c/minizip-ng
1
0
Fork 0
mirror of https://github.com/zlib-ng/minizip-ng synced 2025-03-28 21:13:18 +00:00
Code Issues Packages Projects Releases Wiki Activity

Move cryptography functions to crypt source and header files.

Browse Source 
Added pbkdf2 function to wzaes stream.
Changed wzaes stream to use os crypt functions.
This commit is contained in:
Nathan Moinvaziri 2018-10-24 18:06:08 -07:00
parent 21a3102db4
commit 5f09188ca9
13 changed files with 1215 additions and 961 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
CMakeLists.txt
View File

@ -78,6 +78,7 @@ set(MINIZIP_SRC
set(MINIZIP_PUBLIC_HEADERS
mz.h
mz_os.h
mz_crypt.h
mz_compat.h
mz_strm.h
mz_strm_buf.h
@ -102,6 +103,9 @@ include_directories(${CMAKE_CURRENT_SOURCE_DIR})
if(WIN32)
list(APPEND MINIZIP_SRC "mz_os_win32.c" "mz_strm_os_win32.c")
if (USE_PKCRYPT OR USE_AES)
list(APPEND MINIZIP_SRC "mz_crypt_win32.c")
endif()
add_definitions(-D_CRT_SECURE_NO_DEPRECATE)
endif()
@ -118,6 +122,9 @@ if(UNIX)
add_compile_options(-O3)
list(APPEND MINIZIP_SRC "mz_os_posix.c" "mz_strm_os_posix.c")
if (USE_PKCRYPT OR USE_AES)
list(APPEND MINIZIP_SRC "mz_crypt_posix.c")
endif()
set(define_lfs_macros TRUE)

6
minizip.c
View File

@ -557,7 +557,11 @@ int main(int argc, const char *argv[])
minizip_help();
return 0;
}
test_crypt_sha();
test_crypt_aes();
test_crypt_hmac();
test_stream_wzaes();
return 0;
memset(&options, 0, sizeof(options));
options.compress_method = MZ_COMPRESS_METHOD_DEFLATE;

1
mz.h
View File

@ -106,6 +106,7 @@ extern "C" {
#define MZ_AES_ENCRYPTION_MODE_128 (0x01)
#define MZ_AES_ENCRYPTION_MODE_192 (0x02)
#define MZ_AES_ENCRYPTION_MODE_256 (0x03)
#define MZ_AES_BLOCK_SIZE (16)
#define MZ_AES_HEADER_SIZE(MODE) ((4 * (MODE & 3) + 4) + 2)
#define MZ_AES_FOOTER_SIZE (10)

62
mz_crypt.h Normal file
View File

@ -0,0 +1,62 @@
/* mz_crypt.h -- Cryptographic functions
Version 2.6.0, October 8, 2018
part of the MiniZip project
Copyright (C) 2010-2018 Nathan Moinvaziri
https://github.com/nmoinvaz/minizip
This program is distributed under the terms of the same license as zlib.
See the accompanying LICENSE file for the full text of the license.
*/
#ifndef MZ_CRYPT_H
#define MZ_CRYPT_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/***************************************************************************/
int32_t mz_crypt_rand(uint8_t *buf, int32_t size);
void mz_crypt_sha_reset(void *handle);
int32_t mz_crypt_sha_begin(void *handle);
int32_t mz_crypt_sha_update(void *handle, const void *buf, int32_t size);
int32_t mz_crypt_sha_end(void *handle, uint8_t *digest, int32_t digest_size);
void mz_crypt_sha_set_algorithm(void *handle, uint16_t algorithm);
void* mz_crypt_sha_create(void **handle);
void mz_crypt_sha_delete(void **handle);
void mz_crypt_aes_reset(void *handle);
int32_t mz_crypt_aes_encrypt(void *handle, uint8_t *buf, int32_t size, int32_t final);
int32_t mz_crypt_aes_decrypt(void *handle, uint8_t *buf, int32_t size, int32_t final);
int32_t mz_crypt_aes_set_key(void *handle, const void *key, int32_t key_length);
void mz_crypt_aes_set_mode(void *handle, int32_t mode);
void mz_crypt_aes_set_algorithm(void *handle, uint16_t algorithm);
void* mz_crypt_aes_create(void **handle);
void mz_crypt_aes_delete(void **handle);
void mz_crypt_hmac_reset(void *handle);
int32_t mz_crypt_hmac_begin(void *handle);
int32_t mz_crypt_hmac_update(void *handle, const void *buf, int32_t size);
int32_t mz_crypt_hmac_end(void *handle, uint8_t *digest, int32_t digest_size);
int32_t mz_crypt_hmac_copy(void *src_handle, void *target_handle);
int32_t mz_crypt_hmac_set_key(void *handle, const void *key, int32_t key_length);
void mz_crypt_hmac_set_algorithm(void *handle, uint16_t algorithm);
void* mz_crypt_hmac_create(void **handle);
void mz_crypt_hmac_delete(void **handle);
int32_t mz_crypt_sign(uint8_t *message, int32_t message_size, const char *cert_path, const char *cert_pwd,
const char *timestamp_url, uint8_t **signature, int32_t *signature_size);
int32_t mz_crypt_sign_verify(uint8_t *message, int32_t message_size, uint8_t *signature, int32_t signature_size);
/***************************************************************************/
#ifdef __cplusplus
}
#endif
#endif

799
mz_crypt_win32.c Normal file
View File

@ -0,0 +1,799 @@
/* mz_crypt_win32.c -- System functions for Windows
Version 2.6.0, October 8, 2018
part of the MiniZip project
Copyright (C) 2010-2018 Nathan Moinvaziri
https://github.com/nmoinvaz/minizip
This program is distributed under the terms of the same license as zlib.
See the accompanying LICENSE file for the full text of the license.
*/
#include <stdlib.h>
#include <stdint.h>
#include <string.h>
#include <windows.h>
#if !defined(MZ_ZIP_NO_ENCRYPTION)
# pragma comment(lib, "crypt32.lib")
# include <wincrypt.h>
#endif
#include "mz.h"
#include "mz_os.h"
#include "mz_strm_os.h"
/***************************************************************************/
int32_t mz_crypt_rand(uint8_t *buf, int32_t size)
{
HCRYPTPROV provider;
unsigned __int64 pentium_tsc[1];
int32_t len = 0;
int32_t result = 0;
result = CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (result)
{
result = CryptGenRandom(provider, size, buf);
CryptReleaseContext(provider, 0);
if (result)
return size;
}
for (len = 0; len < (int)size; len += 1)
{
if (len % 8 == 0)
QueryPerformanceCounter((LARGE_INTEGER *)pentium_tsc);
buf[len] = ((unsigned char*)pentium_tsc)[len % 8];
}
return len;
}
/***************************************************************************/
typedef struct mz_crypt_sha_s {
HCRYPTPROV provider;
HCRYPTHASH hash;
int32_t error;
uint16_t algorithm;
} mz_crypt_sha;
/***************************************************************************/
void mz_crypt_sha_reset(void *handle)
{
mz_crypt_sha *sha = (mz_crypt_sha *)handle;
if (sha->hash)
CryptDestroyHash(sha->hash);
sha->hash = 0;
if (sha->provider)
CryptReleaseContext(sha->provider, 0);
sha->provider = 0;
sha->error = 0;
}
int32_t mz_crypt_sha_begin(void *handle)
{
mz_crypt_sha *sha = (mz_crypt_sha *)handle;
ALG_ID alg_id = 0;
int32_t result = 0;
int32_t err = MZ_OK;
if (sha == NULL)
return MZ_PARAM_ERROR;
if (sha->algorithm == MZ_HASH_SHA1)
alg_id = CALG_SHA1;
else
alg_id = CALG_SHA_256;
result = CryptAcquireContext(&sha->provider, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (!result)
{
sha->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
if (result)
{
result = CryptCreateHash(sha->provider, alg_id, 0, 0, &sha->hash);
if (!result)
{
sha->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
return err;
}
int32_t mz_crypt_sha_update(void *handle, const void *buf, int32_t size)
{
mz_crypt_sha *sha = (mz_crypt_sha *)handle;
int32_t result = 0;
if (sha == NULL || buf == NULL)
return MZ_PARAM_ERROR;
result = CryptHashData(sha->hash, buf, size, 0);
if (!result)
{
sha->error = GetLastError();
return MZ_HASH_ERROR;
}
return size;
}
int32_t mz_crypt_sha_end(void *handle, uint8_t *digest, int32_t digest_size)
{
mz_crypt_sha *sha = (mz_crypt_sha *)handle;
int32_t result = 0;
int32_t expected_size = 0;
if (sha == NULL || digest == NULL)
return MZ_PARAM_ERROR;
result = CryptGetHashParam(sha->hash, HP_HASHVAL, NULL, &expected_size, 0);
if (expected_size != digest_size)
return MZ_BUF_ERROR;
if (!result)
return MZ_HASH_ERROR;
result = CryptGetHashParam(sha->hash, HP_HASHVAL, digest, &digest_size, 0);
if (!result)
{
sha->error = GetLastError();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
void mz_crypt_sha_set_algorithm(void *handle, uint16_t algorithm)
{
mz_crypt_sha *sha = (mz_crypt_sha *)handle;
sha->algorithm = algorithm;
}
void *mz_crypt_sha_create(void **handle)
{
mz_crypt_sha *sha = NULL;
sha = (mz_crypt_sha *)MZ_ALLOC(sizeof(mz_crypt_sha));
if (sha != NULL)
{
memset(sha, 0, sizeof(mz_crypt_sha));
sha->algorithm = MZ_HASH_SHA256;
}
if (handle != NULL)
*handle = sha;
return sha;
}
void mz_crypt_sha_delete(void **handle)
{
mz_crypt_sha *sha = NULL;
if (handle == NULL)
return;
sha = (mz_crypt_sha *)*handle;
if (sha != NULL)
{
mz_crypt_sha_reset(*handle);
MZ_FREE(sha);
}
*handle = NULL;
}
/***************************************************************************/
typedef struct mz_crypt_aes_s {
HCRYPTPROV provider;
HCRYPTKEY key;
int32_t mode;
int32_t error;
uint16_t algorithm;
} mz_crypt_aes;
/***************************************************************************/
static void mz_crypt_aes_free(void *handle)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
if (aes->key)
CryptDestroyKey(aes->key);
aes->key = 0;
if (aes->provider)
CryptReleaseContext(aes->provider, 0);
aes->provider = 0;
}
void mz_crypt_aes_reset(void *handle)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
mz_crypt_aes_free(handle);
}
int32_t mz_crypt_aes_encrypt(void *handle, uint8_t *buf, int32_t size, int32_t final)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
int32_t result = 0;
int32_t buf_len = size;
if (aes == NULL || buf == NULL)
return MZ_PARAM_ERROR;
if (final)
buf_len = 0;
result = CryptEncrypt(aes->key, 0, final, 0, buf, &buf_len, size);
if (!result)
{
aes->error = GetLastError();
return MZ_CRYPT_ERROR;
}
return size;
}
int32_t mz_crypt_aes_decrypt(void *handle, uint8_t *buf, int32_t size, int32_t final)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
int32_t result = 0;
if (aes == NULL || buf == NULL)
return MZ_PARAM_ERROR;
result = CryptDecrypt(aes->key, 0, final, 0, buf, &size);
if (!result)
{
aes->error = GetLastError();
return MZ_CRYPT_ERROR;
}
return size;
}
int32_t mz_crypt_aes_set_key(void *handle, const void *key, int32_t key_length)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
HCRYPTHASH hash = 0;
ALG_ID alg_id = 0;
ALG_ID hash_alg_id = 0;
int32_t result = 0;
int32_t err = MZ_OK;
if (aes == NULL || key == NULL)
return MZ_PARAM_ERROR;
mz_crypt_aes_reset(handle);
if (aes->mode == MZ_AES_ENCRYPTION_MODE_128)
alg_id = CALG_AES_128;
else if (aes->mode == MZ_AES_ENCRYPTION_MODE_192)
alg_id = CALG_AES_192;
else
alg_id = CALG_AES_256;
if (aes->algorithm == MZ_HASH_SHA1)
hash_alg_id = CALG_SHA1;
else
hash_alg_id = CALG_SHA_256;
result = CryptAcquireContext(&aes->provider, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (!result)
{
aes->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
if (result)
{
result = CryptCreateHash(aes->provider, hash_alg_id, 0, 0, &hash);
if (!result)
{
aes->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
if (result)
{
result = CryptHashData(hash, key, key_length, 0);
if (!result)
{
aes->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
if (result)
{
result = CryptDeriveKey(aes->provider, alg_id, hash, 0, &aes->key);
if (!result)
{
aes->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
}
if (hash)
CryptDestroyHash(hash);
return err;
}
void mz_crypt_aes_set_mode(void *handle, int32_t mode)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
aes->mode = mode;
}
void mz_crypt_aes_set_algorithm(void *handle, uint16_t algorithm)
{
mz_crypt_aes *aes = (mz_crypt_aes *)handle;
aes->algorithm = algorithm;
}
void *mz_crypt_aes_create(void **handle)
{
mz_crypt_aes *aes = NULL;
aes = (mz_crypt_aes *)MZ_ALLOC(sizeof(mz_crypt_aes));
if (aes != NULL)
{
aes->algorithm = MZ_HASH_SHA256;
memset(aes, 0, sizeof(mz_crypt_aes));
}
if (handle != NULL)
*handle = aes;
return aes;
}
void mz_crypt_aes_delete(void **handle)
{
mz_crypt_aes *aes = NULL;
if (handle == NULL)
return;
aes = (mz_crypt_aes *)*handle;
if (aes != NULL)
{
mz_crypt_aes_free(*handle);
MZ_FREE(aes);
}
*handle = NULL;
}
/***************************************************************************/
typedef struct mz_crypt_hmac_s {
HCRYPTPROV provider;
HCRYPTHASH hash;
HCRYPTKEY key;
HMAC_INFO info;
int32_t mode;
int32_t error;
uint16_t algorithm;
} mz_crypt_hmac;
/***************************************************************************/
static void mz_crypt_hmac_free(void *handle)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
if (hmac->key)
CryptDestroyKey(hmac->key);
hmac->key = 0;
if (hmac->hash)
CryptDestroyHash(hmac->hash);
hmac->hash = 0;
if (hmac->provider)
CryptReleaseContext(hmac->provider, 0);
hmac->provider = 0;
memset(&hmac->info, 0, sizeof(hmac->info));
}
void mz_crypt_hmac_reset(void *handle)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
mz_crypt_hmac_free(handle);
}
int32_t mz_crypt_hmac_begin(void *handle)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
int32_t result = 0;
int32_t err = MZ_OK;
if (hmac == NULL || hmac->provider == 0)
return MZ_PARAM_ERROR;
result = CryptCreateHash(hmac->provider, CALG_HMAC, hmac->key, 0, &hmac->hash);
if (!result)
{
hmac->error = GetLastError();
err = MZ_HASH_ERROR;
}
if (result)
{
result = CryptSetHashParam(hmac->hash, HP_HMAC_INFO, (uint8_t *)&hmac->info, 0);
if (!result)
{
hmac->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
return err;
}
int32_t mz_crypt_hmac_update(void *handle, const void *buf, int32_t size)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
int32_t result = 0;
if (hmac == NULL || buf == NULL || hmac->hash == 0)
return MZ_PARAM_ERROR;
result = CryptHashData(hmac->hash, buf, size, 0);
if (!result)
{
hmac->error = GetLastError();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
int32_t mz_crypt_hmac_end(void *handle, uint8_t *digest, int32_t digest_size)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
int32_t result = 0;
int32_t expected_size = 0;
int32_t err = MZ_OK;
if (hmac == NULL || digest == NULL || hmac->hash == 0)
return MZ_PARAM_ERROR;
result = CryptGetHashParam(hmac->hash, HP_HASHVAL, NULL, &expected_size, 0);
if (expected_size != digest_size)
return MZ_BUF_ERROR;
if (!result)
return MZ_HASH_ERROR;
result = CryptGetHashParam(hmac->hash, HP_HASHVAL, digest, &digest_size, 0);
if (!result)
{
hmac->error = GetLastError();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
int32_t mz_crypt_hmac_set_key(void *handle, const void *key, int32_t key_length)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
HCRYPTHASH hash = 0;
ALG_ID alg_id = 0;
typedef struct key_blob_header_s {
BLOBHEADER hdr;
uint32_t key_length;
} key_blob_header_s;
key_blob_header_s *key_blob_s = NULL;
uint8_t *key_blob = NULL;
int32_t key_blob_size = 0;
int32_t result = 0;
int32_t err = MZ_OK;
if (hmac == NULL || key == NULL)
return MZ_PARAM_ERROR;
mz_crypt_hmac_reset(handle);
if (hmac->algorithm == MZ_HASH_SHA1)
alg_id = CALG_SHA1;
else
alg_id = CALG_SHA_256;
hmac->info.HashAlgid = alg_id;
result = CryptAcquireContext(&hmac->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (!result)
{
hmac->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
key_blob_size = sizeof(key_blob_header_s) + key_length;
key_blob = (uint8_t *)MZ_ALLOC(key_blob_size);
key_blob_s = (key_blob_header_s *)key_blob;
key_blob_s->hdr.bType = PLAINTEXTKEYBLOB;
key_blob_s->hdr.bVersion = CUR_BLOB_VERSION;
key_blob_s->hdr.aiKeyAlg = CALG_RC2;
key_blob_s->hdr.reserved = 0;
key_blob_s->key_length = key_length;
memcpy(key_blob + sizeof(key_blob_header_s), key, key_length);
result = CryptImportKey(hmac->provider, key_blob, key_blob_size, 0, CRYPT_IPSEC_HMAC_KEY, &hmac->key);
if (!result)
{
hmac->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
MZ_FREE(key_blob);
if (err != MZ_OK)
mz_crypt_hmac_free(handle);
return err;
}
void mz_crypt_hmac_set_algorithm(void *handle, uint16_t algorithm)
{
mz_crypt_hmac *hmac = (mz_crypt_hmac *)handle;
hmac->algorithm = algorithm;
}
int32_t mz_crypt_hmac_copy(void *src_handle, void *target_handle)
{
mz_crypt_hmac *source = (mz_crypt_hmac *)src_handle;
mz_crypt_hmac *target = (mz_crypt_hmac *)target_handle;
int32_t result = 0;
int32_t err = MZ_OK;
result = CryptDuplicateHash(source->hash, NULL, 0, &target->hash);
if (!result)
{
target->error = GetLastError();
err = MZ_HASH_ERROR;
}
return MZ_OK;
}
void *mz_crypt_hmac_create(void **handle)
{
mz_crypt_hmac *hmac = NULL;
hmac = (mz_crypt_hmac *)MZ_ALLOC(sizeof(mz_crypt_hmac));
if (hmac != NULL)
{
memset(hmac, 0, sizeof(mz_crypt_hmac));
hmac->algorithm = MZ_HASH_SHA256;
}
if (handle != NULL)
*handle = hmac;
return hmac;
}
void mz_crypt_hmac_delete(void **handle)
{
mz_crypt_hmac *hmac = NULL;
if (handle == NULL)
return;
hmac = (mz_crypt_hmac *)*handle;
if (hmac != NULL)
{
mz_crypt_hmac_free(*handle);
MZ_FREE(hmac);
}
*handle = NULL;
}
/***************************************************************************/
int32_t mz_crypt_sign(uint8_t *message, int32_t message_size, const char *cert_path, const char *cert_pwd,
const char *timestamp_url, uint8_t **signature, int32_t *signature_size)
{
CRYPT_SIGN_MESSAGE_PARA sign_params;
CRYPT_DATA_BLOB cert_data_blob;
PCCERT_CONTEXT cert_context = NULL;
CRYPT_TIMESTAMP_CONTEXT *ts_context = NULL;
CRYPT_ATTR_BLOB crypt_blob;
CRYPT_ATTRIBUTE unauth_attribs[1];
HCERTSTORE cert_store = 0;
void *cert_stream = NULL;
wchar_t *password_wide = NULL;
wchar_t *timestamp_url_wide = NULL;
int32_t result = 0;
int32_t err = MZ_OK;
int32_t cert_size = 0;
uint8_t *cert_data = NULL;
uint32_t key_spec = 0;
uint32_t messages_sizes[1];
uint8_t *messages[1];
if (message == NULL || cert_path == NULL || signature == NULL || signature_size == NULL)
return MZ_PARAM_ERROR;
cert_size = (int32_t)mz_os_get_file_size(cert_path);
if (cert_size == 0)
return MZ_PARAM_ERROR;
cert_data = (uint8_t *)MZ_ALLOC(cert_size);
mz_stream_os_create(&cert_stream);
err = mz_stream_os_open(cert_stream, cert_path, MZ_OPEN_MODE_READ);
if (err == MZ_OK)
{
if (mz_stream_os_read(cert_stream, cert_data, cert_size) != cert_size)
err = MM_STREAM_ERROR;
mz_stream_os_close(cert_stream);
}
mz_stream_os_delete(&cert_stream);
cert_data_blob.pbData = cert_data;
cert_data_blob.cbData = cert_size;
if ((err == MZ_OK) && (cert_pwd != NULL))
{
password_wide = mz_os_unicode_string_create(cert_pwd);
cert_store = PFXImportCertStore(&cert_data_blob, password_wide, 0);
mz_os_unicode_string_delete(&password_wide);
}
if (cert_store == NULL)
cert_store = PFXImportCertStore(&cert_data_blob, L"", 0);
if (cert_store == NULL)
cert_store = PFXImportCertStore(&cert_data_blob, NULL, 0);
if (cert_store == NULL)
err = MZ_PARAM_ERROR;
MZ_FREE(cert_data);
if (err == MZ_OK)
{
cert_context = CertFindCertificateInStore(cert_store,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_HAS_PRIVATE_KEY, NULL, NULL);
if (cert_context == NULL)
err = MZ_PARAM_ERROR;
}
if (err == MZ_OK)
{
memset(&sign_params, 0, sizeof(sign_params));
sign_params.cbSize = sizeof(sign_params);
sign_params.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
sign_params.pSigningCert = cert_context;
sign_params.HashAlgorithm.pszObjId = szOID_NIST_sha256;
sign_params.cMsgCert = 1;
sign_params.rgpMsgCert = &cert_context;
messages[0] = message;
messages_sizes[0] = message_size;
if (timestamp_url != NULL)
timestamp_url_wide = mz_os_unicode_string_create(timestamp_url);
if (timestamp_url_wide != NULL)
{
result = CryptRetrieveTimeStamp(timestamp_url_wide,
TIMESTAMP_NO_AUTH_RETRIEVAL | TIMESTAMP_VERIFY_CONTEXT_SIGNATURE, 0, szOID_NIST_sha256,
NULL, message, message_size, &ts_context, NULL, NULL);
mz_os_unicode_string_delete(&timestamp_url_wide);
if ((result) && (ts_context != NULL))
{
crypt_blob.cbData = ts_context->cbEncoded;
crypt_blob.pbData = ts_context->pbEncoded;
unauth_attribs[0].pszObjId = "1.2.840.113549.1.9.16.2.14"; //id-smime-aa-timeStampToken
unauth_attribs[0].cValue = 1;
unauth_attribs[0].rgValue = &crypt_blob;
sign_params.rgUnauthAttr = &unauth_attribs[0];
sign_params.cUnauthAttr = 1;
}
}
if (result)
result = CryptSignMessage(&sign_params, FALSE, 1, messages, messages_sizes,
NULL, signature_size);
if (result && *signature_size > 0)
*signature = (uint8_t *)MZ_ALLOC(*signature_size);
if (result && *signature != NULL)
result = CryptSignMessage(&sign_params, FALSE, 1, messages, messages_sizes,
*signature, signature_size);
if (!result)
err = MZ_CRYPT_ERROR;
if (ts_context != NULL)
CryptMemFree(ts_context);
}
if (cert_context != NULL)
CertFreeCertificateContext(cert_context);
if (cert_store != NULL)
CertCloseStore(cert_store, 0);
return err;
}
int32_t mz_crypt_sign_verify(uint8_t *message, int32_t message_size, uint8_t *signature, int32_t signature_size)
{
CRYPT_VERIFY_MESSAGE_PARA verify_params;
CRYPT_TIMESTAMP_CONTEXT *crypt_context = NULL;
PCRYPT_ATTRIBUTES unauth_attribs = NULL;
HCRYPTMSG crypt_msg = 0;
HCRYPTMSG ts_msg = 0;
int32_t result = 0;
int32_t err = MZ_CRYPT_ERROR;
uint8_t *decoded = NULL;
int32_t decoded_size = 0;
uint8_t *ts_content = NULL;
int32_t ts_content_size = 0;
uint8_t *ts_signature = NULL;
int32_t ts_signature_size = 0;
memset(&verify_params, 0, sizeof(verify_params));
verify_params.cbSize = sizeof(verify_params);
verify_params.dwMsgAndCertEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
verify_params.hCryptProv = 0;
verify_params.pfnGetSignerCertificate = NULL;
verify_params.pvGetArg = NULL;
result = CryptVerifyMessageSignature(&verify_params, 0, signature, signature_size,
NULL, &decoded_size, NULL);
if (result && decoded_size > 0)
decoded = (uint8_t *)MZ_ALLOC(decoded_size);
if (result)
result = CryptVerifyMessageSignature(&verify_params, 0, signature, signature_size,
decoded, &decoded_size, NULL);
crypt_msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, 0, 0, NULL, NULL);
if (crypt_msg != NULL)
{
result = CryptMsgUpdate(crypt_msg, signature, signature_size, 1);
if (result)
CryptMsgGetParam(crypt_msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, NULL, &ts_signature_size);
if ((result) && (ts_signature_size > 0))
ts_signature = (uint8_t *)MZ_ALLOC(ts_signature_size);
if ((result) && (ts_signature != NULL))
{
result = CryptMsgGetParam(crypt_msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, ts_signature,
&ts_signature_size);
if (result)
{
unauth_attribs = (PCRYPT_ATTRIBUTES)ts_signature;
if ((unauth_attribs->cAttr > 0) && (unauth_attribs->rgAttr[0].cValue > 0))
{
ts_content = unauth_attribs->rgAttr[0].rgValue->pbData;
ts_content_size = unauth_attribs->rgAttr[0].rgValue->cbData;
}
}
if ((result) && (ts_content != NULL))
result = CryptVerifyTimeStampSignature(ts_content, ts_content_size, decoded,
decoded_size, 0, &crypt_context, NULL, NULL);
if (result)
err = MZ_OK;
}
if (ts_signature != NULL)
MZ_FREE(ts_signature);
if (crypt_context != NULL)
CryptMemFree(crypt_context);
}
if ((crypt_msg != NULL) && (result) && (decoded_size == signature_size))
{
if (memcmp(decoded, signature, signature_size) == 0)
err = MZ_OK;
}
if (decoded != NULL)
MZ_FREE(decoded);
if (crypt_msg != NULL)
CryptMsgClose(crypt_msg);
return err;
}

32
mz_os.h
View File

@ -71,38 +71,6 @@ int32_t mz_os_close_dir(DIR *dir);
int32_t mz_os_is_dir(const char *path);
uint64_t mz_os_ms_time(void);
int32_t mz_os_rand(uint8_t *buf, int32_t size);
void mz_os_sha_reset(void *handle);
int32_t mz_os_sha_begin(void *handle);
int32_t mz_os_sha_update(void *handle, const void *buf, int32_t size);
int32_t mz_os_sha_end(void *handle, uint8_t *digest, int32_t digest_size);
void mz_os_sha_set_algorithm(void *handle, uint16_t algorithm);
void* mz_os_sha_create(void **handle);
void mz_os_sha_delete(void **handle);
void mz_os_aes_reset(void *handle);
int32_t mz_os_aes_encrypt(void *handle, uint8_t *buf, int32_t size, int32_t final);
int32_t mz_os_aes_decrypt(void *handle, uint8_t *buf, int32_t size, int32_t final);
int32_t mz_os_aes_set_key(void *handle, const void *key, int32_t key_length);
void mz_os_aes_set_mode(void *handle, int32_t mode);
void mz_os_aes_set_algorithm(void *handle, uint16_t algorithm);
void* mz_os_aes_create(void **handle);
void mz_os_aes_delete(void **handle);
void mz_os_hmac_reset(void *handle);
int32_t mz_os_hmac_begin(void *handle);
int32_t mz_os_hmac_update(void *handle, const void *buf, int32_t size);
int32_t mz_os_hmac_end(void *handle, uint8_t *digest, int32_t digest_size);
int32_t mz_os_hmac_set_key(void *handle, const void *key, int32_t key_length);
void mz_os_hmac_set_algorithm(void *handle, uint16_t algorithm);
void* mz_os_hmac_create(void **handle);
void mz_os_hmac_delete(void **handle);
int32_t mz_os_sign(uint8_t *message, int32_t message_size, const char *cert_path, const char *cert_pwd,
const char *timestamp_url, uint8_t **signature, int32_t *signature_size);
int32_t mz_os_sign_verify(uint8_t *message, int32_t message_size, uint8_t *signature, int32_t signature_size);
/***************************************************************************/
#ifdef __cplusplus

766
mz_os_win32.c
View File

@ -17,10 +17,6 @@
#include <errno.h>
#include <windows.h>
#if !defined(MZ_ZIP_NO_ENCRYPTION)
# pragma comment(lib, "crypt32.lib")
# include <wincrypt.h>
#endif
#include "mz.h"
@ -372,765 +368,3 @@ uint64_t mz_os_ms_time(void)
return quad_file_time / 10000 - 11644473600000LL;
}
/***************************************************************************/
#if !defined(MZ_ZIP_NO_ENCRYPTION)
#if !defined(MZ_ZIP_NO_COMPRESSION)
int32_t mz_os_rand(uint8_t *buf, int32_t size)
{
HCRYPTPROV provider;
unsigned __int64 pentium_tsc[1];
int32_t len = 0;
int32_t result = 0;
result = CryptAcquireContext(&provider, NULL, NULL, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (result)
{
result = CryptGenRandom(provider, size, buf);
CryptReleaseContext(provider, 0);
if (result)
return size;
}
for (len = 0; len < (int)size; len += 1)
{
if (len % 8 == 0)
QueryPerformanceCounter((LARGE_INTEGER *)pentium_tsc);
buf[len] = ((unsigned char*)pentium_tsc)[len % 8];
}
return len;
}
#endif
/***************************************************************************/
typedef struct mz_os_sha_s {
HCRYPTPROV provider;
HCRYPTHASH hash;
int32_t error;
uint16_t algorithm;
} mz_os_sha;
/***************************************************************************/
void mz_os_sha_reset(void *handle)
{
mz_os_sha *sha = (mz_os_sha *)handle;
if (sha->hash)
CryptDestroyHash(sha->hash);
sha->hash = 0;
if (sha->provider)
CryptReleaseContext(sha->provider, 0);
sha->provider = 0;
sha->error = 0;
}
int32_t mz_os_sha_begin(void *handle)
{
mz_os_sha *sha = (mz_os_sha *)handle;
ALG_ID alg_id = 0;
int32_t result = 0;
int32_t err = MZ_OK;
if (sha == NULL)
return MZ_PARAM_ERROR;
if (sha->algorithm == MZ_HASH_SHA1)
alg_id = CALG_SHA1;
else
alg_id = CALG_SHA_256;
result = CryptAcquireContext(&sha->provider, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (!result)
{
sha->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
if (result)
{
result = CryptCreateHash(sha->provider, alg_id, 0, 0, &sha->hash);
if (!result)
{
sha->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
return err;
}
int32_t mz_os_sha_update(void *handle, const void *buf, int32_t size)
{
mz_os_sha *sha = (mz_os_sha *)handle;
int32_t result = 0;
if (sha == NULL || buf == NULL)
return MZ_PARAM_ERROR;
result = CryptHashData(sha->hash, buf, size, 0);
if (!result)
{
sha->error = GetLastError();
return MZ_HASH_ERROR;
}
return size;
}
int32_t mz_os_sha_end(void *handle, uint8_t *digest, int32_t digest_size)
{
mz_os_sha *sha = (mz_os_sha *)handle;
int32_t result = 0;
int32_t expected_size = 0;
if (sha == NULL || digest == NULL)
return MZ_PARAM_ERROR;
result = CryptGetHashParam(sha->hash, HP_HASHVAL, NULL, &expected_size, 0);
if (expected_size != digest_size)
return MZ_BUF_ERROR;
if (!result)
return MZ_HASH_ERROR;
result = CryptGetHashParam(sha->hash, HP_HASHVAL, digest, &digest_size, 0);
if (!result)
{
sha->error = GetLastError();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
void mz_os_sha_set_algorithm(void *handle, uint16_t algorithm)
{
mz_os_sha *sha = (mz_os_sha *)handle;
sha->algorithm = algorithm;
}
void *mz_os_sha_create(void **handle)
{
mz_os_sha *sha = NULL;
sha = (mz_os_sha *)MZ_ALLOC(sizeof(mz_os_sha));
if (sha != NULL)
{
memset(sha, 0, sizeof(mz_os_sha));
sha->algorithm = MZ_HASH_SHA256;
}
if (handle != NULL)
*handle = sha;
return sha;
}
void mz_os_sha_delete(void **handle)
{
mz_os_sha *sha = NULL;
if (handle == NULL)
return;
sha = (mz_os_sha *)*handle;
if (sha != NULL)
{
mz_os_sha_reset(*handle);
MZ_FREE(sha);
}
*handle = NULL;
}
/***************************************************************************/
typedef struct mz_os_aes_s {
HCRYPTPROV provider;
HCRYPTKEY key;
int32_t mode;
int32_t error;
uint16_t algorithm;
} mz_os_aes;
/***************************************************************************/
static void mz_os_aes_free(void *handle)
{
mz_os_aes *aes = (mz_os_aes *)handle;
if (aes->key)
CryptDestroyKey(aes->key);
aes->key = 0;
if (aes->provider)
CryptReleaseContext(aes->provider, 0);
aes->provider = 0;
}
void mz_os_aes_reset(void *handle)
{
mz_os_aes *aes = (mz_os_aes *)handle;
mz_os_aes_free(handle);
}
int32_t mz_os_aes_encrypt(void *handle, uint8_t *buf, int32_t size, int32_t final)
{
mz_os_aes *aes = (mz_os_aes *)handle;
int32_t result = 0;
int32_t buf_len = size;
if (aes == NULL || buf == NULL)
return MZ_PARAM_ERROR;
if (final)
buf_len = 0;
result = CryptEncrypt(aes->key, 0, final, 0, buf, &buf_len, size);
if (!result)
{
aes->error = GetLastError();
return MZ_CRYPT_ERROR;
}
return size;
}
int32_t mz_os_aes_decrypt(void *handle, uint8_t *buf, int32_t size, int32_t final)
{
mz_os_aes *aes = (mz_os_aes *)handle;
int32_t result = 0;
if (aes == NULL || buf == NULL)
return MZ_PARAM_ERROR;
result = CryptDecrypt(aes->key, 0, final, 0, buf, &size);
if (!result)
{
aes->error = GetLastError();
return MZ_CRYPT_ERROR;
}
return size;
}
int32_t mz_os_aes_set_key(void *handle, const void *key, int32_t key_length)
{
mz_os_aes *aes = (mz_os_aes *)handle;
HCRYPTHASH hash = 0;
ALG_ID alg_id = 0;
ALG_ID hash_alg_id = 0;
int32_t result = 0;
int32_t err = MZ_OK;
if (aes == NULL || key == NULL)
return MZ_PARAM_ERROR;
mz_os_aes_reset(handle);
if (aes->mode == MZ_AES_ENCRYPTION_MODE_128)
alg_id = CALG_AES_128;
else if (aes->mode == MZ_AES_ENCRYPTION_MODE_192)
alg_id = CALG_AES_192;
else
alg_id = CALG_AES_256;
if (aes->algorithm == MZ_HASH_SHA1)
hash_alg_id = CALG_SHA1;
else
hash_alg_id = CALG_SHA_256;
result = CryptAcquireContext(&aes->provider, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (!result)
{
aes->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
if (result)
{
result = CryptCreateHash(aes->provider, hash_alg_id, 0, 0, &hash);
if (!result)
{
aes->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
if (result)
{
result = CryptHashData(hash, key, key_length, 0);
if (!result)
{
aes->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
if (result)
{
result = CryptDeriveKey(aes->provider, alg_id, hash, 0, &aes->key);
if (!result)
{
aes->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
}
if (hash)
CryptDestroyHash(hash);
return err;
}
void mz_os_aes_set_mode(void *handle, int32_t mode)
{
mz_os_aes *aes = (mz_os_aes *)handle;
aes->mode = mode;
}
void mz_os_aes_set_algorithm(void *handle, uint16_t algorithm)
{
mz_os_aes *aes = (mz_os_aes *)handle;
aes->algorithm = algorithm;
}
void *mz_os_aes_create(void **handle)
{
mz_os_aes *aes = NULL;
aes = (mz_os_aes *)MZ_ALLOC(sizeof(mz_os_aes));
if (aes != NULL)
{
aes->algorithm = MZ_HASH_SHA256;
memset(aes, 0, sizeof(mz_os_aes));
}
if (handle != NULL)
*handle = aes;
return aes;
}
void mz_os_aes_delete(void **handle)
{
mz_os_aes *aes = NULL;
if (handle == NULL)
return;
aes = (mz_os_aes *)*handle;
if (aes != NULL)
{
mz_os_aes_free(*handle);
MZ_FREE(aes);
}
*handle = NULL;
}
/***************************************************************************/
typedef struct mz_os_hmac_s {
HCRYPTPROV provider;
HCRYPTHASH hash;
HCRYPTKEY key;
HMAC_INFO info;
int32_t mode;
int32_t error;
uint16_t algorithm;
} mz_os_hmac;
/***************************************************************************/
static void mz_os_hmac_free(void *handle)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
if (hmac->key)
CryptDestroyKey(hmac->key);
hmac->key = 0;
if (hmac->hash)
CryptDestroyHash(hmac->hash);
hmac->hash = 0;
if (hmac->provider)
CryptReleaseContext(hmac->provider, 0);
hmac->provider = 0;
memset(&hmac->info, 0, sizeof(hmac->info));
}
void mz_os_hmac_reset(void *handle)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
mz_os_hmac_free(handle);
}
int32_t mz_os_hmac_begin(void *handle)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
int32_t result = 0;
int32_t err = MZ_OK;
if (hmac == NULL || hmac->provider == 0)
return MZ_PARAM_ERROR;
result = CryptCreateHash(hmac->provider, CALG_HMAC, hmac->key, 0, &hmac->hash);
if (!result)
{
hmac->error = GetLastError();
err = MZ_HASH_ERROR;
}
if (result)
{
result = CryptSetHashParam(hmac->hash, HP_HMAC_INFO, (uint8_t *)&hmac->info, 0);
if (!result)
{
hmac->error = GetLastError();
err = MZ_HASH_ERROR;
}
}
return err;
}
int32_t mz_os_hmac_update(void *handle, const void *buf, int32_t size)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
int32_t result = 0;
if (hmac == NULL || buf == NULL || hmac->hash == 0)
return MZ_PARAM_ERROR;
result = CryptHashData(hmac->hash, buf, size, 0);
if (!result)
{
hmac->error = GetLastError();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
int32_t mz_os_hmac_end(void *handle, uint8_t *digest, int32_t digest_size)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
int32_t result = 0;
int32_t expected_size = 0;
int32_t err = MZ_OK;
if (hmac == NULL || digest == NULL || hmac->hash == 0)
return MZ_PARAM_ERROR;
result = CryptGetHashParam(hmac->hash, HP_HASHVAL, NULL, &expected_size, 0);
if (expected_size != digest_size)
return MZ_BUF_ERROR;
if (!result)
return MZ_HASH_ERROR;
result = CryptGetHashParam(hmac->hash, HP_HASHVAL, digest, &digest_size, 0);
if (!result)
{
hmac->error = GetLastError();
return MZ_HASH_ERROR;
}
return MZ_OK;
}
int32_t mz_os_hmac_set_key(void *handle, const void *key, int32_t key_length)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
HCRYPTHASH hash = 0;
ALG_ID alg_id = 0;
typedef struct key_blob_header_s {
BLOBHEADER hdr;
uint32_t key_length;
} key_blob_header_s;
key_blob_header_s *key_blob_s = NULL;
uint8_t *key_blob = NULL;
int32_t key_blob_size = 0;
int32_t result = 0;
int32_t err = MZ_OK;
if (hmac == NULL || key == NULL)
return MZ_PARAM_ERROR;
mz_os_hmac_reset(handle);
if (hmac->algorithm == MZ_HASH_SHA1)
alg_id = CALG_SHA1;
else
alg_id = CALG_SHA_256;
hmac->info.HashAlgid = alg_id;
result = CryptAcquireContext(&hmac->provider, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT | CRYPT_SILENT);
if (!result)
{
hmac->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
key_blob_size = sizeof(key_blob_header_s) + key_length;
key_blob = (uint8_t *)MZ_ALLOC(key_blob_size);
key_blob_s = (key_blob_header_s *)key_blob;
key_blob_s->hdr.bType = PLAINTEXTKEYBLOB;
key_blob_s->hdr.bVersion = CUR_BLOB_VERSION;
key_blob_s->hdr.aiKeyAlg = CALG_RC4;
key_blob_s->hdr.reserved = 0;
key_blob_s->key_length = key_length;
memcpy(key_blob + sizeof(key_blob_header_s), key, key_length);
result = CryptImportKey(hmac->provider, key_blob, key_blob_size, 0, 0, &hmac->key);
if (!result)
{
hmac->error = GetLastError();
err = MZ_CRYPT_ERROR;
}
MZ_FREE(key_blob);
if (err != MZ_OK)
mz_os_hmac_free(handle);
return err;
}
void mz_os_hmac_set_algorithm(void *handle, uint16_t algorithm)
{
mz_os_hmac *hmac = (mz_os_hmac *)handle;
hmac->algorithm = algorithm;
}
void *mz_os_hmac_create(void **handle)
{
mz_os_hmac *hmac = NULL;
hmac = (mz_os_hmac *)MZ_ALLOC(sizeof(mz_os_hmac));
if (hmac != NULL)
{
memset(hmac, 0, sizeof(mz_os_hmac));
hmac->algorithm = MZ_HASH_SHA256;
}
if (handle != NULL)
*handle = hmac;
return hmac;
}
void mz_os_hmac_delete(void **handle)
{
mz_os_hmac *hmac = NULL;
if (handle == NULL)
return;
hmac = (mz_os_hmac *)*handle;
if (hmac != NULL)
{
mz_os_hmac_free(*handle);
MZ_FREE(hmac);
}
*handle = NULL;
}
/***************************************************************************/
#if !defined(MZ_ZIP_NO_COMPRESSION)
int32_t mz_os_sign(uint8_t *message, int32_t message_size, const char *cert_path, const char *cert_pwd,
const char *timestamp_url, uint8_t **signature, int32_t *signature_size)
{
CRYPT_SIGN_MESSAGE_PARA sign_params;
CRYPT_DATA_BLOB cert_data_blob;
PCCERT_CONTEXT cert_context = NULL;
CRYPT_TIMESTAMP_CONTEXT *ts_context = NULL;
CRYPT_ATTR_BLOB crypt_blob;
CRYPT_ATTRIBUTE unauth_attribs[1];
HCERTSTORE cert_store = 0;
void *cert_stream = NULL;
wchar_t *password_wide = NULL;
wchar_t *timestamp_url_wide = NULL;
int32_t result = 0;
int32_t err = MZ_OK;
int32_t cert_size = 0;
uint8_t *cert_data = NULL;
uint32_t key_spec = 0;
uint32_t messages_sizes[1];
uint8_t *messages[1];
if (message == NULL || cert_path == NULL || signature == NULL || signature_size == NULL)
return MZ_PARAM_ERROR;
cert_size = (int32_t)mz_os_get_file_size(cert_path);
if (cert_size == 0)
return MZ_PARAM_ERROR;
cert_data = (uint8_t *)MZ_ALLOC(cert_size);
mz_stream_os_create(&cert_stream);
err = mz_stream_os_open(cert_stream, cert_path, MZ_OPEN_MODE_READ);
if (err == MZ_OK)
{
if (mz_stream_os_read(cert_stream, cert_data, cert_size) != cert_size)
err = MM_STREAM_ERROR;
mz_stream_os_close(cert_stream);
}
mz_stream_os_delete(&cert_stream);
cert_data_blob.pbData = cert_data;
cert_data_blob.cbData = cert_size;
if ((err == MZ_OK) && (cert_pwd != NULL))
{
password_wide = mz_os_unicode_string_create(cert_pwd);
cert_store = PFXImportCertStore(&cert_data_blob, password_wide, 0);
mz_os_unicode_string_delete(&password_wide);
}
if (cert_store == NULL)
cert_store = PFXImportCertStore(&cert_data_blob, L"", 0);
if (cert_store == NULL)
cert_store = PFXImportCertStore(&cert_data_blob, NULL, 0);
if (cert_store == NULL)
err = MZ_PARAM_ERROR;
MZ_FREE(cert_data);
if (err == MZ_OK)
{
cert_context = CertFindCertificateInStore(cert_store,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, 0, CERT_FIND_HAS_PRIVATE_KEY, NULL, NULL);
if (cert_context == NULL)
err = MZ_PARAM_ERROR;
}
if (err == MZ_OK)
{
memset(&sign_params, 0, sizeof(sign_params));
sign_params.cbSize = sizeof(sign_params);
sign_params.dwMsgEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
sign_params.pSigningCert = cert_context;
sign_params.HashAlgorithm.pszObjId = szOID_NIST_sha256;
sign_params.cMsgCert = 1;
sign_params.rgpMsgCert = &cert_context;
messages[0] = message;
messages_sizes[0] = message_size;
if (timestamp_url != NULL)
timestamp_url_wide = mz_os_unicode_string_create(timestamp_url);
if (timestamp_url_wide != NULL)
{
result = CryptRetrieveTimeStamp(timestamp_url_wide,
TIMESTAMP_NO_AUTH_RETRIEVAL | TIMESTAMP_VERIFY_CONTEXT_SIGNATURE, 0, szOID_NIST_sha256,
NULL, message, message_size, &ts_context, NULL, NULL);
mz_os_unicode_string_delete(&timestamp_url_wide);
if ((result) && (ts_context != NULL))
{
crypt_blob.cbData = ts_context->cbEncoded;
crypt_blob.pbData = ts_context->pbEncoded;
unauth_attribs[0].pszObjId = "1.2.840.113549.1.9.16.2.14"; //id-smime-aa-timeStampToken
unauth_attribs[0].cValue = 1;
unauth_attribs[0].rgValue = &crypt_blob;
sign_params.rgUnauthAttr = &unauth_attribs[0];
sign_params.cUnauthAttr = 1;
}
}
if (result)
result = CryptSignMessage(&sign_params, FALSE, 1, messages, messages_sizes,
NULL, signature_size);
if (result && *signature_size > 0)
*signature = (uint8_t *)MZ_ALLOC(*signature_size);
if (result && *signature != NULL)
result = CryptSignMessage(&sign_params, FALSE, 1, messages, messages_sizes,
*signature, signature_size);
if (!result)
err = MZ_CRYPT_ERROR;
if (ts_context != NULL)
CryptMemFree(ts_context);
}
if (cert_context != NULL)
CertFreeCertificateContext(cert_context);
if (cert_store != NULL)
CertCloseStore(cert_store, 0);
return err;
}
#endif
int32_t mz_os_sign_verify(uint8_t *message, int32_t message_size, uint8_t *signature, int32_t signature_size)
{
CRYPT_VERIFY_MESSAGE_PARA verify_params;
CRYPT_TIMESTAMP_CONTEXT *crypt_context = NULL;
PCRYPT_ATTRIBUTES unauth_attribs = NULL;
HCRYPTMSG crypt_msg = 0;
HCRYPTMSG ts_msg = 0;
int32_t result = 0;
int32_t err = MZ_CRYPT_ERROR;
uint8_t *decoded = NULL;
int32_t decoded_size = 0;
uint8_t *ts_content = NULL;
int32_t ts_content_size = 0;
uint8_t *ts_signature = NULL;
int32_t ts_signature_size = 0;
memset(&verify_params, 0, sizeof(verify_params));
verify_params.cbSize = sizeof(verify_params);
verify_params.dwMsgAndCertEncodingType = PKCS_7_ASN_ENCODING | X509_ASN_ENCODING;
verify_params.hCryptProv = 0;
verify_params.pfnGetSignerCertificate = NULL;
verify_params.pvGetArg = NULL;
result = CryptVerifyMessageSignature(&verify_params, 0, signature, signature_size,
NULL, &decoded_size, NULL);
if (result && decoded_size > 0)
decoded = (uint8_t *)MZ_ALLOC(decoded_size);
if (result)
result = CryptVerifyMessageSignature(&verify_params, 0, signature, signature_size,
decoded, &decoded_size, NULL);
crypt_msg = CryptMsgOpenToDecode(PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, 0, 0, NULL, NULL);
if (crypt_msg != NULL)
{
result = CryptMsgUpdate(crypt_msg, signature, signature_size, 1);
if (result)
CryptMsgGetParam(crypt_msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, NULL, &ts_signature_size);
if ((result) && (ts_signature_size > 0))
ts_signature = (uint8_t *)MZ_ALLOC(ts_signature_size);
if ((result) && (ts_signature != NULL))
{
result = CryptMsgGetParam(crypt_msg, CMSG_SIGNER_UNAUTH_ATTR_PARAM, 0, ts_signature,
&ts_signature_size);
if (result)
{
unauth_attribs = (PCRYPT_ATTRIBUTES)ts_signature;
if ((unauth_attribs->cAttr > 0) && (unauth_attribs->rgAttr[0].cValue > 0))
{
ts_content = unauth_attribs->rgAttr[0].rgValue->pbData;
ts_content_size = unauth_attribs->rgAttr[0].rgValue->cbData;
}
}
if ((result) && (ts_content != NULL))
result = CryptVerifyTimeStampSignature(ts_content, ts_content_size, decoded,
decoded_size, 0, &crypt_context, NULL, NULL);
if (result)
err = MZ_OK;
}
if (ts_signature != NULL)
MZ_FREE(ts_signature);
if (crypt_context != NULL)
CryptMemFree(crypt_context);
}
if ((crypt_msg != NULL) && (result) && (decoded_size == signature_size))
{
if (memcmp(decoded, signature, signature_size) == 0)
err = MZ_OK;
}
if (decoded != NULL)
MZ_FREE(decoded);
if (crypt_msg != NULL)
CryptMsgClose(crypt_msg);
return err;
}
#endif

43
mz_strm_os.h Normal file
View File

@ -0,0 +1,43 @@
/* mz_sstrm_os.h -- Stream for filesystem access
Version 2.6.0, October 8, 2018
part of the MiniZip project
Copyright (C) 2010-2018 Nathan Moinvaziri
https://github.com/nmoinvaz/minizip
This program is distributed under the terms of the same license as zlib.
See the accompanying LICENSE file for the full text of the license.
*/
#ifndef MZ_STREAM_OS_H
#define MZ_STREAM_OS_H
#include <stdint.h>
#ifdef __cplusplus
extern "C" {
#endif
/***************************************************************************/
int32_t mz_stream_os_open(void *stream, const char *path, int32_t mode);
int32_t mz_stream_os_is_open(void *stream);
int32_t mz_stream_os_read(void *stream, void *buf, int32_t size);
int32_t mz_stream_os_write(void *stream, const void *buf, int32_t size);
int64_t mz_stream_os_tell(void *stream);
int32_t mz_stream_os_seek(void *stream, int64_t offset, int32_t origin);
int32_t mz_stream_os_close(void *stream);
int32_t mz_stream_os_error(void *stream);
void* mz_stream_os_create(void **stream);
void mz_stream_os_delete(void **stream);
void* mz_stream_os_get_interface(void);
/***************************************************************************/
#ifdef __cplusplus
}
#endif
#endif

3
mz_strm_pkcrypt.c
View File

@ -27,6 +27,7 @@
#include <string.h>
#include "mz.h"
#include "mz_crypt.h"
#include "mz_os.h"
#include "mz_strm.h"
#include "mz_strm_crc32.h"
@ -164,7 +165,7 @@ int32_t mz_stream_pkcrypt_open(void *stream, const char *path, int32_t mode)
return MZ_SUPPORT_ERROR;
#else
// First generate RAND_HEAD_LEN - 2 random bytes.
mz_os_rand(header, RAND_HEAD_LEN - 2);
mz_crypt_rand(header, RAND_HEAD_LEN - 2);
// Encrypt random header (last two bytes is high word of crc)
for (i = 0; i < RAND_HEAD_LEN - 2; i++)

287
mz_strm_wzaes.c
View File

@ -19,6 +19,7 @@
#include "pwd2key.h"
#include "mz.h"
#include "mz_crypt.h"
#include "mz_os.h"
#include "mz_strm.h"
#include "mz_strm_wzaes.h"
@ -30,7 +31,6 @@
#define MZ_AES_KEYING_ITERATIONS (1000)
#define MZ_AES_SALT_LENGTH(mode) (4 * (mode & 3) + 4)
#define MZ_AES_SALT_LENGTH_MAX (16)
#define MZ_AES_MAC_LENGTH(mode) (10)
#define MZ_AES_PW_LENGTH_MAX (128)
#define MZ_AES_PW_VERIFY_SIZE (2)
#define MZ_AES_AUTHCODE_SIZE (10)
@ -65,18 +65,101 @@ typedef struct mz_stream_wzaes_s {
int64_t total_out;
int16_t encryption_mode;
const char *password;
aes_encrypt_ctx encr_ctx[1];
hmac_ctx auth_ctx[1];
void *aes;
uint32_t crypt_pos;
uint8_t crypt_block[AES_BLOCK_SIZE];
void *hmac;
uint8_t nonce[AES_BLOCK_SIZE];
uint8_t encr_bfr[AES_BLOCK_SIZE];
uint32_t encr_pos;
} mz_stream_wzaes;
/***************************************************************************/
int32_t mz_stream_wzaes_pbkdf2(uint8_t *password, int32_t password_length, uint8_t *salt,
int32_t salt_length, int32_t iteration_count, uint8_t *key, int32_t key_length)
{
void *hmac1 = NULL;
void *hmac2 = NULL;
void *hmac3 = NULL;
int32_t err = MZ_OK;
uint16_t i = 0;
uint16_t j = 0;
uint16_t k = 0;
uint16_t block_count = 0;
uint8_t uu[MZ_HASH_SHA1_SIZE];
uint8_t ux[MZ_HASH_SHA1_SIZE];
if (password == NULL || salt == NULL || key == NULL)
return MZ_PARAM_ERROR;
memset(key, 0, key_length);
mz_crypt_hmac_create(&hmac1);
mz_crypt_hmac_create(&hmac2);
mz_crypt_hmac_create(&hmac3);
mz_crypt_hmac_set_algorithm(hmac1, MZ_HASH_SHA1);
mz_crypt_hmac_set_algorithm(hmac2, MZ_HASH_SHA1);
mz_crypt_hmac_set_algorithm(hmac3, MZ_HASH_SHA1);
err = mz_crypt_hmac_set_key(hmac1, password, password_length);
if (err == MZ_OK)
err = mz_crypt_hmac_begin(hmac1);
err = mz_crypt_hmac_set_key(hmac2, password, password_length);
if (err == MZ_OK)
err = mz_crypt_hmac_begin(hmac2);
if (err == MZ_OK)
err = mz_crypt_hmac_update(hmac2, salt, salt_length);
block_count = 1 + ((uint16_t)key_length - 1) / MZ_HASH_SHA1_SIZE;
for (i = 0; (err == MZ_OK) && (i < block_count); i += 1)
{
memset(ux, 0, sizeof(ux));
err = mz_crypt_hmac_copy(hmac2, hmac3);
if (err != MZ_OK)
break;
uu[0] = (uint8_t)((i + 1) >> 24);
uu[1] = (uint8_t)((i + 1) >> 16);
uu[2] = (uint8_t)((i + 1) >> 8);
uu[3] = (uint8_t)(i + 1);
for (j = 0, k = 4; j < iteration_count; j += 1)
{
err = mz_crypt_hmac_update(hmac3, uu, k);
err = mz_crypt_hmac_end(hmac3, uu, sizeof(uu));
for(k = 0; k < MZ_HASH_SHA1_SIZE; k += 1)
ux[k] ^= uu[k];
err = mz_crypt_hmac_copy(hmac1, hmac3);
if (err != MZ_OK)
break;
}
if (err != MZ_OK)
break;
j = 0;
k = i * MZ_HASH_SHA1_SIZE;
while (j < MZ_HASH_SHA1_SIZE && k < key_length)
key[k++] = ux[j++];
}
mz_crypt_hmac_delete(&hmac1);
mz_crypt_hmac_delete(&hmac2);
mz_crypt_hmac_delete(&hmac3);
return err;
}
/***************************************************************************/
int32_t mz_stream_wzaes_open(void *stream, const char *path, int32_t mode)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
uint16_t salt_length = 0;
uint16_t password_length = 0;
uint16_t key_length = 0;
@ -86,31 +169,32 @@ int32_t mz_stream_wzaes_open(void *stream, const char *path, int32_t mode)
uint8_t salt_value[MZ_AES_SALT_LENGTH_MAX];
const char *password = path;
aes->total_in = 0;
aes->total_out = 0;
aes->initialized = 0;
wzaes->total_in = 0;
wzaes->total_out = 0;
wzaes->initialized = 0;
if (mz_stream_is_open(aes->stream.base) != MZ_OK)
if (mz_stream_is_open(wzaes->stream.base) != MZ_OK)
return MZ_STREAM_ERROR;
if (password == NULL)
password = aes->password;
password = wzaes->password;
if (password == NULL)
return MZ_PARAM_ERROR;
password_length = (uint16_t)strlen(password);
if (password_length > MZ_AES_PW_LENGTH_MAX)
return MZ_PARAM_ERROR;
if (aes->encryption_mode < 1 || aes->encryption_mode > 3)
if (wzaes->encryption_mode < 1 || wzaes->encryption_mode > 3)
return MZ_PARAM_ERROR;
salt_length = MZ_AES_SALT_LENGTH(aes->encryption_mode);
salt_length = MZ_AES_SALT_LENGTH(wzaes->encryption_mode);
if (mode & MZ_OPEN_MODE_WRITE)
{
#ifdef MZ_ZIP_NO_COMPRESSION
return MZ_SUPPORT_ERROR;
#else
mz_os_rand(salt_value, salt_length);
mz_crypt_rand(salt_value, salt_length);
#endif
}
else if (mode & MZ_OPEN_MODE_READ)
@ -118,73 +202,80 @@ int32_t mz_stream_wzaes_open(void *stream, const char *path, int32_t mode)
#ifdef MZ_ZIP_NO_DECOMPRESSION
return MZ_SUPPORT_ERROR;
#else
if (mz_stream_read(aes->stream.base, salt_value, salt_length) != salt_length)
if (mz_stream_read(wzaes->stream.base, salt_value, salt_length) != salt_length)
return MZ_STREAM_ERROR;
#endif
}
key_length = MZ_AES_KEY_LENGTH(aes->encryption_mode);
key_length = MZ_AES_KEY_LENGTH(wzaes->encryption_mode);
// Derive the encryption and authentication keys and the password verifier
derive_key((const uint8_t *)password, password_length, salt_value, salt_length,
mz_stream_wzaes_pbkdf2((uint8_t *)password, password_length, salt_value, salt_length,
MZ_AES_KEYING_ITERATIONS, kbuf, 2 * key_length + MZ_AES_PW_VERIFY_SIZE);
// Initialize the encryption nonce and buffer pos
aes->encr_pos = AES_BLOCK_SIZE;
memset(aes->nonce, 0, AES_BLOCK_SIZE * sizeof(uint8_t));
wzaes->crypt_pos = AES_BLOCK_SIZE;
memset(wzaes->nonce, 0, sizeof(wzaes->nonce));
// Initialize for encryption using key 1
aes_encrypt_key(kbuf, key_length, aes->encr_ctx);
mz_crypt_aes_reset(wzaes->aes);
mz_crypt_aes_set_algorithm(wzaes->aes, MZ_HASH_SHA1);
mz_crypt_aes_set_mode(wzaes->aes, wzaes->encryption_mode);
mz_crypt_aes_set_key(wzaes->aes, kbuf, key_length);
// Initialize for authentication using key 2
hmac_sha_begin(HMAC_SHA1, aes->auth_ctx);
hmac_sha_key(kbuf + key_length, key_length, aes->auth_ctx);
mz_crypt_hmac_reset(wzaes->hmac);
mz_crypt_hmac_set_algorithm(wzaes->hmac, MZ_HASH_SHA1);
mz_crypt_hmac_set_key(wzaes->hmac, kbuf + key_length, key_length);
mz_crypt_hmac_begin(wzaes->hmac);
memcpy(verify, kbuf + 2 * key_length, MZ_AES_PW_VERIFY_SIZE);
memcpy(verify, kbuf + (2 * key_length), MZ_AES_PW_VERIFY_SIZE);
if (mode & MZ_OPEN_MODE_WRITE)
{
if (mz_stream_write(aes->stream.base, salt_value, salt_length) != salt_length)
if (mz_stream_write(wzaes->stream.base, salt_value, salt_length) != salt_length)
return MZ_STREAM_ERROR;
aes->total_out += salt_length;
wzaes->total_out += salt_length;
if (mz_stream_write(aes->stream.base, verify, MZ_AES_PW_VERIFY_SIZE) != MZ_AES_PW_VERIFY_SIZE)
if (mz_stream_write(wzaes->stream.base, verify, MZ_AES_PW_VERIFY_SIZE) != MZ_AES_PW_VERIFY_SIZE)
return MZ_STREAM_ERROR;
aes->total_out += MZ_AES_PW_VERIFY_SIZE;
wzaes->total_out += MZ_AES_PW_VERIFY_SIZE;
}
else if (mode & MZ_OPEN_MODE_READ)
{
aes->total_in += salt_length;
wzaes->total_in += salt_length;
if (mz_stream_read(aes->stream.base, verify_expected, MZ_AES_PW_VERIFY_SIZE) != MZ_AES_PW_VERIFY_SIZE)
if (mz_stream_read(wzaes->stream.base, verify_expected, MZ_AES_PW_VERIFY_SIZE) != MZ_AES_PW_VERIFY_SIZE)
return MZ_STREAM_ERROR;
aes->total_in += MZ_AES_PW_VERIFY_SIZE;
wzaes->total_in += MZ_AES_PW_VERIFY_SIZE;
if (memcmp(verify_expected, verify, MZ_AES_PW_VERIFY_SIZE) != 0)
return MZ_PASSWORD_ERROR;
}
aes->mode = mode;
aes->initialized = 1;
wzaes->mode = mode;
wzaes->initialized = 1;
return MZ_OK;
}
int32_t mz_stream_wzaes_is_open(void *stream)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
if (aes->initialized == 0)
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
if (wzaes->initialized == 0)
return MZ_STREAM_ERROR;
return MZ_OK;
}
static int32_t mz_stream_wzaes_encrypt_data(void *stream, uint8_t *buf, int32_t size)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
uint32_t pos = aes->encr_pos;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
uint32_t pos = wzaes->crypt_pos;
uint32_t i = 0;
int32_t err = MZ_OK;
while (i < (uint32_t)size)
{
@ -193,135 +284,134 @@ static int32_t mz_stream_wzaes_encrypt_data(void *stream, uint8_t *buf, int32_t
uint32_t j = 0;
// Increment encryption nonce
while (j < 8 && !++aes->nonce[j])
while (j < 8 && !++wzaes->nonce[j])
j += 1;
// Encrypt the nonce to form next xor buffer
aes_encrypt(aes->nonce, aes->encr_bfr, aes->encr_ctx);
memcpy(wzaes->crypt_block, wzaes->nonce, AES_BLOCK_SIZE);
mz_crypt_aes_encrypt(wzaes->aes, wzaes->crypt_block, sizeof(wzaes->crypt_block), 0);
pos = 0;
}
buf[i++] ^= aes->encr_bfr[pos++];
buf[i++] ^= wzaes->crypt_block[pos++];
}
aes->encr_pos = pos;
return MZ_OK;
wzaes->crypt_pos = pos;
return err;
}
int32_t mz_stream_wzaes_read(void *stream, void *buf, int32_t size)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
int32_t read = 0;
read = mz_stream_read(aes->stream.base, buf, size);
read = mz_stream_read(wzaes->stream.base, buf, size);
if (read > 0)
{
hmac_sha_data((uint8_t *)buf, (uint32_t)read, aes->auth_ctx);
mz_crypt_hmac_update(wzaes->hmac, (uint8_t *)buf, read);
mz_stream_wzaes_encrypt_data(stream, (uint8_t *)buf, read);
}
aes->total_in += read;
wzaes->total_in += read;
return read;
}
int32_t mz_stream_wzaes_write(void *stream, const void *buf, int32_t size)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
int32_t written = 0;
if (size < 0)
return MZ_PARAM_ERROR;
if (size > (int32_t)sizeof(aes->buffer))
if (size > (int32_t)sizeof(wzaes->buffer))
return MZ_STREAM_ERROR;
memcpy(aes->buffer, buf, size);
mz_stream_wzaes_encrypt_data(stream, (uint8_t *)aes->buffer, size);
hmac_sha_data((uint8_t *)aes->buffer, (uint32_t)size, aes->auth_ctx);
memcpy(wzaes->buffer, buf, size);
mz_stream_wzaes_encrypt_data(stream, (uint8_t *)wzaes->buffer, size);
mz_crypt_hmac_update(wzaes->hmac, wzaes->buffer, size);
written = mz_stream_write(aes->stream.base, aes->buffer, size);
written = mz_stream_write(wzaes->stream.base, wzaes->buffer, size);
if (written > 0)
aes->total_out += written;
wzaes->total_out += written;
return written;
}
int64_t mz_stream_wzaes_tell(void *stream)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
return mz_stream_tell(aes->stream.base);
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
return mz_stream_tell(wzaes->stream.base);
}
int32_t mz_stream_wzaes_seek(void *stream, int64_t offset, int32_t origin)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
return mz_stream_seek(aes->stream.base, offset, origin);
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
return mz_stream_seek(wzaes->stream.base, offset, origin);
}
int32_t mz_stream_wzaes_close(void *stream)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
uint8_t authcode[MZ_AES_AUTHCODE_SIZE];
uint8_t verify_authcode[MZ_AES_AUTHCODE_SIZE];
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
uint8_t expected_hash[MZ_AES_AUTHCODE_SIZE];
uint8_t computed_hash[MZ_HASH_SHA1_SIZE];
if (MZ_AES_MAC_LENGTH(aes->encryption_mode) != MZ_AES_AUTHCODE_SIZE)
return MZ_STREAM_ERROR;
hmac_sha_end(authcode, MZ_AES_MAC_LENGTH(aes->encryption_mode), aes->auth_ctx);
mz_crypt_hmac_end(wzaes->hmac, computed_hash, sizeof(computed_hash));
if (aes->mode & MZ_OPEN_MODE_WRITE)
if (wzaes->mode & MZ_OPEN_MODE_WRITE)
{
if (mz_stream_write(aes->stream.base, authcode, MZ_AES_AUTHCODE_SIZE) != MZ_AES_AUTHCODE_SIZE)
if (mz_stream_write(wzaes->stream.base, computed_hash, MZ_AES_AUTHCODE_SIZE) != MZ_AES_AUTHCODE_SIZE)
return MZ_STREAM_ERROR;
aes->total_out += MZ_AES_AUTHCODE_SIZE;
wzaes->total_out += MZ_AES_AUTHCODE_SIZE;
}
else if (aes->mode & MZ_OPEN_MODE_READ)
else if (wzaes->mode & MZ_OPEN_MODE_READ)
{
if (mz_stream_read(aes->stream.base, verify_authcode, MZ_AES_AUTHCODE_SIZE) != MZ_AES_AUTHCODE_SIZE)
if (mz_stream_read(wzaes->stream.base, expected_hash, MZ_AES_AUTHCODE_SIZE) != MZ_AES_AUTHCODE_SIZE)
return MZ_STREAM_ERROR;
aes->total_in += MZ_AES_AUTHCODE_SIZE;
wzaes->total_in += MZ_AES_AUTHCODE_SIZE;
// If entire entry was not read this will fail
if (memcmp(authcode, verify_authcode, MZ_AES_AUTHCODE_SIZE) != 0)
if (memcmp(computed_hash, expected_hash, MZ_AES_AUTHCODE_SIZE) != 0)
return MZ_CRC_ERROR;
}
aes->initialized = 0;
wzaes->initialized = 0;
return MZ_OK;
}
int32_t mz_stream_wzaes_error(void *stream)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
return aes->error;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
return wzaes->error;
}
void mz_stream_wzaes_set_password(void *stream, const char *password)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
aes->password = password;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
wzaes->password = password;
}
void mz_stream_wzaes_set_encryption_mode(void *stream, int16_t encryption_mode)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
aes->encryption_mode = encryption_mode;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
wzaes->encryption_mode = encryption_mode;
}
int32_t mz_stream_wzaes_get_prop_int64(void *stream, int32_t prop, int64_t *value)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
switch (prop)
{
case MZ_STREAM_PROP_TOTAL_IN:
*value = aes->total_in;
*value = wzaes->total_in;
break;
case MZ_STREAM_PROP_TOTAL_OUT:
*value = aes->total_out;
*value = wzaes->total_out;
break;
case MZ_STREAM_PROP_TOTAL_IN_MAX:
*value = aes->max_total_in;
*value = wzaes->max_total_in;
break;
case MZ_STREAM_PROP_HEADER_SIZE:
*value = MZ_AES_SALT_LENGTH((int64_t)aes->encryption_mode) + MZ_AES_PW_VERIFY_SIZE;
*value = MZ_AES_SALT_LENGTH((int64_t)wzaes->encryption_mode) + MZ_AES_PW_VERIFY_SIZE;
break;
case MZ_STREAM_PROP_FOOTER_SIZE:
*value = MZ_AES_AUTHCODE_SIZE;
@ -334,11 +424,11 @@ int32_t mz_stream_wzaes_get_prop_int64(void *stream, int32_t prop, int64_t *valu
int32_t mz_stream_wzaes_set_prop_int64(void *stream, int32_t prop, int64_t value)
{
mz_stream_wzaes *aes = (mz_stream_wzaes *)stream;
mz_stream_wzaes *wzaes = (mz_stream_wzaes *)stream;
switch (prop)
{
case MZ_STREAM_PROP_TOTAL_IN_MAX:
aes->max_total_in = value;
wzaes->max_total_in = value;
break;
default:
return MZ_EXIST_ERROR;
@ -348,29 +438,36 @@ int32_t mz_stream_wzaes_set_prop_int64(void *stream, int32_t prop, int64_t value
void *mz_stream_wzaes_create(void **stream)
{
mz_stream_wzaes *aes = NULL;
mz_stream_wzaes *wzaes = NULL;
aes = (mz_stream_wzaes *)MZ_ALLOC(sizeof(mz_stream_wzaes));
if (aes != NULL)
wzaes = (mz_stream_wzaes *)MZ_ALLOC(sizeof(mz_stream_wzaes));
if (wzaes != NULL)
{
memset(aes, 0, sizeof(mz_stream_wzaes));
aes->stream.vtbl = &mz_stream_wzaes_vtbl;
aes->encryption_mode = MZ_AES_ENCRYPTION_MODE_256;
memset(wzaes, 0, sizeof(mz_stream_wzaes));
wzaes->stream.vtbl = &mz_stream_wzaes_vtbl;
wzaes->encryption_mode = MZ_AES_ENCRYPTION_MODE_256;
mz_crypt_hmac_create(&wzaes->hmac);
mz_crypt_aes_create(&wzaes->aes);
}
if (stream != NULL)
*stream = aes;
*stream = wzaes;
return aes;
return wzaes;
}
void mz_stream_wzaes_delete(void **stream)
{
mz_stream_wzaes *aes = NULL;
mz_stream_wzaes *wzaes = NULL;
if (stream == NULL)
return;
aes = (mz_stream_wzaes *)*stream;
if (aes != NULL)
MZ_FREE(aes);
wzaes = (mz_stream_wzaes *)*stream;
if (wzaes != NULL)
{
mz_crypt_aes_delete(&wzaes->aes);
mz_crypt_hmac_delete(&wzaes->hmac);
MZ_FREE(wzaes);
}
*stream = NULL;
}

1
mz_zip.c
View File

@ -26,6 +26,7 @@
#include <limits.h>
#include "mz.h"
#include "mz_crypt.h"
#include "mz_strm.h"
#ifdef HAVE_BZIP2
# include "mz_strm_bzip.h"

51
mz_zip_rw.c
View File

@ -16,6 +16,7 @@
#include <time.h>
#include "mz.h"
#include "mz_crypt.h"
#include "mz_os.h"
#include "mz_strm.h"
#include "mz_strm_buf.h"
@ -387,15 +388,16 @@ int32_t mz_zip_reader_entry_open(void *handle)
}
err = mz_zip_entry_read_open(reader->zip_handle, reader->raw, password);
#ifndef MZ_ZIP_NO_ENCRYPTION
if (err == MZ_OK)
{
mz_os_sha_create(&reader->sha256);
mz_os_sha_set_algorithm(reader->sha256, MZ_HASH_SHA256);
mz_crypt_sha_create(&reader->sha256);
mz_crypt_sha_set_algorithm(reader->sha256, MZ_HASH_SHA256);
if (mz_zip_reader_entry_has_sign(handle) == MZ_OK)
err = mz_zip_reader_entry_sign_verify(handle);
}
#endif
}
return err;
@ -404,8 +406,9 @@ int32_t mz_zip_reader_entry_open(void *handle)
int32_t mz_zip_reader_entry_close(void *handle)
{
mz_zip_reader *reader = (mz_zip_reader *)handle;
void *file_extra_stream = NULL;
int32_t err = MZ_OK;
int32_t err_close = MZ_OK;
#ifndef MZ_ZIP_NO_ENCRYPTION
int32_t err_hash = MZ_OK;
uint16_t algorithm = 0;
uint16_t digest_size = 0;
@ -414,19 +417,21 @@ int32_t mz_zip_reader_entry_close(void *handle)
uint8_t expected_sha1[MZ_HASH_SHA1_SIZE];
mz_os_sha_end(reader->sha256, computed_sha1, sizeof(computed_sha1));
mz_crypt_sha_end(reader->sha256, computed_sha1, sizeof(computed_sha1));
mz_crypt_sha_delete(&reader->sha256);
err_hash = mz_zip_reader_entry_get_hash(handle, MZ_HASH_SHA1, expected_sha1, sizeof(expected_sha1));
err = mz_zip_entry_close(reader->zip_handle);
if ((err_hash == MZ_OK) && (err == MZ_OK))
if (err_hash == MZ_OK)
{
// Verify expected hash against computed hash
if (memcmp(computed_sha1, expected_sha1, MZ_HASH_SHA1_SIZE) != 0)
err = MZ_CRC_ERROR;
}
#endif
mz_os_sha_delete(&reader->sha256);
err_close = mz_zip_entry_close(reader->zip_handle);
if (err == MZ_OK)
err = err_close;
return err;
}
@ -436,7 +441,7 @@ int32_t mz_zip_reader_entry_read(void *handle, void *buf, int32_t len)
int32_t read = 0;
read = mz_zip_entry_read(reader->zip_handle, buf, len);
if (read > 0)
mz_os_sha_update(reader->sha256, buf, read);
mz_crypt_sha_update(reader->sha256, buf, read);
return read;
}
@ -488,7 +493,7 @@ int32_t mz_zip_reader_entry_sign_verify(void *handle)
if (err == MZ_OK)
{
// Verify the pkcs signature
err = mz_os_sign_verify(sha1, sizeof(sha1), signature, signature_size);
err = mz_crypt_sign_verify(sha1, sizeof(sha1), signature, signature_size);
}
if (signature != NULL)
@ -1215,9 +1220,11 @@ int32_t mz_zip_writer_entry_open(void *handle, mz_zip_file *file_info)
password = password_buf;
}
#ifndef MZ_ZIP_NO_ENCRYPTION
// Start calculating sha1
mz_os_sha_create(&writer->sha256);
mz_os_sha_set_algorithm(writer->sha256, MZ_HASH_SHA256);
mz_crypt_sha_create(&writer->sha256);
mz_crypt_sha_set_algorithm(writer->sha256, MZ_HASH_SHA256);
#endif
// Open entry in zip
err = mz_zip_entry_write_open(writer->zip_handle, &writer->file_info, writer->compress_level, writer->raw, password);
@ -1228,14 +1235,15 @@ int32_t mz_zip_writer_entry_open(void *handle, mz_zip_file *file_info)
int32_t mz_zip_writer_entry_close(void *handle)
{
mz_zip_writer *writer = (mz_zip_writer *)handle;
mz_zip_file *file_info = NULL;
int32_t err = MZ_OK;
#ifndef MZ_ZIP_NO_ENCRYPTION
mz_zip_file *file_info = NULL;
int32_t extrafield_size = 0;
int32_t field_length_hash = 0;
uint8_t sha1[MZ_HASH_SHA1_SIZE];
mz_os_sha_end(writer->sha256, sha1, sizeof(sha1));
mz_crypt_sha_end(writer->sha256, sha1, sizeof(sha1));
// Copy extrafield so we can append our own fields before close
mz_stream_mem_create(&writer->file_extra_stream);
@ -1266,13 +1274,14 @@ int32_t mz_zip_writer_entry_close(void *handle)
mz_stream_mem_get_buffer(writer->file_extra_stream, &file_info->extrafield);
mz_stream_mem_get_buffer_length(writer->file_extra_stream, &extrafield_size);
file_info->extrafield_size = (uint16_t)extrafield_size;
#endif
if (writer->raw)
err = mz_zip_entry_close_raw(writer->zip_handle, writer->file_info.uncompressed_size, writer->file_info.crc);
else
err = mz_zip_entry_close(writer->zip_handle);
mz_os_sha_delete(&writer->sha256);
mz_crypt_sha_delete(&writer->sha256);
return err;
}
@ -1282,11 +1291,14 @@ int32_t mz_zip_writer_entry_write(void *handle, const void *buf, int32_t len)
mz_zip_writer *writer = (mz_zip_writer *)handle;
int32_t written = 0;
written = mz_zip_entry_write(writer->zip_handle, buf, len);
#ifndef MZ_ZIP_NO_ENCRYPTION
if (written > 0)
mz_os_sha_update(writer->sha256, buf, written);
mz_crypt_sha_update(writer->sha256, buf, written);
#endif
return written;
}
#ifndef MZ_ZIP_NO_ENCRYPTION
int32_t mz_zip_writer_entry_sign(void *handle, const char *cert_path, const char *cert_pwd, const char *timestamp_url)
{
mz_zip_writer *writer = (mz_zip_writer *)handle;
@ -1301,10 +1313,10 @@ int32_t mz_zip_writer_entry_sign(void *handle, const char *cert_path, const char
if (writer == NULL || mz_zip_entry_is_open(writer->zip_handle) != MZ_OK)
return MZ_PARAM_ERROR;
mz_os_sha_end(writer->sha256, sha1, sizeof(sha1));
mz_crypt_sha_end(writer->sha256, sha1, sizeof(sha1));
if (err == MZ_OK)
err = mz_os_sign(sha1, sizeof(sha1), writer->cert_path, writer->cert_pwd, writer->timestamp_url,
err = mz_crypt_sign(sha1, sizeof(sha1), writer->cert_path, writer->cert_pwd, writer->timestamp_url,
&signature, &signature_size);
if ((err == MZ_OK) && (signature != NULL))
@ -1321,6 +1333,7 @@ int32_t mz_zip_writer_entry_sign(void *handle, const char *cert_path, const char
}
return err;
}
#endif
/***************************************************************************/

118
test/test.c
View File

@ -6,6 +6,7 @@
#include <fcntl.h>
#include "mz.h"
#include "mz_crypt.h"
#include "mz_os.h"
#include "mz_strm.h"
#include "mz_strm_crc32.h"
@ -16,12 +17,14 @@
#include "mz_strm_pkcrypt.h"
#endif
#include "mz_strm_mem.h"
#include "mz_strm_os.h"
#ifdef HAVE_AES
#include "mz_strm_wzaes.h"
#endif
#ifdef HAVE_ZLIB
#include "mz_strm_zlib.h"
#endif
#include "mz_util.h"
#include "mz_zip.h"
/***************************************************************************/
@ -84,7 +87,11 @@ void test_encrypt(char *method, mz_stream_create_cb crypt_create, char *password
void *out_stream = NULL;
void *in_stream = NULL;
void *crypt_out_stream = NULL;
char filename[120];
char encrypt_path[120];
char decrypt_path[120];
snprintf(encrypt_path, sizeof(encrypt_path), "LICENSE.encrypt.%s", method);
snprintf(decrypt_path, sizeof(decrypt_path), "LICENSE.decrypt.%s", method);
mz_stream_os_create(&in_stream);
@ -97,8 +104,7 @@ void test_encrypt(char *method, mz_stream_create_cb crypt_create, char *password
mz_stream_os_delete(&in_stream);
mz_stream_os_create(&out_stream);
snprintf(filename, sizeof(filename), "LICENSE.encrypt.%s", method);
if (mz_stream_os_open(out_stream, filename, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE) == MZ_OK)
if (mz_stream_os_open(out_stream, encrypt_path, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE) == MZ_OK)
{
crypt_create(&crypt_out_stream);
@ -114,13 +120,13 @@ void test_encrypt(char *method, mz_stream_create_cb crypt_create, char *password
mz_stream_os_close(out_stream);
printf("%s encrypted %d\n", filename, written);
printf("%s encrypted %d\n", encrypt_path, written);
}
mz_stream_os_delete(&out_stream);
mz_stream_os_create(&in_stream);
if (mz_stream_os_open(in_stream, filename, MZ_OPEN_MODE_READ) == MZ_OK)
if (mz_stream_os_open(in_stream, encrypt_path, MZ_OPEN_MODE_READ) == MZ_OK)
{
crypt_create(&crypt_out_stream);
@ -136,14 +142,14 @@ void test_encrypt(char *method, mz_stream_create_cb crypt_create, char *password
mz_stream_os_close(in_stream);
printf("%s decrypted %d\n", filename, read);
printf("%s decrypted %d\n", decrypt_path, read);
}
mz_stream_os_delete(&in_stream);
mz_stream_os_create(&out_stream);
snprintf(filename, sizeof(filename), "LICENSE.decrypt.%s", method);
if (mz_stream_os_open(out_stream, filename, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE) == MZ_OK)
if (mz_stream_os_open(out_stream, decrypt_path, MZ_OPEN_MODE_CREATE | MZ_OPEN_MODE_WRITE) == MZ_OK)
{
mz_stream_os_write(out_stream, buf, read);
mz_stream_os_close(out_stream);
@ -280,6 +286,24 @@ void test_stream_pkcrypt(void)
#ifdef HAVE_AES
void test_stream_wzaes(void)
{
int32_t iteration_count = 1000;
int32_t err = MZ_OK;
int32_t i = 0;
uint8_t *password = "passwordpasswordpasswordpassword";
uint8_t *salt = "8F3472E4EA57F56E36F30246DC22C173";
uint8_t key[MZ_HASH_SHA1_SIZE];
printf("Pbkdf2 password - %s\n", password);
printf("Pbkdf2 salt - %s\n", salt);
err = mz_stream_wzaes_pbkdf2(password, strlen(password), salt, strlen(salt), iteration_count, key, sizeof(key));
printf("Pbkdf2 key hex\n");
for (i = 0; i < sizeof(key); i += 1)
printf("%02x", key[i]);
printf("\n");
test_encrypt("aes", mz_stream_wzaes_create, "hello");
}
#endif
@ -414,12 +438,12 @@ void test_crypt_sha(void)
memset(hash, 0, sizeof(hash));
mz_os_sha_create(&sha1);
mz_os_sha_set_algorithm(sha1, MZ_HASH_SHA1);
mz_os_sha_begin(sha1);
mz_os_sha_update(sha1, test, strlen(test));
mz_os_sha_end(sha1, hash, sizeof(hash));
mz_os_sha_delete(&sha1);
mz_crypt_sha_create(&sha1);
mz_crypt_sha_set_algorithm(sha1, MZ_HASH_SHA1);
mz_crypt_sha_begin(sha1);
mz_crypt_sha_update(sha1, test, strlen(test));
mz_crypt_sha_end(sha1, hash, sizeof(hash));
mz_crypt_sha_delete(&sha1);
computed_hash[0] = 0;
for (i = 0, p = 0; i < sizeof(hash); i += 1, p += 2)
@ -431,12 +455,12 @@ void test_crypt_sha(void)
memset(hash256, 0, sizeof(hash256));
mz_os_sha_create(&sha256);
mz_os_sha_set_algorithm(sha256, MZ_HASH_SHA256);
mz_os_sha_begin(sha256);
mz_os_sha_update(sha256, test, strlen(test));
mz_os_sha_end(sha256, hash256, sizeof(hash256));
mz_os_sha_delete(&sha256);
mz_crypt_sha_create(&sha256);
mz_crypt_sha_set_algorithm(sha256, MZ_HASH_SHA256);
mz_crypt_sha_begin(sha256);
mz_crypt_sha_update(sha256, test, strlen(test));
mz_crypt_sha_end(sha256, hash256, sizeof(hash256));
mz_crypt_sha_delete(&sha256);
computed_hash[0] = 0;
for (i = 0, p = 0; i < sizeof(hash256); i += 1, p += 2)
@ -473,12 +497,12 @@ void test_crypt_aes(void)
printf("%02x", buf[i]);
printf("\n");
mz_os_aes_create(&aes);
mz_os_aes_set_mode(aes, MZ_AES_ENCRYPTION_MODE_256);
mz_os_aes_set_key(aes, key, key_length);
mz_os_aes_encrypt(aes, buf, test_length, 0);
mz_os_aes_encrypt(aes, buf + test_length, MZ_AES_BLOCK_SIZE, 1);
mz_os_aes_delete(&aes);
mz_crypt_aes_create(&aes);
mz_crypt_aes_set_mode(aes, MZ_AES_ENCRYPTION_MODE_256);
mz_crypt_aes_set_key(aes, key, key_length);
mz_crypt_aes_encrypt(aes, buf, test_length, 0);
mz_crypt_aes_encrypt(aes, buf + test_length, MZ_AES_BLOCK_SIZE, 1);
mz_crypt_aes_delete(&aes);
printf("Aes encrypted\n");
for (i = 0; i < test_length; i += 1)
@ -488,12 +512,12 @@ void test_crypt_aes(void)
printf("%02x", buf[i]);
printf("\n");
mz_os_aes_create(&aes);
mz_os_aes_set_mode(aes, MZ_AES_ENCRYPTION_MODE_256);
mz_os_aes_set_key(aes, key, key_length);
mz_os_aes_decrypt(aes, buf, test_length, 0);
mz_os_aes_decrypt(aes, buf + test_length, MZ_AES_BLOCK_SIZE, 1);
mz_os_aes_delete(&aes);
mz_crypt_aes_create(&aes);
mz_crypt_aes_set_mode(aes, MZ_AES_ENCRYPTION_MODE_256);
mz_crypt_aes_set_key(aes, key, key_length);
mz_crypt_aes_decrypt(aes, buf, test_length, 0);
mz_crypt_aes_decrypt(aes, buf + test_length, MZ_AES_BLOCK_SIZE, 1);
mz_crypt_aes_delete(&aes);
printf("Aes decrypted\n");
for (i = 0; i < test_length + MZ_AES_BLOCK_SIZE; i += 1)
@ -518,13 +542,13 @@ void test_crypt_hmac(void)
printf("Hmac sha1 key - %s\n", key);
printf("Hmac sha1 input - %s\n", test);
mz_win32_hmac_create(&hmac);
mz_win32_hmac_set_algorithm(hmac, MZ_HASH_SHA1);
mz_win32_hmac_set_key(hmac, key, key_length);
mz_win32_hmac_begin(hmac);
mz_win32_hmac_update(hmac, test, test_length);
mz_win32_hmac_end(hmac, hash, sizeof(hash));
mz_win32_hmac_delete(&hmac);
mz_crypt_hmac_create(&hmac);
mz_crypt_hmac_set_algorithm(hmac, MZ_HASH_SHA1);
mz_crypt_hmac_set_key(hmac, key, key_length);
mz_crypt_hmac_begin(hmac);
mz_crypt_hmac_update(hmac, test, test_length);
mz_crypt_hmac_end(hmac, hash, sizeof(hash));
mz_crypt_hmac_delete(&hmac);
printf("Hmac sha1 output hash hex\n");
for (i = 0; i < sizeof(hash); i += 1)
@ -536,13 +560,13 @@ void test_crypt_hmac(void)
printf("Hmac sha256 key - %s\n", key);
printf("Hmac sha256 input - %s\n", test);
mz_win32_hmac_create(&hmac);
mz_win32_hmac_set_algorithm(hmac, MZ_HASH_SHA256);
mz_win32_hmac_set_key(hmac, key, key_length);
mz_win32_hmac_begin(hmac);
mz_win32_hmac_update(hmac, test, test_length);
mz_win32_hmac_end(hmac, hash256, sizeof(hash256));
mz_win32_hmac_delete(&hmac);
mz_crypt_hmac_create(&hmac);
mz_crypt_hmac_set_algorithm(hmac, MZ_HASH_SHA256);
mz_crypt_hmac_set_key(hmac, key, key_length);
mz_crypt_hmac_begin(hmac);
mz_crypt_hmac_update(hmac, test, test_length);
mz_crypt_hmac_end(hmac, hash256, sizeof(hash256));
mz_crypt_hmac_delete(&hmac);
printf("Hmac sha256 output hash hex\n");
for (i = 0; i < sizeof(hash256); i += 1)