Improve PKWare support.
Always write data descriptor when encrypting with PKWare, since
reading data twice is not always possible.
diff --git a/lib/zip_close.c b/lib/zip_close.c
index f545903..8c63324 100644
--- a/lib/zip_close.c
+++ b/lib/zip_close.c
@@ -55,6 +55,7 @@
static int copy_data(zip_t *, zip_uint64_t);
static int copy_source(zip_t *, zip_source_t *, zip_int64_t);
static int write_cdir(zip_t *, const zip_filelist_t *, zip_uint64_t);
+static int write_data_descriptor(zip_t *za, const zip_dirent_t *dirent, int is_zip64);
ZIP_EXTERN int
zip_close(zip_t *za) {
@@ -233,8 +234,11 @@
else {
zip_uint64_t offset;
- /* when copying data, all sizes are known -> no data descriptor needed */
- de->bitflags &= (zip_uint16_t)~ZIP_GPBF_DATA_DESCRIPTOR;
+ if (de->encryption_method != ZIP_EM_TRAD_PKWARE) {
+ /* when copying data, all sizes are known -> no data descriptor needed */
+ /* except for PKWare encryption, where removing the data descriptor breaks password validation */
+ de->bitflags &= (zip_uint16_t)~ZIP_GPBF_DATA_DESCRIPTOR;
+ }
if (_zip_dirent_write(za, de, ZIP_FL_LOCAL) < 0) {
error = 1;
break;
@@ -252,7 +256,15 @@
error = 1;
break;
}
+
+ if (de->bitflags & ZIP_GPBF_DATA_DESCRIPTOR) {
+ if (write_data_descriptor(za, de, _zip_dirent_needs_zip64(de, 0)) < 0) {
+ error = 1;
+ break;
+ }
+ }
}
+
}
if (!error) {
@@ -453,13 +465,8 @@
zip_source_free(src_final);
return -1;
}
- if (de->encryption_method == ZIP_EM_TRAD_PKWARE && !(flags & ZIP_GPBF_DATA_DESCRIPTOR)) {
- // calculate crc from src in advance for Traditional PKWARE Encryption.
- if (zip_source_pkware_calc_crc(za, src, src_tmp->ud) < 0) {
- zip_source_free(src_tmp);
- zip_source_free(src_final);
- return -1;
- }
+ if (de->encryption_method == ZIP_EM_TRAD_PKWARE) {
+ de->bitflags |= ZIP_GPBF_DATA_DESCRIPTOR;
}
zip_source_free(src_final);
@@ -532,6 +539,12 @@
return -1;
}
+ if (de->bitflags & ZIP_GPBF_DATA_DESCRIPTOR) {
+ if (write_data_descriptor(za, de, is_zip64) < 0) {
+ return -1;
+ }
+ }
+
return 0;
}
@@ -664,3 +677,37 @@
return changed;
}
+
+static int
+write_data_descriptor(zip_t *za, const zip_dirent_t *de, int is_zip64) {
+ zip_buffer_t *buffer = _zip_buffer_new(NULL, MAX_DATA_DESCRIPTOR_LENGTH);
+ int ret = 0;
+
+ if (buffer == NULL) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+
+ _zip_buffer_put(buffer, DATADES_MAGIC, 4);
+ _zip_buffer_put_32(buffer, de->crc);
+ if (is_zip64) {
+ _zip_buffer_put_64(buffer, de->comp_size);
+ _zip_buffer_put_64(buffer, de->uncomp_size);
+ }
+ else {
+ _zip_buffer_put_32(buffer, de->comp_size);
+ _zip_buffer_put_32(buffer, de->uncomp_size);
+ }
+
+ if (!_zip_buffer_ok(buffer)) {
+ zip_error_set(&za->error, ZIP_ER_INTERNAL, 0);
+ ret = -1;
+ }
+ else {
+ ret = _zip_write(za, _zip_buffer_data(buffer), _zip_buffer_offset(buffer));
+ }
+
+ _zip_buffer_free(buffer);
+
+ return ret;
+}
diff --git a/lib/zip_crypto.h b/lib/zip_crypto.h
index de728a0..0706a02 100644
--- a/lib/zip_crypto.h
+++ b/lib/zip_crypto.h
@@ -37,7 +37,7 @@
#define ZIP_CRYPTO_SHA1_LENGTH 20
#define ZIP_CRYPTO_AES_BLOCK_LENGTH 16
-#define PKWARE_HEADERLEN 12
+#define ZIP_CRYPTO_PKWARE_HEADERLEN 12
#if defined(HAVE_WINDOWS_CRYPTO)
#include "zip_crypto_win.h"
diff --git a/lib/zip_pkware.c b/lib/zip_pkware.c
index c3793e6..afb0d30 100644
--- a/lib/zip_pkware.c
+++ b/lib/zip_pkware.c
@@ -36,6 +36,7 @@
#include <string.h>
#include "zipint.h"
+
#include "zip_crypto.h"
@@ -44,101 +45,71 @@
#define PKWARE_KEY2 878082192
-struct _zip_trad_pkware {
- zip_uint32_t key[3];
-};
-
-
-void
-update_keys(zip_trad_pkware_t *ctx, Bytef b) {
- ctx->key[0] = (zip_uint32_t) crc32(ctx->key[0] ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL;
- ctx->key[1] = (ctx->key[1] + (ctx->key[0] & 0xff)) * 134775813 + 1;
- b = (Bytef) (ctx->key[1] >> 24);
- ctx->key[2] = (zip_uint32_t) crc32(ctx->key[2] ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL;
+static void
+update_keys(zip_pkware_keys_t *keys, zip_uint8_t b) {
+ keys->key[0] = (zip_uint32_t)crc32(keys->key[0] ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL;
+ keys->key[1] = (keys->key[1] + (keys->key[0] & 0xff)) * 134775813 + 1;
+ b = (zip_uint8_t)(keys->key[1] >> 24);
+ keys->key[2] = (zip_uint32_t)crc32(keys->key[2] ^ 0xffffffffUL, &b, 1) ^ 0xffffffffUL;
}
-Bytef
-decrypt_byte(zip_trad_pkware_t *ctx) {
+static zip_uint8_t
+crypt_byte(zip_pkware_keys_t *keys) {
zip_uint16_t tmp;
- tmp = (zip_uint16_t) (ctx->key[2] | 2);
- tmp = (zip_uint16_t) (((zip_uint32_t) tmp * (tmp ^ 1)) >> 8);
- return (Bytef)tmp;
-}
-
-
-zip_trad_pkware_t *
-_zip_pkware_new(zip_error_t *error) {
- zip_trad_pkware_t *ctx;
-
- if ((ctx = (zip_trad_pkware_t *) malloc(sizeof(*ctx))) == NULL) {
- zip_error_set(error, ZIP_ER_MEMORY, 0);
- return NULL;
- }
- ctx->key[0] = PKWARE_KEY0;
- ctx->key[1] = PKWARE_KEY1;
- ctx->key[2] = PKWARE_KEY2;
-
- return ctx;
+ tmp = (zip_uint16_t)(keys->key[2] | 2);
+ tmp = (zip_uint16_t)(((zip_uint32_t)tmp * (tmp ^ 1)) >> 8);
+ return (zip_uint8_t)tmp;
}
void
-_zip_pkware_encrypt(zip_trad_pkware_t *ctx, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len, int update_only) {
+_zip_pkware_keys_reset(zip_pkware_keys_t *keys) {
+ keys->key[0] = PKWARE_KEY0;
+ keys->key[1] = PKWARE_KEY1;
+ keys->key[2] = PKWARE_KEY2;
+}
+
+
+void
+_zip_pkware_encrypt(zip_pkware_keys_t *keys, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len) {
zip_uint64_t i;
- Bytef b;
- Bytef tmp;
+ zip_uint8_t b;
+ zip_uint8_t tmp;
for (i = 0; i < len; i++) {
- b = in[i];
+ b = in[i];
- if (update_only) {
- update_keys(ctx, b);
- } else {
- /* encrypt next byte */
- tmp = decrypt_byte(ctx);
- update_keys(ctx, b);
- b ^= tmp;
- }
-
- /* store cleartext */
- if (out) {
- out[i] = b;
- }
+ if (out != NULL) {
+ tmp = crypt_byte(keys);
+ update_keys(keys, b);
+ b ^= tmp;
+ out[i] = b;
+ }
+ else {
+ /* during initialization, we're only interested in key updates */
+ update_keys(keys, b);
+ }
}
}
void
-_zip_pkware_decrypt(zip_trad_pkware_t *ctx, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len, int update_only) {
+_zip_pkware_decrypt(zip_pkware_keys_t *keys, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len) {
zip_uint64_t i;
- Bytef b;
- Bytef tmp;
+ zip_uint8_t b;
+ zip_uint8_t tmp;
for (i = 0; i < len; i++) {
- b = in[i];
+ b = in[i];
- if (!update_only) {
- /* decrypt next byte */
- tmp = decrypt_byte(ctx);
- b ^= tmp;
- }
+ /* during initialization, we're only interested in key updates */
+ if (out != NULL) {
+ tmp = crypt_byte(keys);
+ b ^= tmp;
+ out[i] = b;
+ }
- /* store cleartext */
- if (out) {
- out[i] = b;
- }
-
- update_keys(ctx, b);
+ update_keys(keys, b);
}
}
-
-
-void
-_zip_pkware_free(zip_trad_pkware_t *ctx) {
- if (ctx == NULL) {
- return;
- }
-
- free(ctx);
-}
diff --git a/lib/zip_source_pkware_decode.c b/lib/zip_source_pkware_decode.c
index d72517d..9389f55 100644
--- a/lib/zip_source_pkware_decode.c
+++ b/lib/zip_source_pkware_decode.c
@@ -36,18 +36,20 @@
#include <string.h>
#include "zipint.h"
+
#include "zip_crypto.h"
struct trad_pkware {
- zip_trad_pkware_t *pkware_ctx;
+ char *password;
+ zip_pkware_keys_t keys;
zip_error_t error;
};
static int decrypt_header(zip_source_t *, struct trad_pkware *);
static zip_int64_t pkware_decrypt(zip_source_t *, void *, void *, zip_uint64_t, zip_source_cmd_t);
-static struct trad_pkware *trad_pkware_new(zip_error_t *error);
+static struct trad_pkware *trad_pkware_new(const char *password, zip_error_t *error);
static void trad_pkware_free(struct trad_pkware *);
@@ -57,23 +59,21 @@
zip_source_t *s2;
if (password == NULL || src == NULL || em != ZIP_EM_TRAD_PKWARE) {
- zip_error_set(&za->error, ZIP_ER_INVAL, 0);
- return NULL;
+ zip_error_set(&za->error, ZIP_ER_INVAL, 0);
+ return NULL;
}
if (flags & ZIP_CODEC_ENCODE) {
- zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
- return NULL;
+ zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
+ return NULL;
}
- if ((ctx = trad_pkware_new(&za->error)) == NULL) {
- return NULL;
+ if ((ctx = trad_pkware_new(password, &za->error)) == NULL) {
+ return NULL;
}
- _zip_pkware_decrypt(ctx->pkware_ctx, NULL, (const zip_uint8_t *) password, strlen(password), 1);
-
if ((s2 = zip_source_layered(za, src, pkware_decrypt, ctx)) == NULL) {
- trad_pkware_free(ctx);
- return NULL;
+ trad_pkware_free(ctx);
+ return NULL;
}
return s2;
@@ -82,33 +82,51 @@
static int
decrypt_header(zip_source_t *src, struct trad_pkware *ctx) {
- zip_uint8_t header[PKWARE_HEADERLEN];
+ zip_uint8_t header[ZIP_CRYPTO_PKWARE_HEADERLEN];
struct zip_stat st;
zip_int64_t n;
- unsigned short dostime, dosdate;
- if ((n = zip_source_read(src, header, PKWARE_HEADERLEN)) < 0) {
- _zip_error_set_from_source(&ctx->error, src);
- return -1;
+ if ((n = zip_source_read(src, header, ZIP_CRYPTO_PKWARE_HEADERLEN)) < 0) {
+ _zip_error_set_from_source(&ctx->error, src);
+ return -1;
}
- if (n != PKWARE_HEADERLEN) {
- zip_error_set(&ctx->error, ZIP_ER_EOF, 0);
- return -1;
+ if (n != ZIP_CRYPTO_PKWARE_HEADERLEN) {
+ zip_error_set(&ctx->error, ZIP_ER_EOF, 0);
+ return -1;
}
- _zip_pkware_decrypt(ctx->pkware_ctx, header, header, PKWARE_HEADERLEN, 0);
+ _zip_pkware_decrypt(&ctx->keys, header, header, ZIP_CRYPTO_PKWARE_HEADERLEN);
- if (zip_source_stat(src, &st) < 0) {
- /* stat failed, skip password validation */
- return 0;
+ if (zip_source_stat(src, &st)) {
+ /* stat failed, skip password validation */
+ return 0;
}
- _zip_u2d_time(st.mtime, &dostime, &dosdate);
+ /* password verification - two ways:
+ * mtime - InfoZIP way, to avoid computing complete CRC before encrypting data
+ * CRC - old PKWare way
+ */
- if (header[PKWARE_HEADERLEN - 1] != st.crc >> 24 && header[PKWARE_HEADERLEN - 1] != dostime >> 8) {
- zip_error_set(&ctx->error, ZIP_ER_WRONGPASSWD, 0);
- return -1;
+ bool ok = false;
+
+ if (st.valid & ZIP_STAT_MTIME) {
+ unsigned short dostime, dosdate;
+ _zip_u2d_time(st.mtime, &dostime, &dosdate);
+ if (header[ZIP_CRYPTO_PKWARE_HEADERLEN - 1] == dostime >> 8) {
+ ok = true;
+ }
+ }
+
+ if (st.valid & ZIP_STAT_CRC) {
+ if (header[ZIP_CRYPTO_PKWARE_HEADERLEN - 1] == st.crc >> 24) {
+ ok = true;
+ }
+ }
+
+ if (!ok && (st.valid & (ZIP_STAT_MTIME | ZIP_STAT_CRC) != 0)) {
+ zip_error_set(&ctx->error, ZIP_ER_WRONGPASSWD, 0);
+ return -1;
}
return 0;
@@ -120,82 +138,87 @@
struct trad_pkware *ctx;
zip_int64_t n;
- ctx = (struct trad_pkware *) ud;
+ ctx = (struct trad_pkware *)ud;
switch (cmd) {
case ZIP_SOURCE_OPEN:
- if (decrypt_header(src, ctx) < 0) {
- return -1;
- }
- return 0;
+ _zip_pkware_keys_reset(&ctx->keys);
+ _zip_pkware_decrypt(&ctx->keys, NULL, (const zip_uint8_t *)ctx->password, strlen(ctx->password));
+ if (decrypt_header(src, ctx) < 0) {
+ return -1;
+ }
+ return 0;
case ZIP_SOURCE_READ:
- if ((n = zip_source_read(src, data, len)) < 0) {
- _zip_error_set_from_source(&ctx->error, src);
- return -1;
- }
+ if ((n = zip_source_read(src, data, len)) < 0) {
+ _zip_error_set_from_source(&ctx->error, src);
+ return -1;
+ }
- _zip_pkware_decrypt(ctx->pkware_ctx, (zip_uint8_t *) data, (zip_uint8_t *) data, (zip_uint64_t) n, 0);
- return n;
+ _zip_pkware_decrypt(&ctx->keys, (zip_uint8_t *)data, (zip_uint8_t *)data, (zip_uint64_t)n);
+ return n;
case ZIP_SOURCE_CLOSE:
- return 0;
+ return 0;
case ZIP_SOURCE_STAT: {
- zip_stat_t *st;
+ zip_stat_t *st;
- st = (zip_stat_t *) data;
+ st = (zip_stat_t *)data;
- st->encryption_method = ZIP_EM_NONE;
- st->valid |= ZIP_STAT_ENCRYPTION_METHOD;
- /* TODO: deduce HEADERLEN from size for uncompressed */
- if (st->valid & ZIP_STAT_COMP_SIZE) {
- st->comp_size -= PKWARE_HEADERLEN;
- }
+ st->encryption_method = ZIP_EM_NONE;
+ st->valid |= ZIP_STAT_ENCRYPTION_METHOD;
+ if (st->valid & ZIP_STAT_COMP_SIZE) {
+ st->comp_size -= ZIP_CRYPTO_PKWARE_HEADERLEN;
+ }
- return 0;
+ return 0;
}
case ZIP_SOURCE_SUPPORTS:
- return zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_STAT,
- ZIP_SOURCE_ERROR, ZIP_SOURCE_FREE, -1);
+ return zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_STAT, ZIP_SOURCE_ERROR, ZIP_SOURCE_FREE, -1);
case ZIP_SOURCE_ERROR:
- return zip_error_to_data(&ctx->error, data, len);
+ return zip_error_to_data(&ctx->error, data, len);
case ZIP_SOURCE_FREE:
- trad_pkware_free(ctx);
- return 0;
+ trad_pkware_free(ctx);
+ return 0;
default:
- zip_error_set(&ctx->error, ZIP_ER_INVAL, 0);
- return -1;
+ zip_error_set(&ctx->error, ZIP_ER_INVAL, 0);
+ return -1;
}
}
-static struct trad_pkware *trad_pkware_new(zip_error_t *error) {
+static struct trad_pkware *
+trad_pkware_new(const char *password, zip_error_t *error) {
struct trad_pkware *ctx;
- if ((ctx = (struct trad_pkware *) malloc(sizeof(*ctx))) == NULL) {
- zip_error_set(error, ZIP_ER_MEMORY, 0);
- return NULL;
+
+ if ((ctx = (struct trad_pkware *)malloc(sizeof(*ctx))) == NULL) {
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ return NULL;
}
- if ((ctx->pkware_ctx = _zip_pkware_new(error)) == NULL) {
- return NULL;
+ if ((ctx->password = strdup(password)) == NULL) {
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(ctx);
+ return NULL;
}
+
zip_error_init(&ctx->error);
return ctx;
}
-static void trad_pkware_free(struct trad_pkware *ctx) {
+static void
+trad_pkware_free(struct trad_pkware *ctx) {
if (ctx == NULL) {
- return;
+ return;
}
- _zip_pkware_free(ctx->pkware_ctx);
- ctx->pkware_ctx = NULL;
+ free(ctx->password);
free(ctx);
}
diff --git a/lib/zip_source_pkware_encode.c b/lib/zip_source_pkware_encode.c
index bc3c380..5888806 100644
--- a/lib/zip_source_pkware_encode.c
+++ b/lib/zip_source_pkware_encode.c
@@ -36,24 +36,22 @@
#include <string.h>
#include "zipint.h"
+
#include "zip_crypto.h"
-
struct trad_pkware {
- zip_trad_pkware_t *pkware_ctx;
- zip_int32_t flags;
- zip_uint8_t header[PKWARE_HEADERLEN];
+ char *password;
+ zip_pkware_keys_t keys;
zip_buffer_t *buffer;
bool eof;
- zip_uint32_t crc;
zip_error_t error;
};
static int encrypt_header(zip_source_t *, struct trad_pkware *);
static zip_int64_t pkware_encrypt(zip_source_t *, void *, void *, zip_uint64_t, zip_source_cmd_t);
-static struct trad_pkware *trad_pkware_new(zip_error_t *error);
static void trad_pkware_free(struct trad_pkware *);
+static struct trad_pkware *trad_pkware_new(const char *password, zip_error_t *error);
zip_source_t *
@@ -62,111 +60,59 @@
zip_source_t *s2;
if (password == NULL || src == NULL || em != ZIP_EM_TRAD_PKWARE) {
- zip_error_set(&za->error, ZIP_ER_INVAL, 0);
- return NULL;
+ zip_error_set(&za->error, ZIP_ER_INVAL, 0);
+ return NULL;
}
if (flags & ZIP_CODEC_DECODE) {
- zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
- return NULL;
+ zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
+ return NULL;
}
- if ((ctx = trad_pkware_new(&za->error)) == NULL) {
- return NULL;
+ if ((ctx = trad_pkware_new(password, &za->error)) == NULL) {
+ return NULL;
}
- ctx->flags = flags;
-
- // initialize keys
- _zip_pkware_encrypt(ctx->pkware_ctx, NULL, (const zip_uint8_t *) password, strlen(password), 1);
if ((s2 = zip_source_layered(za, src, pkware_encrypt, ctx)) == NULL) {
- trad_pkware_free(ctx);
- return NULL;
+ trad_pkware_free(ctx);
+ return NULL;
}
return s2;
}
-int
-zip_source_pkware_calc_crc(zip_t *za, zip_source_t *src, void *ud) {
- zip_uint8_t buf[BUFSIZE];
- zip_int64_t n;
- zip_source_t *crc_src;
- zip_stat_t st;
- struct trad_pkware *ctx;
-
- ctx = (struct trad_pkware *) ud;
-
- // create crc source
- if ((crc_src = zip_source_crc(za, src, 0)) == NULL) {
- zip_source_free(src);
- return -1;
- }
-
- if (zip_source_open(crc_src) < 0) {
- _zip_error_set_from_source(&za->error, crc_src);
- return -1;
- }
-
- while ((n = zip_source_read(crc_src, buf, sizeof(buf))) > 0) {
- // just read and calculate crc32.
- }
- if (n < 0) {
- _zip_error_set_from_source(&za->error, crc_src);
- zip_source_close(crc_src);
- zip_source_free(crc_src);
- return -1;
- }
-
- // fetch crc calc result
- if (zip_source_stat(crc_src, &st) != 0) {
- _zip_error_set_from_source(&za->error, crc_src);
- zip_source_close(crc_src);
- zip_source_free(crc_src);
- return -1;
- }
-
- zip_source_close(crc_src);
- zip_source_free(crc_src);
-
- ctx->crc = st.crc;
- return 0;
-}
-
-
static int
encrypt_header(zip_source_t *src, struct trad_pkware *ctx) {
struct zip_stat st;
unsigned short dostime, dosdate;
-
- // generate random bytes
- if (!zip_secure_random(ctx->header, PKWARE_HEADERLEN)) {
- zip_error_set(&ctx->error, ZIP_ER_INTERNAL, 0);
- return -1;
- }
+ zip_uint8_t *header;
if (zip_source_stat(src, &st) != 0) {
- _zip_error_set_from_source(&ctx->error, src);
- return -1;
+ _zip_error_set_from_source(&ctx->error, src);
+ return -1;
}
- if (ctx->flags & ZIP_GPBF_DATA_DESCRIPTOR) {
- // If bit 3 is set, use modification time for check bytes.
- _zip_u2d_time(st.mtime, &dostime, &dosdate);
- ctx->header[PKWARE_HEADERLEN - 2] = (zip_uint8_t) (dostime & 0xff);
- ctx->header[PKWARE_HEADERLEN - 1] = (zip_uint8_t) ((dostime >> 8) & 0xff);
- } else {
- // if bit 3 is unset, use crc for check bytes.
- ctx->header[PKWARE_HEADERLEN - 2] = (zip_uint8_t) ((ctx->crc >> 16) & 0xff);
- ctx->header[PKWARE_HEADERLEN - 1] = (zip_uint8_t) ((ctx->crc >> 24) & 0xff);
+ _zip_u2d_time(st.mtime, &dostime, &dosdate);
+
+ if ((ctx->buffer = _zip_buffer_new(NULL, ZIP_CRYPTO_PKWARE_HEADERLEN)) == NULL) {
+ zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
+ return -1;
}
- _zip_pkware_encrypt(ctx->pkware_ctx, ctx->header, ctx->header, PKWARE_HEADERLEN, 0);
- if ((ctx->buffer = _zip_buffer_new(ctx->header, PKWARE_HEADERLEN)) == NULL) {
- trad_pkware_free(ctx);
- zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
- return -1;
+ header = _zip_buffer_data(ctx->buffer);
+
+ /* generate header from random bytes and mtime
+ see appnote.iz, XIII. Decryption, Step 2, last paragraph */
+ if (!zip_secure_random(header, ZIP_CRYPTO_PKWARE_HEADERLEN - 1)) {
+ zip_error_set(&ctx->error, ZIP_ER_INTERNAL, 0);
+ _zip_buffer_free(ctx->buffer);
+ ctx->buffer = NULL;
+ return -1;
}
+ header[ZIP_CRYPTO_PKWARE_HEADERLEN - 1] = (zip_uint8_t)((dostime >> 8) & 0xff);
+
+ _zip_pkware_encrypt(&ctx->keys, header, header, ZIP_CRYPTO_PKWARE_HEADERLEN);
+
return 0;
}
@@ -177,96 +123,103 @@
zip_int64_t n;
zip_uint64_t buffer_n;
- ctx = (struct trad_pkware *) ud;
+ ctx = (struct trad_pkware *)ud;
switch (cmd) {
case ZIP_SOURCE_OPEN:
- ctx->eof = false;
- // create header values
- if (encrypt_header(src, ctx) < 0) {
- return -1;
- }
- return 0;
+ ctx->eof = false;
+
+ /* initialize keys */
+ _zip_pkware_keys_reset(&ctx->keys);
+ _zip_pkware_encrypt(&ctx->keys, NULL, (const zip_uint8_t *)ctx->password, strlen(ctx->password));
+
+ if (encrypt_header(src, ctx) < 0) {
+ return -1;
+ }
+ return 0;
case ZIP_SOURCE_READ:
- buffer_n = 0;
+ buffer_n = 0;
- if (ctx->buffer) {
- // write header values to data
- buffer_n = _zip_buffer_read(ctx->buffer, data, length);
- data = (zip_uint8_t *) data + buffer_n;
- length -= buffer_n;
+ if (ctx->buffer) {
+ /* write header values to data */
+ buffer_n = _zip_buffer_read(ctx->buffer, data, length);
+ data = (zip_uint8_t *)data + buffer_n;
+ length -= buffer_n;
- if (_zip_buffer_eof(ctx->buffer)) {
- _zip_buffer_free(ctx->buffer);
- ctx->buffer = NULL;
- }
- }
+ if (_zip_buffer_eof(ctx->buffer)) {
+ _zip_buffer_free(ctx->buffer);
+ ctx->buffer = NULL;
+ }
+ }
- if (ctx->eof) {
- return (zip_int64_t) buffer_n;
- }
+ if (ctx->eof) {
+ return (zip_int64_t)buffer_n;
+ }
- if ((n = zip_source_read(src, data, length)) < 0) {
- _zip_error_set_from_source(&ctx->error, src);
- return -1;
- }
+ if ((n = zip_source_read(src, data, length)) < 0) {
+ _zip_error_set_from_source(&ctx->error, src);
+ return -1;
+ }
- _zip_pkware_encrypt(ctx->pkware_ctx, (zip_uint8_t *) data, (zip_uint8_t *) data, (zip_uint64_t) n, 0);
+ _zip_pkware_encrypt(&ctx->keys, (zip_uint8_t *)data, (zip_uint8_t *)data, (zip_uint64_t)n);
- if ((zip_uint64_t) n < length) {
- ctx->eof = true;
- _zip_pkware_free(ctx->pkware_ctx);
- ctx->pkware_ctx = NULL;
- }
+ if ((zip_uint64_t)n < length) {
+ ctx->eof = true;
+ }
- return buffer_n + n;
+ return buffer_n + n;
case ZIP_SOURCE_CLOSE:
- return 0;
+ _zip_buffer_free(ctx->buffer);
+ ctx->buffer = NULL;
+ return 0;
case ZIP_SOURCE_STAT: {
- zip_stat_t *st;
+ zip_stat_t *st;
- st = (zip_stat_t *) data;
- st->encryption_method = ZIP_EM_TRAD_PKWARE;
- st->valid |= ZIP_STAT_ENCRYPTION_METHOD;
- if (st->valid & ZIP_STAT_COMP_SIZE) {
- st->comp_size += PKWARE_HEADERLEN;
- }
+ st = (zip_stat_t *)data;
+ st->encryption_method = ZIP_EM_TRAD_PKWARE;
+ st->valid |= ZIP_STAT_ENCRYPTION_METHOD;
+ if (st->valid & ZIP_STAT_COMP_SIZE) {
+ st->comp_size += ZIP_CRYPTO_PKWARE_HEADERLEN;
+ }
- return 0;
+ return 0;
}
case ZIP_SOURCE_SUPPORTS:
- return zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_STAT,
- ZIP_SOURCE_ERROR, ZIP_SOURCE_FREE, -1);
+ return zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_STAT, ZIP_SOURCE_ERROR, ZIP_SOURCE_FREE, -1);
case ZIP_SOURCE_ERROR:
- return zip_error_to_data(&ctx->error, data, length);
+ return zip_error_to_data(&ctx->error, data, length);
case ZIP_SOURCE_FREE:
- trad_pkware_free(ctx);
- return 0;
+ trad_pkware_free(ctx);
+ return 0;
default:
- zip_error_set(&ctx->error, ZIP_ER_INVAL, 0);
- return -1;
+ zip_error_set(&ctx->error, ZIP_ER_INVAL, 0);
+ return -1;
}
}
static struct trad_pkware *
-trad_pkware_new(zip_error_t *error) {
+trad_pkware_new(const char *password, zip_error_t *error) {
struct trad_pkware *ctx;
- if ((ctx = (struct trad_pkware *) malloc(sizeof(*ctx))) == NULL) {
- zip_error_set(error, ZIP_ER_MEMORY, 0);
- return NULL;
+
+ if ((ctx = (struct trad_pkware *)malloc(sizeof(*ctx))) == NULL) {
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ return NULL;
}
- if ((ctx->pkware_ctx = _zip_pkware_new(error)) == NULL) {
- return NULL;
+ if ((ctx->password = strdup(password)) == NULL) {
+ zip_error_set(error, ZIP_ER_MEMORY, 0);
+ free(ctx);
+ return NULL;
}
+ ctx->buffer = NULL;
zip_error_init(&ctx->error);
return ctx;
@@ -276,10 +229,11 @@
static void
trad_pkware_free(struct trad_pkware *ctx) {
if (ctx == NULL) {
- return;
+ return;
}
- _zip_pkware_free(ctx->pkware_ctx);
- ctx->pkware_ctx = NULL;
+ free(ctx->password);
+ _zip_buffer_free(ctx->buffer);
+ zip_error_fini(&ctx->error);
free(ctx);
}
diff --git a/lib/zipint.h b/lib/zipint.h
index a96f671..b6da46f 100644
--- a/lib/zipint.h
+++ b/lib/zipint.h
@@ -69,6 +69,7 @@
#define BUFSIZE 8192
#define EFZIP64SIZE 28
#define EF_WINZIP_AES_SIZE 7
+#define MAX_DATA_DESCRIPTOR_LENGTH 24
#define ZIP_CM_REPLACED_DEFAULT (-2)
#define ZIP_CM_WINZIP_AES 99 /* Winzip AES encrypted */
@@ -172,7 +173,6 @@
zip_source_t *zip_source_layered_create(zip_source_t *src, zip_source_layered_callback cb, void *ud, zip_error_t *error);
zip_source_t *zip_source_pkware_decode(zip_t *, zip_source_t *, zip_uint16_t, int, const char *);
zip_source_t *zip_source_pkware_encode(zip_t *, zip_source_t *, zip_uint16_t, int, const char *);
-int zip_source_pkware_calc_crc(zip_t *za, zip_source_t *src, void *ud);
int zip_source_remove(zip_source_t *);
zip_int64_t zip_source_supports(zip_source_t *src);
zip_source_t *zip_source_window(zip_t *, zip_source_t *, zip_uint64_t, zip_uint64_t);
@@ -416,8 +416,10 @@
struct _zip_winzip_aes;
typedef struct _zip_winzip_aes zip_winzip_aes_t;
-struct _zip_trad_pkware;
-typedef struct _zip_trad_pkware zip_trad_pkware_t;
+struct _zip_pkware_keys {
+ zip_uint32_t key[3];
+};
+typedef struct _zip_pkware_keys zip_pkware_keys_t;
extern const char *const _zip_err_str[];
extern const int _zip_nerr_str;
@@ -581,12 +583,11 @@
void _zip_winzip_aes_free(zip_winzip_aes_t *ctx);
zip_winzip_aes_t *_zip_winzip_aes_new(const zip_uint8_t *password, zip_uint64_t password_length, const zip_uint8_t *salt, zip_uint16_t key_size, zip_uint8_t *password_verify, zip_error_t *error);
-void update_keys(zip_trad_pkware_t *ctx, Bytef b);
-Bytef decrypt_byte(zip_trad_pkware_t *ctx);
-void _zip_pkware_encrypt(zip_trad_pkware_t *ctx, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len, int update_only);
-void _zip_pkware_decrypt(zip_trad_pkware_t *ctx, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len, int update_only);
-zip_trad_pkware_t *_zip_pkware_new(zip_error_t *error);
-void _zip_pkware_free(zip_trad_pkware_t *ctx);
+void _zip_pkware_encrypt(zip_pkware_keys_t *keys, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len);
+void _zip_pkware_decrypt(zip_pkware_keys_t *keys, zip_uint8_t *out, const zip_uint8_t *in, zip_uint64_t len);
+zip_pkware_keys_t *_zip_pkware_keys_new(zip_error_t *error);
+void _zip_pkware_keys_free(zip_pkware_keys_t *keys);
+void _zip_pkware_keys_reset(zip_pkware_keys_t *keys);
int _zip_changed(const zip_t *, zip_uint64_t *);
const char *_zip_get_name(zip_t *, zip_uint64_t, zip_flags_t, zip_error_t *);
diff --git a/regress/encrypt-pkware-noentropy.zip b/regress/encrypt-pkware-noentropy.zip
index 1b11a08..ee0833d 100644
--- a/regress/encrypt-pkware-noentropy.zip
+++ b/regress/encrypt-pkware-noentropy.zip
Binary files differ
diff --git a/regress/encrypt_plus_extra.zip b/regress/encrypt_plus_extra.zip
index 4a26309..6936865 100644
--- a/regress/encrypt_plus_extra.zip
+++ b/regress/encrypt_plus_extra.zip
Binary files differ
