DevComp/zip-rs-wasm
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'master' into disable-default-zstd

Browse source
This commit is contained in:
Chris Hennick 2023-05-10 13:11:39 -07:00 committed by GitHub
commit 7cc3c4ba27
Signed by: DevComp
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 165 additions and 57 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
CHANGELOG.md
View file

@ -111,3 +111,10 @@
### Fixed ### Fixed
- Fixed a bug that occurs when a filename in a ZIP32 file includes the ZIP64 magic bytes. - Fixed a bug that occurs when a filename in a ZIP32 file includes the ZIP64 magic bytes.
## [0.7.4]
### Merged from upstream
- Added experimental [`zip_next::unstable::write::FileOptions::with_deprecated_encryption`] API to enable encrypting
files with PKWARE encryption.

9
Cargo.toml
View file

@ -1,12 +1,13 @@
[package] [package]
name = "zip_next" name = "zip_next"
version = "0.7.3" version = "0.7.4"
authors = ["Mathijs van de Nes <git@mathijs.vd-nes.nl>", "Marli Frost <marli@frost.red>", "Ryan Levick <ryan.levick@gmail.com>", authors = ["Mathijs van de Nes <git@mathijs.vd-nes.nl>", "Marli Frost <marli@frost.red>", "Ryan Levick <ryan.levick@gmail.com>",
"Chris Hennick <hennickc@amazon.com>"] "Chris Hennick <hennickc@amazon.com>"]
license = "MIT" license = "MIT"
repository = "https://github.com/Pr0methean/zip-next.git" repository = "https://github.com/Pr0methean/zip-next.git"
keywords = ["zip", "archive"] keywords = ["zip", "archive"]
description = """ description = """
rust-version = "1.66.0"
Library to support the reading and writing of zip files. Library to support the reading and writing of zip files.
""" """
edition = "2021" edition = "2021"
@ -21,8 +22,8 @@ flate2 = { version = "1.0.26", default-features = false, optional = true }
hmac = { version = "0.12.1", optional = true, features = ["reset"] } hmac = { version = "0.12.1", optional = true, features = ["reset"] }
pbkdf2 = {version = "0.12.1", optional = true } pbkdf2 = {version = "0.12.1", optional = true }
sha1 = {version = "0.10.5", optional = true } sha1 = {version = "0.10.5", optional = true }
time = { version = "0.3.20", optional = true, default-features = false, features = ["std"] } time = { version = "0.3.21", optional = true, default-features = false, features = ["std"] }
zstd = { version = "0.12.3", optional = true, default-features = false } zstd = { version = "0.12.3", optional = true }
[target.'cfg(any(all(target_arch = "arm", target_pointer_width = "32"), target_arch = "mips", target_arch = "powerpc"))'.dependencies] [target.'cfg(any(all(target_arch = "arm", target_pointer_width = "32"), target_arch = "mips", target_arch = "powerpc"))'.dependencies]
crossbeam-utils = "0.8.15" crossbeam-utils = "0.8.15"
@ -34,7 +35,7 @@ arbitrary = { version = "1.3.0", features = ["derive"] }
bencher = "0.1.5" bencher = "0.1.5"
getrandom = "0.2.9" getrandom = "0.2.9"
walkdir = "2.3.3" walkdir = "2.3.3"
time = { version = "0.3.20", features = ["formatting", "macros"] } time = { version = "0.3.21", features = ["formatting", "macros"] }
[features] [features]
aes-crypto = [ "aes", "constant_time_eq", "hmac", "pbkdf2", "sha1" ] aes-crypto = [ "aes", "constant_time_eq", "hmac", "pbkdf2", "sha1" ]

4
README.md
View file

@ -32,14 +32,14 @@ With all default features:
```toml ```toml
[dependencies] [dependencies]
zip_next = "0.7.3" zip_next = "0.7.4"
``` ```
Without the default features: Without the default features:
```toml ```toml
[dependencies] [dependencies]
zip_next = { version = "0.7.3", default-features = false } zip_next = { version = "0.7.4", default-features = false }
``` ```
The features available are: The features available are:

2
src/lib.rs
View file

@ -49,6 +49,6 @@ mod zipcrypto;
/// ///
/// ```toml /// ```toml
/// [dependencies] /// [dependencies]
/// zip = "=0.6.4" /// zip = "=0.6.5"
/// ``` /// ```
pub mod unstable; pub mod unstable;

2
src/read.rs
View file

@ -57,7 +57,7 @@ pub(crate) mod zip_archive {
/// for i in 0..zip.len() { /// for i in 0..zip.len() {
/// let mut file = zip.by_index(i)?; /// let mut file = zip.by_index(i)?;
/// println!("Filename: {}", file.name()); /// println!("Filename: {}", file.name());
/// std::io::copy(&mut file, &mut std::io::stdout()); /// std::io::copy(&mut file, &mut std::io::stdout())?;
/// } /// }
/// ///
/// Ok(()) /// Ok(())

21
src/types.rs
View file

@ -567,27 +567,6 @@ mod test {
#[cfg(feature = "time")] #[cfg(feature = "time")]
use time::{format_description::well_known::Rfc3339, OffsetDateTime}; use time::{format_description::well_known::Rfc3339, OffsetDateTime};
#[cfg(feature = "time")]
#[test]
fn datetime_from_time_bounds() {
use std::convert::TryFrom;
use super::DateTime;
use time::macros::datetime;
// 1979-12-31 23:59:59
assert!(DateTime::try_from(datetime!(1979-12-31 23:59:59 UTC)).is_err());
// 1980-01-01 00:00:00
assert!(DateTime::try_from(datetime!(1980-01-01 00:00:00 UTC)).is_ok());
// 2107-12-31 23:59:59
assert!(DateTime::try_from(datetime!(2107-12-31 23:59:59 UTC)).is_ok());
// 2108-01-01 00:00:00
assert!(DateTime::try_from(datetime!(2108-01-01 00:00:00 UTC)).is_err());
}
#[cfg(feature = "time")] #[cfg(feature = "time")]
#[test] #[test]
fn datetime_try_from_bounds() { fn datetime_try_from_bounds() {

16
src/unstable.rs
View file

@ -2,3 +2,19 @@
pub mod stream { pub mod stream {
pub use crate::read::stream::*; pub use crate::read::stream::*;
} }
/// Types for creating ZIP archives.
pub mod write {
use crate::write::FileOptions;
/// Unstable methods for [`FileOptions`].
pub trait FileOptionsExt {
/// Write the file with the given password using the deprecated ZipCrypto algorithm.
///
/// This is not recommended for new archives, as ZipCrypto is not secure.
fn with_deprecated_encryption(self, password: &[u8]) -> Self;
}
impl FileOptionsExt for FileOptions {
fn with_deprecated_encryption(self, password: &[u8]) -> Self {
self.with_deprecated_encryption(password)
}
}
}

80
src/write.rs
View file

@ -31,19 +31,37 @@ use time::OffsetDateTime;
#[cfg(feature = "zstd")] #[cfg(feature = "zstd")]
use zstd::stream::write::Encoder as ZstdEncoder; use zstd::stream::write::Encoder as ZstdEncoder;
enum MaybeEncrypted<W> {
Unencrypted(W),
Encrypted(crate::zipcrypto::ZipCryptoWriter<W>),
}
impl<W: Write> Write for MaybeEncrypted<W> {
fn write(&mut self, buf: &[u8]) -> io::Result<usize> {
match self {
MaybeEncrypted::Unencrypted(w) => w.write(buf),
MaybeEncrypted::Encrypted(w) => w.write(buf),
}
}
fn flush(&mut self) -> io::Result<()> {
match self {
MaybeEncrypted::Unencrypted(w) => w.flush(),
MaybeEncrypted::Encrypted(w) => w.flush(),
}
}
}
enum GenericZipWriter<W: Write + Seek> { enum GenericZipWriter<W: Write + Seek> {
Closed, Closed,
Storer(W), Storer(MaybeEncrypted<W>),
#[cfg(any( #[cfg(any(
feature = "deflate", feature = "deflate",
feature = "deflate-miniz", feature = "deflate-miniz",
feature = "deflate-zlib" feature = "deflate-zlib"
))] ))]
Deflater(DeflateEncoder<W>), Deflater(DeflateEncoder<MaybeEncrypted<W>>),
#[cfg(feature = "bzip2")] #[cfg(feature = "bzip2")]
Bzip2(BzEncoder<W>), Bzip2(BzEncoder<MaybeEncrypted<W>>),
#[cfg(feature = "zstd")] #[cfg(feature = "zstd")]
Zstd(ZstdEncoder<'static, W>), Zstd(ZstdEncoder<'static, MaybeEncrypted<W>>),
} }
// Put the struct declaration in a private module to convince rustdoc to display ZipWriter nicely // Put the struct declaration in a private module to convince rustdoc to display ZipWriter nicely
@ -115,6 +133,7 @@ pub struct FileOptions {
pub(crate) last_modified_time: DateTime, pub(crate) last_modified_time: DateTime,
pub(crate) permissions: Option<u32>, pub(crate) permissions: Option<u32>,
pub(crate) large_file: bool, pub(crate) large_file: bool,
encrypt_with: Option<crate::zipcrypto::ZipCryptoKeys>,
} }
impl FileOptions { impl FileOptions {
@ -178,6 +197,10 @@ impl FileOptions {
self.large_file = large; self.large_file = large;
self self
} }
pub(crate) fn with_deprecated_encryption(mut self, password: &[u8]) -> FileOptions {
self.encrypt_with = Some(crate::zipcrypto::ZipCryptoKeys::derive(password));
self
}
} }
impl Default for FileOptions { impl Default for FileOptions {
@ -203,6 +226,7 @@ impl Default for FileOptions {
last_modified_time: DateTime::default(), last_modified_time: DateTime::default(),
permissions: None, permissions: None,
large_file: false, large_file: false,
encrypt_with: None,
} }
} }
} }
@ -293,7 +317,7 @@ impl<A: Read + Write + Seek> ZipWriter<A> {
let _ = readwriter.seek(SeekFrom::Start(directory_start)); // seek directory_start to overwrite it let _ = readwriter.seek(SeekFrom::Start(directory_start)); // seek directory_start to overwrite it
Ok(ZipWriter { Ok(ZipWriter {
inner: Storer(readwriter), inner: Storer(MaybeEncrypted::Unencrypted(readwriter)),
files, files,
files_by_name, files_by_name,
stats: Default::default(), stats: Default::default(),
@ -360,7 +384,7 @@ impl<W: Write + Seek> ZipWriter<W> {
/// [`ZipWriter::is_writing_file`] to determine if the file remains open. /// [`ZipWriter::is_writing_file`] to determine if the file remains open.
pub fn new(inner: W) -> ZipWriter<W> { pub fn new(inner: W) -> ZipWriter<W> {
ZipWriter { ZipWriter {
inner: Storer(inner), inner: Storer(MaybeEncrypted::Unencrypted(inner)),
files: Vec::new(), files: Vec::new(),
files_by_name: HashMap::new(), files_by_name: HashMap::new(),
stats: Default::default(), stats: Default::default(),
@ -419,7 +443,7 @@ impl<W: Write + Seek> ZipWriter<W> {
let file = ZipFileData { let file = ZipFileData {
system: System::Unix, system: System::Unix,
version_made_by: DEFAULT_VERSION, version_made_by: DEFAULT_VERSION,
encrypted: false, encrypted: options.encrypt_with.is_some(),
using_data_descriptor: false, using_data_descriptor: false,
compression_method: options.compression_method, compression_method: options.compression_method,
compression_level: options.compression_level, compression_level: options.compression_level,
@ -450,7 +474,17 @@ impl<W: Write + Seek> ZipWriter<W> {
self.stats.bytes_written = 0; self.stats.bytes_written = 0;
self.stats.hasher = Hasher::new(); self.stats.hasher = Hasher::new();
} }
if let Some(keys) = options.encrypt_with {
let mut zipwriter = crate::zipcrypto::ZipCryptoWriter {
writer: mem::replace(&mut self.inner, Closed).unwrap(),
buffer: vec![],
keys,
};
let crypto_header = [0u8; 12];
zipwriter.write_all(&crypto_header)?;
self.inner = Storer(MaybeEncrypted::Encrypted(zipwriter));
}
Ok(()) Ok(())
} }
@ -479,6 +513,14 @@ impl<W: Write + Seek> ZipWriter<W> {
.inner .inner
.prepare_next_writer(CompressionMethod::Stored, None)?; .prepare_next_writer(CompressionMethod::Stored, None)?;
self.inner.switch_to(make_plain_writer)?; self.inner.switch_to(make_plain_writer)?;
match mem::replace(&mut self.inner, Closed) {
Storer(MaybeEncrypted::Encrypted(writer)) => {
let crc32 = self.stats.hasher.clone().finalize();
self.inner = Storer(MaybeEncrypted::Unencrypted(writer.finish(crc32)?))
}
Storer(w) => self.inner = Storer(w),
_ => unreachable!(),
}
let writer = self.inner.get_plain(); let writer = self.inner.get_plain();
if !self.writing_raw { if !self.writing_raw {
@ -1000,12 +1042,14 @@ impl<W: Write + Seek> Drop for ZipWriter<W> {
} }
} }
type SwitchWriterFunction<W> = Box<dyn FnOnce(MaybeEncrypted<W>) -> GenericZipWriter<W>>;
impl<W: Write + Seek> GenericZipWriter<W> { impl<W: Write + Seek> GenericZipWriter<W> {
fn prepare_next_writer( fn prepare_next_writer(
&self, &self,
compression: CompressionMethod, compression: CompressionMethod,
compression_level: Option<i32>, compression_level: Option<i32>,
) -> ZipResult<Box<dyn FnOnce(W) -> GenericZipWriter<W>>> { ) -> ZipResult<SwitchWriterFunction<W>> {
if let Closed = self { if let Closed = self {
return Err( return Err(
io::Error::new(io::ErrorKind::BrokenPipe, "ZipWriter was already closed").into(), io::Error::new(io::ErrorKind::BrokenPipe, "ZipWriter was already closed").into(),
@ -1083,10 +1127,7 @@ impl<W: Write + Seek> GenericZipWriter<W> {
} }
} }
fn switch_to( fn switch_to(&mut self, make_new_self: SwitchWriterFunction<W>) -> ZipResult<()> {
&mut self,
make_new_self: Box<dyn FnOnce(W) -> GenericZipWriter<W>>,
) -> ZipResult<()> {
let bare = match mem::replace(self, Closed) { let bare = match mem::replace(self, Closed) {
Storer(w) => w, Storer(w) => w,
#[cfg(any( #[cfg(any(
@ -1134,15 +1175,15 @@ impl<W: Write + Seek> GenericZipWriter<W> {
fn get_plain(&mut self) -> &mut W { fn get_plain(&mut self) -> &mut W {
match *self { match *self {
Storer(ref mut w) => w, Storer(MaybeEncrypted::Unencrypted(ref mut w)) => w,
_ => panic!("Should have switched to stored beforehand"), _ => panic!("Should have switched to stored and unencrypted beforehand"),
} }
} }
fn unwrap(self) -> W { fn unwrap(self) -> W {
match self { match self {
Storer(w) => w, Storer(MaybeEncrypted::Unencrypted(w)) => w,
_ => panic!("Should have switched to stored beforehand"), _ => panic!("Should have switched to stored and unencrypted beforehand"),
} }
} }
} }
@ -1190,7 +1231,7 @@ fn write_local_file_header<T: Write>(writer: &mut T, file: &ZipFileData) -> ZipR
1u16 << 11 1u16 << 11
} else { } else {
0 0
}; } | if file.encrypted { 1u16 << 0 } else { 0 };
writer.write_u16::<LittleEndian>(flag)?; writer.write_u16::<LittleEndian>(flag)?;
// Compression method // Compression method
#[allow(deprecated)] #[allow(deprecated)]
@ -1262,7 +1303,7 @@ fn write_central_directory_header<T: Write>(writer: &mut T, file: &ZipFileData)
1u16 << 11 1u16 << 11
} else { } else {
0 0
}; } | if file.encrypted { 1u16 << 0 } else { 0 };
writer.write_u16::<LittleEndian>(flag)?; writer.write_u16::<LittleEndian>(flag)?;
// compression method // compression method
#[allow(deprecated)] #[allow(deprecated)]
@ -1558,6 +1599,7 @@ mod test {
last_modified_time: DateTime::default(), last_modified_time: DateTime::default(),
permissions: Some(33188), permissions: Some(33188),
large_file: false, large_file: false,
encrypt_with: None,
}; };
writer.start_file("mimetype", options).unwrap(); writer.start_file("mimetype", options).unwrap();
writer writer
@ -1594,6 +1636,7 @@ mod test {
last_modified_time: DateTime::default(), last_modified_time: DateTime::default(),
permissions: Some(33188), permissions: Some(33188),
large_file: false, large_file: false,
encrypt_with: None,
}; };
writer.start_file(RT_TEST_FILENAME, options).unwrap(); writer.start_file(RT_TEST_FILENAME, options).unwrap();
writer.write_all(RT_TEST_TEXT.as_ref()).unwrap(); writer.write_all(RT_TEST_TEXT.as_ref()).unwrap();
@ -1640,6 +1683,7 @@ mod test {
last_modified_time: DateTime::default(), last_modified_time: DateTime::default(),
permissions: Some(33188), permissions: Some(33188),
large_file: false, large_file: false,
encrypt_with: None,
}; };
writer.start_file(RT_TEST_FILENAME, options).unwrap(); writer.start_file(RT_TEST_FILENAME, options).unwrap();
writer.write_all(RT_TEST_TEXT.as_ref()).unwrap(); writer.write_all(RT_TEST_TEXT.as_ref()).unwrap();

60
src/zipcrypto.rs
View file

@ -3,15 +3,28 @@
//! The following paper was used to implement the ZipCrypto algorithm: //! The following paper was used to implement the ZipCrypto algorithm:
//! [https://courses.cs.ut.ee/MTAT.07.022/2015_fall/uploads/Main/dmitri-report-f15-16.pdf](https://courses.cs.ut.ee/MTAT.07.022/2015_fall/uploads/Main/dmitri-report-f15-16.pdf) //! [https://courses.cs.ut.ee/MTAT.07.022/2015_fall/uploads/Main/dmitri-report-f15-16.pdf](https://courses.cs.ut.ee/MTAT.07.022/2015_fall/uploads/Main/dmitri-report-f15-16.pdf)
use std::collections::hash_map::DefaultHasher;
use std::fmt::{Debug, Formatter};
use std::hash::{Hash, Hasher};
use std::num::Wrapping; use std::num::Wrapping;
/// A container to hold the current key state /// A container to hold the current key state
struct ZipCryptoKeys { #[cfg_attr(fuzzing, derive(arbitrary::Arbitrary))]
#[derive(Clone, Copy, Hash, Ord, PartialOrd, Eq, PartialEq)]
pub(crate) struct ZipCryptoKeys {
key_0: Wrapping<u32>, key_0: Wrapping<u32>,
key_1: Wrapping<u32>, key_1: Wrapping<u32>,
key_2: Wrapping<u32>, key_2: Wrapping<u32>,
} }
impl Debug for ZipCryptoKeys {
fn fmt(&self, f: &mut Formatter<'_>) -> std::fmt::Result {
let mut t = DefaultHasher::new();
self.hash(&mut t);
f.write_fmt(format_args!("ZipCryptoKeys(hash {})", t.finish()))
}
}
impl ZipCryptoKeys { impl ZipCryptoKeys {
fn new() -> ZipCryptoKeys { fn new() -> ZipCryptoKeys {
ZipCryptoKeys { ZipCryptoKeys {
@ -49,6 +62,13 @@ impl ZipCryptoKeys {
fn crc32(crc: Wrapping<u32>, input: u8) -> Wrapping<u32> { fn crc32(crc: Wrapping<u32>, input: u8) -> Wrapping<u32> {
(crc >> 8) ^ Wrapping(CRCTABLE[((crc & Wrapping(0xff)).0 as u8 ^ input) as usize]) (crc >> 8) ^ Wrapping(CRCTABLE[((crc & Wrapping(0xff)).0 as u8 ^ input) as usize])
} }
pub(crate) fn derive(password: &[u8]) -> ZipCryptoKeys {
let mut keys = ZipCryptoKeys::new();
for byte in password.iter() {
keys.update(*byte);
}
keys
}
} }
/// A ZipCrypto reader with unverified password /// A ZipCrypto reader with unverified password
@ -70,17 +90,10 @@ impl<R: std::io::Read> ZipCryptoReader<R> {
/// would be impossible to decrypt files that were encrypted with a /// would be impossible to decrypt files that were encrypted with a
/// password byte sequence that is unrepresentable in UTF-8. /// password byte sequence that is unrepresentable in UTF-8.
pub fn new(file: R, password: &[u8]) -> ZipCryptoReader<R> { pub fn new(file: R, password: &[u8]) -> ZipCryptoReader<R> {
let mut result = ZipCryptoReader { ZipCryptoReader {
file, file,
keys: ZipCryptoKeys::new(), keys: ZipCryptoKeys::derive(password),
};
// Key the cipher by updating the keys with the password.
for byte in password.iter() {
result.keys.update(*byte);
} }
result
} }
/// Read the ZipCrypto header bytes and validate the password. /// Read the ZipCrypto header bytes and validate the password.
@ -122,6 +135,33 @@ impl<R: std::io::Read> ZipCryptoReader<R> {
Ok(Some(ZipCryptoReaderValid { reader: self })) Ok(Some(ZipCryptoReaderValid { reader: self }))
} }
} }
#[allow(unused)]
pub(crate) struct ZipCryptoWriter<W> {
pub(crate) writer: W,
pub(crate) buffer: Vec<u8>,
pub(crate) keys: ZipCryptoKeys,
}
impl<W: std::io::Write> ZipCryptoWriter<W> {
#[allow(unused)]
pub(crate) fn finish(mut self, crc32: u32) -> std::io::Result<W> {
self.buffer[11] = (crc32 >> 24) as u8;
for byte in self.buffer.iter_mut() {
*byte = self.keys.encrypt_byte(*byte);
}
self.writer.write_all(&self.buffer)?;
self.writer.flush()?;
Ok(self.writer)
}
}
impl<W: std::io::Write> std::io::Write for ZipCryptoWriter<W> {
fn write(&mut self, buf: &[u8]) -> std::io::Result<usize> {
self.buffer.extend_from_slice(buf);
Ok(buf.len())
}
fn flush(&mut self) -> std::io::Result<()> {
Ok(())
}
}
/// A ZipCrypto reader with verified password /// A ZipCrypto reader with verified password
pub struct ZipCryptoReaderValid<R> { pub struct ZipCryptoReaderValid<R> {

21
tests/zip_crypto.rs
View file

@ -20,6 +20,27 @@
use std::io::Cursor; use std::io::Cursor;
use std::io::Read; use std::io::Read;
#[test]
fn encrypting_file() {
use std::io::{Read, Write};
use zip_next::unstable::write::FileOptionsExt;
let mut buf = vec![0; 2048];
let mut archive = zip_next::write::ZipWriter::new(Cursor::new(&mut buf));
archive
.start_file(
"name",
zip_next::write::FileOptions::default().with_deprecated_encryption(b"password"),
)
.unwrap();
archive.write_all(b"test").unwrap();
archive.finish().unwrap();
drop(archive);
let mut archive = zip_next::ZipArchive::new(Cursor::new(&mut buf)).unwrap();
let mut file = archive.by_index_decrypt(0, b"password").unwrap().unwrap();
let mut buf = Vec::new();
file.read_to_end(&mut buf).unwrap();
assert_eq!(buf, b"test");
}
#[test] #[test]
fn encrypted_file() { fn encrypted_file() {
let zip_file_bytes = &mut Cursor::new(vec![ let zip_file_bytes = &mut Cursor::new(vec![