/src/libzip/lib/zip_source_pkware_encode.c
Line | Count | Source (jump to first uncovered line) |
1 | | /* |
2 | | zip_source_pkware_encode.c -- Traditional PKWARE encryption routines |
3 | | Copyright (C) 2009-2024 Dieter Baron and Thomas Klausner |
4 | | |
5 | | This file is part of libzip, a library to manipulate ZIP archives. |
6 | | The authors can be contacted at <info@libzip.org> |
7 | | |
8 | | Redistribution and use in source and binary forms, with or without |
9 | | modification, are permitted provided that the following conditions |
10 | | are met: |
11 | | 1. Redistributions of source code must retain the above copyright |
12 | | notice, this list of conditions and the following disclaimer. |
13 | | 2. Redistributions in binary form must reproduce the above copyright |
14 | | notice, this list of conditions and the following disclaimer in |
15 | | the documentation and/or other materials provided with the |
16 | | distribution. |
17 | | 3. The names of the authors may not be used to endorse or promote |
18 | | products derived from this software without specific prior |
19 | | written permission. |
20 | | |
21 | | THIS SOFTWARE IS PROVIDED BY THE AUTHORS ``AS IS'' AND ANY EXPRESS |
22 | | OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED |
23 | | WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE |
24 | | ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY |
25 | | DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL |
26 | | DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE |
27 | | GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS |
28 | | INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER |
29 | | IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR |
30 | | OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN |
31 | | IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
32 | | */ |
33 | | |
34 | | |
35 | | #include <stdlib.h> |
36 | | #include <string.h> |
37 | | |
38 | | #include "zipint.h" |
39 | | |
40 | | struct trad_pkware { |
41 | | char *password; |
42 | | zip_pkware_keys_t keys; |
43 | | zip_buffer_t *buffer; |
44 | | bool eof; |
45 | | zip_dostime_t dostime; |
46 | | zip_error_t error; |
47 | | }; |
48 | | |
49 | | |
50 | | static int encrypt_header(zip_source_t *, struct trad_pkware *); |
51 | | static zip_int64_t pkware_encrypt(zip_source_t *, void *, void *, zip_uint64_t, zip_source_cmd_t); |
52 | | static void trad_pkware_free(struct trad_pkware *); |
53 | | static struct trad_pkware *trad_pkware_new(const char *password, zip_error_t *error); |
54 | | |
55 | | zip_source_t * |
56 | 0 | zip_source_pkware_encode(zip_t *za, zip_source_t *src, zip_uint16_t em, int flags, const char *password) { |
57 | 0 | struct trad_pkware *ctx; |
58 | 0 | zip_source_t *s2; |
59 | |
|
60 | 0 | if (password == NULL || src == NULL || em != ZIP_EM_TRAD_PKWARE) { |
61 | 0 | zip_error_set(&za->error, ZIP_ER_INVAL, 0); |
62 | 0 | return NULL; |
63 | 0 | } |
64 | 0 | if (!(flags & ZIP_CODEC_ENCODE)) { |
65 | 0 | zip_error_set(&za->error, ZIP_ER_ENCRNOTSUPP, 0); |
66 | 0 | return NULL; |
67 | 0 | } |
68 | | |
69 | 0 | if ((ctx = trad_pkware_new(password, &za->error)) == NULL) { |
70 | 0 | zip_error_set(&za->error, ZIP_ER_MEMORY, 0); |
71 | 0 | return NULL; |
72 | 0 | } |
73 | | |
74 | 0 | if (zip_source_get_dos_time(src, &ctx->dostime) <= 0) { |
75 | 0 | zip_stat_t st; |
76 | |
|
77 | 0 | if (zip_source_stat(src, &st) < 0) { |
78 | 0 | zip_error_set_from_source(&za->error, src); |
79 | 0 | trad_pkware_free(ctx); |
80 | 0 | return NULL; |
81 | 0 | } |
82 | 0 | if (_zip_u2d_time((st.valid & ZIP_STAT_MTIME) ? st.mtime : time(NULL), &ctx->dostime, &za->error) < 0) { |
83 | 0 | trad_pkware_free(ctx); |
84 | 0 | return NULL; |
85 | 0 | } |
86 | 0 | } |
87 | | |
88 | 0 | if ((s2 = zip_source_layered(za, src, pkware_encrypt, ctx)) == NULL) { |
89 | 0 | trad_pkware_free(ctx); |
90 | 0 | return NULL; |
91 | 0 | } |
92 | | |
93 | 0 | return s2; |
94 | 0 | } |
95 | | |
96 | | |
97 | | static int |
98 | 0 | encrypt_header(zip_source_t *src, struct trad_pkware *ctx) { |
99 | 0 | zip_uint8_t *header; |
100 | |
|
101 | 0 | if ((ctx->buffer = _zip_buffer_new(NULL, ZIP_CRYPTO_PKWARE_HEADERLEN)) == NULL) { |
102 | 0 | zip_error_set(&ctx->error, ZIP_ER_MEMORY, 0); |
103 | 0 | return -1; |
104 | 0 | } |
105 | | |
106 | 0 | header = _zip_buffer_data(ctx->buffer); |
107 | | |
108 | | /* generate header from random bytes and mtime |
109 | | see appnote.iz, XIII. Decryption, Step 2, last paragraph */ |
110 | 0 | if (!zip_secure_random(header, ZIP_CRYPTO_PKWARE_HEADERLEN - 1)) { |
111 | 0 | zip_error_set(&ctx->error, ZIP_ER_INTERNAL, 0); |
112 | 0 | _zip_buffer_free(ctx->buffer); |
113 | 0 | ctx->buffer = NULL; |
114 | 0 | return -1; |
115 | 0 | } |
116 | 0 | header[ZIP_CRYPTO_PKWARE_HEADERLEN - 1] = (zip_uint8_t)((ctx->dostime.time >> 8) & 0xff); |
117 | |
|
118 | 0 | _zip_pkware_encrypt(&ctx->keys, header, header, ZIP_CRYPTO_PKWARE_HEADERLEN); |
119 | |
|
120 | 0 | return 0; |
121 | 0 | } |
122 | | |
123 | | |
124 | | static zip_int64_t |
125 | 0 | pkware_encrypt(zip_source_t *src, void *ud, void *data, zip_uint64_t length, zip_source_cmd_t cmd) { |
126 | 0 | struct trad_pkware *ctx; |
127 | 0 | zip_int64_t n; |
128 | 0 | zip_uint64_t buffer_n; |
129 | |
|
130 | 0 | ctx = (struct trad_pkware *)ud; |
131 | |
|
132 | 0 | switch (cmd) { |
133 | 0 | case ZIP_SOURCE_OPEN: |
134 | 0 | ctx->eof = false; |
135 | | |
136 | | /* initialize keys */ |
137 | 0 | _zip_pkware_keys_reset(&ctx->keys); |
138 | 0 | _zip_pkware_encrypt(&ctx->keys, NULL, (const zip_uint8_t *)ctx->password, strlen(ctx->password)); |
139 | |
|
140 | 0 | if (encrypt_header(src, ctx) < 0) { |
141 | 0 | return -1; |
142 | 0 | } |
143 | 0 | return 0; |
144 | | |
145 | 0 | case ZIP_SOURCE_READ: |
146 | 0 | buffer_n = 0; |
147 | |
|
148 | 0 | if (ctx->buffer) { |
149 | | /* write header values to data */ |
150 | 0 | buffer_n = _zip_buffer_read(ctx->buffer, data, length); |
151 | 0 | data = (zip_uint8_t *)data + buffer_n; |
152 | 0 | length -= buffer_n; |
153 | |
|
154 | 0 | if (_zip_buffer_eof(ctx->buffer)) { |
155 | 0 | _zip_buffer_free(ctx->buffer); |
156 | 0 | ctx->buffer = NULL; |
157 | 0 | } |
158 | 0 | } |
159 | |
|
160 | 0 | if (ctx->eof) { |
161 | 0 | return (zip_int64_t)buffer_n; |
162 | 0 | } |
163 | | |
164 | 0 | if ((n = zip_source_read(src, data, length)) < 0) { |
165 | 0 | zip_error_set_from_source(&ctx->error, src); |
166 | 0 | return -1; |
167 | 0 | } |
168 | | |
169 | 0 | _zip_pkware_encrypt(&ctx->keys, (zip_uint8_t *)data, (zip_uint8_t *)data, (zip_uint64_t)n); |
170 | |
|
171 | 0 | if ((zip_uint64_t)n < length) { |
172 | 0 | ctx->eof = true; |
173 | 0 | } |
174 | |
|
175 | 0 | return (zip_int64_t)buffer_n + n; |
176 | | |
177 | 0 | case ZIP_SOURCE_CLOSE: |
178 | 0 | _zip_buffer_free(ctx->buffer); |
179 | 0 | ctx->buffer = NULL; |
180 | 0 | return 0; |
181 | | |
182 | 0 | case ZIP_SOURCE_STAT: { |
183 | 0 | zip_stat_t *st; |
184 | |
|
185 | 0 | st = (zip_stat_t *)data; |
186 | 0 | st->encryption_method = ZIP_EM_TRAD_PKWARE; |
187 | 0 | st->valid |= ZIP_STAT_ENCRYPTION_METHOD; |
188 | 0 | if (st->valid & ZIP_STAT_COMP_SIZE) { |
189 | 0 | st->comp_size += ZIP_CRYPTO_PKWARE_HEADERLEN; |
190 | 0 | } |
191 | |
|
192 | 0 | return 0; |
193 | 0 | } |
194 | | |
195 | 0 | case ZIP_SOURCE_GET_FILE_ATTRIBUTES: { |
196 | 0 | zip_file_attributes_t *attributes = (zip_file_attributes_t *)data; |
197 | 0 | if (length < sizeof(*attributes)) { |
198 | 0 | zip_error_set(&ctx->error, ZIP_ER_INVAL, 0); |
199 | 0 | return -1; |
200 | 0 | } |
201 | 0 | attributes->valid |= ZIP_FILE_ATTRIBUTES_VERSION_NEEDED | ZIP_FILE_ATTRIBUTES_GENERAL_PURPOSE_BIT_FLAGS; |
202 | 0 | attributes->version_needed = 20; |
203 | 0 | attributes->general_purpose_bit_flags = ZIP_GPBF_DATA_DESCRIPTOR; |
204 | 0 | attributes->general_purpose_bit_mask = ZIP_GPBF_DATA_DESCRIPTOR; |
205 | |
|
206 | 0 | return 0; |
207 | 0 | } |
208 | | |
209 | 0 | case ZIP_SOURCE_GET_DOS_TIME: |
210 | 0 | if (length < sizeof(ctx->dostime)) { |
211 | 0 | zip_error_set(&ctx->error, ZIP_ER_INVAL, 0); |
212 | 0 | return -1; |
213 | 0 | } |
214 | 0 | (void)memcpy_s(data, sizeof(ctx->dostime), &ctx->dostime, sizeof(ctx->dostime)); |
215 | 0 | return sizeof(ctx->dostime); |
216 | | |
217 | 0 | case ZIP_SOURCE_SUPPORTS: |
218 | 0 | return zip_source_make_command_bitmap(ZIP_SOURCE_OPEN, ZIP_SOURCE_READ, ZIP_SOURCE_CLOSE, ZIP_SOURCE_STAT, ZIP_SOURCE_ERROR, ZIP_SOURCE_FREE, ZIP_SOURCE_GET_FILE_ATTRIBUTES, ZIP_SOURCE_GET_DOS_TIME, -1); |
219 | | |
220 | 0 | case ZIP_SOURCE_ERROR: |
221 | 0 | return zip_error_to_data(&ctx->error, data, length); |
222 | | |
223 | 0 | case ZIP_SOURCE_FREE: |
224 | 0 | trad_pkware_free(ctx); |
225 | 0 | return 0; |
226 | | |
227 | 0 | default: |
228 | 0 | return zip_source_pass_to_lower_layer(src, data, length, cmd); |
229 | 0 | } |
230 | 0 | } |
231 | | |
232 | | |
233 | | static struct trad_pkware * |
234 | 0 | trad_pkware_new(const char *password, zip_error_t *error) { |
235 | 0 | struct trad_pkware *ctx; |
236 | |
|
237 | 0 | if ((ctx = (struct trad_pkware *)malloc(sizeof(*ctx))) == NULL) { |
238 | 0 | zip_error_set(error, ZIP_ER_MEMORY, 0); |
239 | 0 | return NULL; |
240 | 0 | } |
241 | | |
242 | 0 | if ((ctx->password = strdup(password)) == NULL) { |
243 | 0 | zip_error_set(error, ZIP_ER_MEMORY, 0); |
244 | 0 | free(ctx); |
245 | 0 | return NULL; |
246 | 0 | } |
247 | 0 | ctx->buffer = NULL; |
248 | 0 | zip_error_init(&ctx->error); |
249 | |
|
250 | 0 | return ctx; |
251 | 0 | } |
252 | | |
253 | | |
254 | | static void |
255 | 0 | trad_pkware_free(struct trad_pkware *ctx) { |
256 | 0 | if (ctx == NULL) { |
257 | 0 | return; |
258 | 0 | } |
259 | | |
260 | 0 | free(ctx->password); |
261 | 0 | _zip_buffer_free(ctx->buffer); |
262 | 0 | zip_error_fini(&ctx->error); |
263 | 0 | free(ctx); |
264 | 0 | } |