pdf-reader 2.0.0 → 2.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
-SHA1:
-  metadata.gz: d34a3033638fcf4f78ce2d71dd5f5aebc2ea7d68
-  data.tar.gz: 912ed3986ab7e7eefce8f987cffc0d0357bcd675
+SHA256:
+  metadata.gz: b1e63414d8a3db12b6ea802fc45893ebf35c09dd37ca02c5cc73137d7d782364
+  data.tar.gz: afb778860a3dd8aab83d634c393666e159101505aba843262f61f7af49cf30e5
 SHA512:
-  metadata.gz: a24c874cae12838cf122c92338e6da1639d15187be9ef5c1f149eedd0167cc21b53544c3148efd37992535efe2d0ec4487a02fc3a668992295cecc7aa5529f2a
-  data.tar.gz: c88b9daa21de84eb2a841cc024c499ecc7c5d4b5908ad6618494fa3e7f5d694d291ae87ceb72f5ff9f4d2db66b3bc781e1ff499485ba50290710c6e1061a76db
+  metadata.gz: 1c32f7ac1b0d9f0d27ec445905af7dce3544d505221d6b940b8f5f37f85eaf95fad81d40850c85788dc459b59dd1f58398b27e9ec8e72bdbb077e94f77e9f332
+  data.tar.gz: 88bdd1bebe08ad919344788a9a7416e782c7fb5185ef984447ab1f9c968a8fb6a24af2b95dec99da2b43d4d4861a64ba1e8584f0ec25d01c3c13ae4f81f0191c

data/CHANGELOG

@@ -1,3 +1,7 @@
+v2.1.0 (15th Februar 2018)
+- Support extra encrypted PDF variants (thanks to Gyuchang Jun)
+- various bug fixes
+
 v2.0.0 (25th February 2017)
 - various bug fixes
 

data/lib/pdf/reader.rb

@@ -134,6 +134,9 @@ module PDF
 
     def page_count
       pages = @objects.deref(root[:Pages])
+      unless pages.kind_of?(::Hash)
+        raise MalformedPDFError, 'Pages structure is missing'
+      end
       @page_count ||= @objects.deref(pages[:Count])
     end
 
@@ -173,9 +176,13 @@ module PDF
     # methods available on each page
     #
     def pages
-      (1..self.page_count).map { |num|
-        PDF::Reader::Page.new(@objects, num, :cache => @cache)
-      }
+      (1..self.page_count).map do |num|
+        begin
+          PDF::Reader::Page.new(@objects, num, :cache => @cache)
+        rescue InvalidPageError => ex
+          raise MalformedPDFError, "Missing data for page: #{num}"
+        end
+      end
     end
 
     # returns a single PDF::Reader::Page for the specified page.
@@ -193,7 +200,7 @@ module PDF
     def page(num)
       num = num.to_i
       if num < 1 || num > self.page_count
-        raise ArgumentError, "valid pages are 1 .. #{self.page_count}"
+        raise InvalidPageError, "Valid pages are 1 .. #{self.page_count}"
       end
       PDF::Reader::Page.new(@objects, num, :cache => @cache)
     end
@@ -219,7 +226,7 @@ module PDF
           pdfdoc_to_utf8(obj)
         end
       else
-        obj
+        @objects.deref(obj)
       end
     end
 
@@ -241,7 +248,13 @@ module PDF
     end
 
     def root
-      @root ||= @objects.deref(@objects.trailer[:Root])
+      @root ||= begin
+        obj = @objects.deref(@objects.trailer[:Root])
+        unless obj.kind_of?(::Hash)
+          raise MalformedPDFError, "PDF malformed, trailer Root should be a dictionary"
+        end
+        obj
+      end
     end
 
   end
@@ -277,6 +290,7 @@ require 'pdf/reader/reference'
 require 'pdf/reader/register_receiver'
 require 'pdf/reader/null_security_handler'
 require 'pdf/reader/standard_security_handler'
+require 'pdf/reader/standard_security_handler_v5'
 require 'pdf/reader/unimplemented_security_handler'
 require 'pdf/reader/stream'
 require 'pdf/reader/text_run'

data/lib/pdf/reader/encoding.rb

@@ -198,10 +198,6 @@ class PDF::Reader
       end
     end
 
-    def has_mapping?
-      @mapping.size > 0
-    end
-
     def glyphlist
       @glyphlist ||= PDF::Reader::GlyphHash.new
     end

data/lib/pdf/reader/error.rb

@@ -52,6 +52,10 @@ class PDF::Reader
   # the PDF spec and cannot be recovered
   class MalformedPDFError < RuntimeError; end
 
+  ################################################################################
+  # an exception that is raised when an invalid page number is used
+  class InvalidPageError < ArgumentError; end
+
   ################################################################################
   # an exception that is raised when a PDF object appears to be invalid
   class InvalidObjectError < MalformedPDFError; end

data/lib/pdf/reader/lzw.rb

@@ -116,11 +116,10 @@ module PDF
         result
       end
 
-      private
-
       def self.create_new_string(string_table,some_code, other_code)
         string_table[some_code] + string_table[other_code][0].chr
       end
+      private_class_method :create_new_string
 
     end
   end

data/lib/pdf/reader/object_hash.rb

@@ -300,7 +300,16 @@ class PDF::Reader
           permissions: encrypt[:P].to_i,
           encrypted_metadata: encmeta,
           file_id: (deref(trailer[:ID]) || []).first,
-          password: opts[:password]
+          password: opts[:password],
+          cfm: encrypt.fetch(:CF, {}).fetch(encrypt[:StmF], {}).fetch(:CFM, nil)
+        )
+      elsif StandardSecurityHandlerV5.supports?(encrypt)
+        StandardSecurityHandlerV5.new(
+            O: encrypt[:O],
+            U: encrypt[:U],
+            OE: encrypt[:OE],
+            UE: encrypt[:UE],
+            password: opts[:password]
         )
       else
         UnimplementedSecurityHandler.new
@@ -341,6 +350,10 @@ class PDF::Reader
     def get_page_objects(ref)
       obj = deref(ref)
 
+      unless obj.kind_of?(::Hash)
+        raise MalformedPDFError, "Dereferenced page object must be a dict"
+      end
+
       if obj[:Type] == :Page
         ref
       elsif obj[:Kids]

data/lib/pdf/reader/page.rb

@@ -36,7 +36,7 @@ module PDF
         @cache       = options[:cache] || {}
 
         unless @page_object.is_a?(::Hash)
-          raise ArgumentError, "invalid page: #{pagenum}"
+          raise InvalidPageError, "Invalid page: #{pagenum}"
         end
       end
 

data/lib/pdf/reader/page_layout.rb

@@ -30,8 +30,8 @@ class PDF::Reader
       @runs.each do |run|
         x_pos = ((run.x - @x_offset) / col_multiplier).round
         y_pos = row_count - (run.y / row_multiplier).round
-        if y_pos < row_count && y_pos >= 0 && x_pos < col_count && x_pos >= 0
-          local_string_insert(page[y_pos], run.text, x_pos)
+        if y_pos <= row_count && y_pos >= 0 && x_pos <= col_count && x_pos >= 0
+          local_string_insert(page[y_pos-1], run.text, x_pos)
         end
       end
       interesting_rows(page).map(&:rstrip).join("\n")

data/lib/pdf/reader/standard_security_handler.rb

@@ -25,6 +25,7 @@
 #
 ################################################################################
 require 'digest/md5'
+require 'openssl'
 require 'rc4'
 
 class PDF::Reader
@@ -54,6 +55,7 @@ class PDF::Reader
       @encryptMeta   = opts.fetch(:encrypted_metadata, true)
       @file_id       = opts[:file_id] || ""
       @encrypt_key   = build_standard_key(opts[:password] || "")
+      @cfm           = opts[:cfm]
 
       if @key_length != 5 && @key_length != 16
         msg = "StandardSecurityHandler only supports 40 and 128 bit\
@@ -62,28 +64,40 @@ class PDF::Reader
       end
     end
 
-    # This handler supports all RC4 encryption that follows the PDF spec. It does not support
-    # AES encryption that was added in later versions of the spec.
+    # This handler supports all encryption that follows upto PDF 1.5 spec (revision 4)
     def self.supports?(encrypt)
       return false if encrypt.nil?
 
       filter = encrypt.fetch(:Filter, :Standard)
       version = encrypt.fetch(:V, 0)
       algorithm = encrypt.fetch(:CF, {}).fetch(encrypt[:StmF], {}).fetch(:CFM, nil)
-      filter == :Standard &&
-        (version <= 3 || (version == 4 && algorithm != :AESV2))
+      (filter == :Standard) && (encrypt[:StmF] == encrypt[:StrF]) &&
+        (version <= 3 || (version == 4 && ((algorithm == :V2) || (algorithm == :AESV2))))
     end
 
     ##7.6.2 General Encryption Algorithm
     #
     # Algorithm 1: Encryption of data using the RC4 or AES algorithms
     #
-    # used to decrypt RC4 encrypted PDF streams (buf)
+    # used to decrypt RC4/AES encrypted PDF streams (buf)
     #
     # buf - a string to decrypt
     # ref - a PDF::Reader::Reference for the object to decrypt
     #
     def decrypt( buf, ref )
+      case @cfm
+        when :AESV2
+          decrypt_aes128(buf, ref)
+        else
+          decrypt_rc4(buf, ref)
+      end
+    end
+
+    private
+
+    # decrypt with RC4 algorithm
+    # version <=3 or (version == 4 and CFM == V2)
+    def decrypt_rc4( buf, ref )
       objKey = @encrypt_key.dup
       (0..2).each { |e| objKey << (ref.id >> e*8 & 0xFF ) }
       (0..1).each { |e| objKey << (ref.gen >> e*8 & 0xFF ) }
@@ -92,7 +106,20 @@ class PDF::Reader
       rc4.decrypt(buf)
     end
 
-    private
+    # decrypt with AES-128-CBC algorithm
+    # when (version == 4 and CFM == AESV2)
+    def decrypt_aes128( buf, ref )
+      objKey = @encrypt_key.dup
+      (0..2).each { |e| objKey << (ref.id >> e*8 & 0xFF ) }
+      (0..1).each { |e| objKey << (ref.gen >> e*8 & 0xFF ) }
+      objKey << 'sAlT'  # Algorithm 1, b)
+      length = objKey.length < 16 ? objKey.length : 16
+      cipher = OpenSSL::Cipher.new("AES-#{length << 3}-CBC")
+      cipher.decrypt
+      cipher.key = Digest::MD5.digest(objKey)[0,length]
+      cipher.iv = buf[0..15]
+      cipher.update(buf[16..-1]) + cipher.final
+    end
 
     # Pads supplied password to 32bytes using PassPadBytes as specified on
     # pp61 of spec
@@ -125,9 +152,9 @@ class PDF::Reader
       if @revision > 2 then
         50.times { md5 = Digest::MD5.digest(md5) }
         keyBegins = md5[0, key_length]
-        #first itteration decrypt owner_key
+        #first iteration decrypt owner_key
         out = @owner_key
-        #RC4 keyed with (keyBegins XOR with itteration #) to decrypt previous out
+        #RC4 keyed with (keyBegins XOR with iteration #) to decrypt previous out
         19.downto(0).each { |i| out=RC4.new(xor_each_byte(keyBegins,i)).decrypt(out) }
       else
         out = RC4.new( md5[0, 5] ).decrypt( @owner_key )

data/lib/pdf/reader/standard_security_handler_v5.rb

@@ -0,0 +1,89 @@
+# coding: utf-8
+require 'digest'
+require 'openssl'
+
+class PDF::Reader
+
+  # class creates interface to encrypt dictionary for use in Decrypt
+  class StandardSecurityHandlerV5
+
+    attr_reader :key_length, :encrypt_key
+
+    def initialize(opts = {})
+      @key_length   = 256
+      @O            = opts[:O]   # hash(32B) + validation salt(8B) + key salt(8B)
+      @U            = opts[:U]   # hash(32B) + validation salt(8B) + key salt(8B)
+      @OE           = opts[:OE]  # decryption key, encrypted w/ owner password
+      @UE           = opts[:UE]  # decryption key, encrypted w/ user password
+      @encrypt_key  = build_standard_key(opts[:password] || '')
+    end
+
+    # This handler supports AES-256 encryption defined in PDF 1.7 Extension Level 3
+    def self.supports?(encrypt)
+      return false if encrypt.nil?
+
+      filter = encrypt.fetch(:Filter, :Standard)
+      version = encrypt.fetch(:V, 0)
+      revision = encrypt.fetch(:R, 0)
+      algorithm = encrypt.fetch(:CF, {}).fetch(encrypt[:StmF], {}).fetch(:CFM, nil)
+      (filter == :Standard) && (encrypt[:StmF] == encrypt[:StrF]) &&
+          ((version == 5) && (revision == 5) && (algorithm == :AESV3))
+    end
+
+    ##7.6.2 General Encryption Algorithm
+    #
+    # Algorithm 1: Encryption of data using the RC4 or AES algorithms
+    #
+    # used to decrypt RC4/AES encrypted PDF streams (buf)
+    #
+    # buf - a string to decrypt
+    # ref - a PDF::Reader::Reference for the object to decrypt
+    #
+    def decrypt( buf, ref )
+      cipher = OpenSSL::Cipher.new("AES-#{@key_length}-CBC")
+      cipher.decrypt
+      cipher.key = @encrypt_key.dup
+      cipher.iv = buf[0..15]
+      cipher.update(buf[16..-1]) + cipher.final
+    end
+
+    private
+    # Algorithm 3.2a - Computing an encryption key
+    #
+    # Defined in PDF 1.7 Extension Level 3
+    #
+    # if the string is a valid user/owner password, this will return the decryption key
+    #
+    def auth_owner_pass(password)
+      if Digest::SHA256.digest(password + @O[32..39] + @U) == @O[0..31]
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.decrypt
+        cipher.key = Digest::SHA256.digest(password + @O[40..-1] + @U)
+        cipher.iv = "\x00" * 16
+        cipher.padding = 0
+        cipher.update(@OE) + cipher.final
+      end
+    end
+
+    def auth_user_pass(password)
+      if Digest::SHA256.digest(password + @U[32..39]) == @U[0..31]
+        cipher = OpenSSL::Cipher.new('AES-256-CBC')
+        cipher.decrypt
+        cipher.key = Digest::SHA256.digest(password + @U[40..-1])
+        cipher.iv = "\x00" * 16
+        cipher.padding = 0
+        cipher.update(@UE) + cipher.final
+      end
+    end
+
+    def build_standard_key(pass)
+      pass = pass.byteslice(0...127)   # UTF-8 encoded password. first 127 bytes
+
+      encrypt_key   = auth_owner_pass(pass)
+      encrypt_key ||= auth_user_pass(pass)
+
+      raise PDF::Reader::EncryptedPDFError, "Invalid password (#{pass})" if encrypt_key.nil?
+      encrypt_key
+    end
+  end
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: pdf-reader
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.1.0
 platform: ruby
 authors:
 - James Healy
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-02-25 00:00:00.000000000 Z
+date: 2018-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rake
@@ -257,6 +257,7 @@ files:
 - lib/pdf/reader/register_receiver.rb
 - lib/pdf/reader/resource_methods.rb
 - lib/pdf/reader/standard_security_handler.rb
+- lib/pdf/reader/standard_security_handler_v5.rb
 - lib/pdf/reader/stream.rb
 - lib/pdf/reader/synchronized_cache.rb
 - lib/pdf/reader/text_run.rb
@@ -295,7 +296,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.6.8
+rubygems_version: 2.7.3
 signing_key: 
 specification_version: 4
 summary: A library for accessing the content of PDF files