Rizin
unix-like reverse engineering framework and cli tools
zip_winzip_aes.c
Go to the documentation of this file.
1 /*
2  zip_winzip_aes.c -- Winzip AES de/encryption backend routines
3  Copyright (C) 2017-2021 Dieter Baron and Thomas Klausner
4 
5  This file is part of libzip, a library to manipulate ZIP archives.
6  The authors can be contacted at <info@libzip.org>
7 
8  Redistribution and use in source and binary forms, with or without
9  modification, are permitted provided that the following conditions
10  are met:
11  1. Redistributions of source code must retain the above copyright
12  notice, this list of conditions and the following disclaimer.
13  2. Redistributions in binary form must reproduce the above copyright
14  notice, this list of conditions and the following disclaimer in
15  the documentation and/or other materials provided with the
16  distribution.
17  3. The names of the authors may not be used to endorse or promote
18  products derived from this software without specific prior
19  written permission.
20 
21  THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS
22  OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
23  WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
24  ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY
25  DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
26  DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
27  GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
28  INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
29  IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
30  OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
31  IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 */
33 
34 #include "zipint.h"
35 
36 #include "zip_crypto.h"
37 
38 #include <stdlib.h>
39 #include <string.h>
40 
41 
42 #define MAX_KEY_LENGTH 256
43 #define PBKDF2_ITERATIONS 1000
44 
45 struct _zip_winzip_aes {
46  _zip_crypto_aes_t *aes;
47  _zip_crypto_hmac_t *hmac;
48  zip_uint8_t counter[ZIP_CRYPTO_AES_BLOCK_LENGTH];
49  zip_uint8_t pad[ZIP_CRYPTO_AES_BLOCK_LENGTH];
50  int pad_offset;
51 };
52 
53 static bool
54 aes_crypt(zip_winzip_aes_t *ctx, zip_uint8_t *data, zip_uint64_t length) {
55  zip_uint64_t i, j;
56 
57  for (i = 0; i < length; i++) {
58  if (ctx->pad_offset == AES_BLOCK_SIZE) {
59  for (j = 0; j < 8; j++) {
60  ctx->counter[j]++;
61  if (ctx->counter[j] != 0) {
62  break;
63  }
64  }
65  if (!_zip_crypto_aes_encrypt_block(ctx->aes, ctx->counter, ctx->pad)) {
66  return false;
67  }
68  ctx->pad_offset = 0;
69  }
70  data[i] ^= ctx->pad[ctx->pad_offset++];
71  }
72 
73  return true;
74 }
75 
76 
77 zip_winzip_aes_t *
78 _zip_winzip_aes_new(const zip_uint8_t *password, zip_uint64_t password_length, const zip_uint8_t *salt, zip_uint16_t encryption_method, zip_uint8_t *password_verify, zip_error_t *error) {
79  zip_winzip_aes_t *ctx;
80  zip_uint8_t buffer[2 * (MAX_KEY_LENGTH / 8) + WINZIP_AES_PASSWORD_VERIFY_LENGTH];
81  zip_uint16_t key_size = 0; /* in bits */
82  zip_uint16_t key_length; /* in bytes */
83 
84  switch (encryption_method) {
85  case ZIP_EM_AES_128:
86  key_size = 128;
87  break;
88  case ZIP_EM_AES_192:
89  key_size = 192;
90  break;
91  case ZIP_EM_AES_256:
92  key_size = 256;
93  break;
94  }
95 
96  if (key_size == 0 || salt == NULL || password == NULL || password_length == 0) {
97  zip_error_set(error, ZIP_ER_INVAL, 0);
98  return NULL;
99  }
100 
101  key_length = key_size / 8;
102 
103  if ((ctx = (zip_winzip_aes_t *)malloc(sizeof(*ctx))) == NULL) {
104  zip_error_set(error, ZIP_ER_MEMORY, 0);
105  return NULL;
106  }
107 
108  memset(ctx->counter, 0, sizeof(ctx->counter));
109  ctx->pad_offset = ZIP_CRYPTO_AES_BLOCK_LENGTH;
110 
111  if (!_zip_crypto_pbkdf2(password, password_length, salt, key_length / 2, PBKDF2_ITERATIONS, buffer, 2 * key_length + WINZIP_AES_PASSWORD_VERIFY_LENGTH)) {
112  free(ctx);
113  return NULL;
114  }
115 
116  if ((ctx->aes = _zip_crypto_aes_new(buffer, key_size, error)) == NULL) {
117  _zip_crypto_clear(ctx, sizeof(*ctx));
118  free(ctx);
119  return NULL;
120  }
121  if ((ctx->hmac = _zip_crypto_hmac_new(buffer + key_length, key_length, error)) == NULL) {
122  _zip_crypto_aes_free(ctx->aes);
123  free(ctx);
124  return NULL;
125  }
126 
127  if (password_verify) {
128  memcpy(password_verify, buffer + (2 * key_size / 8), WINZIP_AES_PASSWORD_VERIFY_LENGTH);
129  }
130 
131  return ctx;
132 }
133 
134 
135 bool
136 _zip_winzip_aes_encrypt(zip_winzip_aes_t *ctx, zip_uint8_t *data, zip_uint64_t length) {
137  return aes_crypt(ctx, data, length) && _zip_crypto_hmac(ctx->hmac, data, length);
138 }
139 
140 
141 bool
142 _zip_winzip_aes_decrypt(zip_winzip_aes_t *ctx, zip_uint8_t *data, zip_uint64_t length) {
143  return _zip_crypto_hmac(ctx->hmac, data, length) && aes_crypt(ctx, data, length);
144 }
145 
146 
147 bool
148 _zip_winzip_aes_finish(zip_winzip_aes_t *ctx, zip_uint8_t *hmac) {
149  return _zip_crypto_hmac_output(ctx->hmac, hmac);
150 }
151 
152 
153 void
154 _zip_winzip_aes_free(zip_winzip_aes_t *ctx) {
155  if (ctx == NULL) {
156  return;
157  }
158 
159  _zip_crypto_aes_free(ctx->aes);
160  _zip_crypto_hmac_free(ctx->hmac);
161  free(ctx);
162 }
i
lzma_index ** i
Definition: index.h:629
NULL
#define NULL
Definition: cris-opc.c:27
length
static static sync static getppid static getegid const char static filename char static len const char char static bufsiz static mask static vfork const void static prot static getpgrp const char static swapflags static arg static fd static protocol static who struct sockaddr static addrlen static backlog struct timeval struct timezone static tz const struct iovec static count static mode const void const struct sockaddr static tolen const char static pathname void static offset struct stat static buf void long static basep static whence static length const void static len static semflg const void static shmflg const struct timespec struct timespec static rem const char static group const void length
Definition: sflib.h:133
free
RZ_API void Ht_() free(HtName_(Ht) *ht)
Definition: ht_inc.c:130
memset
return memset(p, 0, total)
memcpy
memcpy(mem, inblock.get(), min(CONTAINING_RECORD(inblock.get(), MEMBLOCK, data) ->size, size))
zip_error_set
ZIP_EXTERN void zip_error_set(zip_error_t *_Nullable, int, int)
Definition: zip_error.c:126
ZIP_ER_MEMORY
#define ZIP_ER_MEMORY
Definition: zip.h:119
ZIP_EM_AES_256
#define ZIP_EM_AES_256
Definition: zip.h:192
ZIP_EM_AES_192
#define ZIP_EM_AES_192
Definition: zip.h:191
ZIP_ER_INVAL
#define ZIP_ER_INVAL
Definition: zip.h:123
ZIP_EM_AES_128
#define ZIP_EM_AES_128
Definition: zip.h:190
malloc
void * malloc(size_t size)
Definition: malloc.c:123
_zip_crypto_aes_t
Definition: zip_crypto_gnutls.h:46
_zip_crypto_hmac_s
Definition: zip_crypto_win.c:379
_zip_winzip_aes
Definition: zip_winzip_aes.c:45
_zip_winzip_aes::pad_offset
int pad_offset
Definition: zip_winzip_aes.c:50
_zip_winzip_aes::hmac
_zip_crypto_hmac_t * hmac
Definition: zip_winzip_aes.c:47
_zip_winzip_aes::pad
zip_uint8_t pad[ZIP_CRYPTO_AES_BLOCK_LENGTH]
Definition: zip_winzip_aes.c:49
_zip_winzip_aes::counter
zip_uint8_t counter[ZIP_CRYPTO_AES_BLOCK_LENGTH]
Definition: zip_winzip_aes.c:48
_zip_winzip_aes::aes
_zip_crypto_aes_t * aes
Definition: zip_winzip_aes.c:46
buffer
Definition: buffer.h:15
zip_error
Definition: zip.h:284
error
void error(const char *msg)
Definition: untgz.c:593
zip_crypto.h
ZIP_CRYPTO_AES_BLOCK_LENGTH
#define ZIP_CRYPTO_AES_BLOCK_LENGTH
Definition: zip_crypto.h:38
_zip_crypto_hmac_free
void _zip_crypto_hmac_free(_zip_crypto_hmac_t *hmac)
Definition: zip_crypto_commoncrypto.c:88
_zip_crypto_aes_free
void _zip_crypto_aes_free(_zip_crypto_aes_t *aes)
Definition: zip_crypto_commoncrypto.c:44
_zip_crypto_aes_new
_zip_crypto_aes_t * _zip_crypto_aes_new(const zip_uint8_t *key, zip_uint16_t key_size, zip_error_t *error)
Definition: zip_crypto_commoncrypto.c:62
_zip_crypto_hmac_new
_zip_crypto_hmac_t * _zip_crypto_hmac_new(const zip_uint8_t *secret, zip_uint64_t secret_length, zip_error_t *error)
Definition: zip_crypto_commoncrypto.c:99
_zip_crypto_hmac_output
#define _zip_crypto_hmac_output(hmac, data)
Definition: zip_crypto_commoncrypto.h:49
_zip_crypto_hmac
#define _zip_crypto_hmac(hmac, data, length)
Definition: zip_crypto_commoncrypto.h:46
_zip_crypto_pbkdf2
#define _zip_crypto_pbkdf2(key, key_length, salt, salt_length, iterations, output, output_length)
Definition: zip_crypto_commoncrypto.h:51
_zip_crypto_aes_encrypt_block
#define _zip_crypto_aes_encrypt_block(aes, in, out)
Definition: zip_crypto_mbedtls.h:46
_zip_winzip_aes_encrypt
bool _zip_winzip_aes_encrypt(zip_winzip_aes_t *ctx, zip_uint8_t *data, zip_uint64_t length)
Definition: zip_winzip_aes.c:136
MAX_KEY_LENGTH
#define MAX_KEY_LENGTH
Definition: zip_winzip_aes.c:42
_zip_winzip_aes_finish
bool _zip_winzip_aes_finish(zip_winzip_aes_t *ctx, zip_uint8_t *hmac)
Definition: zip_winzip_aes.c:148
_zip_winzip_aes_free
void _zip_winzip_aes_free(zip_winzip_aes_t *ctx)
Definition: zip_winzip_aes.c:154
_zip_winzip_aes_new
zip_winzip_aes_t * _zip_winzip_aes_new(const zip_uint8_t *password, zip_uint64_t password_length, const zip_uint8_t *salt, zip_uint16_t encryption_method, zip_uint8_t *password_verify, zip_error_t *error)
Definition: zip_winzip_aes.c:78
_zip_winzip_aes_decrypt
bool _zip_winzip_aes_decrypt(zip_winzip_aes_t *ctx, zip_uint8_t *data, zip_uint64_t length)
Definition: zip_winzip_aes.c:142
PBKDF2_ITERATIONS
#define PBKDF2_ITERATIONS
Definition: zip_winzip_aes.c:43
aes_crypt
static bool aes_crypt(zip_winzip_aes_t *ctx, zip_uint8_t *data, zip_uint64_t length)
Definition: zip_winzip_aes.c:54
zip_uint64_t
uint64_t zip_uint64_t
Definition: zipconf.h:39
zip_uint8_t
uint8_t zip_uint8_t
Definition: zipconf.h:33
zip_uint16_t
uint16_t zip_uint16_t
Definition: zipconf.h:35
_zip_crypto_clear
#define _zip_crypto_clear(b, l)
Definition: zipint.h:489
WINZIP_AES_PASSWORD_VERIFY_LENGTH
#define WINZIP_AES_PASSWORD_VERIFY_LENGTH
Definition: zipint.h:75
AES_BLOCK_SIZE
#define AES_BLOCK_SIZE
Definition: zipint.h:77