diff --git a/src/aes.rs b/src/aes.rs index 721d72ae..363f9e13 100644 --- a/src/aes.rs +++ b/src/aes.rs @@ -124,6 +124,23 @@ impl AesReader { finalized: false, }) } + + /// Read the AES header bytes and returns the key and salt. + /// + /// # Returns + /// + /// the key and the salt + pub fn get_key_and_salt(mut self) -> io::Result<(Vec, Vec)> { + let salt_length = self.aes_mode.salt_length(); + + let mut salt = vec![0; salt_length]; + self.reader.read_exact(&mut salt)?; + + // next are 2 bytes used for password verification + let mut pwd_verification_value = vec![0; PWD_VERIFY_LENGTH]; + self.reader.read_exact(&mut pwd_verification_value)?; + Ok((pwd_verification_value, salt)) + } } /// A reader for aes encrypted files, which has already passed the first password check. diff --git a/src/read.rs b/src/read.rs index 91080941..888ef330 100644 --- a/src/read.rs +++ b/src/read.rs @@ -645,6 +645,32 @@ impl ZipArchive { Ok(shared) } + /// Returns key and salt + pub fn get_aes_key_and_salt( + &mut self, + file_number: usize, + ) -> ZipResult, Vec)>> { + let (_, data) = self + .shared + .files + .get_index(file_number) + .ok_or(ZipError::FileNotFound)?; + + if !data.encrypted { + return Err(ZipError::UnsupportedArchive(ZipError::PASSWORD_REQUIRED)); + } + let limit_reader = find_content(data, &mut self.reader)?; + match data.aes_mode { + None => Ok(None), + Some((aes_mode, _, _)) => { + let (key, salt) = AesReader::new(limit_reader, aes_mode, data.compressed_size) + .get_key_and_salt() + .expect("AES reader failed"); + Ok(Some((aes_mode, key, salt))) + } + } + } + /// Read a ZIP archive, collecting the files it contains /// /// This uses the central directory record of the ZIP file, and ignores local file headers