Struct StandardSecurityHandler 

pub struct StandardSecurityHandler {
    pub revision: SecurityHandlerRevision,
    pub key_length: usize,
}

Standard Security Handler

Fields

revision: SecurityHandlerRevision

Revision

key_length: usize

Key length in bytes

Implementations

impl StandardSecurityHandler

pub fn rc4_40bit() -> Self

Create handler for RC4 40-bit encryption

pub fn rc4_128bit() -> Self

Create handler for RC4 128-bit encryption

pub fn aes_128_r4() -> Self

Create handler for AES-128 encryption (Revision 4)

pub fn aes_256_r5() -> Self

Create handler for AES-256 encryption (Revision 5)

pub fn aes_256_r6() -> Self

Create handler for AES-256 encryption (Revision 6)

pub fn compute_owner_hash( &self, owner_password: &OwnerPassword, user_password: &UserPassword, ) -> Vec<u8>

Compute owner password hash (O entry)

pub fn compute_user_hash( &self, user_password: &UserPassword, owner_hash: &[u8], permissions: Permissions, file_id: Option<&[u8]>, ) -> Result<Vec<u8>>

Compute user password hash (U entry)

pub fn compute_encryption_key( &self, user_password: &UserPassword, owner_hash: &[u8], permissions: Permissions, file_id: Option<&[u8]>, ) -> Result<EncryptionKey>

Compute encryption key from user password

pub fn encrypt_string( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Vec<u8>

Encrypt a string

pub fn decrypt_string( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Vec<u8>

Decrypt a string

pub fn encrypt_stream( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Vec<u8>

Encrypt a stream

pub fn decrypt_stream( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Vec<u8>

Decrypt a stream

pub fn encrypt_aes( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Result<Vec<u8>>

Encrypt data using AES.

• R4: AES-128-CBC with MD5-based per-object key (ISO 32000-1 §7.6.2 Algorithm 1 + “sAlT”)
• R5/R6: AES-256-CBC with SHA-256 key derivation

pub fn decrypt_aes( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Result<Vec<u8>>

Decrypt data using AES.

• R4: AES-128-CBC with MD5-based per-object key
• R5/R6: AES-256-CBC with SHA-256 key derivation

pub fn compute_aes_encryption_key( &self, user_password: &UserPassword, owner_hash: &[u8], permissions: Permissions, file_id: Option<&[u8]>, ) -> Result<EncryptionKey>

Compute encryption key for AES Rev 5/6

pub fn validate_aes_user_password( &self, password: &UserPassword, user_hash: &[u8], permissions: Permissions, file_id: Option<&[u8]>, ) -> Result<bool>

Validate user password for AES Rev 5/6

pub fn compute_r5_user_hash( &self, user_password: &UserPassword, ) -> Result<Vec<u8>>

Compute R5 user password hash (U entry) - Algorithm 8

Returns 48 bytes: hash(32) + validation_salt(8) + key_salt(8)

Algorithm

1. Generate random validation_salt (8 bytes)
2. Generate random key_salt (8 bytes)
3. Compute hash: SHA-256(password + validation_salt)
4. Apply 64 iterations of SHA-256
5. Return hash[0..32] + validation_salt + key_salt

pub fn validate_r5_user_password( &self, password: &UserPassword, u_entry: &[u8], ) -> Result<bool>

Validate R5 user password - Algorithm 11

Returns Ok(true) if password is correct, Ok(false) if incorrect.

Algorithm

1. Extract validation_salt from U[32..40]
2. Compute hash: SHA-256(password + validation_salt)
3. Apply 64 iterations of SHA-256
4. Compare result with U[0..32] using constant-time comparison

Security

Uses constant-time comparison (subtle::ConstantTimeEq) to prevent timing side-channel attacks that could leak password information.

pub fn compute_r5_ue_entry( &self, user_password: &UserPassword, u_entry: &[u8], encryption_key: &EncryptionKey, ) -> Result<Vec<u8>>

Compute R5 UE entry (encrypted encryption key)

The UE entry stores the encryption key encrypted with a key derived from the user password.

Algorithm

1. Extract key_salt from U[40..48]
2. Compute intermediate key: SHA-256(password + key_salt)
3. Encrypt encryption_key with intermediate_key using AES-256-CBC (zero IV)

pub fn recover_r5_encryption_key( &self, user_password: &UserPassword, u_entry: &[u8], ue_entry: &[u8], ) -> Result<EncryptionKey>

Recover encryption key from R5 UE entry

Algorithm

1. Extract key_salt from U[40..48]
2. Compute intermediate key: SHA-256(password + key_salt)
3. Decrypt UE with intermediate_key using AES-256-CBC (zero IV)

pub fn compute_r6_user_hash( &self, user_password: &UserPassword, ) -> Result<Vec<u8>>

Compute R6 user password hash (U entry) using SHA-512

R6 uses SHA-512 (first 32 bytes) instead of SHA-256 for stronger security. Returns 48 bytes: hash(32) + validation_salt(8) + key_salt(8)

Algorithm (ISO 32000-2)

1. Generate random validation_salt (8 bytes)
2. Generate random key_salt (8 bytes)
3. Compute hash using Algorithm 2.B (ISO 32000-2:2020 §7.6.4.3.4)
4. Return hash[0..32] + validation_salt + key_salt

pub fn validate_r6_user_password( &self, password: &UserPassword, u_entry: &[u8], ) -> Result<bool>

Validate R6 user password using Algorithm 2.B (ISO 32000-2:2020 §7.6.4.3.4)

Returns Ok(true) if password is correct, Ok(false) if incorrect.

Algorithm

1. Extract validation_salt from U[32..40]
2. Compute hash using Algorithm 2.B with the validation_salt
3. Compare result with U[0..32] using constant-time comparison

Security

Uses constant-time comparison (subtle::ConstantTimeEq) to prevent timing side-channel attacks that could leak password information.

pub fn compute_r6_ue_entry( &self, user_password: &UserPassword, u_entry: &[u8], encryption_key: &EncryptionKey, ) -> Result<Vec<u8>>

Compute R6 UE entry (encrypted encryption key) using Algorithm 2.B (ISO 32000-2:2020 §7.6.4.3.4)

Algorithm

1. Extract key_salt from U[40..48]
2. Compute intermediate key using Algorithm 2.B(password, key_salt, u_entry)
3. Encrypt encryption_key using AES-256-CBC with intermediate_key and IV = 0

pub fn recover_r6_encryption_key( &self, user_password: &UserPassword, u_entry: &[u8], ue_entry: &[u8], ) -> Result<EncryptionKey>

Recover encryption key from R6 UE entry using Algorithm 2.B (ISO 32000-2:2020 §7.6.4.3.4)

Algorithm

1. Extract key_salt from U[40..48]
2. Compute intermediate key using Algorithm 2.B(password, key_salt, u_entry)
3. Decrypt UE using AES-256-CBC with intermediate_key and IV = 0

pub fn compute_r6_perms_entry( &self, permissions: Permissions, encryption_key: &EncryptionKey, encrypt_metadata: bool, ) -> Result<Vec<u8>>

Compute R6 Perms entry (encrypted permissions)

The Perms entry is a 16-byte value that encrypts permissions using AES-256-ECB. This allows verification that permissions haven’t been tampered with.

Plaintext Structure (16 bytes)

• Bytes 0-3: Permissions (P value, little-endian)
• Bytes 4-7: 0xFFFFFFFF (fixed marker)
• Bytes 8-10: “adb” (literal verification string)
• Byte 11: ‘T’ or ‘F’ (EncryptMetadata flag)
• Bytes 12-15: 0x00 (padding)

pub fn validate_r6_perms( &self, perms_entry: &[u8], encryption_key: &EncryptionKey, expected_permissions: Permissions, ) -> Result<bool>

Validate R6 Perms entry by decrypting and checking structure

Returns Ok(true) if the Perms entry is valid and matches expected permissions. Returns Ok(false) if decryption succeeds but structure/permissions don’t match. Returns Err if decryption fails.

Security

Uses constant-time comparison (subtle::ConstantTimeEq) for permissions comparison to prevent timing side-channel attacks.

pub fn extract_r6_encrypt_metadata( &self, perms_entry: &[u8], encryption_key: &EncryptionKey, ) -> Result<Option<bool>>

Extract EncryptMetadata flag from decrypted Perms entry

Returns Ok(Some(true)) if EncryptMetadata=‘T’, Ok(Some(false)) if ‘F’, Ok(None) if Perms structure is invalid.

pub fn compute_r5_owner_hash( &self, owner_password: &OwnerPassword, _user_password: &UserPassword, ) -> Result<Vec<u8>>

Compute R5 owner password hash (O entry)

Algorithm 9 (ISO 32000-1): Creates 48-byte O entry

• Bytes 0-31: SHA-256(owner_password || validation_salt)
• Bytes 32-39: validation_salt (8 random bytes)
• Bytes 40-47: key_salt (8 random bytes)

pub fn validate_r5_owner_password( &self, owner_password: &OwnerPassword, o_entry: &[u8], ) -> Result<bool>

Validate R5 owner password

Algorithm 12 (ISO 32000-1): Validates owner password against O entry

pub fn compute_r5_oe_entry( &self, owner_password: &OwnerPassword, o_entry: &[u8], encryption_key: &[u8], ) -> Result<Vec<u8>>

Compute R5 OE entry (encrypted encryption key with owner password)

OE = AES-256-CBC(encryption_key, key=intermediate_key, iv=zeros) where intermediate_key = SHA-256(owner_password || key_salt)

pub fn recover_r5_owner_encryption_key( &self, owner_password: &OwnerPassword, o_entry: &[u8], oe_entry: &[u8], ) -> Result<Vec<u8>>

Recover encryption key from R5 OE entry using owner password

pub fn compute_r6_owner_hash( &self, owner_password: &OwnerPassword, u_entry: &[u8], ) -> Result<Vec<u8>>

Compute R6 owner password hash (O entry)

R6 uses Algorithm 2.B (complex hash) for owner password too

pub fn validate_r6_owner_password( &self, owner_password: &OwnerPassword, o_entry: &[u8], u_entry: &[u8], ) -> Result<bool>

Validate R6 owner password

Uses Algorithm 2.B to validate owner password

pub fn compute_r6_oe_entry( &self, owner_password: &OwnerPassword, o_entry: &[u8], u_entry: &[u8], encryption_key: &[u8], ) -> Result<Vec<u8>>

Compute R6 OE entry (encrypted encryption key with owner password)

Uses Algorithm 2.B to derive intermediate key

pub fn recover_r6_owner_encryption_key( &self, owner_password: &OwnerPassword, o_entry: &[u8], u_entry: &[u8], oe_entry: &[u8], ) -> Result<Vec<u8>>

Recover encryption key from R6 OE entry using owner password

pub fn compute_object_key( &self, key: &EncryptionKey, obj_id: &ObjectId, ) -> Vec<u8>

Compute object-specific encryption key (Algorithm 1, ISO 32000-1 §7.6.2)

pub fn validate_user_password( &self, password: &UserPassword, user_hash: &[u8], owner_hash: &[u8], permissions: Permissions, file_id: Option<&[u8]>, ) -> Result<bool>

Validate user password (Algorithm 6, ISO 32000-1 §7.6.3.4)

Returns Ok(true) if password is correct, Ok(false) if incorrect. Returns Err only on internal errors.

pub fn validate_owner_password( &self, owner_password: &OwnerPassword, owner_hash: &[u8], _user_password: &UserPassword, _permissions: Permissions, _file_id: Option<&[u8]>, u_entry: Option<&[u8]>, ) -> Result<bool>

Validate owner password (Algorithm 7, ISO 32000-1 §7.6.3.4)

Returns Ok(true) if password is correct, Ok(false) if incorrect. Returns Err only on internal errors.

Note: For owner password validation, we first decrypt the user password from the owner hash, then validate that user password.

Parameters

• owner_password: The owner password to validate
• owner_hash: The O entry from the encryption dictionary
• _user_password: Unused for R2-R4 (recovered from owner_hash), ignored for R5/R6
• _permissions: Unused for R5/R6 (not part of validation)
• _file_id: Unused for R5/R6 (not part of validation)
• u_entry: Required for R6 (U entry needed for Algorithm 2.B), ignored for R2-R5

Trait Implementations

impl SecurityHandler for StandardSecurityHandler

Standard Security Handler implementation

fn encrypt_string( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Result<Vec<u8>>

Encrypt string

fn decrypt_string( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Result<Vec<u8>>

Decrypt string

fn encrypt_stream( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Result<Vec<u8>>

Encrypt stream

fn decrypt_stream( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, ) -> Result<Vec<u8>>

Decrypt stream

fn encrypt_string_aes( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, bits: u32, ) -> Result<Vec<u8>>

Encrypt string with AES

fn decrypt_string_aes( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, bits: u32, ) -> Result<Vec<u8>>

Decrypt string with AES

fn encrypt_stream_aes( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, bits: u32, ) -> Result<Vec<u8>>

Encrypt stream with AES

fn decrypt_stream_aes( &self, data: &[u8], key: &EncryptionKey, obj_id: &ObjectId, bits: u32, ) -> Result<Vec<u8>>

Decrypt stream with AES