From 852ab625fbe07edd3952e6079184e0215f98915c Mon Sep 17 00:00:00 2001 From: Lireer Date: Sun, 4 Oct 2020 12:50:01 +0200 Subject: [PATCH] initial aes reader --- Cargo.toml | 10 +++-- src/aes.rs | 86 ++++++++++++++++++++++++++++++++++++++ src/compression.rs | 7 +++- src/lib.rs | 2 +- src/read.rs | 100 ++++++++++++++++++++++++++++++++++----------- src/types.rs | 25 ++++++++++++ src/write.rs | 6 +++ 7 files changed, 207 insertions(+), 29 deletions(-) create mode 100644 src/aes.rs diff --git a/Cargo.toml b/Cargo.toml index 44299d5c..e4e09aad 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -11,13 +11,16 @@ Library to support the reading and writing of zip files. edition = "2018" [dependencies] -aes = { version = "0.5.0", optional = true } -flate2 = { version = "1.0.0", default-features = false, optional = true } -time = { version = "0.1", optional = true } +aes = "0.5.0" byteorder = "1.3" bzip2 = { version = "0.4", optional = true } crc32fast = "1.0" +flate2 = { version = "1.0.0", default-features = false, optional = true } +hmac = "0.9.0" +pbkdf2 = "0.5.0" +sha-1 = "0.9.1" thiserror = "1.0" +time = { version = "0.1", optional = true } [dev-dependencies] bencher = "0.1" @@ -25,7 +28,6 @@ rand = "0.7" walkdir = "2" [features] -aes-crypto = ["aes"] deflate = ["flate2/rust_backend"] deflate-miniz = ["flate2/default"] deflate-zlib = ["flate2/zlib"] diff --git a/src/aes.rs b/src/aes.rs new file mode 100644 index 00000000..d78bbcfa --- /dev/null +++ b/src/aes.rs @@ -0,0 +1,86 @@ +use crate::types::AesMode; +use std::io; + +use byteorder::{LittleEndian, ReadBytesExt}; +use hmac::Hmac; +use sha1::Sha1; + +/// The length of the password verifcation value in bytes +const PWD_VERIFY_LENGTH: u64 = 2; +/// The length of the authentication code in bytes +const AUTH_CODE_LENGTH: u64 = 10; +/// The number of iterations used with PBKDF2 +const ITERATION_COUNT: u32 = 1000; +/// AES block size in bytes +const BLOCK_SIZE: usize = 16; + +// an aes encrypted file starts with a salt, whose length depends on the used aes mode +// followed by a 2 byte password verification value +// then the variable length encrypted data +// and lastly a 10 byte authentication code +pub(crate) struct AesReader { + reader: R, + aes_mode: AesMode, + salt_length: usize, + data_length: u64, +} + +impl AesReader { + pub fn new(reader: R, aes_mode: AesMode, compressed_size: u64) -> AesReader { + let salt_length = aes_mode.salt_length(); + let data_length = compressed_size - (PWD_VERIFY_LENGTH + AUTH_CODE_LENGTH + salt_length); + + Self { + reader, + aes_mode, + salt_length: salt_length as usize, + data_length, + } + } + + pub fn validate(mut self, password: &[u8]) -> Result>, io::Error> { + // the length of the salt depends on the used key size + let mut salt = vec![0; self.salt_length as usize]; + self.reader.read_exact(&mut salt).unwrap(); + + // next are 2 bytes used for password verification + let mut pwd_verification_value = vec![0; PWD_VERIFY_LENGTH as usize]; + self.reader.read_exact(&mut pwd_verification_value).unwrap(); + + // derive a key from the password and salt + // the length depends on the aes key length + let derived_key_len = (2 * self.aes_mode.key_length() + PWD_VERIFY_LENGTH) as usize; + let mut derived_key: Vec = vec![0; derived_key_len]; + + // use PBKDF2 with HMAC-Sha1 to derive the key + pbkdf2::pbkdf2::>(password, &salt, ITERATION_COUNT, &mut derived_key); + + // the last 2 bytes should equal the password verification value + if pwd_verification_value != &derived_key[derived_key_len - 2..] { + // wrong password + return Ok(None); + } + + // the first key_length bytes are used as decryption key + let decrypt_key = &derived_key[0..self.aes_mode.key_length() as usize]; + + panic!("Validating AesReader"); + } +} + +pub(crate) struct AesReaderValid { + reader: AesReader, +} + +impl io::Read for AesReaderValid { + fn read(&mut self, mut buf: &mut [u8]) -> std::io::Result { + panic!("Reading from AesReaderValid") + } +} + +impl AesReaderValid { + /// Consumes this decoder, returning the underlying reader. + pub fn into_inner(self) -> R { + self.reader.reader + } +} diff --git a/src/compression.rs b/src/compression.rs index 5fdde070..84e69d15 100644 --- a/src/compression.rs +++ b/src/compression.rs @@ -24,6 +24,10 @@ pub enum CompressionMethod { /// Compress the file using BZIP2 #[cfg(feature = "bzip2")] Bzip2, + /// Encrypted using AES. + /// The actual compression method has to be taken from the AES extra data field + /// or from `ZipFileData`. + AES, /// Unsupported compression method #[deprecated(since = "0.5.7", note = "use the constants instead")] Unsupported(u16), @@ -85,7 +89,7 @@ impl CompressionMethod { 8 => CompressionMethod::Deflated, #[cfg(feature = "bzip2")] 12 => CompressionMethod::Bzip2, - + 99 => CompressionMethod::AES, v => CompressionMethod::Unsupported(v), } } @@ -107,6 +111,7 @@ impl CompressionMethod { CompressionMethod::Deflated => 8, #[cfg(feature = "bzip2")] CompressionMethod::Bzip2 => 12, + CompressionMethod::AES => 99, CompressionMethod::Unsupported(v) => v, } } diff --git a/src/lib.rs b/src/lib.rs index df398ce7..45c6c2e1 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -10,7 +10,7 @@ pub use crate::read::ZipArchive; pub use crate::types::DateTime; pub use crate::write::ZipWriter; -#[cfg(feature = "aes-crypto")] +mod aes; mod aes_ctr; mod compression; mod cp437; diff --git a/src/read.rs b/src/read.rs index 97bccd2d..e1afaf03 100644 --- a/src/read.rs +++ b/src/read.rs @@ -1,19 +1,19 @@ //! Types for reading ZIP archives +use crate::aes::{AesReaderValid, AesReader}; use crate::compression::CompressionMethod; +use crate::cp437::FromCp437; use crate::crc32::Crc32Reader; use crate::result::{InvalidPassword, ZipError, ZipResult}; use crate::spec; +use crate::types::{AesMode, DateTime, System, ZipFileData}; use crate::zipcrypto::{ZipCryptoReader, ZipCryptoReaderValid, ZipCryptoValidator}; +use byteorder::{LittleEndian, ReadBytesExt}; use std::borrow::Cow; use std::collections::HashMap; use std::io::{self, prelude::*}; use std::path::{Component, Path}; -use crate::cp437::FromCp437; -use crate::types::{DateTime, System, ZipFileData}; -use byteorder::{LittleEndian, ReadBytesExt}; - #[cfg(any( feature = "deflate", feature = "deflate-miniz", @@ -57,6 +57,7 @@ pub struct ZipArchive { enum CryptoReader<'a> { Plaintext(io::Take<&'a mut dyn Read>), ZipCrypto(ZipCryptoReaderValid>), + Aes(AesReaderValid>), } impl<'a> Read for CryptoReader<'a> { @@ -64,6 +65,7 @@ impl<'a> Read for CryptoReader<'a> { match self { CryptoReader::Plaintext(r) => r.read(buf), CryptoReader::ZipCrypto(r) => r.read(buf), + CryptoReader::Aes(r) => r.read(buf), } } } @@ -74,6 +76,7 @@ impl<'a> CryptoReader<'a> { match self { CryptoReader::Plaintext(r) => r, CryptoReader::ZipCrypto(r) => r.into_inner(), + CryptoReader::Aes(r) => r.into_inner(), } } } @@ -164,6 +167,8 @@ fn make_crypto_reader<'a>( using_data_descriptor: bool, reader: io::Take<&'a mut dyn io::Read>, password: Option<&[u8]>, + aes_mode: Option, + compressed_size: u64, ) -> ZipResult, InvalidPassword>> { #[allow(deprecated)] { @@ -172,9 +177,9 @@ fn make_crypto_reader<'a>( } } - let reader = match password { - None => CryptoReader::Plaintext(reader), - Some(password) => { + let reader = match (password, aes_mode) { + (None, _) => CryptoReader::Plaintext(reader), + (Some(password), None) => { let validator = if using_data_descriptor { ZipCryptoValidator::InfoZipMsdosTime(last_modified_time.timepart()) } else { @@ -185,6 +190,12 @@ fn make_crypto_reader<'a>( Some(r) => CryptoReader::ZipCrypto(r), } } + (Some(password), Some(aes_mode)) => { + match AesReader::new(reader, aes_mode, compressed_size).validate(&password)? { + None => return Ok(Err(InvalidPassword)), + Some(r) => CryptoReader::Aes(r), + } + } }; Ok(Ok(reader)) } @@ -502,6 +513,8 @@ impl ZipArchive { data.using_data_descriptor, limit_reader, password, + data.aes_mode, + data.compressed_size ) { Ok(Ok(crypto_reader)) => Ok(Ok(ZipFile { crypto_reader: Some(crypto_reader), @@ -595,12 +608,21 @@ pub(crate) fn central_header_to_zip_file( data_start: 0, external_attributes: external_file_attributes, large_file: false, + aes_mode: None, }; - + match parse_extra_field(&mut result) { Ok(..) | Err(ZipError::Io(..)) => {} Err(e) => return Err(e), } + + + let aes_enabled = result.compression_method == CompressionMethod::AES; + if aes_enabled && result.aes_mode.is_none() { + return Err(ZipError::InvalidArchive( + "AES encryption without AES extra data field", + )); + } // Account for shifted zip offsets. result.header_start += archive_offset; @@ -615,24 +637,53 @@ fn parse_extra_field(file: &mut ZipFileData) -> ZipResult<()> { let kind = reader.read_u16::()?; let len = reader.read_u16::()?; let mut len_left = len as i64; - // Zip64 extended information extra field - if kind == 0x0001 { - if file.uncompressed_size == 0xFFFFFFFF { - file.large_file = true; - file.uncompressed_size = reader.read_u64::()?; - len_left -= 8; + match kind { + // Zip64 extended information extra field + 0x0001 => { + if file.uncompressed_size == 0xFFFFFFFF { + file.large_file = true; + file.uncompressed_size = reader.read_u64::()?; + len_left -= 8; + } + if file.compressed_size == 0xFFFFFFFF { + file.large_file = true; + file.compressed_size = reader.read_u64::()?; + len_left -= 8; + } + if file.header_start == 0xFFFFFFFF { + file.header_start = reader.read_u64::()?; + len_left -= 8; + } } - if file.compressed_size == 0xFFFFFFFF { - file.large_file = true; - file.compressed_size = reader.read_u64::()?; - len_left -= 8; + 0x9901 => { + // AES + if len != 7 { + return Err(ZipError::UnsupportedArchive( + "AES extra data field has an unsupported length", + )); + } + let _vendor_version = reader.read_u16::()?; // TODO: CRC value handling changes + let vendor_id = reader.read_u16::()?; + let aes_mode = reader.read_u8()?; + let compression_method = reader.read_u16::()?; + + if vendor_id != 0x4541 { + return Err(ZipError::InvalidArchive("Invalid AES vendor")); + } + match aes_mode { + 0x01 => file.aes_mode = Some(AesMode::Aes128), + 0x02 => file.aes_mode = Some(AesMode::Aes192), + 0x03 => file.aes_mode = Some(AesMode::Aes256), + _ => return Err(ZipError::InvalidArchive("Invalid AES encryption strength")), + }; + file.compression_method = { + #[allow(deprecated)] + CompressionMethod::from_u16(compression_method) + }; } - if file.header_start == 0xFFFFFFFF { - file.header_start = reader.read_u64::()?; - len_left -= 8; + _ => { + // Other fields are ignored } - // Unparsed fields: - // u32: disk start number } // We could also check for < 0 to check for errors @@ -950,6 +1001,7 @@ pub fn read_zipfile_from_stream<'a, R: io::Read>( // from standard input, this field is set to zero.' external_attributes: 0, large_file: false, + aes_mode: None, }; match parse_extra_field(&mut result) { @@ -975,6 +1027,8 @@ pub fn read_zipfile_from_stream<'a, R: io::Read>( result.using_data_descriptor, limit_reader, None, + None, + result.compressed_size, )? .unwrap(); diff --git a/src/types.rs b/src/types.rs index 026aa150..c2f40f4a 100644 --- a/src/types.rs +++ b/src/types.rs @@ -248,6 +248,8 @@ pub struct ZipFileData { pub external_attributes: u32, /// Reserve local ZIP64 extra field pub large_file: bool, + /// AES mode if applicable + pub aes_mode: Option, } impl ZipFileData { @@ -298,6 +300,28 @@ impl ZipFileData { } } +/// AES variant used. +#[derive(Copy, Clone, Debug, PartialEq)] +pub enum AesMode { + Aes128, + Aes192, + Aes256, +} + +impl AesMode { + pub fn salt_length(&self) -> u64 { + self.key_length() / 2 + } + + pub fn key_length(&self) -> u64 { + match self { + Self::Aes128 => 16, + Self::Aes192 => 24, + Self::Aes256 => 32, + } + } +} + #[cfg(test)] mod test { #[test] @@ -332,6 +356,7 @@ mod test { central_header_start: 0, external_attributes: 0, large_file: false, + aes_mode: None, }; assert_eq!( data.file_name_sanitized(), diff --git a/src/write.rs b/src/write.rs index 05c3666a..05236505 100644 --- a/src/write.rs +++ b/src/write.rs @@ -334,6 +334,7 @@ impl ZipWriter { central_header_start: 0, external_attributes: permissions << 16, large_file: options.large_file, + aes_mode: None, }; write_local_file_header(writer, &file)?; @@ -830,6 +831,11 @@ impl GenericZipWriter { CompressionMethod::Bzip2 => { GenericZipWriter::Bzip2(BzEncoder::new(bare, bzip2::Compression::default())) } + CompressionMethod::AES => { + return Err(ZipError::UnsupportedArchive( + "AES compression is not supported for writing", + )) + } CompressionMethod::Unsupported(..) => { return Err(ZipError::UnsupportedArchive("Unsupported compression")) }