pdf-lite 1.0.0

package/packages/pdf-lite/src/crypto/key-gen/key-gen-rc4-128.ts

@@ -0,0 +1,190 @@
+import { ByteArray } from '../../types'
+import { md5 } from '../../utils/algos'
+import { concatUint8Arrays } from '../../utils/concatUint8Arrays'
+import { rc4 } from '../ciphers/rc4'
+import { DEFAULT_PADDING } from '../constants'
+import { padPassword } from '../key-derivation/key-derivation'
+import { int32ToLittleEndianBytes, removePdfPasswordPadding } from '../utils'
+
+/**
+ * Encrypts data with RC4 using the provided key.
+ *
+ * @param key - The encryption key.
+ * @param data - The data to encrypt.
+ * @returns A promise that resolves to the encrypted data.
+ */
+async function rc4EncryptWithKey(
+    key: ByteArray,
+    data: ByteArray,
+): Promise<ByteArray> {
+    return await rc4(key).encrypt(data)
+}
+
+/**
+ * Decrypts the user password from the /O value using RC4-128.
+ * Used to recover the user password when the owner password is known.
+ *
+ * @param ownerPw - The owner password.
+ * @param ownerKey - The /O value from the encryption dictionary.
+ * @returns A promise that resolves to the decrypted user password (with padding removed).
+ *
+ * @example
+ * ```typescript
+ * const userPassword = await decryptUserPasswordRc4_128(ownerPw, O)
+ * ```
+ */
+export async function decryptUserPasswordRc4_128(
+    ownerPw: ByteArray,
+    ownerKey: ByteArray,
+): Promise<ByteArray> {
+    const ownerPad = padPassword(ownerPw)
+    let digest = await md5(ownerPad)
+
+    for (let i = 0; i < 50; i++) {
+        digest = await md5(digest)
+    }
+
+    const key = digest.subarray(0, 16)
+    let data = ownerKey
+    for (let i = 0; i < 20; i++) {
+        const roundKey = key.map((b) => b ^ i)
+        data = await rc4EncryptWithKey(roundKey, data)
+    }
+
+    return removePdfPasswordPadding(data)
+}
+
+/**
+ * Computes the /O value for RC4-128 PDF encryption.
+ * The /O value is used to verify the owner password.
+ *
+ * @param ownerPassword - The owner password.
+ * @param userPassword - The user password.
+ * @returns A promise that resolves to the 32-byte /O value.
+ *
+ * @example
+ * ```typescript
+ * const O = await computeOValueRc4_128(ownerPassword, userPassword)
+ * ```
+ */
+export async function computeOValueRc4_128(
+    ownerPassword: ByteArray,
+    userPassword: ByteArray,
+): Promise<ByteArray> {
+    const oPad = padPassword(ownerPassword)
+
+    let digest = await md5(oPad)
+    for (let i = 0; i < 50; i++) {
+        digest = await md5(digest)
+    }
+
+    const key = digest.subarray(0, 16)
+
+    const uPad = padPassword(userPassword)
+    let data = await rc4EncryptWithKey(key, uPad)
+
+    for (let i = 1; i <= 19; i++) {
+        const roundKey = key.map((b) => b ^ i)
+        data = await rc4EncryptWithKey(roundKey, data)
+    }
+
+    return data
+}
+
+/**
+ * Computes the 128-bit encryption key for RC4-128 PDF encryption.
+ *
+ * @param userPad - The padded user password.
+ * @param oValue - The /O value.
+ * @param permissions - The /P value (permissions flags).
+ * @param id - The first element of the /ID array.
+ * @param encryptMetadata - Whether to encrypt metadata.
+ * @param revision - The encryption revision number.
+ * @returns A promise that resolves to the 16-byte encryption key.
+ */
+async function computeEncryptionKeyRc4_128(
+    userPad: ByteArray,
+    oValue: ByteArray,
+    permissions: number,
+    id: ByteArray,
+    encryptMetadata: boolean,
+    revision: number = 3,
+): Promise<ByteArray> {
+    const perms = int32ToLittleEndianBytes(permissions)
+
+    let digest = await md5(
+        concatUint8Arrays(
+            userPad,
+            oValue,
+            perms,
+            id,
+            revision >= 4 && !encryptMetadata
+                ? new Uint8Array([0xff, 0xff, 0xff, 0xff])
+                : new Uint8Array(),
+        ),
+    )
+
+    // 50 iterations
+    for (let i = 0; i < 50; i++) {
+        digest = await md5(digest)
+    }
+
+    return digest.subarray(0, 16) // RC4-128
+}
+
+/**
+ * Computes the /U value for RC4-128 PDF encryption.
+ * The /U value is used to verify the user password.
+ *
+ * @param userPassword - The user password.
+ * @param oValue - The /O value.
+ * @param permissions - The /P value (permissions flags).
+ * @param id - The first element of the /ID array.
+ * @param encryptMetadata - Whether to encrypt metadata.
+ * @param revision - The encryption revision number.
+ * @returns A promise that resolves to the 32-byte /U value.
+ *
+ * @example
+ * ```typescript
+ * const U = await computeUValueRc4_128(userPassword, O, permissions, fileId, true)
+ * ```
+ */
+export async function computeUValueRc4_128(
+    userPassword: ByteArray,
+    oValue: ByteArray,
+    permissions: number,
+    id: ByteArray,
+    encryptMetadata: boolean,
+    revision?: number,
+): Promise<ByteArray> {
+    const userPad = padPassword(userPassword)
+
+    // Step 1: Compute encryption key
+    const encryptionKey = await computeEncryptionKeyRc4_128(
+        userPad,
+        oValue,
+        permissions,
+        id,
+        encryptMetadata,
+        revision,
+    )
+
+    // Step 2 & 3: MD5 of padding + file ID
+    const hash = await md5(concatUint8Arrays(DEFAULT_PADDING, id)) // 16 bytes
+
+    // Step 4: First RC4 encrypt with base key
+    let data = await rc4EncryptWithKey(encryptionKey, hash)
+
+    // Step 5: 19 more rounds of RC4 with key XOR i
+    for (let i = 1; i <= 19; i++) {
+        const roundKey = encryptionKey.map((b) => b ^ i)
+        data = await rc4EncryptWithKey(roundKey, data)
+    }
+
+    // Step 6: Append 16 more bytes (usually same padding again, or random)
+    const result = new Uint8Array(32)
+    result.set(data, 0)
+    result.set(DEFAULT_PADDING.subarray(0, 16), 16)
+
+    return result
+}

package/packages/pdf-lite/src/crypto/key-gen/key-gen-rc4-40.ts

@@ -0,0 +1,129 @@
+import { padPassword } from '../key-derivation/key-derivation.js'
+import { rc4 } from '../ciphers/rc4.js'
+import { DEFAULT_PADDING } from '../constants.js'
+import { int32ToLittleEndianBytes, removePdfPasswordPadding } from '../utils.js'
+import { md5 } from '../../utils/algos.js'
+import { concatUint8Arrays } from '../../utils/concatUint8Arrays.js'
+import { ByteArray } from '../../types.js'
+
+/**
+ * Encrypts data with RC4 using the provided key.
+ *
+ * @param key - The encryption key.
+ * @param data - The data to encrypt.
+ * @returns A promise that resolves to the encrypted data.
+ */
+async function rc4EncryptWithKey(
+    key: ByteArray,
+    data: ByteArray,
+): Promise<ByteArray> {
+    return await rc4(key).encrypt(data)
+}
+
+/**
+ * Decrypts the user password from the /O value using RC4-40.
+ * Used to recover the user password when the owner password is known.
+ *
+ * @param ownerPw - The owner password.
+ * @param ownerKey - The /O value from the encryption dictionary.
+ * @returns A promise that resolves to the decrypted user password (with padding removed).
+ *
+ * @example
+ * ```typescript
+ * const userPassword = await decryptUserPasswordRc4_40(ownerPw, O)
+ * ```
+ */
+export async function decryptUserPasswordRc4_40(
+    ownerPw: ByteArray,
+    ownerKey: ByteArray,
+): Promise<ByteArray> {
+    const ownerPad = padPassword(ownerPw)
+    const digest = await md5(ownerPad)
+    const rc4Key = digest.slice(0, 5) // 40-bit key
+
+    return await removePdfPasswordPadding(
+        await rc4EncryptWithKey(rc4Key, ownerKey),
+    )
+}
+
+/**
+ * Computes the /O value for RC4-40 PDF encryption.
+ * The /O value is used to verify the owner password.
+ *
+ * @param ownerPw - The owner password.
+ * @param userPw - The user password.
+ * @returns A promise that resolves to the 32-byte /O value.
+ *
+ * @example
+ * ```typescript
+ * const O = await computeORc4_40(ownerPassword, userPassword)
+ * ```
+ */
+export async function computeORc4_40(
+    ownerPw: ByteArray,
+    userPw: ByteArray,
+): Promise<ByteArray> {
+    const ownerPad = padPassword(ownerPw)
+    const digest = await md5(ownerPad)
+    const rc4Key = digest.slice(0, 5) // 40-bit key
+
+    return await rc4EncryptWithKey(rc4Key, padPassword(userPw))
+}
+
+/**
+ * Computes the 40-bit encryption key for RC4-40 PDF encryption.
+ *
+ * @param userPw - The user password.
+ * @param oValue - The /O value.
+ * @param permissions - The /P value (permissions flags).
+ * @param fileId - The first element of the /ID array.
+ * @returns A promise that resolves to the 5-byte (40-bit) encryption key.
+ *
+ * @example
+ * ```typescript
+ * const key = await computeEncryptionKeyRc4_40(userPw, O, permissions, fileId)
+ * ```
+ */
+export async function computeEncryptionKeyRc4_40(
+    userPw: ByteArray,
+    oValue: ByteArray,
+    permissions: number,
+    fileId: ByteArray,
+): Promise<ByteArray> {
+    const userPad = padPassword(userPw)
+    const permissionsLE = int32ToLittleEndianBytes(permissions)
+    const digest = await md5(
+        concatUint8Arrays(userPad, oValue, permissionsLE, fileId),
+    )
+    return digest.slice(0, 5) // 40-bit key
+}
+
+/**
+ * Computes the /U value for RC4-40 PDF encryption.
+ * The /U value is used to verify the user password.
+ *
+ * @param userPw - The user password.
+ * @param oValue - The /O value.
+ * @param permissions - The /P value (permissions flags).
+ * @param fileId - The first element of the /ID array.
+ * @returns A promise that resolves to the 32-byte /U value.
+ *
+ * @example
+ * ```typescript
+ * const U = await computeURc4_40(userPassword, O, permissions, fileId)
+ * ```
+ */
+export async function computeURc4_40(
+    userPw: ByteArray,
+    oValue: ByteArray,
+    permissions: number,
+    fileId: ByteArray,
+): Promise<ByteArray> {
+    const encryptionKey = await computeEncryptionKeyRc4_40(
+        userPw,
+        oValue,
+        permissions,
+        fileId,
+    )
+    return await rc4EncryptWithKey(encryptionKey, DEFAULT_PADDING)
+}

package/packages/pdf-lite/src/crypto/types.ts

@@ -0,0 +1,6 @@
+import { ByteArray } from '../types'
+
+export interface Cipher {
+    encrypt(data: ByteArray): Promise<ByteArray>
+    decrypt(data: ByteArray): Promise<ByteArray>
+}

package/packages/pdf-lite/src/crypto/utils.ts

@@ -0,0 +1,81 @@
+import { ByteArray } from '../types.js'
+import { DEFAULT_PADDING } from './constants.js'
+
+/**
+ * Pads a password to exactly 32 bytes using the PDF standard padding.
+ * If the password is shorter than 32 bytes, it is padded with bytes from DEFAULT_PADDING.
+ * If the password is 32 bytes or longer, only the first 32 bytes are used.
+ *
+ * @param password - The password to pad.
+ * @returns A 32-byte padded password.
+ *
+ * @example
+ * ```typescript
+ * const padded = padPassword(new Uint8Array([1, 2, 3])) // Returns 32-byte array
+ * ```
+ */
+export function padPassword(password: ByteArray): ByteArray {
+    const padded = new Uint8Array(32)
+    if (password.length >= 32) {
+        padded.set(password.subarray(0, 32))
+    } else {
+        padded.set(password)
+        padded.set(
+            DEFAULT_PADDING.subarray(0, 32 - password.length),
+            password.length,
+        )
+    }
+    return padded
+}
+
+/**
+ * Converts a 32-bit integer to a 4-byte little-endian byte array.
+ *
+ * @param value - The 32-bit integer to convert.
+ * @returns A 4-byte array in little-endian order.
+ *
+ * @example
+ * ```typescript
+ * int32ToLittleEndianBytes(0x12345678) // Returns [0x78, 0x56, 0x34, 0x12]
+ * ```
+ */
+export function int32ToLittleEndianBytes(value: number): ByteArray {
+    const bytes = new Uint8Array(4)
+    bytes[0] = value & 0xff
+    bytes[1] = (value >> 8) & 0xff
+    bytes[2] = (value >> 16) & 0xff
+    bytes[3] = (value >> 24) & 0xff
+    return bytes
+}
+
+/**
+ * Removes PDF standard password padding from a buffer.
+ * Searches from the end of the buffer for the padding pattern and removes it.
+ *
+ * @param buffer - The buffer with potential password padding.
+ * @returns The buffer with padding removed.
+ *
+ * @example
+ * ```typescript
+ * const unpadded = removePdfPasswordPadding(paddedPassword)
+ * ```
+ */
+export function removePdfPasswordPadding(buffer: ByteArray) {
+    const padding = DEFAULT_PADDING
+    const len = buffer.length
+
+    // Find where padding starts
+    let end = len
+    for (let i = len - 1; i >= 0; i--) {
+        const slice = buffer.slice(i)
+        const paddingStart = padding.slice(0, slice.length)
+        if (
+            slice.length === paddingStart.length &&
+            slice.every((v, j) => v === paddingStart[j])
+        ) {
+            end = i
+            break
+        }
+    }
+    return buffer.slice(0, end)
+}

package/packages/pdf-lite/src/filters/ascii85.ts

@@ -0,0 +1,128 @@
+import { ByteArray } from '../types.js'
+import { stringToBytes } from '../utils/stringToBytes.js'
+import { PdfFilter } from './types.js'
+
+/**
+ * Creates an ASCII85 filter for encoding and decoding PDF stream data.
+ * ASCII85 (also known as Base85) encodes binary data into ASCII characters,
+ * resulting in a 25% expansion compared to the original data.
+ *
+ * @returns A PdfFilter object with encode and decode methods.
+ *
+ * @example
+ * ```typescript
+ * const filter = ascii85()
+ * const encoded = filter.encode(binaryData)
+ * const decoded = filter.decode(encoded)
+ * ```
+ */
+export function ascii85(): PdfFilter {
+    return {
+        /**
+         * Encodes binary data to ASCII85 format.
+         *
+         * @param data - The binary data to encode.
+         * @returns The ASCII85 encoded data as a byte array.
+         */
+        encode: (data: ByteArray): ByteArray => {
+            let result = ''
+            let i = 0
+
+            while (i < data.length) {
+                // Read up to 4 bytes
+                const chunk = new Array(4).fill(0)
+                let chunkLen = 0
+                for (; chunkLen < 4 && i < data.length; chunkLen++, i++) {
+                    chunk[chunkLen] = data[i]
+                }
+
+                // Check for special case: 4 zero bytes encode to 'z'
+                if (chunkLen === 4 && chunk.every((b) => b === 0)) {
+                    result += 'z'
+                    continue
+                }
+
+                // Convert 4 bytes to 32-bit value
+                let value = 0
+                for (let j = 0; j < 4; j++) {
+                    value = (value << 8) | chunk[j]
+                }
+
+                // Convert to base 85
+                const encoded = new Array(5)
+                for (let j = 4; j >= 0; j--) {
+                    encoded[j] = String.fromCharCode((value % 85) + 33)
+                    value = Math.floor(value / 85)
+                }
+
+                // For incomplete groups, only output chunkLen + 1 characters
+                result += encoded.slice(0, chunkLen + 1).join('')
+            }
+
+            return stringToBytes(result)
+        },
+
+        /**
+         * Decodes ASCII85 encoded data back to binary format.
+         *
+         * @param data - The ASCII85 encoded data.
+         * @returns The decoded binary data as a byte array.
+         * @throws Error if invalid ASCII85 characters are encountered.
+         */
+        decode: (data: ByteArray): ByteArray => {
+            let str = new TextDecoder().decode(data)
+
+            // Remove delimiters if present
+            str = str.replace(/^<~/, '').replace(/~>$/, '')
+
+            // Remove whitespace
+            str = str.replace(/\s/g, '')
+
+            const out: number[] = []
+            let i = 0
+
+            while (i < str.length) {
+                const char = str[i]
+
+                // Handle special 'z' case (represents 4 zero bytes)
+                if (char === 'z') {
+                    out.push(0, 0, 0, 0)
+                    i++
+                    continue
+                }
+
+                // Read up to 5 characters
+                const chunk = new Array(5).fill(84) // Fill with 'u' (84 + 33 = 117 = 'u')
+                let chunkLen = 0
+
+                for (
+                    ;
+                    chunkLen < 5 && i < str.length && str[i] !== 'z';
+                    chunkLen++, i++
+                ) {
+                    const code = str.charCodeAt(i) - 33
+                    if (code < 0 || code > 84) {
+                        throw new Error(`Invalid ASCII85 character: ${str[i]}`)
+                    }
+                    chunk[chunkLen] = code
+                }
+
+                if (chunkLen === 0) break
+
+                // Convert from base 85 to 32-bit value
+                let value = 0
+                for (let j = 0; j < 5; j++) {
+                    value = value * 85 + chunk[j]
+                }
+
+                // Extract bytes (but only the ones we should have based on input length)
+                const bytesToOutput = Math.min(4, chunkLen - 1)
+                for (let j = 3; j >= 4 - bytesToOutput; j--) {
+                    out.push((value >> (j * 8)) & 0xff)
+                }
+            }
+
+            return new Uint8Array(out)
+        },
+    }
+}

package/packages/pdf-lite/src/filters/asciihex.ts

@@ -0,0 +1,55 @@
+import { ByteArray } from '../types'
+import { bytesToString } from '../utils/bytesToString'
+import { stringToBytes } from '../utils/stringToBytes'
+import { PdfFilter } from './types'
+
+/**
+ * Creates an ASCIIHex filter for encoding and decoding PDF stream data.
+ * ASCIIHex encodes binary data as pairs of hexadecimal digits,
+ * resulting in a 100% expansion compared to the original data.
+ *
+ * @returns A PdfFilter object with encode and decode methods.
+ *
+ * @example
+ * ```typescript
+ * const filter = asciiHex()
+ * const encoded = filter.encode(binaryData)
+ * const decoded = filter.decode(encoded)
+ * ```
+ */
+export function asciiHex(): PdfFilter {
+    return {
+        /**
+         * Encodes binary data to ASCIIHex format.
+         * Appends '>' as the end-of-data marker.
+         *
+         * @param data - The binary data to encode.
+         * @returns The ASCIIHex encoded data as a byte array.
+         */
+        encode: (data: ByteArray) => {
+            let out = ''
+            for (let i = 0; i < data.length; i++) {
+                out += data[i].toString(16).padStart(2, '0').toUpperCase()
+            }
+            out += '>'
+            return stringToBytes(out)
+        },
+        /**
+         * Decodes ASCIIHex encoded data back to binary format.
+         * Handles whitespace and the '>' end-of-data marker.
+         *
+         * @param data - The ASCIIHex encoded data.
+         * @returns The decoded binary data as a byte array.
+         */
+        decode: (data: ByteArray) => {
+            let hex = bytesToString(data).replace(/\s+/g, '')
+            if (hex.endsWith('>')) hex = hex.slice(0, -1)
+            if (hex.length % 2 !== 0) hex += '0'
+            const out = new Uint8Array(hex.length / 2)
+            for (let i = 0; i < hex.length; i += 2) {
+                out[i / 2] = parseInt(hex.substr(i, 2), 16)
+            }
+            return out
+        },
+    }
+}

package/packages/pdf-lite/src/filters/flate.ts

@@ -0,0 +1,39 @@
+import { ByteArray } from '../types.js'
+import { inflateData, deflateData } from '../utils/algos.js'
+import { PdfFilter } from './types.js'
+
+/**
+ * Creates a Flate filter for compressing and decompressing PDF stream data.
+ * Uses the DEFLATE compression algorithm (same as zlib/gzip).
+ *
+ * @returns A PdfFilter object with encode and decode methods.
+ *
+ * @example
+ * ```typescript
+ * const filter = flate()
+ * const compressed = filter.encode(rawData)
+ * const decompressed = filter.decode(compressed)
+ * ```
+ */
+export function flate(): PdfFilter {
+    return {
+        /**
+         * Compresses data using the DEFLATE algorithm.
+         *
+         * @param data - The data to compress.
+         * @returns The compressed data as a byte array.
+         */
+        encode: (data: ByteArray) => {
+            return deflateData(data)
+        },
+        /**
+         * Decompresses DEFLATE-compressed data.
+         *
+         * @param data - The compressed data to decompress.
+         * @returns The decompressed data as a byte array.
+         */
+        decode: (data: ByteArray) => {
+            return inflateData(data)
+        },
+    }
+}