1
Fork 0
mirror of https://github.com/RGBCube/serenity synced 2025-07-26 05:17:34 +00:00

LibPDF: Implement 7.6.4.3.3 Algorithm 2.A: Retrieve file encryption key

...for handlers of revision 6.

The spec for this algorithm has several quirks:

1. It describes how to authenticate a password as an owner password,
   but it redundantly inlines the description of algorithm 12 instead
   of referring to it. We just call that algorithm here.

2. It does _not_ describe how to authenticate a password as a user
   password before using the password to compute the file encryption
   key using an intermediate user key, despite the latter step that
   computes the file encryption key refers to the password as
   "user password". I added a call to algorithm 11 to check if the
   password is the user password that isn't in the spec. Maybe I'm
   misunderstanding the spec, but this looks like a spec bug to me.

3. It says "using AES-256 in ECB mode with an initialization vector
   of zero". ECB mode has no initialization vector. CBC mode with
   initialization vector of zero for message length 16 is the same
   as ECB mode though, so maybe that's meant? (In addition to the
   spec being a bit wobbly, using EBC in new software isn't
   recommended, but too late for that.)

SASLprep / stringprep still aren't implemented. For ASCII passwords
(including the important empty password), this is good enough.
This commit is contained in:
Nico Weber 2023-07-19 21:28:25 -04:00 committed by Andreas Kling
parent f8a3022ca2
commit 0428308420
2 changed files with 51 additions and 13 deletions

View file

@ -62,7 +62,7 @@ private:
bool authenticate_owner_password_r6_and_later(StringView password_string);
ByteBuffer compute_encryption_key_r2_to_r5(ByteBuffer password_string);
ByteBuffer compute_encryption_key_r6_and_later(ByteBuffer password_string);
bool compute_encryption_key_r6_and_later(ByteBuffer password_string);
enum class HashKind {
Owner,