Fix HMAC calculation for Zip AES Encryption

Author: Remo Gloor

src/ICSharpCode.SharpZipLib/Zip/Compression/Streams/InflaterInputStream.cs

@@ -127,13 +127,11 @@ public void Fill()
 				toRead -= count;
 			}
 
+			clearTextLength = rawLength;
 			if (cryptoTransform != null)
 			{
-				clearTextLength = cryptoTransform.TransformBlock(rawData, 0, rawLength, clearText, 0);
-			}
-			else
-			{
-				clearTextLength = rawLength;
+				var size = CalculateDecryptionSize(rawLength);
+				cryptoTransform.TransformBlock(rawData, 0, size, clearText, 0);
 			}
 
 			available = clearTextLength;
@@ -290,7 +288,9 @@ public ICryptoTransform CryptoTransform
 					clearTextLength = rawLength;
 					if (available > 0)
 					{
-						cryptoTransform.TransformBlock(rawData, rawLength - available, available, clearText, rawLength - available);
+						var size = CalculateDecryptionSize(available);
+
+						cryptoTransform.TransformBlock(rawData, rawLength - available, size, clearText, rawLength - available);
 					}
 				}
 				else
@@ -301,6 +301,20 @@ public ICryptoTransform CryptoTransform
 			}
 		}
 
+		private int CalculateDecryptionSize(int availableBufferSize)
+		{
+			int size = DecryptSize ?? availableBufferSize;
+			size = Math.Min(size, availableBufferSize);
+			if (DecryptSize.HasValue)
+			{
+				DecryptSize -= size;
+			}
+
+			return size;
+		}
+
+		public int? DecryptSize { get; set; }
+
 		#region Instance Fields
 
 		private int rawLength;

src/ICSharpCode.SharpZipLib/Zip/ZipInputStream.cs

@@ -75,6 +75,7 @@ public class ZipInputStream : InflaterInputStream
 		private long size;
 		private int flags;
 		private string password;
+		private ZipAESTransform cryptoTransform;
 
 		#endregion Instance Fields
 
@@ -147,7 +148,8 @@ private static bool IsEntryCompressionMethodSupported(ZipEntry entry)
 			var entryCompressionMethod = entry.CompressionMethodForHeader;
 
 			return entryCompressionMethod == CompressionMethod.Deflated ||
-				   entryCompressionMethod == CompressionMethod.Stored;
+				   entryCompressionMethod == CompressionMethod.Stored ||
+				   entryCompressionMethod == CompressionMethod.WinZipAES;
 		}
 
 		/// <summary>
@@ -353,17 +355,15 @@ protected override void StopDecrypting()
 																			// Final block done. Check Auth code.
 				}
 
-				/*
-				byte[] calcAuthCode = (this.cryptoTransform as ZipAESTransform).GetAuthCode();
+				byte[] calcAuthCode = this.cryptoTransform.GetAuthCode();
 				for (int i = 0; i < ZipConstants.AESAuthCodeLength; i++)
 				{
 					if (calcAuthCode[i] != authBytes[i])
 					{
-						// throw new Exception("AES Authentication Code does not match. This is a super-CRC check on the data in the file after compression and encryption. \r\n"
-						// 	+ "The file may be damaged.");
+						throw new Exception("AES Authentication Code does not match. This is a super-CRC check on the data in the file after compression and encryption. \r\n"
+						 	+ "The file may be damaged or tampered.");
 					}
 				}
-				*/
 
 				// Dispose the transform?
 			}
@@ -611,7 +611,9 @@ private int InitialRead(byte[] destination, int offset, int count)
 					// The AES data has saltLen+AESPasswordVerifyLength bytes as a header, and AESAuthCodeLength bytes
 					// as a footer.
 					csize -= (saltLen + ZipConstants.AESPasswordVerifyLength + ZipConstants.AESAuthCodeLength);
+					inputBuffer.DecryptSize = (int)csize;
 					inputBuffer.CryptoTransform = decryptor;
+					this.cryptoTransform = decryptor;
 				}
 			}
 			else

test/ICSharpCode.SharpZipLib.Tests/Zip/ZipEncryptionHandling.cs

@@ -10,6 +10,17 @@ namespace ICSharpCode.SharpZipLib.Tests.Zip
 	[TestFixture]
 	public class ZipEncryptionHandling
 	{
+		static ZipEncryptionHandling()
+		{
+			var sb = new StringBuilder();
+			for (int i = 0; i < 1000; i++)
+			{
+				sb.Append(Guid.NewGuid());
+			}
+
+			DummyDataString = sb.ToString();
+		}
+		
 		[Test]
 		[Category("Encryption")]
 		[Category("Zip")]
@@ -127,20 +138,23 @@ public void ZipInputStreamDecryption(int aesKeySize, CompressionMethod compressi
 
 			using (var ms = new MemoryStream())
 			{
-				WriteEncryptedZipToStream(ms, password, aesKeySize, compressionMethod);
+				WriteEncryptedZipToStream(ms, 3, password, aesKeySize, compressionMethod);
 				ms.Seek(0, SeekOrigin.Begin);
 
 				using (var zis = new ZipInputStream(ms))
 				{
 					zis.IsStreamOwner = false;
 					zis.Password = password;
 
-					var hmm = zis.GetNextEntry();
-
-					using (var sr = new StreamReader(zis, Encoding.UTF8))
+					for (int i = 0; i < 3; i++)
 					{
-						var content = sr.ReadToEnd();
-						Assert.AreEqual(DummyDataString, content, "Decompressed content does not match input data");
+						var hmm = zis.GetNextEntry();
+
+						using (var sr = new StreamReader(zis, Encoding.UTF8, leaveOpen: true, detectEncodingFromByteOrderMarks: true, bufferSize: 1024))
+						{
+							var content = sr.ReadToEnd();
+							Assert.AreEqual(DummyDataString, content, "Decompressed content does not match input data");
+						}
 					}
 				}
 			}
@@ -473,40 +487,6 @@ public void ZipFileAESReadWithEmptyPassword()
 			}
 		}
 
-		/// <summary>
-		/// ZipInputStream can't decrypt AES encrypted entries, but it should report that to the caller
-		/// rather than just failing.
-		/// </summary>
-		[Test]
-		[Category("Zip")]
-		public void ZipinputStreamShouldGracefullyFailWithAESStreams()
-		{
-			string password = "password";
-
-			using (var memoryStream = new MemoryStream())
-			{
-				// Try to create a zip stream
-				WriteEncryptedZipToStream(memoryStream, password, 256);
-
-				// reset
-				memoryStream.Seek(0, SeekOrigin.Begin);
-
-				// Try to read
-				using (var inputStream = new ZipInputStream(memoryStream))
-				{
-					inputStream.Password = password;
-					var entry = inputStream.GetNextEntry();
-					Assert.That(entry.AESKeySize, Is.EqualTo(256), "Test entry should be AES256 encrypted.");
-
-					// CanDecompressEntry should be false.
-					Assert.That(inputStream.CanDecompressEntry, Is.False, "CanDecompressEntry should be false for AES encrypted entries");
-
-					// Should throw on read.
-					Assert.Throws<ZipException>(() => inputStream.ReadByte());
-				}
-			}
-		}
-
 		public void WriteEncryptedZipToStream(Stream stream, string password, int keySize, CompressionMethod compressionMethod = CompressionMethod.Deflated)
 		{
 			using (var zs = new ZipOutputStream(stream))
@@ -564,9 +544,6 @@ public void CreateZipWithEncryptedEntries(string password, int keySize, Compress
 			}
 		}
 
-		private const string DummyDataString = @"Lorem ipsum dolor sit amet, consectetur adipiscing elit.
-Fusce bibendum diam ac nunc rutrum ornare. Maecenas blandit elit ligula, eget suscipit lectus rutrum eu.
-Maecenas aliquam, purus mattis pulvinar pharetra, nunc orci maximus justo, sed facilisis massa dui sed lorem.
-Vestibulum id iaculis leo. Duis porta ante lorem. Duis condimentum enim nec lorem tristique interdum. Fusce in faucibus libero.";
+		private static readonly string DummyDataString;
 	}
 }