Implement AES encryption

Author: thekid

src/main/php/io/archive/zip/AESInputStream.class.php

@@ -0,0 +1,106 @@
+<?php namespace io\archive\zip;
+
+use io\streams\InputStream;
+use lang\IllegalStateException;
+
+/**
+ * Deciphers using little-endian variant of AES-CTR
+ *
+ * @ext   openssl
+ */
+class AESInputStream implements InputStream {
+  const BLOCK= 16;
+
+  private $in, $key;
+  private $cipher, $counter, $hmac;
+
+  /**
+   * Constructor
+   *
+   * @param  io.streams.InputStream $in
+   * @param  string $key
+   * @param  string $auth
+   */
+  public function __construct($in, $key, $auth) {
+    $this->in= $in;
+    $this->key= $key;
+
+    $this->cipher= 'aes-'.(strlen($key) * 8).'-ecb';
+    $this->counter= "\x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00";
+    $this->hmac= hash_init('sha1', HASH_HMAC, $auth);
+  }
+
+  /**
+   * Decrypt, updating the HMAC and the counter while doing so
+   *
+   * @param  string $input
+   * @return string
+   */
+  private function decrypt($input) {
+    hash_update($this->hmac, $input);
+
+    $return= '';
+    for ($offset= 0, $l= strlen($input); $offset < $l; $offset+= self::BLOCK) {
+
+      // Encrypt counter block using AES-ECB
+      $keystream= openssl_encrypt(
+        $this->counter,
+        $this->cipher,
+        $this->key,
+        OPENSSL_RAW_DATA | OPENSSL_ZERO_PADDING
+      );
+
+      // Take relevant part
+      $return.= substr($input, $offset, self::BLOCK) ^ $keystream;
+
+      // Increment little-endian counter
+      for ($j= 0, $carry= 1; $j < 16 && $carry; $j++) {
+        $s= ord($this->counter[$j]) + $carry;
+        $this->counter[$j]= chr($s & 0xff);
+        $carry= $s >> 8;
+      }
+    }
+    return $return;
+  }
+
+  /**
+   * Read a string
+   *
+   * @param  int $limit default 8192
+   * @return string
+   * @throws lang.IllegalStateException when HMAC verification fails
+   */
+  public function read($limit= 8192) {
+    $chunk= $this->in->read($limit);
+    if ($this->in->available()) return $this->decrypt($chunk);
+
+    // Verify HMAC checksum for last block
+    $plain= $this->decrypt(substr($chunk, 0, -10));
+
+    $mac= hash_final($this->hmac, true);
+    if (0 !== substr_compare($mac, substr($chunk, -10), 0, 10)) {
+      throw new IllegalStateException('HMAC verification failed — corrupted data');
+    }
+
+    return $plain;
+  }
+
+  /**
+   * Returns the number of bytes that can be read from this stream 
+   * without blocking.
+   * 
+   * @return int
+   */
+  public function available() {
+    return $this->in->available();
+  }
+
+  /**
+   * Close this buffer
+   *
+   * @return void
+   */
+  public function close() {
+    $this->in->close();
+  }
+}

src/main/php/io/archive/zip/AbstractZipReaderImpl.class.php

@@ -2,7 +2,7 @@
 
 use io\streams\InputStream;
 use lang\{FormatException, IllegalArgumentException, MethodNotImplementedException};
-use util\Date;
+use util\{Date, Secret};
 
 /**
  * Abstract base class for zip reader implementations
@@ -34,14 +34,13 @@ public function __construct(InputStream $stream) {
   /**
    * Set password to use when extracting 
    *
-   * @param   string password
+   * @param  ?string|util.Secret $password
    */
   public function setPassword($password) {
     if (null === $password) {
       $this->password= null;
     } else {
-      $this->password= new ZipCipher();
-      $this->password->initialize(iconv(\xp::ENCODING, 'cp437', $password));
+      $this->password= $password instanceof Secret ? $password : new Secret($password);
     }
   }
 
@@ -229,12 +228,31 @@ public function currentEntry() {
         // AES vs. traditional PKZIP cipher
         if (99 === $header['compression']) {
           $aes= unpack('vheader/vsize/vversion/a2vendor/cstrength/vcompression', $extra);
+          switch ($aes['strength']) {
+            case 1: $sl= 8; $dl= 16; break;
+            case 2: $sl= 12; $dl= 24; break;
+            case 3: $sl= 16; $dl= 32; break;
+            default: throw new IllegalArgumentException('Invalid AES strength '.$aes['strength']);
+          }
 
-          // TODO: Implement
+          // Verify password
+          $salt= $this->streamRead($sl);
+          $pvv= $this->streamRead(2);
+          $dk= hash_pbkdf2('sha1', $this->password->reveal(), $salt, 1000, 2 * $dl + 2, true);
+          if (0 !== substr_compare($dk, $pvv, 64, 2)) {
+            throw new IllegalArgumentException('The password did not match');
+          }
 
-          throw new MethodNotImplementedException('Not yet implemented', 'AES');
+          $this->skip-= $sl + 2;
+          $header['compression']= $aes['compression'];
+          $is= new AESInputStream(
+            new ZipFileInputStream($this, $this->position, $header['compressed'] - $sl - 2),
+            substr($dk, 0, 32),
+            substr($dk, 32, 32)
+          );
         } else if ($header['flags'] & 1) {
-          $cipher= new ZipCipher($this->password);
+          $cipher= new ZipCipher();
+          $cipher->initialize(iconv(\xp::ENCODING, 'cp437', $this->password->reveal()));
           $preamble= $cipher->decipher($this->streamRead(12));
 
           // Verify            
@@ -243,9 +261,12 @@ public function currentEntry() {
           }
 
           // Password matches.
-          $this->skip-= 12; 
+          $this->skip-= 12;
           $header['compressed']-= 12;
-          $is= new DecipheringInputStream(new ZipFileInputStream($this, $this->position, $header['compressed']), $cipher);
+          $is= new DecipheringInputStream(
+            new ZipFileInputStream($this, $this->position, $header['compressed']),
+            $cipher
+          );
         } else {
           $is= new ZipFileInputStream($this, $this->position, $header['compressed']);
         }

src/main/php/io/archive/zip/ZipFileInputStream.class.php

@@ -1,12 +1,13 @@
 <?php namespace io\archive\zip;
 
 use io\IOException;
+use io\streams\InputStream;
 
 /**
  * Zip File input stream. Reads from the current position up until a
  * certain length.
  */
-class ZipFileInputStream implements \io\streams\InputStream {
+class ZipFileInputStream implements InputStream {
   protected 
     $reader      = null,
     $start       = 0,