From 208c3419ff777c623d1ca19022f24ea09da58747 Mon Sep 17 00:00:00 2001
From: Michael R Sweet <michael.r.sweet@gmail.com>
Date: Sat, 23 Oct 2021 20:09:02 -0400
Subject: [PATCH] Fix AES-128 writing/encryption.

---
 pdfio-crypto.c |  4 ++++
 pdfio-file.c   | 25 +++++++++++++++++++++++++
 2 files changed, 29 insertions(+)

diff --git a/pdfio-crypto.c b/pdfio-crypto.c
index 410a98f..2a55aac 100644
--- a/pdfio-crypto.c
+++ b/pdfio-crypto.c
@@ -239,6 +239,8 @@ _pdfio_crypto_cb_t			// O  - Decryption callback or `NULL` for none
         // Hash it...
         _pdfioCryptoMD5Init(&md5);
 	_pdfioCryptoMD5Append(&md5, data, sizeof(data));
+	if (pdf->encryption == PDFIO_ENCRYPTION_AES_128)
+	  _pdfioCryptoMD5Append(&md5, (const uint8_t *)"sAlT", 4);
 	_pdfioCryptoMD5Finish(&md5, digest);
 
         // Initialize the RC4/AES context using the digest...
@@ -301,6 +303,8 @@ _pdfio_crypto_cb_t			// O  - Encryption callback or `NULL` for none
         // Hash it...
         _pdfioCryptoMD5Init(&md5);
 	_pdfioCryptoMD5Append(&md5, data, sizeof(data));
+	if (pdf->encryption == PDFIO_ENCRYPTION_AES_128)
+	  _pdfioCryptoMD5Append(&md5, (const uint8_t *)"sAlT", 4);
 	_pdfioCryptoMD5Finish(&md5, digest);
 
         // Initialize the RC4/AES context using the digest...
diff --git a/pdfio-file.c b/pdfio-file.c
index 984cbaa..b2885dd 100644
--- a/pdfio-file.c
+++ b/pdfio-file.c
@@ -1085,6 +1085,8 @@ pdfioFileSetPermissions(
 		perm_bytes[4],		// Permissions bytes
 		*file_id;		// File ID bytes
   size_t	file_id_len;		// Length of file ID
+  pdfio_dict_t	*cf_dict,		// CF dictionary
+		*filter_dict;		// CryptFilter dictionary
   static uint8_t pad[32] =		// Padding for passwords
   {
     0x28, 0xbf, 0x4e, 0x5e, 0x4e, 0x75, 0x8a, 0x41,
@@ -1237,6 +1239,29 @@ pdfioFileSetPermissions(
 	pdfioDictSetNumber(dict, "R", encryption == PDFIO_ENCRYPTION_RC4_128 ? 3 : 4);
 	pdfioDictSetNumber(dict, "V", encryption == PDFIO_ENCRYPTION_RC4_128 ? 2 : 4);
 	pdfioDictSetBinary(dict, "U", pdf->user_key, sizeof(pdf->user_key));
+	
+        if (encryption == PDFIO_ENCRYPTION_AES_128)
+        {
+	  if ((cf_dict = pdfioDictCreate(pdf)) == NULL)
+	  {
+	    _pdfioFileError(pdf, "Unable to create Encryption CF dictionary.");
+	    return (false);
+	  }
+
+	  if ((filter_dict = pdfioDictCreate(pdf)) == NULL)
+	  {
+	    _pdfioFileError(pdf, "Unable to create Encryption CryptFilter dictionary.");
+	    return (false);
+	  }
+
+	  pdfioDictSetName(filter_dict, "Type", "CryptFilter");
+	  pdfioDictSetName(filter_dict, "CFM", encryption == PDFIO_ENCRYPTION_RC4_128 ? "V2" : "AESV2");
+	  pdfioDictSetDict(cf_dict, "PDFio", filter_dict);
+	  pdfioDictSetDict(dict, "CF", cf_dict);
+	  pdfioDictSetName(dict, "StmF", "PDFio");
+	  pdfioDictSetName(dict, "StrF", "PDFio");
+	  pdfioDictSetBoolean(dict, "EncryptMetadata", true);
+	}
 	break;
 
     case PDFIO_ENCRYPTION_AES_256 :