1
1
mirror of https://github.com/go-gitea/gitea synced 2025-01-25 09:04:29 +00:00

476 lines
11 KiB
Go
Raw Normal View History

package rardecode
import (
"bufio"
"bytes"
"crypto/hmac"
"crypto/sha256"
"errors"
"hash"
"hash/crc32"
"io"
"io/ioutil"
"time"
)
const (
// block types
block5Arc = 1
block5File = 2
block5Service = 3
block5Encrypt = 4
block5End = 5
// block flags
block5HasExtra = 0x0001
block5HasData = 0x0002
block5DataNotFirst = 0x0008
block5DataNotLast = 0x0010
// end block flags
endArc5NotLast = 0x0001
// archive encryption block flags
enc5CheckPresent = 0x0001 // password check data is present
// main archive block flags
arc5MultiVol = 0x0001
arc5Solid = 0x0004
// file block flags
file5IsDir = 0x0001
file5HasUnixMtime = 0x0002
file5HasCRC32 = 0x0004
file5UnpSizeUnknown = 0x0008
// file encryption record flags
file5EncCheckPresent = 0x0001 // password check data is present
file5EncUseMac = 0x0002 // use MAC instead of plain checksum
cacheSize50 = 4
maxPbkdf2Salt = 64
pwCheckSize = 8
maxKdfCount = 24
minHeaderSize = 7
)
var (
errBadPassword = errors.New("rardecode: incorrect password")
errCorruptEncrypt = errors.New("rardecode: corrupt encryption data")
errUnknownEncMethod = errors.New("rardecode: unknown encryption method")
)
type extra struct {
ftype uint64 // field type
data readBuf // field data
}
type blockHeader50 struct {
htype uint64 // block type
flags uint64
data readBuf // block header data
extra []extra // extra fields
dataSize int64 // size of block data
}
// leHash32 wraps a hash.Hash32 to return the result of Sum in little
// endian format.
type leHash32 struct {
hash.Hash32
}
func (h leHash32) Sum(b []byte) []byte {
s := h.Sum32()
return append(b, byte(s), byte(s>>8), byte(s>>16), byte(s>>24))
}
func newLittleEndianCRC32() hash.Hash32 {
return leHash32{crc32.NewIEEE()}
}
// hash50 implements fileChecksum for RAR 5 archives
type hash50 struct {
hash.Hash // hash file data is written to
sum []byte // file checksum
key []byte // if present used with hmac in calculating checksum from hash
}
func (h *hash50) valid() bool {
sum := h.Sum(nil)
if len(h.key) > 0 {
mac := hmac.New(sha256.New, h.key)
mac.Write(sum)
sum = mac.Sum(sum[:0])
if len(h.sum) == 4 {
// CRC32
for i, v := range sum[4:] {
sum[i&3] ^= v
}
sum = sum[:4]
}
}
return bytes.Equal(sum, h.sum)
}
// archive50 implements fileBlockReader for RAR 5 file format archives
type archive50 struct {
byteReader // reader for current block data
v *bufio.Reader // reader for current archive volume
pass []byte
blockKey []byte // key used to encrypt blocks
multi bool // archive is multi-volume
solid bool // is a solid archive
checksum hash50 // file checksum
dec decoder // optional decoder used to unpack file
buf readBuf // temporary buffer
keyCache [cacheSize50]struct { // encryption key cache
kdfCount int
salt []byte
keys [][]byte
}
}
// calcKeys50 calculates the keys used in RAR 5 archive processing.
// The returned slice of byte slices contains 3 keys.
// Key 0 is used for block or file decryption.
// Key 1 is optionally used for file checksum calculation.
// Key 2 is optionally used for password checking.
func calcKeys50(pass, salt []byte, kdfCount int) [][]byte {
if len(salt) > maxPbkdf2Salt {
salt = salt[:maxPbkdf2Salt]
}
keys := make([][]byte, 3)
if len(keys) == 0 {
return keys
}
prf := hmac.New(sha256.New, pass)
prf.Write(salt)
prf.Write([]byte{0, 0, 0, 1})
t := prf.Sum(nil)
u := append([]byte(nil), t...)
kdfCount--
for i, iter := range []int{kdfCount, 16, 16} {
for iter > 0 {
prf.Reset()
prf.Write(u)
u = prf.Sum(u[:0])
for j := range u {
t[j] ^= u[j]
}
iter--
}
keys[i] = append([]byte(nil), t...)
}
pwcheck := keys[2]
for i, v := range pwcheck[pwCheckSize:] {
pwcheck[i&(pwCheckSize-1)] ^= v
}
keys[2] = pwcheck[:pwCheckSize]
return keys
}
// getKeys reads kdfcount and salt from b and returns the corresponding encryption keys.
func (a *archive50) getKeys(b *readBuf) (keys [][]byte, err error) {
if len(*b) < 17 {
return nil, errCorruptEncrypt
}
// read kdf count and salt
kdfCount := int(b.byte())
if kdfCount > maxKdfCount {
return nil, errCorruptEncrypt
}
kdfCount = 1 << uint(kdfCount)
salt := b.bytes(16)
// check cache of keys for match
for _, v := range a.keyCache {
if kdfCount == v.kdfCount && bytes.Equal(salt, v.salt) {
return v.keys, nil
}
}
// not found, calculate keys
keys = calcKeys50(a.pass, salt, kdfCount)
// store in cache
copy(a.keyCache[1:], a.keyCache[:])
a.keyCache[0].kdfCount = kdfCount
a.keyCache[0].salt = append([]byte(nil), salt...)
a.keyCache[0].keys = keys
return keys, nil
}
// checkPassword calculates if a password is correct given password check data and keys.
func checkPassword(b *readBuf, keys [][]byte) error {
if len(*b) < 12 {
return nil // not enough bytes, ignore for the moment
}
pwcheck := b.bytes(8)
sum := b.bytes(4)
csum := sha256.Sum256(pwcheck)
if bytes.Equal(sum, csum[:len(sum)]) && !bytes.Equal(pwcheck, keys[2]) {
return errBadPassword
}
return nil
}
// parseFileEncryptionRecord processes the optional file encryption record from a file header.
func (a *archive50) parseFileEncryptionRecord(b readBuf, f *fileBlockHeader) error {
if ver := b.uvarint(); ver != 0 {
return errUnknownEncMethod
}
flags := b.uvarint()
keys, err := a.getKeys(&b)
if err != nil {
return err
}
f.key = keys[0]
if len(b) < 16 {
return errCorruptEncrypt
}
f.iv = b.bytes(16)
if flags&file5EncCheckPresent > 0 {
if err := checkPassword(&b, keys); err != nil {
return err
}
}
if flags&file5EncUseMac > 0 {
a.checksum.key = keys[1]
}
return nil
}
func (a *archive50) parseFileHeader(h *blockHeader50) (*fileBlockHeader, error) {
a.checksum.sum = nil
a.checksum.key = nil
f := new(fileBlockHeader)
f.first = h.flags&block5DataNotFirst == 0
f.last = h.flags&block5DataNotLast == 0
flags := h.data.uvarint() // file flags
f.IsDir = flags&file5IsDir > 0
f.UnKnownSize = flags&file5UnpSizeUnknown > 0
f.UnPackedSize = int64(h.data.uvarint())
f.PackedSize = h.dataSize
f.Attributes = int64(h.data.uvarint())
if flags&file5HasUnixMtime > 0 {
if len(h.data) < 4 {
return nil, errCorruptFileHeader
}
f.ModificationTime = time.Unix(int64(h.data.uint32()), 0)
}
if flags&file5HasCRC32 > 0 {
if len(h.data) < 4 {
return nil, errCorruptFileHeader
}
a.checksum.sum = append([]byte(nil), h.data.bytes(4)...)
if f.first {
a.checksum.Hash = newLittleEndianCRC32()
f.cksum = &a.checksum
}
}
flags = h.data.uvarint() // compression flags
f.solid = flags&0x0040 > 0
f.winSize = uint(flags&0x3C00)>>10 + 17
method := (flags >> 7) & 7 // compression method (0 == none)
if f.first && method != 0 {
unpackver := flags & 0x003f
if unpackver != 0 {
return nil, errUnknownDecoder
}
if a.dec == nil {
a.dec = new(decoder50)
}
f.decoder = a.dec
}
switch h.data.uvarint() {
case 0:
f.HostOS = HostOSWindows
case 1:
f.HostOS = HostOSUnix
default:
f.HostOS = HostOSUnknown
}
nlen := int(h.data.uvarint())
if len(h.data) < nlen {
return nil, errCorruptFileHeader
}
f.Name = string(h.data.bytes(nlen))
// parse optional extra records
for _, e := range h.extra {
var err error
switch e.ftype {
case 1: // encryption
err = a.parseFileEncryptionRecord(e.data, f)
case 2:
// TODO: hash
case 3:
// TODO: time
case 4: // version
_ = e.data.uvarint() // ignore flags field
f.Version = int(e.data.uvarint())
case 5:
// TODO: redirection
case 6:
// TODO: owner
}
if err != nil {
return nil, err
}
}
return f, nil
}
// parseEncryptionBlock calculates the key for block encryption.
func (a *archive50) parseEncryptionBlock(b readBuf) error {
if ver := b.uvarint(); ver != 0 {
return errUnknownEncMethod
}
flags := b.uvarint()
keys, err := a.getKeys(&b)
if err != nil {
return err
}
if flags&enc5CheckPresent > 0 {
if err := checkPassword(&b, keys); err != nil {
return err
}
}
a.blockKey = keys[0]
return nil
}
func (a *archive50) readBlockHeader() (*blockHeader50, error) {
r := io.Reader(a.v)
if a.blockKey != nil {
// block is encrypted
iv := a.buf[:16]
if err := readFull(r, iv); err != nil {
return nil, err
}
r = newAesDecryptReader(r, a.blockKey, iv)
}
b := a.buf[:minHeaderSize]
if err := readFull(r, b); err != nil {
return nil, err
}
crc := b.uint32()
hash := crc32.NewIEEE()
hash.Write(b)
size := int(b.uvarint()) // header size
if size > cap(a.buf) {
a.buf = readBuf(make([]byte, size))
} else {
a.buf = a.buf[:size]
}
n := copy(a.buf, b) // copy left over bytes
if err := readFull(r, a.buf[n:]); err != nil { // read rest of header
return nil, err
}
// check header crc
hash.Write(a.buf[n:])
if crc != hash.Sum32() {
return nil, errBadHeaderCrc
}
b = a.buf
h := new(blockHeader50)
h.htype = b.uvarint()
h.flags = b.uvarint()
var extraSize int
if h.flags&block5HasExtra > 0 {
extraSize = int(b.uvarint())
}
if h.flags&block5HasData > 0 {
h.dataSize = int64(b.uvarint())
}
if len(b) < extraSize {
return nil, errCorruptHeader
}
h.data = b.bytes(len(b) - extraSize)
// read header extra records
for len(b) > 0 {
size = int(b.uvarint())
if len(b) < size {
return nil, errCorruptHeader
}
data := readBuf(b.bytes(size))
ftype := data.uvarint()
h.extra = append(h.extra, extra{ftype, data})
}
return h, nil
}
// next advances to the next file block in the archive
func (a *archive50) next() (*fileBlockHeader, error) {
for {
h, err := a.readBlockHeader()
if err != nil {
return nil, err
}
a.byteReader = limitByteReader(a.v, h.dataSize)
switch h.htype {
case block5File:
return a.parseFileHeader(h)
case block5Arc:
flags := h.data.uvarint()
a.multi = flags&arc5MultiVol > 0
a.solid = flags&arc5Solid > 0
case block5Encrypt:
err = a.parseEncryptionBlock(h.data)
case block5End:
flags := h.data.uvarint()
if flags&endArc5NotLast == 0 || !a.multi {
return nil, errArchiveEnd
}
return nil, errArchiveContinues
default:
// discard block data
_, err = io.Copy(ioutil.Discard, a.byteReader)
}
if err != nil {
return nil, err
}
}
}
func (a *archive50) version() int { return fileFmt50 }
func (a *archive50) reset() {
a.blockKey = nil // reset encryption when opening new volume file
}
func (a *archive50) isSolid() bool {
return a.solid
}
// newArchive50 creates a new fileBlockReader for a Version 5 archive.
func newArchive50(r *bufio.Reader, password string) fileBlockReader {
a := new(archive50)
a.v = r
a.pass = []byte(password)
a.buf = make([]byte, 100)
return a
}