Merge pull request ststeiger#274 from packdat/EnhancedEncryption

Enhance encryption capabilities

Author: ststeiger

PdfSharpCore.Test/Assets/AesEncrypted.pdf

@@ -1,9 +1,9 @@
-using System;
-using System.IO;
-using FluentAssertions;
+using FluentAssertions;
 using PdfSharpCore.Pdf;
 using PdfSharpCore.Pdf.IO;
 using PdfSharpCore.Test.Helpers;
+using System;
+using System.IO;
 using Xunit;
 
 namespace PdfSharpCore.Test.IO
@@ -26,11 +26,12 @@ public void WillThrowExceptionWhenReadingInvalidPdf()
             act.Should().Throw<InvalidOperationException>().WithMessage("The file is not a valid PDF document.");
         }
 
-        private void AssertIsAValidPdfDocumentWithProperties(PdfDocument inputDocument, int expectedFileSize)
+        internal static void AssertIsAValidPdfDocumentWithProperties(PdfDocument inputDocument, int expectedFileSize)
         {
             inputDocument.Should().NotBeNull();
             inputDocument.FileSize.Should().Be(expectedFileSize);
             inputDocument.Info.Should().NotBeNull();
+            inputDocument.PageCount.Should().BeGreaterThan(0);
         }
     }
 }

PdfSharpCore.Test/Assets/protected-adobe.pdf

@@ -30,6 +30,9 @@
   </ItemGroup>
 
   <ItemGroup>
+    <None Update="Assets\AesEncrypted.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="Assets\FamilyTree.pdf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
@@ -39,6 +42,18 @@
     <None Update="Assets\NotAValid.pdf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>
+    <None Update="Assets\protected-adobe.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\protected-ilovepdf.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\protected-pdfencrypt.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
+    <None Update="Assets\protected-sodapdf.pdf">
+      <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
+    </None>
     <None Update="Assets\test.pdf">
       <CopyToOutputDirectory>PreserveNewest</CopyToOutputDirectory>
     </None>

PdfSharpCore.Test/Assets/protected-ilovepdf.pdf

@@ -1,15 +1,24 @@
-using System.IO;
-using FluentAssertions;
+using FluentAssertions;
 using PdfSharpCore.Drawing;
 using PdfSharpCore.Pdf;
 using PdfSharpCore.Pdf.IO;
 using PdfSharpCore.Pdf.Security;
+using PdfSharpCore.Test.Helpers;
+using System.IO;
 using Xunit;
+using Xunit.Abstractions;
 
 namespace PdfSharpCore.Test.Security
 {
     public class PdfSecurity
     {
+        private readonly ITestOutputHelper output;
+
+        public PdfSecurity(ITestOutputHelper testOutputHelper)
+        {
+            output = testOutputHelper;
+        }
+
         [Theory]
         [InlineData(PdfDocumentSecurityLevel.Encrypted40Bit, "hunter1")]
         [InlineData(PdfDocumentSecurityLevel.Encrypted128Bit, "hunter1")]
@@ -19,6 +28,8 @@ public void CreateAndReadPasswordProtectedPdf(PdfDocumentSecurityLevel securityL
             var pageNewRenderer = document.AddPage();
             var renderer = XGraphics.FromPdfPage(pageNewRenderer);
             renderer.DrawString("Test Test Test", new XFont("Arial", 12), XBrushes.Black, new XPoint(12, 12));
+            // validate correct handling of unicode strings (issue #264)
+            document.Outlines.Add("The only page", pageNewRenderer);
             document.SecuritySettings.DocumentSecurityLevel = securityLevel;
             document.SecuritySettings.UserPassword = password;
 
@@ -30,6 +41,86 @@ public void CreateAndReadPasswordProtectedPdf(PdfDocumentSecurityLevel securityL
                 delegate(PdfPasswordProviderArgs args) { args.Password = password; });
 
             loadDocument.PageCount.Should().Be(1);
+            loadDocument.Outlines[0].Title.Should().Be("The only page");
+            loadDocument.Info.Producer.Should().Contain("PDFsharp");
+        }
+
+        [Fact]
+        public void ShouldBeAbleToOpenAesEncryptedDocuments()
+        {
+            // this document has a V value of 4 (see PdfReference 1.7, Chapter 7.6.1, Table 20)
+            // and an R value of 4 (see PdfReference 1.7, Chapter 7.6.3.2, Table 21)
+            // see also: Adobe Supplement to the ISO 32000, BaseVersion: 1.7, ExtensionLevel: 3
+            //           Chapter 3.5.2, Table 3.19
+            var file = PathHelper.GetInstance().GetAssetPath("AesEncrypted.pdf");
+            var fi = new FileInfo(file);
+            var document = Pdf.IO.PdfReader.Open(file, PdfDocumentOpenMode.Import);
+
+            // verify document was actually AES-encrypted
+            var cf = document.SecurityHandler.Elements.GetDictionary("/CF");
+            var stdCf = cf.Elements.GetDictionary("/StdCF");
+            stdCf.Elements.GetString("/CFM").Should().Be("/AESV2");
+
+            IO.PdfReader.AssertIsAValidPdfDocumentWithProperties(document, (int)fi.Length);
+        }
+
+        [Fact]
+        public void DocumentWithUserPasswordCannotBeOpenedWithoutPassword()
+        {
+            var file = PathHelper.GetInstance().GetAssetPath("AesEncrypted.pdf");
+            var document = Pdf.IO.PdfReader.Open(file, PdfDocumentOpenMode.Import);
+
+            // import pages into a new document
+            var encryptedDoc = new PdfDocument();
+            foreach (var page in document.Pages)
+                encryptedDoc.AddPage(page);
+
+            // save enrypted
+            encryptedDoc.SecuritySettings.UserPassword = "supersecret!11";
+            var saveFileName = PathHelper.GetInstance().GetAssetPath("SavedEncrypted.pdf");
+            encryptedDoc.Save(saveFileName);
+
+            // should throw because no password was provided
+            var ex = Assert.Throws<PdfReaderException>(() =>
+            {
+                var readBackDoc = Pdf.IO.PdfReader.Open(saveFileName, PdfDocumentOpenMode.Import);
+            });
+            ex.Message.Should().Contain("A password is required to open the PDF document");
+
+            // check with password
+            // TODO: should be checked in a separate test, but i was lazy...
+            var fi = new FileInfo(saveFileName);
+            var readBackDoc = Pdf.IO.PdfReader.Open(saveFileName, "supersecret!11", PdfDocumentOpenMode.Import);
+            IO.PdfReader.AssertIsAValidPdfDocumentWithProperties(readBackDoc, (int)fi.Length);
+            readBackDoc.PageCount.Should().Be(document.PageCount);
+        }
+
+        // Same PDF protected by different tools or online-services
+        [Theory]
+        // https://www.ilovepdf.com/protect-pdf, 128 bit, /V 2 /R 3
+        [InlineData(@"protected-ilovepdf.pdf", "test123")]
+        
+        // https://www.adobe.com/de/acrobat/online/password-protect-pdf.html, 128 bit, /V 4 /R 4
+        [InlineData(@"protected-adobe.pdf", "test123")]
+
+        // https://pdfencrypt.net, 256 bit, /V 5 /R 5
+        [InlineData(@"protected-pdfencrypt.pdf", "test123")]
+
+        // https://www.sodapdf.com/password-protect-pdf/
+        // this is the only tool tested, that encrypts with the latest known algorithm (256 bit, /V 5 /R 6)
+        // Note: SodaPdf also produced a pdf that would be considered "invalid" by PdfSharp, because of incorrect stream-lengths
+        // (in the Stream-Dictionary, the length was reported as 32, but in fact the length was 16)
+        // this needed to be handled as well
+        [InlineData(@"protected-sodapdf.pdf", "test123")]
+        public void CanReadPdfEncryptedWithSupportedAlgorithms(string fileName, string password)
+        {
+            var path = PathHelper.GetInstance().GetAssetPath(fileName);
+
+            var doc = Pdf.IO.PdfReader.Open(path, password, PdfDocumentOpenMode.Import);
+            doc.Should().NotBeNull();
+            doc.PageCount.Should().BeGreaterThan(0);
+            output.WriteLine("Creator : {0}", doc.Info.Creator);
+            output.WriteLine("Producer: {0}", doc.Info.Producer);
         }
     }
 }

PdfSharpCore.Test/Assets/protected-pdfencrypt.pdf

@@ -56,6 +56,12 @@ public PdfObjectStream(PdfDocument document)
         internal PdfObjectStream(PdfDictionary dict)
             : base(dict)
         {
+            // while objects inside an object-stream are not encrypted, the object-streams themself ARE !
+            // 7.5.7, Page 47: In an encrypted file (i.e., entire object stream is encrypted),
+            // strings occurring anywhere in an object stream shall not be separately encrypted.
+            if (_document._trailer.Elements[PdfTrailer.Keys.Encrypt] is PdfReference)
+                _document.SecurityHandler.EncryptObject(dict);
+
             int n = Elements.GetInteger(Keys.N);
             int first = Elements.GetInteger(Keys.First);
             Stream.TryUnfilter();

PdfSharpCore.Test/Assets/protected-sodapdf.pdf

@@ -201,15 +201,9 @@ internal void Finish()
             iref = _document._trailer.Elements[Keys.Encrypt] as PdfReference;
             if (iref != null)
             {
-                iref = _document._irefTable[iref.ObjectID];
-                Debug.Assert(iref.Value != null);
-                _document._trailer.Elements[Keys.Encrypt] = iref;
-
-                // The encryption dictionary (security handler) was read in before the XRefTable construction 
-                // was completed. The next lines fix that state (it took several hours to find these bugs...).
-                iref.Value = _document._trailer._securityHandler;
-                _document._trailer._securityHandler.Reference = iref;
-                iref.Value.Reference = iref;
+                _document._irefTable.Remove(_document._irefTable[iref.ObjectID]);
+                _document._irefTable.Add(_document._trailer._securityHandler);
+                _document._trailer.Elements[Keys.Encrypt] = _document._trailer._securityHandler;
             }
 
             Elements.Remove(Keys.Prev);

PdfSharpCore.Test/IO/PdfReader.cs

@@ -34,6 +34,8 @@
 using System.IO;
 using PdfSharpCore.Internal;
 using PdfSharpCore.Pdf.Internal;
+using System.Collections.Generic;
+using System.Linq;
 
 namespace PdfSharpCore.Pdf.IO
 {
@@ -170,6 +172,19 @@ public Symbol ScanNextToken()
         /// Reads the raw content of a stream.
         /// </summary>
         public byte[] ReadStream(int length)
+        {
+            var pos = MoveToStartOfStream();
+            _pdfSteam.Position = pos;
+            byte[] bytes = new byte[length];
+            int read = _pdfSteam.Read(bytes, 0, length);
+            Debug.Assert(read == length);
+
+            // Synchronize idxChar etc.
+            Position = pos + length;
+            return bytes;
+        }
+
+        internal long MoveToStartOfStream()
         {
             long pos;
 
@@ -187,15 +202,45 @@ public byte[] ReadStream(int length)
             }
             else
                 pos = _idxChar + 1;
+            return pos;
+        }
 
-            _pdfSteam.Position = pos;
-            byte[] bytes = new byte[length];
-            int read = _pdfSteam.Read(bytes, 0, length);
-            Debug.Assert(read == length);
+        /// <summary>
+        /// Scans the input stream for the specified marker.<br></br>
+        /// Returns the bytes from the current position up to the start of the marker or the end of the stream.<br></br>
+        /// The position of the input-stream is the byte right after the marker (if found) or the end of the stream.
+        /// </summary>
+        /// <param name="marker">The marker to scan for</param>
+        /// <param name="markerFound">Receives a boolean that indicates whether the marker was found</param>
+        /// <returns></returns>
+        internal byte[] ScanUntilMarker(byte[] marker, out bool markerFound)
+        {
+            markerFound = false;
+            var result = new List<byte>();
+            while (true)
+            {
+                var markerIndex = 0;
+                while (_currChar != Chars.EOF && _currChar != marker[markerIndex])
+                {
+                    result.Add((byte)_currChar);
+                    ScanNextChar(false);
+                }
+                while (_currChar != Chars.EOF && markerIndex < marker.Length && _currChar == marker[markerIndex])
+                {
+                    markerIndex++;
+                    ScanNextChar(false);
+                }
+                if (_currChar == Chars.EOF || markerIndex == marker.Length)
+                {
+                    if (markerIndex == marker.Length)
+                        markerFound = true;
+                    break;
+                }
+                // only part of the marker was found, add to result and continue
+                result.AddRange(marker.Take(markerIndex));
+            }
 
-            // Synchronize idxChar etc.
-            Position = pos + length;
-            return bytes;
+            return result.ToArray();
         }
 
         /// <summary>
@@ -722,7 +767,6 @@ public char MoveToNonWhiteSpace()
             }
             return _currChar;
         }
-
 // #if DEBUG
 //         public string SurroundingsOfCurrentPosition(bool hex)
 //         {

PdfSharpCore.Test/PdfSharpCore.Test.csproj

@@ -35,6 +35,7 @@
 using PdfSharpCore.Exceptions;
 using PdfSharpCore.Internal;
 using PdfSharpCore.Pdf.Advanced;
+using PdfSharpCore.Pdf.Internal;
 using PdfSharpCore.Pdf.IO.enums;
 
 namespace PdfSharpCore.Pdf.IO
@@ -272,6 +273,7 @@ public PdfObject ReadObject(PdfObject pdfObject, PdfObjectID objectID, bool incl
 #if true_
                 ReadStream(dict);
 #else
+                var startOfStream = _lexer.Position;
                 int length = GetStreamLength(dict);
                 byte[] bytes = _lexer.ReadStream(length);
 #if true_
@@ -301,7 +303,21 @@ public PdfObject ReadObject(PdfObject pdfObject, PdfObjectID objectID, bool incl
 #endif
                 PdfDictionary.PdfStream stream = new PdfDictionary.PdfStream(bytes, dict);
                 dict.Stream = stream;
-                ReadSymbol(Symbol.EndStream);
+                try
+                {
+                    ReadSymbol(Symbol.EndStream);
+                }
+                catch (PdfReaderException)
+                {
+                    // stream length may be incorrect, scan byte by byte up to the "endstream" keyword
+                    _lexer.Position = startOfStream;
+                    _lexer.Position = _lexer.MoveToStartOfStream();
+                    bytes = _lexer.ScanUntilMarker(PdfEncoders.RawEncoding.GetBytes("\nendstream"), out var markerFound);
+                    if (!markerFound)
+                        throw;
+                    stream = new PdfDictionary.PdfStream(bytes, dict);
+                    dict.Stream = stream;
+                }
                 symbol = ScanNextToken();
 #endif
                 if (symbol == Symbol.Eof)

PdfSharpCore.Test/Security/PdfSecurity.cs

@@ -198,8 +198,8 @@ public void Write(PdfString value)
             WriteSeparator(CharCat.Delimiter);
             PdfStringEncoding encoding = (PdfStringEncoding)(value.Flags & PdfStringFlags.EncodingMask);
             string pdf = (value.Flags & PdfStringFlags.HexLiteral) == 0 ?
-                PdfEncoders.ToStringLiteral(value.Value, encoding, SecurityHandler) :
-                PdfEncoders.ToHexStringLiteral(value.Value, encoding, SecurityHandler);
+                PdfEncoders.ToStringLiteral(value.EncryptionValue, encoding == PdfStringEncoding.Unicode, SecurityHandler) :
+                PdfEncoders.ToHexStringLiteral(value.EncryptionValue, encoding == PdfStringEncoding.Unicode, SecurityHandler);
             WriteRaw(pdf);
 
             _lastCat = CharCat.Delimiter;

PdfSharpCore/Pdf.Advanced/PdfObjectStream.cs

@@ -64,9 +64,9 @@ public override int GetCharCount(byte[] bytes, int index, int count)
 
         public override int GetChars(byte[] bytes, int byteIndex, int byteCount, char[] chars, int charIndex)
         {
-            for (int count = byteCount; count > 0; byteIndex += 2, charIndex++, count--)
+            for (int count = byteCount; count > 0; byteIndex += 2, charIndex++, count -= 2)
             {
-                chars[charIndex] = (char)((int)bytes[byteIndex] << 8 + (int)bytes[byteIndex + 1]);
+                chars[charIndex] = (char)((int)(bytes[byteIndex] << 8) + (int)bytes[byteIndex + 1]);
             }
             return byteCount;
         }