688958 – Encrypted PDF with 128-Bit AES (PDF 1.6) cannot be interpreted

Bug 688958 - Encrypted PDF with 128-Bit AES (PDF 1.6) cannot be interpreted

Summary: Encrypted PDF with 128-Bit AES (PDF 1.6) cannot be interpreted

Status:	NOTIFIED FIXED

Alias:	None

Product:	Ghostscript
Classification:	Unclassified
Component:	PDF Interpreter (show other bugs)
Version:	8.54
Hardware:	All All

Importance:	P1 normal
Assignee:	Ralph Giles

URL:
Keywords:

Duplicates (4):	688959 688960 689639 690447 (view as bug list)
Depends on:
Blocks:

Reported:	2006-10-30 04:34 UTC by artifex
Modified:	2011-09-18 21:47 UTC (History)
CC List:	2 users (show)

See Also:
Customer:	870, 850, 531
Word Size:	---

Attachments
example for a PDF-file with 128Bit AES encryption, which cannot be interpreted (43.79 KB, application/pdf) 2006-10-30 04:37 UTC, artifex	Details
aes-1.diff (7.61 KB, patch) 2008-10-14 19:32 UTC, Ralph Giles	Details \| Diff
patch (1.19 KB, patch) 2009-04-26 22:58 UTC, Alex Cherepanov	Details \| Diff
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description artifex 2006-10-30 04:34:19 UTC

PDF-Files, which are encrypted with 128-Bit AES ( beginning with PDF1.6 ) cannot
be interpreted with GhostScript. The interpretation terminates with following
message:

Error: /ioerror in --token--
Operand stack:
   --dict:11/17(L)--   2   --dict:82/82(ro)(G)--   --nostringval--
Execution stack:

Comment 1 artifex 2006-10-30 04:37:38 UTC

Created attachment 2558 [details]
example for a PDF-file with 128Bit AES encryption, which cannot be interpreted

Comment 2 Alex Cherepanov 2006-10-30 09:15:06 UTC

*** Bug 688959 has been marked as a duplicate of this bug. ***

Comment 3 Alex Cherepanov 2006-10-30 09:15:42 UTC

*** Bug 688960 has been marked as a duplicate of this bug. ***

Comment 4 Ray Johnston 2007-04-12 12:07:21 UTC

Reassigning to Alex and adjusting priority to reflect a customer bug 
(not and enhancement, but a capability that is not yet supported in 
Ghostscript).

Comment 5 Alex Cherepanov 2008-01-03 21:50:21 UTC

*** Bug 689639 has been marked as a duplicate of this bug. ***

Comment 6 Ralph Giles 2008-10-14 19:32:54 UTC

Created attachment 4505 [details]
aes-1.diff

Attaching a patch for review. With this patch and the AES support additions of
r8870-2, r9117, and r9118 Ghostscript properly decodes the file.

The patch pulls the CFM out of the Encrypt dictionary every time it needs to
know which cipher to use. Would it be more elegant to stash it in a global or
stream key?

Comment 7 Alex Cherepanov 2008-10-15 20:32:44 UTC

IMHO a few dictionary look-ups per an encrypted object should not
have a noticeable effect on PDF interpreter performance.

I see 2 minor improvements to the patch:
- every object in the file can be an indirect object including the values of
  /StmF , /CF , /CFM

- A few changes are in the spaces only and can be omitted.

Comment 8 Marcos H. Woehrmann 2008-10-25 10:36:03 UTC

Created attachment 4540 [details]
22169.pdf

This is another AES-128 encrypted file that Ghostscript cannot read.  

With the unpatched gshead (r9180) reads 22169.pdf with the following warning
repeated multiple times;

   **** Error reading a content stream. The page may be incomplete.

and produces blank pages.

With the patch from comment #6 applied the following error is produced:

GPL Ghostscript SVN PRE-RELEASE 8.64 (2008-08-02)
Copyright (C) 2008 Artifex Software, Inc.  All rights reserved.
This software comes with NO WARRANTY: see the file PUBLIC for details.
Processing pages 1 through 15.
Page 1
Error: /undefined in --run--
Operand stack:
   --nostringval--   --dict:7/7(L)--   --dict:48/48(ro)(L)--   --nostringval-- 
 PageSpotColors   --dict:7/7(L)--   --dict:0/0(L)--   --dict:1/4(L)--	1127  
(\200t\345!\263\362,\251n>\034\272\2052j\307)	69   0	 --nostringval--  
Subtype   Form	 Length   576	OC   --nostringval--   PieceInfo  
--nostringval--   ADBE_CompoundType   --nostringval--	Private   Watermark  
LastModified   (\200t\345!\263\362,\251n>\034\272\2052j\307)  
(H\221@\016\275\330\022\000\020\000\000\000\275\330\022\000\261\376\235\3068zA\326\177\201A\356,\304\327\322\374\226E\213}\235\271\201\251\201Y\023V*J\273)
  --dict:6/6(L)--   Encryption
Execution stack:
   %interp_exit   .runexec2   --nostringval--	--nostringval--  
--nostringval--   2   %stopped_push   --nostringval--	--nostringval--  
--nostringval--   false   1   %stopped_push   1846   1	 3   %oparray_pop  
1845   1   3   %oparray_pop   1829   1	 3   %oparray_pop   --nostringval--  
--nostringval--   2   1   15   --nostringval--	 %for_pos_int_continue	
--nostringval--   --nostringval--   --nostringval--   --nostringval--  
--nostringval--   %loop_continue   --nostringval--   --dict:1/1(L)--  
--nostringval--   1   %dict_continue   --nostringval--	 --nostringval--  
--nostringval--   --nostringval--   false   1	%stopped_push	--nostringval--
  %loop_continue   --nostringval--   --nostringval--   --nostringval--	
--nostringval--
Dictionary stack:
   --dict:1142/1684(ro)(G)--   --dict:1/20(G)--   --dict:74/200(L)--  
--dict:74/200(L)--   --dict:106/127(ro)(G)--   --dict:278/300(ro)(G)--	
--dict:22/25(L)--   --dict:3/5(L)--
Current allocation mode is local
GPL Ghostscript SVN PRE-RELEASE 8.64: Unrecoverable error, exit code 1

Comment 9 Marcos H. Woehrmann 2008-11-18 19:55:13 UTC

Created attachment 4607 [details]
PLANTILLA_PLANOS.pdf

Another customer, #531, submitted a file with AES-128 encryption.  I've updated
the priority and attached the file.

Comment 10 Ralph Giles 2008-11-18 21:29:18 UTC

The new file fails with the current patch similarly to 22169.pdf.

Comment 11 Ralph Giles 2008-12-02 16:24:59 UTC

note that 22169 and PLANTILLA_PLANOS are the same file.

Comment 12 Henry Stiles 2008-12-09 09:53:37 UTC

We anticipate progress in the August 2009 release.

Comment 13 Ralph Giles 2008-12-09 09:56:36 UTC

NB the first customer's file works fine after r9232, and support for this will
be in the February 8.70 release.

Comment 14 Alex Cherepanov 2009-04-26 22:49:21 UTC

*** Bug 690447 has been marked as a duplicate of this bug. ***

Comment 15 Alex Cherepanov 2009-04-26 22:58:17 UTC

Created attachment 4973 [details]
patch

Fix 2 oversights in AES decryption code:
- add enumeration of ctx member in AES state. Unmovable blocks are still
  garbage collected and need enumeration.
- use correct names to access /CFM attribute. Apparently, this branch has not
  been exercised before.

With this patch all sample files from this and duplicate bug report
run to completion.

Comment 16 Alex Cherepanov 2009-04-26 23:28:41 UTC

The path is committed as a rev. 9689.
Regression testing shows no differences, in part, because we don't have
a single AES encrypted PDF file in the regression suite.

Comment 17 Marcos H. Woehrmann 2011-09-18 21:47:11 UTC

Changing customer bugs that have been resolved more than a year ago to closed.