Add read-only support for AES encryption (Winzip version).
Use Dr Brian Gladman's AES implemention, modified to avoid
namespace pollution.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index f077a2b..d012ae0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -15,6 +15,7 @@
INCLUDE(CheckCSourceRuns)
INCLUDE(CheckCSourceCompiles)
INCLUDE(CheckStructHasMember)
+INCLUDE(TestBigEndian)
SET(PACKAGE "libzip")
SET(PACKAGE_NAME ${PACKAGE})
@@ -37,6 +38,8 @@
CHECK_FUNCTION_EXISTS(_snprintf HAVE__SNPRINTF)
CHECK_FUNCTION_EXISTS(_strdup HAVE__STRDUP)
CHECK_FUNCTION_EXISTS(_stricmp HAVE__STRICMP)
+CHECK_FUNCTION_EXISTS(explict_bzero HAVE_EXPLICIT_BZERO)
+CHECK_FUNCTION_EXISTS(explicit_memset HAVE_EXPLICIT_MEMSET)
CHECK_FUNCTION_EXISTS(fileno HAVE_FILENO)
CHECK_FUNCTION_EXISTS(fseeko HAVE_FSEEKO)
CHECK_FUNCTION_EXISTS(ftello HAVE_FTELLO)
@@ -82,6 +85,8 @@
CHECK_TYPE_SIZE("size_t" SIZE_T_LIBZIP)
CHECK_TYPE_SIZE("ssize_t" SSIZE_T_LIBZIP)
+TEST_BIG_ENDIAN(WORDS_BIGENDIAN)
+
FIND_PACKAGE(ZLIB REQUIRED)
INCLUDE_DIRECTORIES(${ZLIB_INCLUDE_DIR})
set(CMAKE_REQUIRED_INCLUDES ${ZLIB_INCLUDE_DIR})
diff --git a/LICENSE b/LICENSE
index 8e3a62c..1c2e86b 100644
--- a/LICENSE
+++ b/LICENSE
@@ -29,3 +29,38 @@
IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+
+
+For AES encryption support, files under the following license are used:
+
+---------------------------------------------------------------------------
+Copyright (c) 2002, Dr Brian Gladman < >, Worcester, UK.
+All rights reserved.
+
+LICENSE TERMS
+
+The free distribution and use of this software in both source and binary
+form is allowed (with or without changes) provided that:
+
+ 1. distributions of this source code include the above copyright
+ notice, this list of conditions and the following disclaimer;
+
+ 2. distributions in binary form include the above copyright
+ notice, this list of conditions and the following disclaimer
+ in the documentation and/or other associated materials;
+
+ 3. the copyright holder's name is not used to endorse products
+ built using this software without specific written permission.
+
+ALTERNATIVELY, provided that this notice is retained in full, this product
+may be distributed under the terms of the GNU General Public License (GPL),
+in which case the provisions of the GPL apply INSTEAD OF those given above.
+
+DISCLAIMER
+
+This software is provided 'as is' with no explicit or implied warranties
+in respect of its properties, including, but not limited to, correctness
+and/or fitness for purpose.
+---------------------------------------------------------------------------
+Issue Date: 18th November 2008
diff --git a/TODO.md b/TODO.md
index b21916e..132ef6a 100644
--- a/TODO.md
+++ b/TODO.md
@@ -36,7 +36,14 @@
# Features
-* implement compression flags for zip_set_file_compression()
+* Winzip AES support
+ * encryption
+ * don't write CRC if file too small
+ * write EF 0x9901
+ * test cases: correct pw, wrong pw, 128/192/256, <=20, >20
+ * document existence
+* consistently use `_zip_crypto_clear()` for passwords
+* implement compression flags for `zip_set_file_compression()`
* support setting extra fields from zip_source
* introduce layers of extra fields:
* original
diff --git a/cmake-config.h.in b/cmake-config.h.in
index a01be5d..f0506a6 100644
--- a/cmake-config.h.in
+++ b/cmake-config.h.in
@@ -49,6 +49,7 @@
#cmakedefine HAVE_NDIR_H
#cmakedefine HAVE_SYS_DIR_H
#cmakedefine HAVE_SYS_NDIR_H
+#cmakedefine WORDS_BIGENDIAN
/* END DEFINES */
#define PACKAGE "@PACKAGE@"
#define VERSION "@VERSION@"
diff --git a/configure.ac b/configure.ac
index 9ccd41b..2c762c2 100644
--- a/configure.ac
+++ b/configure.ac
@@ -19,6 +19,7 @@
AC_PROG_CC
AC_SYS_LARGEFILE
AM_PROG_CC_C_O
+AC_C_BIGENDIAN
AC_ARG_WITH(zlib,
[ --with-zlib=PREFIX specify prefix for ZLIB library],,
@@ -52,7 +53,7 @@
LT_INIT
-AC_CHECK_FUNCS([_close _dup _fdopen _fileno _open _setmode _snprintf _strdup _stricmp fileno fseeko ftello getopt getprogname open setmode snprintf strcasecmp strdup stricmp])
+AC_CHECK_FUNCS([_close _dup _fdopen _fileno _open _setmode _snprintf _strdup _stricmp explicit_bzero explicit_memset fileno fseeko ftello getopt getprogname open setmode snprintf strcasecmp strdup stricmp])
AC_CHECK_FUNCS([mkstemp], [], [AC_LIBOBJ(mkstemp)])
AC_CACHE_CHECK([if libc defines __progname], ac_cv_libc_defines___progname,
diff --git a/lib/Makefile.am b/lib/Makefile.am
index 38ffad9..d4b97bb 100644
--- a/lib/Makefile.am
+++ b/lib/Makefile.am
@@ -8,6 +8,7 @@
# also update CMakeLists.txt when changing version
libzip_la_LDFLAGS=-no-undefined -version-info 4:0:0
+libzip_la_CPPFLAGS=-I$(srcdir)/gladman-fcrypt
libzip_la_LIBADD=@LTLIBOBJS@
if WIN32_HOST
@@ -23,6 +24,7 @@
libzip_la_SOURCES=\
${IO_SOURCES} \
+ gladman-fcrypt.c \
zip_add.c \
zip_add_dir.c \
zip_add_entry.c \
@@ -111,6 +113,7 @@
zip_source_tell.c \
zip_source_tell_write.c \
zip_source_window.c \
+ zip_source_winzip_aes.c \
zip_source_write.c \
zip_source_zip.c \
zip_source_zip_new.c \
diff --git a/lib/gladman-fcrypt.c b/lib/gladman-fcrypt.c
new file mode 100644
index 0000000..98790d2
--- /dev/null
+++ b/lib/gladman-fcrypt.c
@@ -0,0 +1,43 @@
+/*
+ gladman-fcrypt.c -- wrapper functions for Dr Gladman's AES functions
+ Copyright (C) 2016 Dieter Baron and Thomas Klausner
+
+ This file is part of libzip, a library to manipulate ZIP archives.
+ The authors can be contacted at <libzip@nih.at>
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ 3. The names of the authors may not be used to endorse or promote
+ products derived from this software without specific prior
+ written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
+ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#include "gladman-fcrypt.h"
+
+#include "gladman-fcrypt/aescrypt.c"
+#include "gladman-fcrypt/aeskey.c"
+#include "gladman-fcrypt/aestab.c"
+#include "gladman-fcrypt/fileenc.c"
+#include "gladman-fcrypt/hmac.c"
+#include "gladman-fcrypt/prng.c"
+#include "gladman-fcrypt/pwd2key.c"
+#include "gladman-fcrypt/sha1.c"
diff --git a/lib/gladman-fcrypt.h b/lib/gladman-fcrypt.h
new file mode 100644
index 0000000..d4aa424
--- /dev/null
+++ b/lib/gladman-fcrypt.h
@@ -0,0 +1,43 @@
+/*
+ gladman-fcrypt.h -- wrapper functions for Dr Gladman's AES functions
+ Copyright (C) 2016 Dieter Baron and Thomas Klausner
+
+ This file is part of libzip, a library to manipulate ZIP archives.
+ The authors can be contacted at <libzip@nih.at>
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ 3. The names of the authors may not be used to endorse or promote
+ products derived from this software without specific prior
+ written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
+ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+#ifndef HAD_GLADMAN_FCRYPT_H
+#define HAD_GLADMAN_FCRYPT_H
+
+#include "zipint.h"
+
+#define INTERNAL static
+
+#include "fileenc.h"
+
+#endif /* HAD_GLADMAN_FCRYPT_H */
diff --git a/lib/zip.h b/lib/zip.h
index 7a87e28..61195cf 100644
--- a/lib/zip.h
+++ b/lib/zip.h
@@ -20,7 +20,7 @@
3. The names of the authors may not be used to endorse or promote
products derived from this software without specific prior
written permission.
-
+
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -127,7 +127,7 @@
#define ZIP_ER_REMOVE 22 /* S Can't remove file */
#define ZIP_ER_DELETED 23 /* N Entry has been deleted */
#define ZIP_ER_ENCRNOTSUPP 24 /* N Encryption method not supported */
-#define ZIP_ER_RDONLY 25 /* N Read-only archive */
+#define ZIP_ER_RDONLY 25 /* N Read-only archive */
#define ZIP_ER_NOPASSWD 26 /* N No password provided */
#define ZIP_ER_WRONGPASSWD 27 /* N Wrong password provided */
#define ZIP_ER_OPNOTSUPP 28 /* N Operation not supported */
@@ -173,12 +173,15 @@
#define ZIP_EM_RC2_OLD 0x6602 /* strong encryption: RC2, version < 5.2 */
#define ZIP_EM_3DES_168 0x6603
#define ZIP_EM_3DES_112 0x6609
-#define ZIP_EM_AES_128 0x660e
-#define ZIP_EM_AES_192 0x660f
-#define ZIP_EM_AES_256 0x6610
+#define ZIP_EM_PKZIP_AES_128 0x660e
+#define ZIP_EM_PKZIP_AES_192 0x660f
+#define ZIP_EM_PKZIP_AES_256 0x6610
#define ZIP_EM_RC2 0x6702 /* strong encryption: RC2, version >= 5.2 */
#define ZIP_EM_RC4 0x6801
#endif
+#define ZIP_EM_AES_128 0x0101 /* Winzip AES encryption */
+#define ZIP_EM_AES_192 0x0102
+#define ZIP_EM_AES_256 0x0103
#define ZIP_EM_UNKNOWN 0xffff /* unknown algorithm */
#define ZIP_OPSYS_DOS 0x00u
@@ -299,7 +302,7 @@
typedef struct zip_source zip_source_t;
typedef struct zip_stat zip_stat_t;
-typedef zip_uint32_t zip_flags_t;
+typedef zip_uint32_t zip_flags_t;
typedef zip_int64_t (*zip_source_callback)(void *, void *, zip_uint64_t, zip_source_cmd_t);
diff --git a/lib/zip_dirent.c b/lib/zip_dirent.c
index 0989da9..8c0bbad 100644
--- a/lib/zip_dirent.c
+++ b/lib/zip_dirent.c
@@ -44,6 +44,7 @@
static time_t _zip_d2u_time(zip_uint16_t, zip_uint16_t);
static zip_string_t *_zip_dirent_process_ef_utf_8(const zip_dirent_t *de, zip_uint16_t id, zip_string_t *str);
static zip_extra_field_t *_zip_ef_utf8(zip_uint16_t, zip_string_t *, zip_error_t *);
+static bool _zip_dirent_process_winzip_aes(zip_dirent_t *de, zip_error_t *error);
void
@@ -272,6 +273,7 @@
de->local_extra_fields_read = 0;
de->cloned = 0;
+ de->crc_valid = true;
de->version_madeby = 20 | (ZIP_OPSYS_DEFAULT << 8);
de->version_needed = 20; /* 2.0 */
de->bitflags = 0;
@@ -287,6 +289,7 @@
de->int_attrib = 0;
de->ext_attrib = ZIP_EXT_ATTRIB_DEFAULT;
de->offset = 0;
+ de->encryption_method = ZIP_EM_NONE;
}
@@ -401,6 +404,19 @@
return -1;
}
+ if (zde->bitflags & ZIP_GPBF_ENCRYPTED) {
+ if (zde->bitflags & ZIP_GPBF_STRONG_ENCRYPTION) {
+ /* TODO */
+ zde->encryption_method = ZIP_EM_UNKNOWN;
+ }
+ else {
+ zde->encryption_method = ZIP_EM_TRAD_PKWARE;
+ }
+ }
+ else {
+ zde->encryption_method = ZIP_EM_NONE;
+ }
+
zde->filename = NULL;
zde->extra_fields = NULL;
zde->comment = NULL;
@@ -553,6 +569,13 @@
return -1;
}
+ if (!_zip_dirent_process_winzip_aes(zde, error)) {
+ if (!from_buffer) {
+ _zip_buffer_free(buffer);
+ }
+ return -1;
+ }
+
zde->extra_fields = _zip_ef_remove_internal(zde->extra_fields);
return (zip_int64_t)(size + variable_size);
@@ -595,6 +618,86 @@
}
+static bool
+_zip_dirent_process_winzip_aes(zip_dirent_t *de, zip_error_t *error)
+{
+ zip_uint16_t ef_len;
+ zip_uint32_t ef_crc;
+ zip_buffer_t *buffer;
+ const zip_uint8_t *ef;
+ bool crc_valid;
+ zip_int32_t enc_method;
+
+
+ if (de->comp_method != ZIP_CM_WINZIP_AES) {
+ return true;
+ }
+
+ ef = _zip_ef_get_by_id(de->extra_fields, &ef_len, ZIP_EF_WINZIP_AES, 0, ZIP_EF_BOTH, NULL);
+
+ if (ef == NULL || ef_len < 7) {
+ zip_error_set(error, ZIP_ER_INCONS, 0);
+ return false;
+ }
+
+ if ((buffer = _zip_buffer_new((zip_uint8_t *)ef, ef_len)) == NULL) {
+ zip_error_set(error, ZIP_ER_INTERNAL, 0);
+ return false;
+ }
+
+ /* version */
+
+ crc_valid = true;
+ switch (_zip_buffer_get_16(buffer)) {
+ case 1:
+ break;
+
+ case 2:
+ if (de->uncomp_size < 20 /* TODO: constant */) {
+ crc_valid = false;
+ }
+ break;
+
+ default:
+ zip_error_set(error, ZIP_ER_ENCRNOTSUPP, 0);
+ return false;
+ }
+
+ /* vendor */
+ if (memcmp(_zip_buffer_get(buffer, 2), "AE", 2) != 0) {
+ zip_error_set(error, ZIP_ER_ENCRNOTSUPP, 0);
+ return false;
+ }
+
+ /* mode */
+ switch (_zip_buffer_get_8(buffer)) {
+ case 1:
+ enc_method = ZIP_EM_AES_128;
+ break;
+ case 2:
+ enc_method = ZIP_EM_AES_192;
+ break;
+ case 3:
+ enc_method = ZIP_EM_AES_256;
+ break;
+ default:
+ zip_error_set(error, ZIP_ER_ENCRNOTSUPP, 0);
+ return false;
+ }
+
+ if (ef_len != 7) {
+ zip_error_set(error, ZIP_ER_INCONS, 0);
+ return false;
+ }
+
+ de->crc_valid = crc_valid;
+ de->encryption_method = enc_method;
+ de->comp_method = _zip_buffer_get_16(buffer);
+
+ return true;
+}
+
+
zip_int32_t
_zip_dirent_size(zip_source_t *src, zip_uint16_t flags, zip_error_t *error)
{
diff --git a/lib/zip_get_encryption_implementation.c b/lib/zip_get_encryption_implementation.c
index e2f833b..96e939c 100644
--- a/lib/zip_get_encryption_implementation.c
+++ b/lib/zip_get_encryption_implementation.c
@@ -38,7 +38,16 @@
zip_encryption_implementation
_zip_get_encryption_implementation(zip_uint16_t em)
{
- if (em == ZIP_EM_TRAD_PKWARE)
+ switch (em) {
+ case ZIP_EM_TRAD_PKWARE:
return zip_source_pkware;
- return NULL;
+
+ case ZIP_EM_AES_128:
+ case ZIP_EM_AES_192:
+ case ZIP_EM_AES_256:
+ return zip_source_winzip_aes;
+
+ default:
+ return NULL;
+ }
}
diff --git a/lib/zip_source_winzip_aes.c b/lib/zip_source_winzip_aes.c
new file mode 100644
index 0000000..66a6a00
--- /dev/null
+++ b/lib/zip_source_winzip_aes.c
@@ -0,0 +1,282 @@
+/*
+ zip_source_winzip_aes.c -- Winzip AES de/encryption routines
+ Copyright (C) 2009-2015 Dieter Baron and Thomas Klausner
+
+ This file is part of libzip, a library to manipulate ZIP archives.
+ The authors can be contacted at <libzip@nih.at>
+
+ Redistribution and use in source and binary forms, with or without
+ modification, are permitted provided that the following conditions
+ are met:
+ 1. Redistributions of source code must retain the above copyright
+ notice, this list of conditions and the following disclaimer.
+ 2. Redistributions in binary form must reproduce the above copyright
+ notice, this list of conditions and the following disclaimer in
+ the documentation and/or other materials provided with the
+ distribution.
+ 3. The names of the authors may not be used to endorse or promote
+ products derived from this software without specific prior
+ written permission.
+
+ THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
+ OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
+ WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
+ DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
+ GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
+ IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+ OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
+ IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+*/
+
+
+#include <stdlib.h>
+#include <string.h>
+
+#include "zipint.h"
+
+#include "gladman-fcrypt.h"
+
+#define MAX_HEADER_LENGTH (16+PWD_VER_LENGTH)
+#define HMAC_LENGTH 10
+
+static int salt_length[] = { 0, 8, 12, 16 };
+
+struct winzip_aes {
+ char *password;
+ int mode;
+
+ zip_uint64_t data_length;
+ zip_uint64_t current_position;
+
+ fcrypt_ctx fcrypt_ctx;
+ zip_error_t error;
+};
+
+
+static int decrypt_header(zip_source_t *src, struct winzip_aes *ctx);
+static void winzip_aes_free(struct winzip_aes *);
+static zip_int64_t winzip_aes_decrypt(zip_source_t *src, void *ud, void *data, zip_uint64_t len, zip_source_cmd_t cmd);
+static struct winzip_aes * winzip_aes_new(int mode, const char *password);
+
+
+zip_source_t *
+zip_source_winzip_aes(zip_t *za, zip_source_t *src, zip_uint16_t em, int flags, const char *password)
+{
+ zip_source_t *s2;
+ int mode = 0;
+ zip_stat_t st;
+ zip_uint64_t aux_length;
+ struct winzip_aes *ctx;
+
+ switch (em) {
+ case ZIP_EM_AES_128:
+ mode = 1;
+ break;
+ case ZIP_EM_AES_192:
+ mode = 2;
+ break;
+ case ZIP_EM_AES_256:
+ mode = 3;
+ break;
+ }
+
+ if (password == NULL || src == NULL || mode == 0) {
+ zip_error_set(&za->error, ZIP_ER_INVAL, 0);
+ return NULL;
+ }
+ if (flags & ZIP_CODEC_ENCODE) {
+ zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0);
+ return NULL;
+ }
+
+ if (zip_source_stat(src, &st) != 0) {
+ _zip_error_set_from_source(&za->error, src);
+ return NULL;
+ }
+
+ aux_length = PWD_VER_LENGTH + salt_length[mode] + HMAC_LENGTH;
+
+ if ((st.valid & ZIP_STAT_COMP_SIZE) == 0 || st.comp_size < aux_length) {
+ zip_error_set(&za->error, ZIP_ER_OPNOTSUPP, 0);
+ return NULL;
+ }
+
+ if ((ctx = winzip_aes_new(mode, password)) == NULL) {
+ zip_error_set(&za->error, ZIP_ER_MEMORY, 0);
+ return NULL;
+ }
+
+ ctx->data_length = st.comp_size - aux_length;
+
+ if ((s2 = zip_source_layered(za, src, winzip_aes_decrypt, ctx)) == NULL) {
+ winzip_aes_free(ctx);
+ return NULL;
+ }
+
+ return s2;
+}
+
+
+static int
+decrypt_header(zip_source_t *src, struct winzip_aes *ctx)
+{
+ zip_uint8_t header[MAX_HEADER_LENGTH];
+ zip_uint8_t password_verification[PWD_VER_LENGTH];
+ zip_uint8_t headerlen;
+ zip_int64_t n;
+ unsigned char key[16];
+
+ headerlen = PWD_VER_LENGTH + salt_length[ctx->mode];
+ if ((n=zip_source_read(src, header, headerlen)) < 0) {
+ _zip_error_set_from_source(&ctx->error, src);
+ return -1;
+ }
+
+ if (n != headerlen) {
+ zip_error_set(&ctx->error, ZIP_ER_EOF, 0);
+ return -1;
+ }
+
+ if (_zip_fcrypt_init(ctx->mode, ctx->password, strlen(ctx->password), header, password_verification, &ctx->fcrypt_ctx) != 0) {
+ zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0);
+ return -1;
+ }
+ if (memcmp(password_verification, header + salt_length[ctx->mode], PWD_VER_LENGTH) != 0) {
+ zip_error_set(&ctx->error, ZIP_ER_WRONGPASSWD, 0);
+ return -1;
+ }
+ return 0;
+}
+
+
+static bool
+verify_hmac(zip_source_t *src, struct winzip_aes *ctx)
+{
+ unsigned char computed[HMAC_LENGTH], from_file[HMAC_LENGTH];
+ if (zip_source_read(src, from_file, HMAC_LENGTH) < HMAC_LENGTH) {
+ _zip_error_set_from_source(&ctx->error, src);
+ return false;
+ }
+
+ _zip_fcrypt_end(computed, &ctx->fcrypt_ctx);
+
+ if (memcmp(from_file, computed, HMAC_LENGTH) != 0) {
+ zip_error_set(&ctx->error, ZIP_ER_CRC, 0);
+ return false;
+ }
+
+ return true;
+}
+
+
+static zip_int64_t
+winzip_aes_decrypt(zip_source_t *src, void *ud, void *data, zip_uint64_t len, zip_source_cmd_t cmd)
+{
+ struct winzip_aes *ctx;
+ zip_int64_t n;
+
+ ctx = (struct winzip_aes *)ud;
+
+ switch (cmd) {
+ case ZIP_SOURCE_OPEN:
+ if (decrypt_header(src, ctx) < 0) {
+ return -1;
+ }
+ ctx->current_position = 0;
+ return 0;
+
+ case ZIP_SOURCE_READ:
+ if (len > ctx->data_length - ctx->current_position) {
+ len = ctx->data_length - ctx->current_position;
+ }
+
+ if (len == 0) {
+ if (!verify_hmac(src, ctx)) {
+ return -1;
+ }
+ return 0;
+ }
+
+ if ((n=zip_source_read(src, data, len)) < 0) {
+ _zip_error_set_from_source(&ctx->error, src);
+ return -1;
+ }
+ ctx->current_position += n;
+
+ /* TODO: loop if len > UINT_MAX */
+ _zip_fcrypt_decrypt(data, n, &ctx->fcrypt_ctx);
+
+ return n;
+
+ case ZIP_SOURCE_CLOSE:
+ return 0;
+
+ case ZIP_SOURCE_STAT:
+ {
+ zip_stat_t *st;
+
+ st = (zip_stat_t *)data;
+
+ st->encryption_method = ZIP_EM_NONE;
+ st->valid |= ZIP_STAT_ENCRYPTION_METHOD;
+ if (st->valid & ZIP_STAT_COMP_SIZE) {
+ st->comp_size -= 12 + salt_length[ctx->mode];
+ }
+
+ return 0;
+ }
+
+ case ZIP_SOURCE_SUPPORTS:
+ return zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_STAT, ZIP_SOURCE_ERROR, ZIP_SOURCE_FREE, -1);
+
+ case ZIP_SOURCE_ERROR:
+ return zip_error_to_data(&ctx->error, data, len);
+
+ case ZIP_SOURCE_FREE:
+ winzip_aes_free(ctx);
+ return 0;
+
+ default:
+ zip_error_set(&ctx->error, ZIP_ER_INVAL, 0);
+ return -1;
+ }
+}
+
+
+static void
+winzip_aes_free(struct winzip_aes *ctx)
+{
+ if (ctx == NULL) {
+ return;
+ }
+
+ _zip_crypto_clear(&ctx->fcrypt_ctx, sizeof(ctx->fcrypt_ctx));
+ _zip_crypto_clear(ctx->password, strlen(ctx->password));
+ free(ctx->password);
+ zip_error_fini(&ctx->error);
+ free(ctx);
+}
+
+
+static struct winzip_aes *
+winzip_aes_new(int mode, const char *password) {
+ struct winzip_aes *ctx;
+
+ if ((ctx = (struct winzip_aes *)malloc(sizeof(*ctx))) == NULL) {
+ return NULL;
+ }
+
+ if ((ctx->password = strdup(password)) == NULL) {
+ free(ctx);
+ return NULL;
+ }
+
+ ctx->mode = mode;
+
+ zip_error_init(&ctx->error);
+
+ return ctx;
+}
diff --git a/lib/zip_stat_index.c b/lib/zip_stat_index.c
index 601e3f7..59ff5d3 100644
--- a/lib/zip_stat_index.c
+++ b/lib/zip_stat_index.c
@@ -64,17 +64,8 @@
st->mtime = de->last_mod;
st->comp_size = de->comp_size;
st->comp_method = (zip_uint16_t)de->comp_method;
- if (de->bitflags & ZIP_GPBF_ENCRYPTED) {
- if (de->bitflags & ZIP_GPBF_STRONG_ENCRYPTION) {
- /* TODO */
- st->encryption_method = ZIP_EM_UNKNOWN;
- }
- else
- st->encryption_method = ZIP_EM_TRAD_PKWARE;
- }
- else
- st->encryption_method = ZIP_EM_NONE;
- st->valid = ZIP_STAT_CRC|ZIP_STAT_SIZE|ZIP_STAT_MTIME
+ st->encryption_method = de->encryption_method;
+ st->valid = (de->crc_valid ? ZIP_STAT_CRC : 0) | ZIP_STAT_SIZE|ZIP_STAT_MTIME
|ZIP_STAT_COMP_SIZE|ZIP_STAT_COMP_METHOD|ZIP_STAT_ENCRYPTION_METHOD;
}
diff --git a/lib/zipint.h b/lib/zipint.h
index d1b2303..fe62208 100644
--- a/lib/zipint.h
+++ b/lib/zipint.h
@@ -20,7 +20,7 @@
3. The names of the authors may not be used to endorse or promote
products derived from this software without specific prior
written permission.
-
+
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -66,14 +66,16 @@
#define EFZIP64SIZE 28
#define ZIP_CM_REPLACED_DEFAULT (-2)
+#define ZIP_CM_WINZIP_AES 99 /* Winzip AES encrypted */
#define ZIP_CM_IS_DEFAULT(x) ((x) == ZIP_CM_DEFAULT || (x) == ZIP_CM_REPLACED_DEFAULT)
#define ZIP_EF_UTF_8_COMMENT 0x6375
#define ZIP_EF_UTF_8_NAME 0x7075
+#define ZIP_EF_WINZIP_AES 0x9901
#define ZIP_EF_ZIP64 0x0001
-#define ZIP_EF_IS_INTERNAL(id) ((id) == ZIP_EF_UTF_8_COMMENT || (id) == ZIP_EF_UTF_8_NAME || (id) == ZIP_EF_ZIP64)
+#define ZIP_EF_IS_INTERNAL(id) ((id) == ZIP_EF_UTF_8_COMMENT || (id) == ZIP_EF_UTF_8_NAME || (id) == ZIP_EF_WINZIP_AES || (id) == ZIP_EF_ZIP64)
/* according to unzip-6.0's zipinfo.c, this corresponds to a regular file with rw permissions for everyone */
#define ZIP_EXT_ATTRIB_DEFAULT (0100666u<<16)
@@ -118,6 +120,7 @@
int zip_source_remove(zip_source_t *);
zip_int64_t zip_source_supports(zip_source_t *src);
zip_source_t *zip_source_window(zip_t *, zip_source_t *, zip_uint64_t, zip_uint64_t);
+zip_source_t *zip_source_winzip_aes(zip_t *, zip_source_t *, zip_uint16_t, int, const char *);
/* error source for layered sources */
@@ -193,7 +196,7 @@
zip_source_t **open_source; /* open sources using archive */
zip_hash_t *names; /* hash table for name lookup */
-
+
char *tempdir; /* custom temp dir (needed e.g. for OS X sandboxing) */
};
@@ -219,7 +222,9 @@
struct zip_dirent {
zip_uint32_t changed;
bool local_extra_fields_read; /* whether we already read in local header extra fields */
- bool cloned; /* whether this instance is cloned, and thus shares non-changed strings */
+ bool cloned; /* whether this instance is cloned, and thus shares non-changed strings */
+
+ bool crc_valid; /* if CRC is valid (sometimes not for encrypted archives) */
zip_uint16_t version_madeby; /* (c) version of creator */
zip_uint16_t version_needed; /* (cl) version needed to extract */
@@ -236,6 +241,8 @@
zip_uint16_t int_attrib; /* (c) internal file attributes */
zip_uint32_t ext_attrib; /* (c) external file attributes */
zip_uint64_t offset; /* (c) offset of local header */
+
+ zip_uint16_t encryption_method; /* encryption method, computed from other fields */
};
/* zip archive central directory */
@@ -313,7 +320,7 @@
struct zip_buffer {
bool ok;
bool free_data;
-
+
zip_uint8_t *data;
zip_uint64_t size;
zip_uint64_t offset;
@@ -341,6 +348,17 @@
#define ZIP_IS_RDONLY(za) ((za)->ch_flags & ZIP_AFL_RDONLY)
+#ifdef HAVE_EXPLICIT_MEMSET
+#define _zip_crypto_clear(b, l) explicit_memset((b), 0, (l))
+#else
+#ifdef HAVE_EXPLICIT_BZERO
+#define _zip_crypto_clear(b, l) explicit_bzero((b), (l))
+#else
+#define _zip_crypto_clear(b, l) memset((b), 0, (l))
+#endif
+#endif
+
+
zip_int64_t _zip_add_entry(zip_t *);
zip_uint8_t *_zip_buffer_data(zip_buffer_t *buffer);
