1 // Copyright 2014 PDFium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 // Original code copyright 2014 Foxit Software Inc. http://www.foxitsoftware.com
6 
7 #include "core/fpdfapi/parser/cpdf_crypto_handler.h"
8 
9 #include <time.h>
10 
11 #include "core/fdrm/crypto/fx_crypt.h"
12 #include "core/fpdfapi/parser/cpdf_parser.h"
13 #include "core/fpdfapi/parser/cpdf_security_handler.h"
14 #include "core/fpdfapi/parser/cpdf_simple_parser.h"
15 
CryptBlock(bool bEncrypt,uint32_t objnum,uint32_t gennum,const uint8_t * src_buf,uint32_t src_size,uint8_t * dest_buf,uint32_t & dest_size)16 void CPDF_CryptoHandler::CryptBlock(bool bEncrypt,
17                                     uint32_t objnum,
18                                     uint32_t gennum,
19                                     const uint8_t* src_buf,
20                                     uint32_t src_size,
21                                     uint8_t* dest_buf,
22                                     uint32_t& dest_size) {
23   if (m_Cipher == FXCIPHER_NONE) {
24     FXSYS_memcpy(dest_buf, src_buf, src_size);
25     return;
26   }
27   uint8_t realkey[16];
28   int realkeylen = 16;
29   if (m_Cipher != FXCIPHER_AES || m_KeyLen != 32) {
30     uint8_t key1[32];
31     PopulateKey(objnum, gennum, key1);
32 
33     if (m_Cipher == FXCIPHER_AES) {
34       FXSYS_memcpy(key1 + m_KeyLen + 5, "sAlT", 4);
35     }
36     CRYPT_MD5Generate(
37         key1, m_Cipher == FXCIPHER_AES ? m_KeyLen + 9 : m_KeyLen + 5, realkey);
38     realkeylen = m_KeyLen + 5;
39     if (realkeylen > 16) {
40       realkeylen = 16;
41     }
42   }
43   if (m_Cipher == FXCIPHER_AES) {
44     CRYPT_AESSetKey(m_pAESContext, 16, m_KeyLen == 32 ? m_EncryptKey : realkey,
45                     m_KeyLen, bEncrypt);
46     if (bEncrypt) {
47       uint8_t iv[16];
48       for (int i = 0; i < 16; i++) {
49         iv[i] = (uint8_t)rand();
50       }
51       CRYPT_AESSetIV(m_pAESContext, iv);
52       FXSYS_memcpy(dest_buf, iv, 16);
53       int nblocks = src_size / 16;
54       CRYPT_AESEncrypt(m_pAESContext, dest_buf + 16, src_buf, nblocks * 16);
55       uint8_t padding[16];
56       FXSYS_memcpy(padding, src_buf + nblocks * 16, src_size % 16);
57       FXSYS_memset(padding + src_size % 16, 16 - src_size % 16,
58                    16 - src_size % 16);
59       CRYPT_AESEncrypt(m_pAESContext, dest_buf + nblocks * 16 + 16, padding,
60                        16);
61       dest_size = 32 + nblocks * 16;
62     } else {
63       CRYPT_AESSetIV(m_pAESContext, src_buf);
64       CRYPT_AESDecrypt(m_pAESContext, dest_buf, src_buf + 16, src_size - 16);
65       dest_size = src_size - 16;
66       dest_size -= dest_buf[dest_size - 1];
67     }
68   } else {
69     ASSERT(dest_size == src_size);
70     if (dest_buf != src_buf) {
71       FXSYS_memcpy(dest_buf, src_buf, src_size);
72     }
73     CRYPT_ArcFourCryptBlock(dest_buf, dest_size, realkey, realkeylen);
74   }
75 }
76 
77 struct AESCryptContext {
78   uint8_t m_Context[2048];
79   bool m_bIV;
80   uint8_t m_Block[16];
81   uint32_t m_BlockOffset;
82 };
83 
CryptStart(uint32_t objnum,uint32_t gennum,bool bEncrypt)84 void* CPDF_CryptoHandler::CryptStart(uint32_t objnum,
85                                      uint32_t gennum,
86                                      bool bEncrypt) {
87   if (m_Cipher == FXCIPHER_NONE) {
88     return this;
89   }
90   if (m_Cipher == FXCIPHER_AES && m_KeyLen == 32) {
91     AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1);
92     pContext->m_bIV = true;
93     pContext->m_BlockOffset = 0;
94     CRYPT_AESSetKey(pContext->m_Context, 16, m_EncryptKey, 32, bEncrypt);
95     if (bEncrypt) {
96       for (int i = 0; i < 16; i++) {
97         pContext->m_Block[i] = (uint8_t)rand();
98       }
99       CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block);
100     }
101     return pContext;
102   }
103   uint8_t key1[48];
104   PopulateKey(objnum, gennum, key1);
105 
106   if (m_Cipher == FXCIPHER_AES) {
107     FXSYS_memcpy(key1 + m_KeyLen + 5, "sAlT", 4);
108   }
109   uint8_t realkey[16];
110   CRYPT_MD5Generate(
111       key1, m_Cipher == FXCIPHER_AES ? m_KeyLen + 9 : m_KeyLen + 5, realkey);
112   int realkeylen = m_KeyLen + 5;
113   if (realkeylen > 16) {
114     realkeylen = 16;
115   }
116   if (m_Cipher == FXCIPHER_AES) {
117     AESCryptContext* pContext = FX_Alloc(AESCryptContext, 1);
118     pContext->m_bIV = true;
119     pContext->m_BlockOffset = 0;
120     CRYPT_AESSetKey(pContext->m_Context, 16, realkey, 16, bEncrypt);
121     if (bEncrypt) {
122       for (int i = 0; i < 16; i++) {
123         pContext->m_Block[i] = (uint8_t)rand();
124       }
125       CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block);
126     }
127     return pContext;
128   }
129   CRYPT_rc4_context* pContext = FX_Alloc(CRYPT_rc4_context, 1);
130   CRYPT_ArcFourSetup(pContext, realkey, realkeylen);
131   return pContext;
132 }
133 
CryptStream(void * context,const uint8_t * src_buf,uint32_t src_size,CFX_BinaryBuf & dest_buf,bool bEncrypt)134 bool CPDF_CryptoHandler::CryptStream(void* context,
135                                      const uint8_t* src_buf,
136                                      uint32_t src_size,
137                                      CFX_BinaryBuf& dest_buf,
138                                      bool bEncrypt) {
139   if (!context) {
140     return false;
141   }
142   if (m_Cipher == FXCIPHER_NONE) {
143     dest_buf.AppendBlock(src_buf, src_size);
144     return true;
145   }
146   if (m_Cipher == FXCIPHER_RC4) {
147     int old_size = dest_buf.GetSize();
148     dest_buf.AppendBlock(src_buf, src_size);
149     CRYPT_ArcFourCrypt(reinterpret_cast<CRYPT_rc4_context*>(context),
150                        dest_buf.GetBuffer() + old_size, src_size);
151     return true;
152   }
153   AESCryptContext* pContext = reinterpret_cast<AESCryptContext*>(context);
154   if (pContext->m_bIV && bEncrypt) {
155     dest_buf.AppendBlock(pContext->m_Block, 16);
156     pContext->m_bIV = false;
157   }
158   uint32_t src_off = 0;
159   uint32_t src_left = src_size;
160   while (1) {
161     uint32_t copy_size = 16 - pContext->m_BlockOffset;
162     if (copy_size > src_left) {
163       copy_size = src_left;
164     }
165     FXSYS_memcpy(pContext->m_Block + pContext->m_BlockOffset, src_buf + src_off,
166                  copy_size);
167     src_off += copy_size;
168     src_left -= copy_size;
169     pContext->m_BlockOffset += copy_size;
170     if (pContext->m_BlockOffset == 16) {
171       if (!bEncrypt && pContext->m_bIV) {
172         CRYPT_AESSetIV(pContext->m_Context, pContext->m_Block);
173         pContext->m_bIV = false;
174         pContext->m_BlockOffset = 0;
175       } else if (src_off < src_size) {
176         uint8_t block_buf[16];
177         if (bEncrypt) {
178           CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block,
179                            16);
180         } else {
181           CRYPT_AESDecrypt(pContext->m_Context, block_buf, pContext->m_Block,
182                            16);
183         }
184         dest_buf.AppendBlock(block_buf, 16);
185         pContext->m_BlockOffset = 0;
186       }
187     }
188     if (!src_left) {
189       break;
190     }
191   }
192   return true;
193 }
CryptFinish(void * context,CFX_BinaryBuf & dest_buf,bool bEncrypt)194 bool CPDF_CryptoHandler::CryptFinish(void* context,
195                                      CFX_BinaryBuf& dest_buf,
196                                      bool bEncrypt) {
197   if (!context) {
198     return false;
199   }
200   if (m_Cipher == FXCIPHER_NONE) {
201     return true;
202   }
203   if (m_Cipher == FXCIPHER_RC4) {
204     FX_Free(context);
205     return true;
206   }
207   AESCryptContext* pContext = (AESCryptContext*)context;
208   if (bEncrypt) {
209     uint8_t block_buf[16];
210     if (pContext->m_BlockOffset == 16) {
211       CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
212       dest_buf.AppendBlock(block_buf, 16);
213       pContext->m_BlockOffset = 0;
214     }
215     FXSYS_memset(pContext->m_Block + pContext->m_BlockOffset,
216                  (uint8_t)(16 - pContext->m_BlockOffset),
217                  16 - pContext->m_BlockOffset);
218     CRYPT_AESEncrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
219     dest_buf.AppendBlock(block_buf, 16);
220   } else if (pContext->m_BlockOffset == 16) {
221     uint8_t block_buf[16];
222     CRYPT_AESDecrypt(pContext->m_Context, block_buf, pContext->m_Block, 16);
223     if (block_buf[15] <= 16) {
224       dest_buf.AppendBlock(block_buf, 16 - block_buf[15]);
225     }
226   }
227   FX_Free(pContext);
228   return true;
229 }
230 
Decrypt(uint32_t objnum,uint32_t gennum,CFX_ByteString & str)231 void CPDF_CryptoHandler::Decrypt(uint32_t objnum,
232                                  uint32_t gennum,
233                                  CFX_ByteString& str) {
234   CFX_BinaryBuf dest_buf;
235   void* context = DecryptStart(objnum, gennum);
236   DecryptStream(context, str.raw_str(), str.GetLength(), dest_buf);
237   DecryptFinish(context, dest_buf);
238   str = CFX_ByteString(dest_buf.GetBuffer(), dest_buf.GetSize());
239 }
240 
DecryptStart(uint32_t objnum,uint32_t gennum)241 void* CPDF_CryptoHandler::DecryptStart(uint32_t objnum, uint32_t gennum) {
242   return CryptStart(objnum, gennum, false);
243 }
DecryptGetSize(uint32_t src_size)244 uint32_t CPDF_CryptoHandler::DecryptGetSize(uint32_t src_size) {
245   return m_Cipher == FXCIPHER_AES ? src_size - 16 : src_size;
246 }
247 
Init(CPDF_Dictionary * pEncryptDict,CPDF_SecurityHandler * pSecurityHandler)248 bool CPDF_CryptoHandler::Init(CPDF_Dictionary* pEncryptDict,
249                               CPDF_SecurityHandler* pSecurityHandler) {
250   const uint8_t* key;
251   if (!pSecurityHandler->GetCryptInfo(m_Cipher, key, m_KeyLen)) {
252     return false;
253   }
254   if (m_KeyLen > 32 || m_KeyLen < 0) {
255     return false;
256   }
257   if (m_Cipher != FXCIPHER_NONE) {
258     FXSYS_memcpy(m_EncryptKey, key, m_KeyLen);
259   }
260   if (m_Cipher == FXCIPHER_AES) {
261     m_pAESContext = FX_Alloc(uint8_t, 2048);
262   }
263   return true;
264 }
265 
Init(int cipher,const uint8_t * key,int keylen)266 bool CPDF_CryptoHandler::Init(int cipher, const uint8_t* key, int keylen) {
267   if (cipher == FXCIPHER_AES) {
268     switch (keylen) {
269       case 16:
270       case 24:
271       case 32:
272         break;
273       default:
274         return false;
275     }
276   } else if (cipher == FXCIPHER_AES2) {
277     if (keylen != 32) {
278       return false;
279     }
280   } else if (cipher == FXCIPHER_RC4) {
281     if (keylen < 5 || keylen > 16) {
282       return false;
283     }
284   } else {
285     if (keylen > 32) {
286       keylen = 32;
287     }
288   }
289   m_Cipher = cipher;
290   m_KeyLen = keylen;
291   FXSYS_memcpy(m_EncryptKey, key, keylen);
292   if (m_Cipher == FXCIPHER_AES) {
293     m_pAESContext = FX_Alloc(uint8_t, 2048);
294   }
295   return true;
296 }
DecryptStream(void * context,const uint8_t * src_buf,uint32_t src_size,CFX_BinaryBuf & dest_buf)297 bool CPDF_CryptoHandler::DecryptStream(void* context,
298                                        const uint8_t* src_buf,
299                                        uint32_t src_size,
300                                        CFX_BinaryBuf& dest_buf) {
301   return CryptStream(context, src_buf, src_size, dest_buf, false);
302 }
DecryptFinish(void * context,CFX_BinaryBuf & dest_buf)303 bool CPDF_CryptoHandler::DecryptFinish(void* context, CFX_BinaryBuf& dest_buf) {
304   return CryptFinish(context, dest_buf, false);
305 }
EncryptGetSize(uint32_t objnum,uint32_t version,const uint8_t * src_buf,uint32_t src_size)306 uint32_t CPDF_CryptoHandler::EncryptGetSize(uint32_t objnum,
307                                             uint32_t version,
308                                             const uint8_t* src_buf,
309                                             uint32_t src_size) {
310   if (m_Cipher == FXCIPHER_AES) {
311     return src_size + 32;
312   }
313   return src_size;
314 }
EncryptContent(uint32_t objnum,uint32_t gennum,const uint8_t * src_buf,uint32_t src_size,uint8_t * dest_buf,uint32_t & dest_size)315 bool CPDF_CryptoHandler::EncryptContent(uint32_t objnum,
316                                         uint32_t gennum,
317                                         const uint8_t* src_buf,
318                                         uint32_t src_size,
319                                         uint8_t* dest_buf,
320                                         uint32_t& dest_size) {
321   CryptBlock(true, objnum, gennum, src_buf, src_size, dest_buf, dest_size);
322   return true;
323 }
CPDF_CryptoHandler()324 CPDF_CryptoHandler::CPDF_CryptoHandler() {
325   m_pAESContext = nullptr;
326   m_Cipher = FXCIPHER_NONE;
327   m_KeyLen = 0;
328 }
~CPDF_CryptoHandler()329 CPDF_CryptoHandler::~CPDF_CryptoHandler() {
330   FX_Free(m_pAESContext);
331 }
332 
PopulateKey(uint32_t objnum,uint32_t gennum,uint8_t * key)333 void CPDF_CryptoHandler::PopulateKey(uint32_t objnum,
334                                      uint32_t gennum,
335                                      uint8_t* key) {
336   FXSYS_memcpy(key, m_EncryptKey, m_KeyLen);
337   key[m_KeyLen + 0] = (uint8_t)objnum;
338   key[m_KeyLen + 1] = (uint8_t)(objnum >> 8);
339   key[m_KeyLen + 2] = (uint8_t)(objnum >> 16);
340   key[m_KeyLen + 3] = (uint8_t)gennum;
341   key[m_KeyLen + 4] = (uint8_t)(gennum >> 8);
342 }
343