants inherited from Dictionary
Constants included from Object
Instance Attribute Summary
Attributes inherited from Dictionary
#names_cache, #strings_cache, #xref_cache
Attributes included from Object
#file_offset, #generation, #no, #objstm_offset, #parent
Instance Method Summary collapse
-
#compute_owner_encryption_key(ownerpassword) ⇒ Object
Computes the key that will be used to encrypt/decrypt the document contents with owner password.
-
#compute_user_encryption_key(userpassword, fileid) ⇒ Object
Computes the key that will be used to encrypt/decrypt the document contents with user password.
-
#is_owner_password?(pass, salt) ⇒ Boolean
Checks owner password.
-
#is_user_password?(pass, salt) ⇒ Boolean
Checks user password.
-
#pdf_version_required ⇒ Object
:nodoc:.
-
#retrieve_user_password(ownerpassword) ⇒ Object
Retrieve user password from owner password.
-
#set_passwords(ownerpassword, userpassword, salt = nil) ⇒ Object
Set up document passwords.
Methods included from StandardObject
#do_type_check, #has_field?, included, #pre_build, #set_default_value, #set_default_values
Methods inherited from Dictionary
#[], #[]=, #delete, #has_key?, #initialize, #map!, #merge, #method_missing, parse, #real_type, #to_obfuscated_str, #to_s
Methods included from Object
#<=>, #copy, #indirect_parent, #initialize, #is_indirect?, parse, #pdf, #post_build, #pre_build, #reference, #set_indirect, #set_pdf, #size, skip_until_next_obj, #solve, #to_o, #to_s, #type, typeof, #xrefs
Methods inherited from Hash
Constructor Details
This class inherits a constructor from Origami::Dictionary
Dynamic Method Handling
This class handles dynamic methods through the method_missing method in the class Origami::Dictionary
Instance Method Details
#compute_owner_encryption_key(ownerpassword) ⇒ Object
Computes the key that will be used to encrypt/decrypt the document contents with owner password. Revision 5 and above.
1133 1134 1135 1136 1137 1138 1139 1140 1141 1142 1143 1144 1145 1146 1147 1148 |
# File 'lib/origami/encryption.rb', line 1133 def compute_owner_encryption_key(ownerpassword) if self.R >= 5 passwd = password_to_utf8(ownerpassword) oks = self.O[40, 8] if self.R == 5 okey = Digest::SHA256.digest(passwd + oks) else okey = compute_hardened_hash(passwd, oks) end iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*") AES.new(okey, nil, false).decrypt(iv + self.OE.value) end end |
#compute_user_encryption_key(userpassword, fileid) ⇒ Object
Computes the key that will be used to encrypt/decrypt the document contents with user password.
1091 1092 1093 1094 1095 1096 1097 1098 1099 1100 1101 1102 1103 1104 1105 1106 1107 1108 1109 1110 1111 1112 1113 1114 1115 1116 1117 1118 1119 1120 1121 1122 1123 1124 1125 1126 1127 |
# File 'lib/origami/encryption.rb', line 1091 def compute_user_encryption_key(userpassword, fileid) if self.R < 5 padded = pad_password(userpassword) padded << self.O padded << [ self.P ].pack("i") padded << fileid = self.EncryptMetadata != false padded << "\xFF\xFF\xFF\xFF" if self.R >= 4 and not key = Digest::MD5.digest(padded) 50.times { key = Digest::MD5.digest(key[0, self.Length / 8]) } if self.R >= 3 if self.R == 2 key[0, 5] elsif self.R >= 3 key[0, self.Length / 8] end else passwd = password_to_utf8(userpassword) uks = self.U[40, 8] if self.R == 5 ukey = Digest::SHA256.digest(passwd + uks) else ukey = compute_hardened_hash(passwd, uks) end iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*") AES.new(ukey, nil, false).decrypt(iv + self.UE.value) end end |
#is_owner_password?(pass, salt) ⇒ Boolean
Checks owner password. For version 2,3 and 4, salt is the document ID. For version 5, salt is (Owner Key Salt + U)
1228 1229 1230 1231 1232 1233 1234 1235 1236 1237 1238 1239 1240 |
# File 'lib/origami/encryption.rb', line 1228 def is_owner_password?(pass, salt) if self.R < 5 user_password = retrieve_user_password(pass) is_user_password?(user_password, salt) elsif self.R == 5 ovs = self.O[32, 8] Digest::SHA256.digest(password_to_utf8(pass) + ovs + self.U) == self.O[0, 32] elsif self.R == 6 ovs = self.O[32, 8] compute_hardened_hash(password_to_utf8(pass), ovs, self.U[0,48]) == self.O[0, 32] end end |
#is_user_password?(pass, salt) ⇒ Boolean
Checks user password. For version 2,3 and 4, salt is the document ID. For version 5 and 6, salt is the User Key Salt.
1209 1210 1211 1212 1213 1214 1215 1216 1217 1218 1219 1220 1221 |
# File 'lib/origami/encryption.rb', line 1209 def is_user_password?(pass, salt) if self.R == 2 compute_user_password(pass, salt) == self.U elsif self.R == 3 or self.R == 4 compute_user_password(pass, salt)[0, 16] == self.U[0, 16] elsif self.R == 5 uvs = self.U[32, 8] Digest::SHA256.digest(password_to_utf8(pass) + uvs) == self.U[0, 32] elsif self.R == 6 uvs = self.U[32, 8] compute_hardened_hash(password_to_utf8(pass), uvs) == self.U[0, 32] end end |
#pdf_version_required ⇒ Object
:nodoc:
1080 1081 1082 1083 1084 1085 1086 |
# File 'lib/origami/encryption.rb', line 1080 def pdf_version_required #:nodoc: if self.R > 5 [ 1.7, 8 ] else super end end |
#retrieve_user_password(ownerpassword) ⇒ Object
Retrieve user password from owner password. Cannot be used with revision 5.
1246 1247 1248 1249 1250 1251 1252 1253 1254 1255 1256 1257 |
# File 'lib/origami/encryption.rb', line 1246 def retrieve_user_password(ownerpassword) key = compute_owner_key(ownerpassword) if self.R == 2 ARC4.decrypt(key, self.O) elsif self.R == 3 or self.R == 4 user_password = ARC4.decrypt(xor(key, 19), self.O) 19.times { |i| user_password = ARC4.decrypt(xor(key, 18-i), user_password) } user_password end end |
#set_passwords(ownerpassword, userpassword, salt = nil) ⇒ Object
Set up document passwords.
1153 1154 1155 1156 1157 1158 1159 1160 1161 1162 1163 1164 1165 1166 1167 1168 1169 1170 1171 1172 1173 1174 1175 1176 1177 1178 1179 1180 1181 1182 1183 1184 1185 1186 1187 1188 1189 1190 1191 1192 1193 1194 1195 1196 1197 1198 1199 1200 1201 1202 |
# File 'lib/origami/encryption.rb', line 1153 def set_passwords(ownerpassword, userpassword, salt = nil) if self.R < 5 key = compute_owner_key(ownerpassword) upadded = pad_password(userpassword) owner_key = ARC4.encrypt(key, upadded) 19.times { |i| owner_key = ARC4.encrypt(xor(key,i+1), owner_key) } if self.R >= 3 self.O = owner_key self.U = compute_user_password(userpassword, salt) else upass = password_to_utf8(userpassword) opass = password_to_utf8(ownerpassword) uvs, uks, ovs, oks = ::Array.new(4) { ::Array.new(8) { rand(255) }.pack("C*") } file_key = ::Array.new(32) { rand(256) }.pack("C*") iv = ::Array.new(AES::BLOCKSIZE, 0).pack("C*") if self.R == 5 ukey = Digest::SHA256.digest(upass + uks) okey = Digest::SHA256.digest(opass + oks) else ukey = compute_hardened_hash(upass, uks) okey = compute_hardened_hash(upass, oks) end self.UE = AES.new(ukey, iv, false).encrypt(file_key)[iv.size, 32] self.OE = AES.new(okey, iv, false).encrypt(file_key)[iv.size, 32] if self.R == 5 self.U = Digest::SHA256.digest(upass + uvs) + uvs + uks self.O = Digest::SHA256.digest(opass + ovs + self.U) + ovs + oks else self.U = compute_hardened_hash(upass, uvs) + uvs + uks self.O = compute_hardened_hash(opass, ovs, self.U) + ovs + oks end perms = [ self.P ].pack("V") + # 0-3 "\xff" * 4 + # 4-7 (self.EncryptMetadata == true ? "T" : "F") + # 8 "adb" + # 9-11 "\x00" * 4 # 12-15 self.Perms = AES.new(file_key, iv, false).encrypt(perms)[iv.size, 16] file_key end end |