closed-social
/
gitea
3
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9870 Commits
2 Branches
178 MiB
Tree: f220286c00
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'f220286c00'
${ noResults }
gitea/vendor/github.com/nwaples/rardecode/archive50.go

475 lines
11 KiB
Raw Normal View History

Dump: add output format tar and output to stdout (#10376) * Dump: Use mholt/archive/v3 to support tar including many compressions Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * Dump: Allow dump output to stdout Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * Dump: Fixed bug present since #6677 where SessionConfig.Provider is never "file" Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * Dump: never pack RepoRootPath, LFS.ContentPath and LogRootPath when they are below AppDataPath Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * Dump: also dump LFS (fixes #10058) Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * Dump: never dump CustomPath if CustomPath is a subdir of or equal to AppDataPath (fixes #10365) Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * Use log.Info instead of fmt.Fprintf Signed-off-by: Philipp Homann <homann.philipp@googlemail.com> * import ordering * make fmt Co-authored-by: zeripath <art27@cantab.net> Co-authored-by: techknowlogick <techknowlogick@gitea.io> Co-authored-by: Matti R <matti@mdranta.net>
4 years ago
 
  1. package rardecode
  2. 

  3. import (
  4. 	"bufio"
  5. 	"bytes"
  6. 	"crypto/hmac"
  7. 	"crypto/sha256"
  8. 	"errors"
  9. 	"hash"
  10. 	"hash/crc32"
  11. 	"io"
  12. 	"io/ioutil"
  13. 	"time"
  14. )
  15. 

  16. const (
  17. 	// block types

  18. 	block5Arc     = 1
  19. 	block5File    = 2
  20. 	block5Service = 3
  21. 	block5Encrypt = 4
  22. 	block5End     = 5
  23. 

  24. 	// block flags

  25. 	block5HasExtra     = 0x0001
  26. 	block5HasData      = 0x0002
  27. 	block5DataNotFirst = 0x0008
  28. 	block5DataNotLast  = 0x0010
  29. 

  30. 	// end block flags

  31. 	endArc5NotLast = 0x0001
  32. 

  33. 	// archive encryption block flags

  34. 	enc5CheckPresent = 0x0001 // password check data is present

  35. 

  36. 	// main archive block flags

  37. 	arc5MultiVol = 0x0001
  38. 	arc5Solid    = 0x0004
  39. 

  40. 	// file block flags

  41. 	file5IsDir          = 0x0001
  42. 	file5HasUnixMtime   = 0x0002
  43. 	file5HasCRC32       = 0x0004
  44. 	file5UnpSizeUnknown = 0x0008
  45. 

  46. 	// file encryption record flags

  47. 	file5EncCheckPresent = 0x0001 // password check data is present

  48. 	file5EncUseMac       = 0x0002 // use MAC instead of plain checksum

  49. 

  50. 	cacheSize50   = 4
  51. 	maxPbkdf2Salt = 64
  52. 	pwCheckSize   = 8
  53. 	maxKdfCount   = 24
  54. 

  55. 	minHeaderSize = 7
  56. )
  57. 

  58. var (
  59. 	errBadPassword      = errors.New("rardecode: incorrect password")
  60. 	errCorruptEncrypt   = errors.New("rardecode: corrupt encryption data")
  61. 	errUnknownEncMethod = errors.New("rardecode: unknown encryption method")
  62. )
  63. 

  64. type extra struct {
  65. 	ftype uint64  // field type

  66. 	data  readBuf // field data

  67. }
  68. 

  69. type blockHeader50 struct {
  70. 	htype    uint64 // block type

  71. 	flags    uint64
  72. 	data     readBuf // block header data

  73. 	extra    []extra // extra fields

  74. 	dataSize int64   // size of block data

  75. }
  76. 

  77. // leHash32 wraps a hash.Hash32 to return the result of Sum in little

  78. // endian format.

  79. type leHash32 struct {
  80. 	hash.Hash32
  81. }
  82. 

  83. func (h leHash32) Sum(b []byte) []byte {
  84. 	s := h.Sum32()
  85. 	return append(b, byte(s), byte(s>>8), byte(s>>16), byte(s>>24))
  86. }
  87. 

  88. func newLittleEndianCRC32() hash.Hash32 {
  89. 	return leHash32{crc32.NewIEEE()}
  90. }
  91. 

  92. // hash50 implements fileChecksum for RAR 5 archives

  93. type hash50 struct {
  94. 	hash.Hash        // hash file data is written to

  95. 	sum       []byte // file checksum

  96. 	key       []byte // if present used with hmac in calculating checksum from hash

  97. }
  98. 

  99. func (h *hash50) valid() bool {
  100. 	sum := h.Sum(nil)
  101. 	if len(h.key) > 0 {
  102. 		mac := hmac.New(sha256.New, h.key)
  103. 		mac.Write(sum)
  104. 		sum = mac.Sum(sum[:0])
  105. 		if len(h.sum) == 4 {
  106. 			// CRC32

  107. 			for i, v := range sum[4:] {
  108. 				sum[i&3] ^= v
  109. 			}
  110. 			sum = sum[:4]
  111. 		}
  112. 	}
  113. 	return bytes.Equal(sum, h.sum)
  114. }
  115. 

  116. // archive50 implements fileBlockReader for RAR 5 file format archives

  117. type archive50 struct {
  118. 	byteReader               // reader for current block data

  119. 	v          *bufio.Reader // reader for current archive volume

  120. 	pass       []byte
  121. 	blockKey   []byte                // key used to encrypt blocks

  122. 	multi      bool                  // archive is multi-volume

  123. 	solid      bool                  // is a solid archive

  124. 	checksum   hash50                // file checksum

  125. 	dec        decoder               // optional decoder used to unpack file

  126. 	buf        readBuf               // temporary buffer

  127. 	keyCache   [cacheSize50]struct { // encryption key cache

  128. 		kdfCount int
  129. 		salt     []byte
  130. 		keys     [][]byte
  131. 	}
  132. }
  133. 

  134. // calcKeys50 calculates the keys used in RAR 5 archive processing.

  135. // The returned slice of byte slices contains 3 keys.

  136. // Key 0 is used for block or file decryption.

  137. // Key 1 is optionally used for file checksum calculation.

  138. // Key 2 is optionally used for password checking.

  139. func calcKeys50(pass, salt []byte, kdfCount int) [][]byte {
  140. 	if len(salt) > maxPbkdf2Salt {
  141. 		salt = salt[:maxPbkdf2Salt]
  142. 	}
  143. 	keys := make([][]byte, 3)
  144. 	if len(keys) == 0 {
  145. 		return keys
  146. 	}
  147. 

  148. 	prf := hmac.New(sha256.New, pass)
  149. 	prf.Write(salt)
  150. 	prf.Write([]byte{0, 0, 0, 1})
  151. 

  152. 	t := prf.Sum(nil)
  153. 	u := append([]byte(nil), t...)
  154. 

  155. 	kdfCount--
  156. 

  157. 	for i, iter := range []int{kdfCount, 16, 16} {
  158. 		for iter > 0 {
  159. 			prf.Reset()
  160. 			prf.Write(u)
  161. 			u = prf.Sum(u[:0])
  162. 			for j := range u {
  163. 				t[j] ^= u[j]
  164. 			}
  165. 			iter--
  166. 		}
  167. 		keys[i] = append([]byte(nil), t...)
  168. 	}
  169. 

  170. 	pwcheck := keys[2]
  171. 	for i, v := range pwcheck[pwCheckSize:] {
  172. 		pwcheck[i&(pwCheckSize-1)] ^= v
  173. 	}
  174. 	keys[2] = pwcheck[:pwCheckSize]
  175. 

  176. 	return keys
  177. }
  178. 

  179. // getKeys reads kdfcount and salt from b and returns the corresponding encryption keys.

  180. func (a *archive50) getKeys(b *readBuf) (keys [][]byte, err error) {
  181. 	if len(*b) < 17 {
  182. 		return nil, errCorruptEncrypt
  183. 	}
  184. 	// read kdf count and salt

  185. 	kdfCount := int(b.byte())
  186. 	if kdfCount > maxKdfCount {
  187. 		return nil, errCorruptEncrypt
  188. 	}
  189. 	kdfCount = 1 << uint(kdfCount)
  190. 	salt := b.bytes(16)
  191. 

  192. 	// check cache of keys for match

  193. 	for _, v := range a.keyCache {
  194. 		if kdfCount == v.kdfCount && bytes.Equal(salt, v.salt) {
  195. 			return v.keys, nil
  196. 		}
  197. 	}
  198. 	// not found, calculate keys

  199. 	keys = calcKeys50(a.pass, salt, kdfCount)
  200. 

  201. 	// store in cache

  202. 	copy(a.keyCache[1:], a.keyCache[:])
  203. 	a.keyCache[0].kdfCount = kdfCount
  204. 	a.keyCache[0].salt = append([]byte(nil), salt...)
  205. 	a.keyCache[0].keys = keys
  206. 

  207. 	return keys, nil
  208. }
  209. 

  210. // checkPassword calculates if a password is correct given password check data and keys.

  211. func checkPassword(b *readBuf, keys [][]byte) error {
  212. 	if len(*b) < 12 {
  213. 		return nil // not enough bytes, ignore for the moment

  214. 	}
  215. 	pwcheck := b.bytes(8)
  216. 	sum := b.bytes(4)
  217. 	csum := sha256.Sum256(pwcheck)
  218. 	if bytes.Equal(sum, csum[:len(sum)]) && !bytes.Equal(pwcheck, keys[2]) {
  219. 		return errBadPassword
  220. 	}
  221. 	return nil
  222. }
  223. 

  224. // parseFileEncryptionRecord processes the optional file encryption record from a file header.

  225. func (a *archive50) parseFileEncryptionRecord(b readBuf, f *fileBlockHeader) error {
  226. 	if ver := b.uvarint(); ver != 0 {
  227. 		return errUnknownEncMethod
  228. 	}
  229. 	flags := b.uvarint()
  230. 

  231. 	keys, err := a.getKeys(&b)
  232. 	if err != nil {
  233. 		return err
  234. 	}
  235. 

  236. 	f.key = keys[0]
  237. 	if len(b) < 16 {
  238. 		return errCorruptEncrypt
  239. 	}
  240. 	f.iv = b.bytes(16)
  241. 

  242. 	if flags&file5EncCheckPresent > 0 {
  243. 		if err := checkPassword(&b, keys); err != nil {
  244. 			return err
  245. 		}
  246. 	}
  247. 	if flags&file5EncUseMac > 0 {
  248. 		a.checksum.key = keys[1]
  249. 	}
  250. 	return nil
  251. }
  252. 

  253. func (a *archive50) parseFileHeader(h *blockHeader50) (*fileBlockHeader, error) {
  254. 	a.checksum.sum = nil
  255. 	a.checksum.key = nil
  256. 

  257. 	f := new(fileBlockHeader)
  258. 

  259. 	f.first = h.flags&block5DataNotFirst == 0
  260. 	f.last = h.flags&block5DataNotLast == 0
  261. 

  262. 	flags := h.data.uvarint() // file flags

  263. 	f.IsDir = flags&file5IsDir > 0
  264. 	f.UnKnownSize = flags&file5UnpSizeUnknown > 0
  265. 	f.UnPackedSize = int64(h.data.uvarint())
  266. 	f.PackedSize = h.dataSize
  267. 	f.Attributes = int64(h.data.uvarint())
  268. 	if flags&file5HasUnixMtime > 0 {
  269. 		if len(h.data) < 4 {
  270. 			return nil, errCorruptFileHeader
  271. 		}
  272. 		f.ModificationTime = time.Unix(int64(h.data.uint32()), 0)
  273. 	}
  274. 	if flags&file5HasCRC32 > 0 {
  275. 		if len(h.data) < 4 {
  276. 			return nil, errCorruptFileHeader
  277. 		}
  278. 		a.checksum.sum = append([]byte(nil), h.data.bytes(4)...)
  279. 		if f.first {
  280. 			a.checksum.Hash = newLittleEndianCRC32()
  281. 			f.cksum = &a.checksum
  282. 		}
  283. 	}
  284. 

  285. 	flags = h.data.uvarint() // compression flags

  286. 	f.solid = flags&0x0040 > 0
  287. 	f.winSize = uint(flags&0x3C00)>>10 + 17
  288. 	method := (flags >> 7) & 7 // compression method (0 == none)

  289. 	if f.first && method != 0 {
  290. 		unpackver := flags & 0x003f
  291. 		if unpackver != 0 {
  292. 			return nil, errUnknownDecoder
  293. 		}
  294. 		if a.dec == nil {
  295. 			a.dec = new(decoder50)
  296. 		}
  297. 		f.decoder = a.dec
  298. 	}
  299. 	switch h.data.uvarint() {
  300. 	case 0:
  301. 		f.HostOS = HostOSWindows
  302. 	case 1:
  303. 		f.HostOS = HostOSUnix
  304. 	default:
  305. 		f.HostOS = HostOSUnknown
  306. 	}
  307. 	nlen := int(h.data.uvarint())
  308. 	if len(h.data) < nlen {
  309. 		return nil, errCorruptFileHeader
  310. 	}
  311. 	f.Name = string(h.data.bytes(nlen))
  312. 

  313. 	// parse optional extra records

  314. 	for _, e := range h.extra {
  315. 		var err error
  316. 		switch e.ftype {
  317. 		case 1: // encryption

  318. 			err = a.parseFileEncryptionRecord(e.data, f)
  319. 		case 2:
  320. 			// TODO: hash

  321. 		case 3:
  322. 			// TODO: time

  323. 		case 4: // version

  324. 			_ = e.data.uvarint() // ignore flags field

  325. 			f.Version = int(e.data.uvarint())
  326. 		case 5:
  327. 			// TODO: redirection

  328. 		case 6:
  329. 			// TODO: owner

  330. 		}
  331. 		if err != nil {
  332. 			return nil, err
  333. 		}
  334. 	}
  335. 	return f, nil
  336. }
  337. 

  338. // parseEncryptionBlock calculates the key for block encryption.

  339. func (a *archive50) parseEncryptionBlock(b readBuf) error {
  340. 	if ver := b.uvarint(); ver != 0 {
  341. 		return errUnknownEncMethod
  342. 	}
  343. 	flags := b.uvarint()
  344. 	keys, err := a.getKeys(&b)
  345. 	if err != nil {
  346. 		return err
  347. 	}
  348. 	if flags&enc5CheckPresent > 0 {
  349. 		if err := checkPassword(&b, keys); err != nil {
  350. 			return err
  351. 		}
  352. 	}
  353. 	a.blockKey = keys[0]
  354. 	return nil
  355. }
  356. 

  357. func (a *archive50) readBlockHeader() (*blockHeader50, error) {
  358. 	r := io.Reader(a.v)
  359. 	if a.blockKey != nil {
  360. 		// block is encrypted

  361. 		iv := a.buf[:16]
  362. 		if err := readFull(r, iv); err != nil {
  363. 			return nil, err
  364. 		}
  365. 		r = newAesDecryptReader(r, a.blockKey, iv)
  366. 	}
  367. 

  368. 	b := a.buf[:minHeaderSize]
  369. 	if err := readFull(r, b); err != nil {
  370. 		return nil, err
  371. 	}
  372. 	crc := b.uint32()
  373. 

  374. 	hash := crc32.NewIEEE()
  375. 	hash.Write(b)
  376. 

  377. 	size := int(b.uvarint()) // header size

  378. 	if size > cap(a.buf) {
  379. 		a.buf = readBuf(make([]byte, size))
  380. 	} else {
  381. 		a.buf = a.buf[:size]
  382. 	}
  383. 	n := copy(a.buf, b)                            // copy left over bytes

  384. 	if err := readFull(r, a.buf[n:]); err != nil { // read rest of header

  385. 		return nil, err
  386. 	}
  387. 

  388. 	// check header crc

  389. 	hash.Write(a.buf[n:])
  390. 	if crc != hash.Sum32() {
  391. 		return nil, errBadHeaderCrc
  392. 	}
  393. 

  394. 	b = a.buf
  395. 	h := new(blockHeader50)
  396. 	h.htype = b.uvarint()
  397. 	h.flags = b.uvarint()
  398. 

  399. 	var extraSize int
  400. 	if h.flags&block5HasExtra > 0 {
  401. 		extraSize = int(b.uvarint())
  402. 	}
  403. 	if h.flags&block5HasData > 0 {
  404. 		h.dataSize = int64(b.uvarint())
  405. 	}
  406. 	if len(b) < extraSize {
  407. 		return nil, errCorruptHeader
  408. 	}
  409. 	h.data = b.bytes(len(b) - extraSize)
  410. 

  411. 	// read header extra records

  412. 	for len(b) > 0 {
  413. 		size = int(b.uvarint())
  414. 		if len(b) < size {
  415. 			return nil, errCorruptHeader
  416. 		}
  417. 		data := readBuf(b.bytes(size))
  418. 		ftype := data.uvarint()
  419. 		h.extra = append(h.extra, extra{ftype, data})
  420. 	}
  421. 

  422. 	return h, nil
  423. }
  424. 

  425. // next advances to the next file block in the archive

  426. func (a *archive50) next() (*fileBlockHeader, error) {
  427. 	for {
  428. 		h, err := a.readBlockHeader()
  429. 		if err != nil {
  430. 			return nil, err
  431. 		}
  432. 		a.byteReader = limitByteReader(a.v, h.dataSize)
  433. 		switch h.htype {
  434. 		case block5File:
  435. 			return a.parseFileHeader(h)
  436. 		case block5Arc:
  437. 			flags := h.data.uvarint()
  438. 			a.multi = flags&arc5MultiVol > 0
  439. 			a.solid = flags&arc5Solid > 0
  440. 		case block5Encrypt:
  441. 			err = a.parseEncryptionBlock(h.data)
  442. 		case block5End:
  443. 			flags := h.data.uvarint()
  444. 			if flags&endArc5NotLast == 0 || !a.multi {
  445. 				return nil, errArchiveEnd
  446. 			}
  447. 			return nil, errArchiveContinues
  448. 		default:
  449. 			// discard block data

  450. 			_, err = io.Copy(ioutil.Discard, a.byteReader)
  451. 		}
  452. 		if err != nil {
  453. 			return nil, err
  454. 		}
  455. 	}
  456. }
  457. 

  458. func (a *archive50) version() int { return fileFmt50 }
  459. 

  460. func (a *archive50) reset() {
  461. 	a.blockKey = nil // reset encryption when opening new volume file

  462. }
  463. 

  464. func (a *archive50) isSolid() bool {
  465. 	return a.solid
  466. }
  467. 

  468. // newArchive50 creates a new fileBlockReader for a Version 5 archive.

  469. func newArchive50(r *bufio.Reader, password string) fileBlockReader {
  470. 	a := new(archive50)
  471. 	a.v = r
  472. 	a.pass = []byte(password)
  473. 	a.buf = make([]byte, 100)
  474. 	return a
  475. }