Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ROB: Padding issue with AES encryption #1469

Merged
merged 1 commit into from Dec 10, 2022
Merged

ROB: Padding issue with AES encryption #1469

merged 1 commit into from Dec 10, 2022

Conversation

MartinThoma
Copy link
Member

Fixes #1221

Credit goes to Alper ahmetoglu for the fix

Co-authored-by: Alper Ahmetoglu ahmetoglu.alper@gmail.com

@MartinThoma @alper111
BUG: Padding issue with AES encryption
62636e3 
Fixes #1221

Credit goes to Alper ahmetoglu for the fix

Co-authored-by: Alper Ahmetoglu <ahmetoglu.alper@gmail.com>
@codecov
Copy link

codecov bot commented Dec 4, 2022

Codecov Report

Base: 93.73% // Head: 93.69% // Decreases project coverage by -0.03% ⚠️

Coverage data is based on head (62636e3) compared to base (deb0667).
Patch coverage: 33.33% of modified lines in pull request are covered.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #1469      +/-   ##
==========================================
- Coverage   93.73%   93.69%   -0.04%     
==========================================
  Files          28       28              
  Lines        5235     5238       +3     
  Branches      997      998       +1     
==========================================
+ Hits         4907     4908       +1     
- Misses        199      200       +1     
- Partials      129      130       +1
Impacted Files Coverage Δ
PyPDF2/_encryption.py 92.18% <33.33%> (-0.48%) ⬇️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

@MartinThoma
Copy link
Member Author

@exiledkingcc Does this change make sense to you?

@pubpub-zz
Copy link
Collaborator

pubpub-zz commented Dec 5, 2022
edited

from PDF reference 1.7, §3.5.1:
Strings and streams encrypted with AES use a padding scheme that is described in Internet RFC 2898, PKCS #5: Password-Based Cryptography Specification Version 2.0; see the Bibliography. For an original message length of M, the pad consists of 16 - (M mod 16) bytes whose value is also 16 - (M mod 16). For example, a 9-byte message has a pad of 7 bytes, each with the value 0x07. The pad can be unambiguously removed to determine the original message length when decrypting. Note that the pad is present when M is evenly divisible by 16; it contains 16 bytes of 0x10.

it looks good to me. A test would be welcomed

@pubpub-zz
Copy link
Collaborator

from PDF reference 1.7, §3.5.1:
Strings and streams encrypted with AES use a padding scheme that is described in Internet RFC 2898, PKCS #5: Password-Based Cryptography Specification Version 2.0; see the Bibliography. For an original message length of M, the pad consists of 16 - (M mod 16) bytes whose value is also 16 - (M mod 16). For example, a 9-byte message has a pad of 7 bytes, each with the value 0x07. The pad can be unambiguously removed to determine the original message length when decrypting. Note that the pad is present when M is evenly divisible by 16; it contains 16 bytes of 0x10.

it looks good to me. Just surprise it has not been detected earlier : A test would be welcomed

@exiledkingcc
Copy link
Contributor

i'think the PDF file maybe corrupted.
when encrypting, the data should be padded, after encryption, the length of result is always a multiple of 16.
so, decryption needs NO padding.

@MartinThoma
Copy link
Member Author

@exiledkingcc it shouldn't need it, I thought so as well.

But would adding the padding here ever break a non-broken pdf? Maybe it's worth including it for robustness

@MartinThoma MartinThoma changed the title BUG: Padding issue with AES encryption ROB: Padding issue with AES encryption Dec 10, 2022
@MartinThoma MartinThoma added the is-robustness-issue From a users perspective, this is about robustness label Dec 10, 2022
@MartinThoma MartinThoma merged commit f804f3a into main Dec 10, 2022
@MartinThoma MartinThoma deleted the encrypt-padding-fix branch December 10, 2022 08:16
MartinThoma added a commit that referenced this pull request Dec 10, 2022
@MartinThoma
REL: 2.12.0
f64f36a 
New Features (ENH):
-  Add support to extract gray scale images (#1460)
-  Add 'threads' property to PdfWriter (#1458)
-  Add 'open_destination' property to PdfWriter (#1431)
-  Make PdfReader.get_object accept integer arguments (#1459)

Bug Fixes (BUG):
-  Scale PDF annotations (#1479)

Robustness (ROB):
-  Padding issue with AES encryption (#1469)
-  Accept empty object as null objects (#1477)

Documentation (DOC):
-  Add module documentation the PaperSize class (#1447)

Maintenance (MAINT):
-  Use 'page_number' instead of 'pagenum' (#1365)
-  Add List of pages to PageRangeSpec (#1456)

Testing (TST):
-  Cleanup temporary files (#1454)
-  Mark test_tounicode_is_identity as external (#1449)
-  Use Ubuntu 20.04 for running CI test suite (#1452)

[Full Changelog](2.11.2...2.12.0)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
is-robustness-issue From a users perspective, this is about robustness
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

PyCryptoDome padding issue, AES encryption CBC mode
3 participants
@MartinThoma @pubpub-zz @exiledkingcc