add support for writing files with PKWARE encryption
This commit is contained in:
Marli Frost
parent
e32db515a2
commit
2eeb47ce56
4 changed files with 121 additions and 23 deletions
|
|
@ -2,3 +2,19 @@
|
|||
pub mod stream {
|
||||
pub use crate::read::stream::*;
|
||||
}
|
||||
/// Types for creating ZIP archives.
|
||||
pub mod write {
|
||||
use crate::write::FileOptions;
|
||||
/// Unstable methods for [`FileOptions`].
|
||||
pub trait FileOptionsExt {
|
||||
/// Write the file with the given password using the deprecated ZipCrypto algorithm.
|
||||
///
|
||||
/// This is not recommended for new archives, as ZipCrypto is not secure.
|
||||
fn with_deprecated_encryption(self, password: &[u8]) -> Self;
|
||||
}
|
||||
impl FileOptionsExt for FileOptions {
|
||||
fn with_deprecated_encryption(self, password: &[u8]) -> Self {
|
||||
self.with_deprecated_encryption(password)
|
||||
}
|
||||
}
|
||||
}
|
||||
65
src/write.rs
65
src/write.rs
|
|
@ -29,19 +29,37 @@ use time::OffsetDateTime;
|
|||
#[cfg(feature = "zstd")]
|
||||
use zstd::stream::write::Encoder as ZstdEncoder;
|
||||
|
||||
enum MaybeEncrypted<W> {
|
||||
Unencrypted(W),
|
||||
Encrypted(crate::zipcrypto::ZipCryptoWriter<W>),
|
||||
}
|
||||
impl<W: Write> Write for MaybeEncrypted<W> {
|
||||
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
|
||||
match self {
|
||||
MaybeEncrypted::Unencrypted(w) => w.write(buf),
|
||||
MaybeEncrypted::Encrypted(w) => w.write(buf),
|
||||
}
|
||||
}
|
||||
fn flush(&mut self) -> io::Result<()> {
|
||||
match self {
|
||||
MaybeEncrypted::Unencrypted(w) => w.flush(),
|
||||
MaybeEncrypted::Encrypted(w) => w.flush(),
|
||||
}
|
||||
}
|
||||
}
|
||||
enum GenericZipWriter<W: Write + io::Seek> {
|
||||
Closed,
|
||||
Storer(W),
|
||||
Storer(MaybeEncrypted<W>),
|
||||
#[cfg(any(
|
||||
feature = "deflate",
|
||||
feature = "deflate-miniz",
|
||||
feature = "deflate-zlib"
|
||||
))]
|
||||
Deflater(DeflateEncoder<W>),
|
||||
Deflater(DeflateEncoder<MaybeEncrypted<W>>),
|
||||
#[cfg(feature = "bzip2")]
|
||||
Bzip2(BzEncoder<W>),
|
||||
Bzip2(BzEncoder<MaybeEncrypted<W>>),
|
||||
#[cfg(feature = "zstd")]
|
||||
Zstd(ZstdEncoder<'static, W>),
|
||||
Zstd(ZstdEncoder<'static, MaybeEncrypted<W>>),
|
||||
}
|
||||
// Put the struct declaration in a private module to convince rustdoc to display ZipWriter nicely
|
||||
pub(crate) mod zip_writer {
|
||||
|
|
@ -108,6 +126,7 @@ pub struct FileOptions {
|
|||
last_modified_time: DateTime,
|
||||
permissions: Option<u32>,
|
||||
large_file: bool,
|
||||
encrypt_with: Option<crate::zipcrypto::ZipCryptoKeys>,
|
||||
}
|
||||
|
||||
impl FileOptions {
|
||||
|
|
@ -171,6 +190,10 @@ impl FileOptions {
|
|||
self.large_file = large;
|
||||
self
|
||||
}
|
||||
pub(crate) fn with_deprecated_encryption(mut self, password: &[u8]) -> FileOptions {
|
||||
self.encrypt_with = Some(crate::zipcrypto::ZipCryptoKeys::derive(password));
|
||||
self
|
||||
}
|
||||
}
|
||||
|
||||
impl Default for FileOptions {
|
||||
|
|
@ -196,6 +219,7 @@ impl Default for FileOptions {
|
|||
last_modified_time: DateTime::default(),
|
||||
permissions: None,
|
||||
large_file: false,
|
||||
encrypt_with: None,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -284,7 +308,7 @@ impl<A: Read + Write + io::Seek> ZipWriter<A> {
|
|||
let _ = readwriter.seek(io::SeekFrom::Start(directory_start)); // seek directory_start to overwrite it
|
||||
|
||||
Ok(ZipWriter {
|
||||
inner: GenericZipWriter::Storer(readwriter),
|
||||
inner: GenericZipWriter::Storer(MaybeEncrypted::Unencrypted(readwriter)),
|
||||
files,
|
||||
stats: Default::default(),
|
||||
writing_to_file: false,
|
||||
|
|
@ -302,7 +326,7 @@ impl<W: Write + io::Seek> ZipWriter<W> {
|
|||
/// Before writing to this object, the [`ZipWriter::start_file`] function should be called.
|
||||
pub fn new(inner: W) -> ZipWriter<W> {
|
||||
ZipWriter {
|
||||
inner: GenericZipWriter::Storer(inner),
|
||||
inner: GenericZipWriter::Storer(MaybeEncrypted::Unencrypted(inner)),
|
||||
files: Vec::new(),
|
||||
stats: Default::default(),
|
||||
writing_to_file: false,
|
||||
|
|
@ -355,7 +379,7 @@ impl<W: Write + io::Seek> ZipWriter<W> {
|
|||
let mut file = ZipFileData {
|
||||
system: System::Unix,
|
||||
version_made_by: DEFAULT_VERSION,
|
||||
encrypted: false,
|
||||
encrypted: options.encrypt_with.is_some(),
|
||||
using_data_descriptor: false,
|
||||
compression_method: options.compression_method,
|
||||
compression_level: options.compression_level,
|
||||
|
|
@ -385,7 +409,13 @@ impl<W: Write + io::Seek> ZipWriter<W> {
|
|||
|
||||
self.files.push(file);
|
||||
}
|
||||
if let Some(keys) = options.encrypt_with {
|
||||
let mut zipwriter = crate::zipcrypto::ZipCryptoWriter { writer: core::mem::replace(&mut self.inner, GenericZipWriter::Closed).unwrap(), buffer: vec![], keys };
|
||||
let mut crypto_header = [0u8; 12];
|
||||
|
||||
zipwriter.write_all(&crypto_header)?;
|
||||
self.inner = GenericZipWriter::Storer(MaybeEncrypted::Encrypted(zipwriter));
|
||||
}
|
||||
Ok(())
|
||||
}
|
||||
|
||||
|
|
@ -395,6 +425,14 @@ impl<W: Write + io::Seek> ZipWriter<W> {
|
|||
self.end_extra_data()?;
|
||||
}
|
||||
self.inner.switch_to(CompressionMethod::Stored, None)?;
|
||||
match core::mem::replace(&mut self.inner, GenericZipWriter::Closed) {
|
||||
GenericZipWriter::Storer(MaybeEncrypted::Encrypted(writer)) => {
|
||||
let crc32 = self.stats.hasher.clone().finalize();
|
||||
self.inner = GenericZipWriter::Storer(MaybeEncrypted::Unencrypted(writer.finish(crc32)?))
|
||||
}
|
||||
GenericZipWriter::Storer(w) => self.inner = GenericZipWriter::Storer(w),
|
||||
_ => unreachable!()
|
||||
}
|
||||
let writer = self.inner.get_plain();
|
||||
|
||||
if !self.writing_raw {
|
||||
|
|
@ -985,8 +1023,8 @@ impl<W: Write + io::Seek> GenericZipWriter<W> {
|
|||
|
||||
fn get_plain(&mut self) -> &mut W {
|
||||
match *self {
|
||||
GenericZipWriter::Storer(ref mut w) => w,
|
||||
_ => panic!("Should have switched to stored beforehand"),
|
||||
GenericZipWriter::Storer(MaybeEncrypted::Unencrypted(ref mut w)) => w,
|
||||
_ => panic!("Should have switched to stored and unencrypted beforehand"),
|
||||
}
|
||||
}
|
||||
|
||||
|
|
@ -1009,8 +1047,8 @@ impl<W: Write + io::Seek> GenericZipWriter<W> {
|
|||
|
||||
fn unwrap(self) -> W {
|
||||
match self {
|
||||
GenericZipWriter::Storer(w) => w,
|
||||
_ => panic!("Should have switched to stored beforehand"),
|
||||
GenericZipWriter::Storer(MaybeEncrypted::Unencrypted(w)) => w,
|
||||
_ => panic!("Should have switched to stored and unencrypted beforehand"),
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -1058,7 +1096,7 @@ fn write_local_file_header<T: Write>(writer: &mut T, file: &ZipFileData) -> ZipR
|
|||
1u16 << 11
|
||||
} else {
|
||||
0
|
||||
};
|
||||
} | if file.encrypted { 1u16 << 0 } else { 0 };
|
||||
writer.write_u16::<LittleEndian>(flag)?;
|
||||
// Compression method
|
||||
#[allow(deprecated)]
|
||||
|
|
@ -1133,7 +1171,7 @@ fn write_central_directory_header<T: Write>(writer: &mut T, file: &ZipFileData)
|
|||
1u16 << 11
|
||||
} else {
|
||||
0
|
||||
};
|
||||
} | if file.encrypted { 1u16 << 0 } else { 0 };
|
||||
writer.write_u16::<LittleEndian>(flag)?;
|
||||
// compression method
|
||||
#[allow(deprecated)]
|
||||
|
|
@ -1428,6 +1466,7 @@ mod test {
|
|||
last_modified_time: DateTime::default(),
|
||||
permissions: Some(33188),
|
||||
large_file: false,
|
||||
encrypt_with: None,
|
||||
};
|
||||
writer.start_file("mimetype", options).unwrap();
|
||||
writer
|
||||
|
|
|
|||
|
|
@ -6,7 +6,8 @@
|
|||
use std::num::Wrapping;
|
||||
|
||||
/// A container to hold the current key state
|
||||
struct ZipCryptoKeys {
|
||||
#[derive(Clone, Copy)]
|
||||
pub(crate) struct ZipCryptoKeys {
|
||||
key_0: Wrapping<u32>,
|
||||
key_1: Wrapping<u32>,
|
||||
key_2: Wrapping<u32>,
|
||||
|
|
@ -49,6 +50,13 @@ impl ZipCryptoKeys {
|
|||
fn crc32(crc: Wrapping<u32>, input: u8) -> Wrapping<u32> {
|
||||
(crc >> 8) ^ Wrapping(CRCTABLE[((crc & Wrapping(0xff)).0 as u8 ^ input) as usize])
|
||||
}
|
||||
pub(crate) fn derive(password: &[u8]) -> ZipCryptoKeys {
|
||||
let mut keys = ZipCryptoKeys::new();
|
||||
for byte in password.iter() {
|
||||
keys.update(*byte);
|
||||
}
|
||||
keys
|
||||
}
|
||||
}
|
||||
|
||||
/// A ZipCrypto reader with unverified password
|
||||
|
|
@ -70,17 +78,10 @@ impl<R: std::io::Read> ZipCryptoReader<R> {
|
|||
/// would be impossible to decrypt files that were encrypted with a
|
||||
/// password byte sequence that is unrepresentable in UTF-8.
|
||||
pub fn new(file: R, password: &[u8]) -> ZipCryptoReader<R> {
|
||||
let mut result = ZipCryptoReader {
|
||||
ZipCryptoReader {
|
||||
file,
|
||||
keys: ZipCryptoKeys::new(),
|
||||
};
|
||||
|
||||
// Key the cipher by updating the keys with the password.
|
||||
for byte in password.iter() {
|
||||
result.keys.update(*byte);
|
||||
keys: ZipCryptoKeys::derive(password),
|
||||
}
|
||||
|
||||
result
|
||||
}
|
||||
|
||||
/// Read the ZipCrypto header bytes and validate the password.
|
||||
|
|
@ -122,6 +123,31 @@ impl<R: std::io::Read> ZipCryptoReader<R> {
|
|||
Ok(Some(ZipCryptoReaderValid { reader: self }))
|
||||
}
|
||||
}
|
||||
pub(crate) struct ZipCryptoWriter<W> {
|
||||
pub(crate) writer: W,
|
||||
pub(crate) buffer: Vec<u8>,
|
||||
pub(crate) keys: ZipCryptoKeys,
|
||||
}
|
||||
impl<W: std::io::Write> ZipCryptoWriter<W> {
|
||||
pub(crate) fn finish(mut self, crc32: u32) -> std::io::Result<W> {
|
||||
self.buffer[11] = (crc32 >> 24) as u8;
|
||||
for byte in self.buffer.iter_mut() {
|
||||
*byte = self.keys.encrypt_byte(*byte);
|
||||
}
|
||||
self.writer.write_all(&self.buffer)?;
|
||||
self.writer.flush()?;
|
||||
Ok(self.writer)
|
||||
}
|
||||
}
|
||||
impl<W: std::io::Write> std::io::Write for ZipCryptoWriter<W> {
|
||||
fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
|
||||
self.buffer.extend_from_slice(buf);
|
||||
Ok(buf.len())
|
||||
}
|
||||
fn flush(&mut self) -> std::io::Result<()> {
|
||||
Ok(())
|
||||
}
|
||||
}
|
||||
|
||||
/// A ZipCrypto reader with verified password
|
||||
pub struct ZipCryptoReaderValid<R> {
|
||||
|
|
|
|||
|
|
@ -20,6 +20,23 @@
|
|||
use std::io::Cursor;
|
||||
use std::io::Read;
|
||||
|
||||
#[test]
|
||||
fn encrypting_file() {
|
||||
use zip::unstable::write::FileOptionsExt;
|
||||
use std::io::{Read, Write};
|
||||
let mut buf = vec![0; 2048];
|
||||
let mut archive = zip::write::ZipWriter::new(std::io::Cursor::new(&mut buf));
|
||||
archive.start_file("name", zip::write::FileOptions::default().with_deprecated_encryption(b"password")).unwrap();
|
||||
archive.write_all(b"test").unwrap();
|
||||
archive.finish().unwrap();
|
||||
drop(archive);
|
||||
let mut archive = zip::ZipArchive::new(std::io::Cursor::new(&mut buf)).unwrap();
|
||||
let mut file = archive.by_index_decrypt(0, b"password").unwrap().unwrap();
|
||||
let mut buf = Vec::new();
|
||||
file.read_to_end(&mut buf).unwrap();
|
||||
assert_eq!(buf, b"test");
|
||||
|
||||
}
|
||||
#[test]
|
||||
fn encrypted_file() {
|
||||
let zip_file_bytes = &mut Cursor::new(vec![
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue