public void Digest(Span <byte> output)
{
SecurityAssert.Assert(_state == HMACState.InnerHashing);
_state = HMACState.HashingDone;
var innerHash = _digest.DigestBuffer();
var oPadKey = XorKey(_key, 0x5c);
_digest.Reset();
_digest.Update(oPadKey);
_digest.Update(innerHash);
_digest.Digest(output);
}
public static byte[] DigestBuffer(this IDigest digest)
{
var buffer = new byte[digest.HashSize / 8];
digest.Digest(buffer);
return(buffer);
}
/// <summary>Create a digest based on the inputstream.</summary>
/// <param name="data">data to be digested</param>
/// <param name="messageDigest">algorithm to be used</param>
/// <returns>digest of the data</returns>
public static byte[] Digest(Stream data, IDigest messageDigest) {
byte[] buf = new byte[8192];
int n;
while ((n = data.Read(buf)) > 0) {
messageDigest.Update(buf, 0, n);
}
return messageDigest.Digest();
}
/// <summary>Signs a document with a PAdES-LTV Timestamp.</summary>
/// <remarks>
/// Signs a document with a PAdES-LTV Timestamp. The document is closed at the end.
/// <br /><br />
/// NOTE: This method closes the underlying pdf document. This means, that current instance
/// of PdfSigner cannot be used after this method call.
/// </remarks>
/// <param name="tsa">the timestamp generator</param>
/// <param name="signatureName">
/// the signature name or null to have a name generated
/// automatically
/// </param>
/// <exception cref="System.IO.IOException"/>
/// <exception cref="Org.BouncyCastle.Security.GeneralSecurityException"/>
public virtual void Timestamp(ITSAClient tsa, String signatureName)
{
if (closed)
{
throw new PdfException(PdfException.ThisInstanceOfPdfSignerAlreadyClosed);
}
int contentEstimated = tsa.GetTokenSizeEstimate();
AddDeveloperExtension(PdfDeveloperExtension.ESIC_1_7_EXTENSIONLEVEL5);
SetFieldName(signatureName);
PdfSignature dic = new PdfSignature(PdfName.Adobe_PPKLite, PdfName.ETSI_RFC3161);
dic.Put(PdfName.Type, PdfName.DocTimeStamp);
cryptoDictionary = dic;
IDictionary <PdfName, int?> exc = new Dictionary <PdfName, int?>();
exc[PdfName.Contents] = contentEstimated * 2 + 2;
PreClose(exc);
Stream data = GetRangeStream();
IDigest messageDigest = tsa.GetMessageDigest();
byte[] buf = new byte[4096];
int n;
while ((n = data.Read(buf)) > 0)
{
messageDigest.Update(buf, 0, n);
}
byte[] tsImprint = messageDigest.Digest();
byte[] tsToken;
try {
tsToken = tsa.GetTimeStampToken(tsImprint);
}
catch (Exception e) {
throw new GeneralSecurityException(e.Message, e);
}
if (contentEstimated + 2 < tsToken.Length)
{
throw new System.IO.IOException("Not enough space");
}
byte[] paddedSig = new byte[contentEstimated];
System.Array.Copy(tsToken, 0, paddedSig, 0, tsToken.Length);
PdfDictionary dic2 = new PdfDictionary();
dic2.Put(PdfName.Contents, new PdfString(paddedSig).SetHexWriting(true));
Close(dic2);
closed = true;
}
/// <summary>
/// Note: For most of the supported security handlers algorithm to calculate encryption key for particular object
/// is the same.
/// </summary>
/// <param name="objNumber"/>
/// <param name="objGeneration"/>
public virtual void SetHashKeyForNextObject(int objNumber, int objGeneration)
{
// added by ujihara
md5.Reset();
extra[0] = (byte)objNumber;
extra[1] = (byte)(objNumber >> 8);
extra[2] = (byte)(objNumber >> 16);
extra[3] = (byte)objGeneration;
extra[4] = (byte)(objGeneration >> 8);
md5.Update(mkey);
md5.Update(extra);
nextObjectKey = md5.Digest();
nextObjectKeySize = mkey.Length + 5;
if (nextObjectKeySize > 16)
{
nextObjectKeySize = 16;
}
}
private void SerObject(PdfObject obj, ByteBuffer bb, int level, IDictionary <PdfIndirectReference, byte[]>
serializedCache)
{
if (level <= 0)
{
return;
}
if (obj == null)
{
bb.Append("$Lnull");
return;
}
PdfIndirectReference reference = null;
ByteBuffer savedBb = null;
if (obj.IsIndirectReference())
{
reference = (PdfIndirectReference)obj;
byte[] cached = serializedCache.Get(reference);
if (cached != null)
{
bb.Append(cached);
return;
}
else
{
savedBb = bb;
bb = new ByteBuffer();
obj = reference.GetRefersTo();
}
}
if (obj.IsStream())
{
SerDic((PdfDictionary)obj, bb, level - 1, serializedCache);
bb.Append("$B");
if (level > 0)
{
bb.Append(md5.Digest(((PdfStream)obj).GetBytes(false)));
}
}
else
{
if (obj.IsDictionary())
{
SerDic((PdfDictionary)obj, bb, level - 1, serializedCache);
}
else
{
if (obj.IsArray())
{
SerArray((PdfArray)obj, bb, level - 1, serializedCache);
}
else
{
if (obj.IsString())
{
bb.Append("$S").Append(obj.ToString());
}
else
{
// TODO specify length for strings, streams, may be names?
if (obj.IsName())
{
bb.Append("$N").Append(obj.ToString());
}
else
{
bb.Append("$L").Append(obj.ToString());
}
}
}
}
}
// PdfNull case is also here
if (savedBb != null)
{
serializedCache.Put(reference, bb.ToByteArray());
savedBb.Append(bb.GetInternalBuffer());
}
}
public static byte[] Digest(this IDigest digest, byte[] input)
{
digest.Update(input);
return(digest.Digest());
}
/**
* Produce the signature. {@link #setPrivateKey} MUST have
* been called. The signature is computed over the data
* that was input through the {@code update*()} methods.
* This engine is then reset (made ready for a new
* signature generation).
*
* @return the signature
*/
public byte[] sign()
{
return(signHash(dig.Digest()));
}
private void InitKeyAndFillDictionary(PdfDictionary encryptionDictionary, byte[] userPassword, byte[] ownerPassword
, int permissions, bool encryptMetadata, bool embeddedFilesOnly)
{
ownerPassword = GenerateOwnerPasswordIfNullOrEmpty(ownerPassword);
permissions |= PERMS_MASK_1_FOR_REVISION_3_OR_GREATER;
permissions &= PERMS_MASK_2;
try {
byte[] userKey;
byte[] ownerKey;
byte[] ueKey;
byte[] oeKey;
byte[] aes256Perms;
if (userPassword == null)
{
userPassword = new byte[0];
}
byte[] uvs = IVGenerator.GetIV(8);
byte[] uks = IVGenerator.GetIV(8);
nextObjectKey = IVGenerator.GetIV(32);
nextObjectKeySize = 32;
// Algorithm 3.8.1
IDigest md = Org.BouncyCastle.Security.DigestUtilities.GetDigest("SHA-256");
md.Update(userPassword, 0, Math.Min(userPassword.Length, 127));
md.Update(uvs);
userKey = new byte[48];
md.Digest(userKey, 0, 32);
System.Array.Copy(uvs, 0, userKey, 32, 8);
System.Array.Copy(uks, 0, userKey, 40, 8);
// Algorithm 3.8.2
md.Update(userPassword, 0, Math.Min(userPassword.Length, 127));
md.Update(uks);
AESCipherCBCnoPad ac = new AESCipherCBCnoPad(true, md.Digest());
ueKey = ac.ProcessBlock(nextObjectKey, 0, nextObjectKey.Length);
// Algorithm 3.9.1
byte[] ovs = IVGenerator.GetIV(8);
byte[] oks = IVGenerator.GetIV(8);
md.Update(ownerPassword, 0, Math.Min(ownerPassword.Length, 127));
md.Update(ovs);
md.Update(userKey);
ownerKey = new byte[48];
md.Digest(ownerKey, 0, 32);
System.Array.Copy(ovs, 0, ownerKey, 32, 8);
System.Array.Copy(oks, 0, ownerKey, 40, 8);
// Algorithm 3.9.2
md.Update(ownerPassword, 0, Math.Min(ownerPassword.Length, 127));
md.Update(oks);
md.Update(userKey);
ac = new AESCipherCBCnoPad(true, md.Digest());
oeKey = ac.ProcessBlock(nextObjectKey, 0, nextObjectKey.Length);
// Algorithm 3.10
byte[] permsp = IVGenerator.GetIV(16);
permsp[0] = (byte)permissions;
permsp[1] = (byte)(permissions >> 8);
permsp[2] = (byte)(permissions >> 16);
permsp[3] = (byte)(permissions >> 24);
permsp[4] = (byte)(255);
permsp[5] = (byte)(255);
permsp[6] = (byte)(255);
permsp[7] = (byte)(255);
permsp[8] = encryptMetadata ? (byte)'T' : (byte)'F';
permsp[9] = (byte)'a';
permsp[10] = (byte)'d';
permsp[11] = (byte)'b';
ac = new AESCipherCBCnoPad(true, nextObjectKey);
aes256Perms = ac.ProcessBlock(permsp, 0, permsp.Length);
this.permissions = permissions;
this.encryptMetadata = encryptMetadata;
SetStandardHandlerDicEntries(encryptionDictionary, userKey, ownerKey);
SetAES256DicEntries(encryptionDictionary, oeKey, ueKey, aes256Perms, encryptMetadata, embeddedFilesOnly);
}
catch (Exception ex) {
throw new PdfException(PdfException.PdfEncryption, ex);
}
}
private void InitKeyAndReadDictionary(PdfDictionary encryptionDictionary, byte[] password)
{
try {
if (password == null)
{
password = new byte[0];
}
byte[] oValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.O));
byte[] uValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.U));
byte[] oeValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.OE));
byte[] ueValue = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.UE));
byte[] perms = GetIsoBytes(encryptionDictionary.GetAsString(PdfName.Perms));
PdfNumber pValue = (PdfNumber)encryptionDictionary.Get(PdfName.P);
this.permissions = pValue.LongValue();
IDigest md = Org.BouncyCastle.Security.DigestUtilities.GetDigest("SHA-256");
md.Update(password, 0, Math.Min(password.Length, 127));
md.Update(oValue, VALIDATION_SALT_OFFSET, SALT_LENGTH);
md.Update(uValue, 0, OU_LENGTH);
byte[] hash = md.Digest();
usedOwnerPassword = CompareArray(hash, oValue, 32);
if (usedOwnerPassword)
{
md.Update(password, 0, Math.Min(password.Length, 127));
md.Update(oValue, KEY_SALT_OFFSET, SALT_LENGTH);
md.Update(uValue, 0, OU_LENGTH);
hash = md.Digest();
AESCipherCBCnoPad ac = new AESCipherCBCnoPad(false, hash);
nextObjectKey = ac.ProcessBlock(oeValue, 0, oeValue.Length);
}
else
{
md.Update(password, 0, Math.Min(password.Length, 127));
md.Update(uValue, VALIDATION_SALT_OFFSET, SALT_LENGTH);
hash = md.Digest();
if (!CompareArray(hash, uValue, 32))
{
throw new BadPasswordException(PdfException.BadUserPassword);
}
md.Update(password, 0, Math.Min(password.Length, 127));
md.Update(uValue, KEY_SALT_OFFSET, SALT_LENGTH);
hash = md.Digest();
AESCipherCBCnoPad ac = new AESCipherCBCnoPad(false, hash);
nextObjectKey = ac.ProcessBlock(ueValue, 0, ueValue.Length);
}
nextObjectKeySize = 32;
AESCipherCBCnoPad ac_1 = new AESCipherCBCnoPad(false, nextObjectKey);
byte[] decPerms = ac_1.ProcessBlock(perms, 0, perms.Length);
if (decPerms[9] != (byte)'a' || decPerms[10] != (byte)'d' || decPerms[11] != (byte)'b')
{
throw new BadPasswordException(PdfException.BadUserPassword);
}
permissions = (decPerms[0] & 0xff) | ((decPerms[1] & 0xff) << 8) | ((decPerms[2] & 0xff) << 16) | ((decPerms
[2] & 0xff) << 24);
encryptMetadata = decPerms[8] == (byte)'T';
}
catch (BadPasswordException ex) {
throw;
}
catch (Exception ex) {
throw new PdfException(PdfException.PdfEncryption, ex);
}
}
// TODO 2: object is not checked if it was already serialized on start, double work could be done
// TODO 3: indirect objects often stored multiple times as parts of the other objects
private void SerObject(PdfObject obj, int level, ByteBufferOutputStream bb)
{
if (level <= 0)
{
return;
}
if (obj == null)
{
bb.Append("$Lnull");
return;
}
PdfIndirectReference reference = null;
ByteBufferOutputStream savedBb = null;
int indRefKey = -1;
if (obj.IsIndirectReference())
{
reference = (PdfIndirectReference)obj;
indRefKey = CalculateIndRefKey(reference);
byte[] cached = objToSerializedContent.Get(indRefKey);
if (cached != null)
{
bb.Append(cached);
return;
}
else
{
savedBb = bb;
bb = new ByteBufferOutputStream();
obj = reference.GetRefersTo();
}
}
if (obj.IsStream())
{
bb.Append("$B");
SerDic((PdfDictionary)obj, level - 1, bb);
if (level > 0)
{
md5.Reset();
bb.Append(md5.Digest(((PdfStream)obj).GetBytes(false)));
}
}
else
{
if (obj.IsDictionary())
{
SerDic((PdfDictionary)obj, level - 1, bb);
}
else
{
if (obj.IsArray())
{
SerArray((PdfArray)obj, level - 1, bb);
}
else
{
if (obj.IsString())
{
bb.Append("$S").Append(obj.ToString());
}
else
{
if (obj.IsName())
{
bb.Append("$N").Append(obj.ToString());
}
else
{
bb.Append("$L").Append(obj.ToString());
}
}
}
}
}
// PdfNull case is also here
if (savedBb != null)
{
objToSerializedContent[indRefKey] = bb.GetBuffer();
savedBb.Append(bb);
}
}
/// <exception cref="Org.BouncyCastle.Security.SecurityUtilityException"/>
private static byte[] HashBytesSha1(byte[] b)
{
IDigest sh = Org.BouncyCastle.Security.DigestUtilities.GetDigest("SHA1");
return(sh.Digest(b));
}
private byte[] ComputeMAC(IDigest macAlgo, long seqNum, RecordType type, TlsVersion version, byte[] content)
{
macAlgo.Update(EndianBitConverter.Big.GetBytes(seqNum), 0, sizeof(long));
macAlgo.Update(new[] { (byte)type, version.Major, version.Major }, 0, 3);
macAlgo.Update(EndianBitConverter.Big.GetBytes((ushort)content.Length), 0, sizeof(ushort));
macAlgo.Update(content, 0, content.Length);
return macAlgo.Digest();
}
private static byte[] EMSA_PKCS1_v1_5_Encode(byte[] input, int emLen, IDigest hash)
{
hash.Update(input, 0, input.Length);
var h = hash.Digest();
byte[] t;
using (var mem = new MemoryStream())
{
var derWriter = new DERWriter(mem);
derWriter.Write(new ASN1Sequence(new ASN1Object[]
{
new ASN1Sequence(new ASN1Object[] {
hash.Id,
new ASN1Null()
}),
new ASN1OctetString(h)
}));
t = mem.ToArray();
}
SecurityAssert.SAssert(emLen >= t.Length + 11);
var ps = new byte[emLen - t.Length - 3];
SecurityAssert.SAssert(ps.Length >= 8);
for (var i = 0; i < ps.Length; i++) { ps[i] = 0xff; }
var em = new byte[emLen];
em[0] = 0;
em[1] = 1;
Array.Copy(ps, 0, em, 2, ps.Length);
em[ps.Length + 2] = 0;
Array.Copy(t, 0, em, ps.Length + 3, t.Length);
return em;
}
/// <exception cref="Org.BouncyCastle.Security.SecurityUtilityException"/>
private static byte[] HashBytesSha1(byte[] b)
{
IDigest sh = DigestUtilities.GetDigest("SHA1");
return(sh.Digest(b));
}
/// <exception cref="Org.BouncyCastle.Security.SecurityUtilityException"/>
private byte[] ComputeHash(byte[] password, byte[] salt, int saltOffset, int saltLen, byte[] userKey)
{
IDigest mdSha256 = DigestUtilities.GetDigest("SHA-256");
mdSha256.Update(password);
mdSha256.Update(salt, saltOffset, saltLen);
if (userKey != null)
{
mdSha256.Update(userKey);
}
byte[] k = mdSha256.Digest();
if (isPdf2)
{
// See 7.6.4.3.3 "Algorithm 2.B"
IDigest mdSha384 = DigestUtilities.GetDigest("SHA-384");
IDigest mdSha512 = DigestUtilities.GetDigest("SHA-512");
int userKeyLen = userKey != null ? userKey.Length : 0;
int passAndUserKeyLen = password.Length + userKeyLen;
// k1 repetition length
int k1RepLen;
int roundNum = 0;
while (true)
{
// a)
k1RepLen = passAndUserKeyLen + k.Length;
byte[] k1 = new byte[k1RepLen * 64];
Array.Copy(password, 0, k1, 0, password.Length);
Array.Copy(k, 0, k1, password.Length, k.Length);
if (userKey != null)
{
Array.Copy(userKey, 0, k1, password.Length + k.Length, userKeyLen);
}
for (int i = 1; i < 64; ++i)
{
Array.Copy(k1, 0, k1, k1RepLen * i, k1RepLen);
}
// b)
AESCipherCBCnoPad cipher = new AESCipherCBCnoPad(true, JavaUtil.ArraysCopyOf(k, 16), JavaUtil.ArraysCopyOfRange
(k, 16, 32));
byte[] e = cipher.ProcessBlock(k1, 0, k1.Length);
// c)
IDigest md = null;
BigInteger i_1 = new BigInteger(1, JavaUtil.ArraysCopyOf(e, 16));
int remainder = i_1.Remainder(BigInteger.ValueOf(3)).IntValue;
switch (remainder)
{
case 0: {
md = mdSha256;
break;
}
case 1: {
md = mdSha384;
break;
}
case 2: {
md = mdSha512;
break;
}
}
// d)
k = md.Digest(e);
++roundNum;
if (roundNum > 63)
{
// e)
int condVal = e[e.Length - 1] & 0xFF;
// interpreting last byte as unsigned integer
if (condVal <= roundNum - 32)
{
break;
}
}
}
k = k.Length == 32 ? k : JavaUtil.ArraysCopyOf(k, 32);
}
return(k);
}
private void SerObject(PdfObject obj, int level, ByteBufferOutputStream bb, IntHashtable serialized)
{
if (level <= 0)
{
return;
}
if (obj == null)
{
bb.Append("$Lnull");
return;
}
PdfIndirectReference reference = null;
ByteBufferOutputStream savedBb = null;
if (obj.IsIndirectReference())
{
reference = (PdfIndirectReference)obj;
int key = GetCopyObjectKey(obj);
if (serialized.ContainsKey(key))
{
bb.Append((int)serialized.Get(key));
return;
}
else
{
savedBb = bb;
bb = new ByteBufferOutputStream();
}
}
if (obj.IsStream())
{
bb.Append("$B");
SerDic((PdfDictionary)obj, level - 1, bb, serialized);
if (level > 0)
{
md5.Reset();
bb.Append(md5.Digest(((PdfStream)obj).GetBytes(false)));
}
}
else
{
if (obj.IsDictionary())
{
SerDic((PdfDictionary)obj, level - 1, bb, serialized);
}
else
{
if (obj.IsArray())
{
SerArray((PdfArray)obj, level - 1, bb, serialized);
}
else
{
if (obj.IsString())
{
bb.Append("$S").Append(obj.ToString());
}
else
{
if (obj.IsName())
{
bb.Append("$N").Append(obj.ToString());
}
else
{
bb.Append("$L").Append(obj.ToString());
}
}
}
}
}
if (savedBb != null)
{
int key = GetCopyObjectKey(reference);
if (!serialized.ContainsKey(key))
{
serialized.Put(key, CalculateHash(bb.GetBuffer()));
}
savedBb.Append(bb);
}
}
