/** * Compute encryption key * @protected * @since 2.0.000 (2008-01-02) * @author Nicola Asuni */ protected function _generateencryptionkey() { $keybytelen = $this->encryptdata['Length'] / 8; if (!$this->encryptdata['pubkey']) { // standard mode if ($this->encryptdata['mode'] == 3) { // AES-256 // generate 256 bit random key $this->encryptdata['key'] = substr(hash('sha256', TCPDF_STATIC::getRandomSeed(), true), 0, $keybytelen); // truncate passwords $this->encryptdata['user_password'] = $this->_fixAES256Password($this->encryptdata['user_password']); $this->encryptdata['owner_password'] = $this->_fixAES256Password($this->encryptdata['owner_password']); // Compute U value $this->encryptdata['U'] = $this->_Uvalue(); // Compute UE value $this->encryptdata['UE'] = $this->_UEvalue(); // Compute O value $this->encryptdata['O'] = $this->_Ovalue(); // Compute OE value $this->encryptdata['OE'] = $this->_OEvalue(); // Compute P value $this->encryptdata['P'] = $this->encryptdata['protection']; // Computing the encryption dictionary's Perms (permissions) value $perms = TCPDF_STATIC::getEncPermissionsString($this->encryptdata['protection']); // bytes 0-3 $perms .= chr(255) . chr(255) . chr(255) . chr(255); // bytes 4-7 if (isset($this->encryptdata['CF']['EncryptMetadata']) and !$this->encryptdata['CF']['EncryptMetadata']) { // byte 8 $perms .= 'F'; } else { $perms .= 'T'; } $perms .= 'adb'; // bytes 9-11 $perms .= 'nick'; // bytes 12-15 $iv = str_repeat("", mcrypt_get_iv_size(MCRYPT_RIJNDAEL_128, MCRYPT_MODE_ECB)); $this->encryptdata['perms'] = mcrypt_encrypt(MCRYPT_RIJNDAEL_128, $this->encryptdata['key'], $perms, MCRYPT_MODE_ECB, $iv); } else { // RC4-40, RC4-128, AES-128 // Pad passwords $this->encryptdata['user_password'] = substr($this->encryptdata['user_password'] . TCPDF_STATIC::$enc_padding, 0, 32); $this->encryptdata['owner_password'] = substr($this->encryptdata['owner_password'] . TCPDF_STATIC::$enc_padding, 0, 32); // Compute O value $this->encryptdata['O'] = $this->_Ovalue(); // get default permissions (reverse byte order) $permissions = TCPDF_STATIC::getEncPermissionsString($this->encryptdata['protection']); // Compute encryption key $tmp = TCPDF_STATIC::_md5_16($this->encryptdata['user_password'] . $this->encryptdata['O'] . $permissions . $this->encryptdata['fileid']); if ($this->encryptdata['mode'] > 0) { for ($i = 0; $i < 50; ++$i) { $tmp = TCPDF_STATIC::_md5_16(substr($tmp, 0, $keybytelen)); } } $this->encryptdata['key'] = substr($tmp, 0, $keybytelen); // Compute U value $this->encryptdata['U'] = $this->_Uvalue(); // Compute P value $this->encryptdata['P'] = $this->encryptdata['protection']; } } else { // Public-Key mode // random 20-byte seed $seed = sha1(TCPDF_STATIC::getRandomSeed(), true); $recipient_bytes = ''; foreach ($this->encryptdata['pubkeys'] as $pubkey) { // for each public certificate if (isset($pubkey['p'])) { $pkprotection = TCPDF_STATIC::getUserPermissionCode($pubkey['p'], $this->encryptdata['mode']); } else { $pkprotection = $this->encryptdata['protection']; } // get default permissions (reverse byte order) $pkpermissions = TCPDF_STATIC::getEncPermissionsString($pkprotection); // envelope data $envelope = $seed . $pkpermissions; // write the envelope data to a temporary file $tempkeyfile = TCPDF_STATIC::getObjFilename('tmpkey'); $f = fopen($tempkeyfile, 'wb'); if (!$f) { $this->Error('Unable to create temporary key file: ' . $tempkeyfile); } $envelope_length = strlen($envelope); fwrite($f, $envelope, $envelope_length); fclose($f); $tempencfile = TCPDF_STATIC::getObjFilename('tmpenc'); if (!openssl_pkcs7_encrypt($tempkeyfile, $tempencfile, $pubkey['c'], array(), PKCS7_BINARY | PKCS7_DETACHED)) { $this->Error('Unable to encrypt the file: ' . $tempkeyfile); } unlink($tempkeyfile); // read encryption signature $signature = file_get_contents($tempencfile, false, null, $envelope_length); unlink($tempencfile); // extract signature $signature = substr($signature, strpos($signature, 'Content-Disposition')); $tmparr = explode("\n\n", $signature); $signature = trim($tmparr[1]); unset($tmparr); // decode signature $signature = base64_decode($signature); // convert signature to hex $hexsignature = current(unpack('H*', $signature)); // store signature on recipients array $this->encryptdata['Recipients'][] = $hexsignature; // The bytes of each item in the Recipients array of PKCS#7 objects in the order in which they appear in the array $recipient_bytes .= $signature; } // calculate encryption key if ($this->encryptdata['mode'] == 3) { // AES-256 $this->encryptdata['key'] = substr(hash('sha256', $seed . $recipient_bytes, true), 0, $keybytelen); } else { // RC4-40, RC4-128, AES-128 $this->encryptdata['key'] = substr(sha1($seed . $recipient_bytes, true), 0, $keybytelen); } } }