use std::fmt::{Debug, Formatter}; use std::hash::Hash; use std::num::Wrapping;
usecrate::result::ZipError;
/// A container to hold the current key state #[cfg_attr(fuzzing, derive(arbitrary::Arbitrary))] #[derive(Clone, Copy, Hash, Ord, PartialOrd, Eq, PartialEq)] pub(crate) struct ZipCryptoKeys {
key_0: Wrapping<u32>,
key_1: Wrapping<u32>,
key_2: Wrapping<u32>,
}
impl<R: std::io::Read> ZipCryptoReader<R> { /// Note: The password is `&[u8]` and not `&str` because the /// [zip specification](https://pkware.cachefly.net/webdocs/APPNOTE/APPNOTE-6.3.3.TXT) /// does not specify password encoding (see function `update_keys` in the specification). /// Therefore, if `&str` was used, the password would be UTF-8 and it /// would be impossible to decrypt files that were encrypted with a /// password byte sequence that is unrepresentable in UTF-8. pubfn new(file: R, password: &[u8]) -> ZipCryptoReader<R> {
ZipCryptoReader {
file,
keys: ZipCryptoKeys::derive(password),
}
}
/// Read the ZipCrypto header bytes and validate the password. pubfn validate( mutself,
validator: ZipCryptoValidator,
) -> Result<ZipCryptoReaderValid<R>, ZipError> { // ZipCrypto prefixes a file with a 12 byte header letmut header_buf = [0u8; 12]; self.file.read_exact(&mut header_buf)?; for byte in header_buf.iter_mut() {
*byte = self.keys.decrypt_byte(*byte);
}
match validator {
ZipCryptoValidator::PkzipCrc32(crc32_plaintext) => { // PKZIP before 2.0 used 2 byte CRC check. // PKZIP 2.0+ used 1 byte CRC check. It's more secure. // We also use 1 byte CRC.
if (crc32_plaintext >> 24) as u8 != header_buf[11] { return Err(ZipError::InvalidPassword);
}
}
ZipCryptoValidator::InfoZipMsdosTime(last_mod_time) => { // Info-ZIP modification to ZipCrypto format: // If bit 3 of the general purpose bit flag is set // (indicates that the file uses a data-descriptor section), // it uses high byte of 16-bit File Time. // Info-ZIP code probably writes 2 bytes of File Time. // We check only 1 byte.
if (last_mod_time >> 8) as u8 != header_buf[11] { return Err(ZipError::InvalidPassword);
}
}
}
Die Informationen auf dieser Webseite wurden
nach bestem Wissen sorgfältig zusammengestellt. Es wird jedoch weder Vollständigkeit, noch Richtigkeit,
noch Qualität der bereit gestellten Informationen zugesichert.
Bemerkung:
Die farbliche Syntaxdarstellung und die Messung sind noch experimentell.