Merge pull request #7 from xp-framework/feature/encrypt

Refactor encryption, adding AES-128, -192 and -256 write support

Author: thekid

src/main/php/io/archive/zip/AbstractZipReaderImpl.class.php

@@ -221,69 +221,25 @@ public function currentEntry() {
           $this->skip= $header['compressed'] + 16;
         }
 
-        $stream= new ZipFileInputStream($this, $this->position, $header['compressed']);
-
         // AES vs. traditional PKZIP cipher
         if (99 === $header['compression']) {
           $aes= unpack('vheader/vsize/vversion/a2vendor/cstrength/vcompression', $extra);
           $header['compression']= $aes['compression'];
-          $is= function() use($header, $stream, $aes) {
-            if (null === $this->password) {
-              throw new IllegalAccessException('No password set');
-            }
-
-            switch ($aes['strength']) {
-              case 1: $sl= 8; $dl= 16; break;
-              case 2: $sl= 12; $dl= 24; break;
-              case 3: $sl= 16; $dl= 32; break;
-              default: throw new IllegalArgumentException('Invalid AES strength '.$aes['strength']);
-            }
-
-            // Verify password
-            $stream->seek(0);
-            $salt= $stream->read($sl);
-            $pvv= $stream->read(2);
-            $dk= hash_pbkdf2('sha1', $this->password->reveal(), $salt, 1000, 2 * $dl + 2, true);
-            if (0 !== substr_compare($dk, $pvv, 2 * $dl, 2)) {
-              throw new IllegalAccessException('The password did not match');
-            }
-
-            return new AESInputStream(
-              $stream,
-              substr($dk, 0, $dl),
-              substr($dk, $dl, $dl)
-            );
-          };
+          $encryption= Encryption::aes($this->password, $aes['strength']);
         } else if ($header['flags'] & 1) {
-          $is= function() use($header, $stream) {
-            if (null === $this->password) {
-              throw new IllegalAccessException('No password set');
-            }
-
-            // Verify password
-            $stream->seek(0);
-            $cipher= new ZipCipher();
-            $cipher->initialize(iconv(\xp::ENCODING, 'cp437', $this->password->reveal()));
-            $preamble= $cipher->decipher($stream->read(12));
-            if (ord($preamble[11]) !== (($header['crc'] >> 24) & 0xff)) {
-              throw new IllegalAccessException('The password did not match');
-            }
-
-            return new DecipheringInputStream($stream, $cipher);
-          };
+          $encryption= Encryption::cipher($this->password);
         } else {
-          $is= function() use($stream) {
-            $stream->seek(0);
-            return $stream;
-          };
+          $encryption= null;
         }
 
         // Create ZipEntry object and return it
         $e= new ZipFileEntry($decoded);
         $e->setLastModified($date);
         $e->setSize($header['uncompressed']);
-        $e->setCompression(Compression::getInstance($header['compression']));
-        $e->is= $is;
+        $e->withCrc32($header['crc']);
+        $e->useCompression(Compression::getInstance($header['compression']));
+        $e->useEncryption($encryption);
+        $e->is= new ZipFileInputStream($this, $this->position, $header['compressed']);
         return $e;
       }
       case self::DHDR: {      // Zip directory

src/main/php/io/archive/zip/Buffer.class.php

@@ -0,0 +1,50 @@
+<?php namespace io\archive\zip;
+
+use io\streams\{InputStream, OutputStream};
+
+/** @test io.archive.zip.unittest.BufferTest */
+class Buffer implements InputStream, OutputStream {
+  public $length= 0;
+  private $position= 0;
+  private $bytes= '';
+
+  /** @return int */
+  public function available() {
+    return $this->length - $this->position;
+  }
+
+  /**
+   * Read a number of given bytes
+   *
+   * @param  int $size
+   * @return string
+   */
+  public function read($size= 8192) {
+    $chunk= substr($this->bytes, $this->position, $size);
+    $this->position+= strlen($chunk);
+    return $chunk;
+  }
+
+  /**
+   * Write given bytes
+   *
+   * @param  string $bytes
+   * @return void
+   */
+  public function write($bytes) {
+    $this->length+= strlen($bytes);
+
+    // TODO: Buffer to disk!
+    $this->bytes.= $bytes;
+  }
+
+  /** @return void */
+  public function flush() {
+    // NOOP
+  }
+
+  /** @return void */
+  public function close() {
+    // NOOP
+  }
+}

src/main/php/io/archive/zip/CipheringZipFileOutputStream.class.php

@@ -0,0 +1,29 @@
+<?php namespace io\archive\zip;
+
+use io\archive\zip\encrypt\{AESEncryption, Cipher};
+
+/** Encryption methods */
+abstract class Encryption {
+
+  /**
+   * Returns AES encryption with either 128, 192 or 256 bits
+   *
+   * @ext    openssl
+   * @param  string|util.Secret $password
+   * @param  int $bits
+   * @return self
+   */
+  public static function aes($password, $bits): self {
+    return new AESEncryption($password, $bits);
+  }
+
+  /**
+   * Returns traditional PKZIP cipher
+   *
+   * @param  string|util.Secret $password
+   * @return self
+   */
+  public static function cipher($password): self {
+    return new Cipher($password);
+  }
+}

src/main/php/io/archive/zip/DecipheringInputStream.class.php

@@ -47,9 +47,21 @@ public function __construct(InputStream $stream) {
     }
   }
 
+  /**
+   * Sets password for decryption.
+   *
+   * @param  string|util.Secret $password
+   * @return self
+   */
+  public function decryptWith($password) {
+    $this->impl->setPassword($password);
+    return $this;
+  }
+
   /**
    * Set password to use when extracting 
    *
+   * @deprecated Use decryptWith() instead!
    * @param  string $password
    * @return self
    */