[Git][java-team/zip4j][upstream] New upstream version 2.6.3

Andrius Merkys gitlab at salsa.debian.org
Mon Sep 28 07:19:14 BST 2020



Andrius Merkys pushed to branch upstream at Debian Java Maintainers / zip4j


Commits:
f7d21821 by Andrius Merkys at 2020-09-25T02:42:22-04:00
New upstream version 2.6.3
- - - - -


4 changed files:

- README.md
- pom.xml
- src/main/java/net/lingala/zip4j/crypto/AESEncrpyter.java
- src/main/java/net/lingala/zip4j/crypto/StandardEncrypter.java


Changes:

=====================================
README.md
=====================================
@@ -60,10 +60,10 @@ once again, and makes me support Zip4j as much as I can.
 
 JDK 7 or later<sup>*</sup>
 
-* zip4j is written on JDK 8, as some of the features (NIO) that zip4j supports require some features available only in 
-JDK 8. However, considering the fact that zip4j is widely used in Android, and to support older versions of Android,
-zip4j supports JDK 7 as well. In cases where the feature/class from JDK 8 is missing, zip4j falls back to the features
-only available in JDK 7. In other words, when running on JDK 7, not all features might be supported.
+<sup>*</sup> Zip4j is written on JDK 8, as some of the features (NIO) that Zip4j supports requires features available only in 
+JDK 8. However, considering the fact that Zip4j is widely used in Android, and to support older versions of Android,
+Zip4j supports JDK 7 as well. In cases where the feature/class from JDK 8 is missing, Zip4j falls back to the features
+ available in JDK 7. In other words, when running on JDK 7, not all features will be supported.
 
 ## Maven
 
@@ -71,7 +71,7 @@ only available in JDK 7. In other words, when running on JDK 7, not all features
 <dependency>
     <groupId>net.lingala.zip4j</groupId>
     <artifactId>zip4j</artifactId>
-    <version>2.6.2</version>
+    <version>2.6.3</version>
 </dependency>
 ```
 


=====================================
pom.xml
=====================================
@@ -6,7 +6,7 @@
 
     <groupId>net.lingala.zip4j</groupId>
     <artifactId>zip4j</artifactId>
-    <version>2.6.3-SNAPSHOT</version>
+    <version>2.6.4-SNAPSHOT</version>
 
     <name>Zip4j</name>
     <description>Zip4j - A Java library for zip files and streams</description>


=====================================
src/main/java/net/lingala/zip4j/crypto/AESEncrpyter.java
=====================================
@@ -1,182 +1,182 @@
-/*
- * Copyright 2010 Srikanth Reddy Lingala
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package net.lingala.zip4j.crypto;
-
-import net.lingala.zip4j.crypto.PBKDF2.MacBasedPRF;
-import net.lingala.zip4j.crypto.PBKDF2.PBKDF2Engine;
-import net.lingala.zip4j.crypto.PBKDF2.PBKDF2Parameters;
-import net.lingala.zip4j.crypto.engine.AESEngine;
-import net.lingala.zip4j.exception.ZipException;
-import net.lingala.zip4j.model.enums.AesKeyStrength;
-
-import java.util.Random;
-
-import static net.lingala.zip4j.crypto.AesCipherUtil.prepareBuffAESIVBytes;
-import static net.lingala.zip4j.util.InternalZipConstants.AES_BLOCK_SIZE;
-
-public class AESEncrpyter implements Encrypter {
-
-  private static final int PASSWORD_VERIFIER_LENGTH = 2;
-
-  private char[] password;
-  private AesKeyStrength aesKeyStrength;
-  private AESEngine aesEngine;
-  private MacBasedPRF mac;
-
-  private boolean finished;
-
-  private int nonce = 1;
-  private int loopCount = 0;
-
-  private byte[] iv;
-  private byte[] counterBlock;
-  private byte[] derivedPasswordVerifier;
-  private byte[] saltBytes;
-
-  public AESEncrpyter(char[] password, AesKeyStrength aesKeyStrength) throws ZipException {
-    if (password == null || password.length == 0) {
-      throw new ZipException("input password is empty or null");
-    }
-    if (aesKeyStrength != AesKeyStrength.KEY_STRENGTH_128 &&
-        aesKeyStrength != AesKeyStrength.KEY_STRENGTH_256) {
-      throw new ZipException("Invalid AES key strength");
-    }
-
-    this.password = password;
-    this.aesKeyStrength = aesKeyStrength;
-    this.finished = false;
-    counterBlock = new byte[AES_BLOCK_SIZE];
-    iv = new byte[AES_BLOCK_SIZE];
-    init();
-  }
-
-  private void init() throws ZipException {
-    int keyLength = aesKeyStrength.getKeyLength();
-    int macLength = aesKeyStrength.getMacLength();
-    int saltLength = aesKeyStrength.getSaltLength();
-
-    saltBytes = generateSalt(saltLength);
-    byte[] keyBytes = deriveKey(saltBytes, password, keyLength, macLength);
-
-    if (keyBytes == null || keyBytes.length != (keyLength + macLength + PASSWORD_VERIFIER_LENGTH)) {
-      throw new ZipException("invalid key generated, cannot decrypt file");
-    }
-
-    byte[] aesKey = new byte[keyLength];
-    byte[] macKey = new byte[macLength];
-    derivedPasswordVerifier = new byte[PASSWORD_VERIFIER_LENGTH];
-
-    System.arraycopy(keyBytes, 0, aesKey, 0, keyLength);
-    System.arraycopy(keyBytes, keyLength, macKey, 0, macLength);
-    System.arraycopy(keyBytes, keyLength + macLength, derivedPasswordVerifier, 0, PASSWORD_VERIFIER_LENGTH);
-
-    aesEngine = new AESEngine(aesKey);
-    mac = new MacBasedPRF("HmacSHA1");
-    mac.init(macKey);
-  }
-
-  private byte[] deriveKey(byte[] salt, char[] password, int keyLength, int macLength) throws ZipException {
-    try {
-      PBKDF2Parameters p = new PBKDF2Parameters("HmacSHA1", "ISO-8859-1",
-          salt, 1000);
-      PBKDF2Engine e = new PBKDF2Engine(p);
-      byte[] derivedKey = e.deriveKey(password, keyLength + macLength + PASSWORD_VERIFIER_LENGTH);
-      return derivedKey;
-    } catch (Exception e) {
-      throw new ZipException(e);
-    }
-  }
-
-  public int encryptData(byte[] buff) throws ZipException {
-
-    if (buff == null) {
-      throw new ZipException("input bytes are null, cannot perform AES encrpytion");
-    }
-    return encryptData(buff, 0, buff.length);
-  }
-
-  public int encryptData(byte[] buff, int start, int len) throws ZipException {
-
-    if (finished) {
-      // A non 16 byte block has already been passed to encrypter
-      // non 16 byte block should be the last block of compressed data in AES encryption
-      // any more encryption will lead to corruption of data
-      throw new ZipException("AES Encrypter is in finished state (A non 16 byte block has already been passed to encrypter)");
-    }
-
-    if (len % 16 != 0) {
-      this.finished = true;
-    }
-
-    for (int j = start; j < (start + len); j += AES_BLOCK_SIZE) {
-      loopCount = (j + AES_BLOCK_SIZE <= (start + len)) ?
-          AES_BLOCK_SIZE : ((start + len) - j);
-
-      prepareBuffAESIVBytes(iv, nonce);
-      aesEngine.processBlock(iv, counterBlock);
-
-      for (int k = 0; k < loopCount; k++) {
-        buff[j + k] = (byte) (buff[j + k] ^ counterBlock[k]);
-      }
-
-      mac.update(buff, j, loopCount);
-      nonce++;
-    }
-
-    return len;
-  }
-
-  private static byte[] generateSalt(int size) throws ZipException {
-
-    if (size != 8 && size != 16) {
-      throw new ZipException("invalid salt size, cannot generate salt");
-    }
-
-    int rounds = 0;
-
-    if (size == 8)
-      rounds = 2;
-    if (size == 16)
-      rounds = 4;
-
-    byte[] salt = new byte[size];
-    for (int j = 0; j < rounds; j++) {
-      Random rand = new Random();
-      int i = rand.nextInt();
-      salt[0 + j * 4] = (byte) (i >> 24);
-      salt[1 + j * 4] = (byte) (i >> 16);
-      salt[2 + j * 4] = (byte) (i >> 8);
-      salt[3 + j * 4] = (byte) i;
-    }
-    return salt;
-  }
-
-  public byte[] getFinalMac() {
-    byte[] rawMacBytes = mac.doFinal();
-    byte[] macBytes = new byte[10];
-    System.arraycopy(rawMacBytes, 0, macBytes, 0, 10);
-    return macBytes;
-  }
-
-  public byte[] getDerivedPasswordVerifier() {
-    return derivedPasswordVerifier;
-  }
-
-  public byte[] getSaltBytes() {
-    return saltBytes;
-  }
-}
+/*
+ * Copyright 2010 Srikanth Reddy Lingala
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.lingala.zip4j.crypto;
+
+import net.lingala.zip4j.crypto.PBKDF2.MacBasedPRF;
+import net.lingala.zip4j.crypto.PBKDF2.PBKDF2Engine;
+import net.lingala.zip4j.crypto.PBKDF2.PBKDF2Parameters;
+import net.lingala.zip4j.crypto.engine.AESEngine;
+import net.lingala.zip4j.exception.ZipException;
+import net.lingala.zip4j.model.enums.AesKeyStrength;
+
+import java.security.SecureRandom;
+
+import static net.lingala.zip4j.crypto.AesCipherUtil.prepareBuffAESIVBytes;
+import static net.lingala.zip4j.util.InternalZipConstants.AES_BLOCK_SIZE;
+
+public class AESEncrpyter implements Encrypter {
+
+  private static final int PASSWORD_VERIFIER_LENGTH = 2;
+
+  private char[] password;
+  private AesKeyStrength aesKeyStrength;
+  private AESEngine aesEngine;
+  private MacBasedPRF mac;
+  private SecureRandom random = new SecureRandom();
+
+  private boolean finished;
+
+  private int nonce = 1;
+  private int loopCount = 0;
+
+  private byte[] iv;
+  private byte[] counterBlock;
+  private byte[] derivedPasswordVerifier;
+  private byte[] saltBytes;
+
+  public AESEncrpyter(char[] password, AesKeyStrength aesKeyStrength) throws ZipException {
+    if (password == null || password.length == 0) {
+      throw new ZipException("input password is empty or null");
+    }
+    if (aesKeyStrength != AesKeyStrength.KEY_STRENGTH_128 &&
+        aesKeyStrength != AesKeyStrength.KEY_STRENGTH_256) {
+      throw new ZipException("Invalid AES key strength");
+    }
+
+    this.password = password;
+    this.aesKeyStrength = aesKeyStrength;
+    this.finished = false;
+    counterBlock = new byte[AES_BLOCK_SIZE];
+    iv = new byte[AES_BLOCK_SIZE];
+    init();
+  }
+
+  private void init() throws ZipException {
+    int keyLength = aesKeyStrength.getKeyLength();
+    int macLength = aesKeyStrength.getMacLength();
+    int saltLength = aesKeyStrength.getSaltLength();
+
+    saltBytes = generateSalt(saltLength);
+    byte[] keyBytes = deriveKey(saltBytes, password, keyLength, macLength);
+
+    if (keyBytes == null || keyBytes.length != (keyLength + macLength + PASSWORD_VERIFIER_LENGTH)) {
+      throw new ZipException("invalid key generated, cannot decrypt file");
+    }
+
+    byte[] aesKey = new byte[keyLength];
+    byte[] macKey = new byte[macLength];
+    derivedPasswordVerifier = new byte[PASSWORD_VERIFIER_LENGTH];
+
+    System.arraycopy(keyBytes, 0, aesKey, 0, keyLength);
+    System.arraycopy(keyBytes, keyLength, macKey, 0, macLength);
+    System.arraycopy(keyBytes, keyLength + macLength, derivedPasswordVerifier, 0, PASSWORD_VERIFIER_LENGTH);
+
+    aesEngine = new AESEngine(aesKey);
+    mac = new MacBasedPRF("HmacSHA1");
+    mac.init(macKey);
+  }
+
+  private byte[] deriveKey(byte[] salt, char[] password, int keyLength, int macLength) throws ZipException {
+    try {
+      PBKDF2Parameters p = new PBKDF2Parameters("HmacSHA1", "ISO-8859-1",
+          salt, 1000);
+      PBKDF2Engine e = new PBKDF2Engine(p);
+      return e.deriveKey(password, keyLength + macLength + PASSWORD_VERIFIER_LENGTH);
+    } catch (Exception e) {
+      throw new ZipException(e);
+    }
+  }
+
+  public int encryptData(byte[] buff) throws ZipException {
+
+    if (buff == null) {
+      throw new ZipException("input bytes are null, cannot perform AES encrpytion");
+    }
+    return encryptData(buff, 0, buff.length);
+  }
+
+  public int encryptData(byte[] buff, int start, int len) throws ZipException {
+
+    if (finished) {
+      // A non 16 byte block has already been passed to encrypter
+      // non 16 byte block should be the last block of compressed data in AES encryption
+      // any more encryption will lead to corruption of data
+      throw new ZipException("AES Encrypter is in finished state (A non 16 byte block has already been passed to encrypter)");
+    }
+
+    if (len % 16 != 0) {
+      this.finished = true;
+    }
+
+    for (int j = start; j < (start + len); j += AES_BLOCK_SIZE) {
+      loopCount = (j + AES_BLOCK_SIZE <= (start + len)) ?
+          AES_BLOCK_SIZE : ((start + len) - j);
+
+      prepareBuffAESIVBytes(iv, nonce);
+      aesEngine.processBlock(iv, counterBlock);
+
+      for (int k = 0; k < loopCount; k++) {
+        buff[j + k] = (byte) (buff[j + k] ^ counterBlock[k]);
+      }
+
+      mac.update(buff, j, loopCount);
+      nonce++;
+    }
+
+    return len;
+  }
+
+  private byte[] generateSalt(int size) throws ZipException {
+
+    if (size != 8 && size != 16) {
+      throw new ZipException("invalid salt size, cannot generate salt");
+    }
+
+    int rounds = 0;
+
+    if (size == 8) {
+      rounds = 2;
+    } else if (size == 16) {
+      rounds = 4;
+    }
+
+    byte[] salt = new byte[size];
+    for (int j = 0; j < rounds; j++) {
+      int i = random.nextInt();
+      salt[0 + j * 4] = (byte) (i >> 24);
+      salt[1 + j * 4] = (byte) (i >> 16);
+      salt[2 + j * 4] = (byte) (i >> 8);
+      salt[3 + j * 4] = (byte) i;
+    }
+    return salt;
+  }
+
+  public byte[] getFinalMac() {
+    byte[] rawMacBytes = mac.doFinal();
+    byte[] macBytes = new byte[10];
+    System.arraycopy(rawMacBytes, 0, macBytes, 0, 10);
+    return macBytes;
+  }
+
+  public byte[] getDerivedPasswordVerifier() {
+    return derivedPasswordVerifier;
+  }
+
+  public byte[] getSaltBytes() {
+    return saltBytes;
+  }
+}


=====================================
src/main/java/net/lingala/zip4j/crypto/StandardEncrypter.java
=====================================
@@ -1,102 +1,99 @@
-/*
- * Copyright 2010 Srikanth Reddy Lingala
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- * http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing,
- * software distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
-
-package net.lingala.zip4j.crypto;
-
-import net.lingala.zip4j.crypto.engine.ZipCryptoEngine;
-import net.lingala.zip4j.exception.ZipException;
-
-import java.util.Random;
-
-import static net.lingala.zip4j.util.InternalZipConstants.STD_DEC_HDR_SIZE;
-
-public class StandardEncrypter implements Encrypter {
-
-  private ZipCryptoEngine zipCryptoEngine;
-  private byte[] headerBytes;
-
-  public StandardEncrypter(char[] password, long key) throws ZipException {
-   this.zipCryptoEngine = new ZipCryptoEngine();
-
-    this.headerBytes = new byte[STD_DEC_HDR_SIZE];
-    init(password, key);
-  }
-
-  private void init(char[] password, long key) throws ZipException {
-    if (password == null || password.length <= 0) {
-      throw new ZipException("input password is null or empty, cannot initialize standard encrypter");
-    }
-    zipCryptoEngine.initKeys(password);
-    headerBytes = generateRandomBytes(STD_DEC_HDR_SIZE);
-    // Initialize again since the generated bytes were encrypted.
-    zipCryptoEngine.initKeys(password);
-
-    headerBytes[STD_DEC_HDR_SIZE - 1] = (byte) ((key >>> 24));
-    headerBytes[STD_DEC_HDR_SIZE - 2] = (byte) ((key >>> 16));
-
-    if (headerBytes.length < STD_DEC_HDR_SIZE) {
-      throw new ZipException("invalid header bytes generated, cannot perform standard encryption");
-    }
-
-    encryptData(headerBytes);
-  }
-
-  public int encryptData(byte[] buff) throws ZipException {
-    if (buff == null) {
-      throw new NullPointerException();
-    }
-    return encryptData(buff, 0, buff.length);
-  }
-
-  public int encryptData(byte[] buff, int start, int len) throws ZipException {
-    if (len < 0) {
-      throw new ZipException("invalid length specified to decrpyt data");
-    }
-
-    for (int i = start; i < start + len; i++) {
-      buff[i] = encryptByte(buff[i]);
-    }
-    return len;
-  }
-
-  protected byte encryptByte(byte val) {
-    byte temp_val = (byte) (val ^ zipCryptoEngine.decryptByte() & 0xff);
-    zipCryptoEngine.updateKeys(val);
-    return temp_val;
-  }
-
-  protected byte[] generateRandomBytes(int size) throws ZipException {
-
-    if (size <= 0) {
-      throw new ZipException("size is either 0 or less than 0, cannot generate header for standard encryptor");
-    }
-
-    byte[] buff = new byte[size];
-
-    Random rand = new Random();
-
-    for (int i = 0; i < buff.length; i++) {
-      // Encrypted to get less predictability for poorly implemented rand functions.
-      buff[i] = encryptByte((byte) rand.nextInt(256));
-    }
-    return buff;
-  }
-
-  public byte[] getHeaderBytes() {
-    return headerBytes;
-  }
-
-}
+/*
+ * Copyright 2010 Srikanth Reddy Lingala
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package net.lingala.zip4j.crypto;
+
+import net.lingala.zip4j.crypto.engine.ZipCryptoEngine;
+import net.lingala.zip4j.exception.ZipException;
+
+import java.security.SecureRandom;
+
+import static net.lingala.zip4j.util.InternalZipConstants.STD_DEC_HDR_SIZE;
+
+public class StandardEncrypter implements Encrypter {
+
+  private ZipCryptoEngine zipCryptoEngine;
+  private byte[] headerBytes;
+
+  public StandardEncrypter(char[] password, long key) throws ZipException {
+   this.zipCryptoEngine = new ZipCryptoEngine();
+
+    this.headerBytes = new byte[STD_DEC_HDR_SIZE];
+    init(password, key);
+  }
+
+  private void init(char[] password, long key) throws ZipException {
+    if (password == null || password.length <= 0) {
+      throw new ZipException("input password is null or empty, cannot initialize standard encrypter");
+    }
+    zipCryptoEngine.initKeys(password);
+    headerBytes = generateRandomBytes(STD_DEC_HDR_SIZE);
+    // Initialize again since the generated bytes were encrypted.
+    zipCryptoEngine.initKeys(password);
+
+    headerBytes[STD_DEC_HDR_SIZE - 1] = (byte) ((key >>> 24));
+    headerBytes[STD_DEC_HDR_SIZE - 2] = (byte) ((key >>> 16));
+
+    if (headerBytes.length < STD_DEC_HDR_SIZE) {
+      throw new ZipException("invalid header bytes generated, cannot perform standard encryption");
+    }
+
+    encryptData(headerBytes);
+  }
+
+  public int encryptData(byte[] buff) throws ZipException {
+    if (buff == null) {
+      throw new NullPointerException();
+    }
+    return encryptData(buff, 0, buff.length);
+  }
+
+  public int encryptData(byte[] buff, int start, int len) throws ZipException {
+    if (len < 0) {
+      throw new ZipException("invalid length specified to decrpyt data");
+    }
+
+    for (int i = start; i < start + len; i++) {
+      buff[i] = encryptByte(buff[i]);
+    }
+    return len;
+  }
+
+  protected byte encryptByte(byte val) {
+    byte temp_val = (byte) (val ^ zipCryptoEngine.decryptByte() & 0xff);
+    zipCryptoEngine.updateKeys(val);
+    return temp_val;
+  }
+
+  protected byte[] generateRandomBytes(int size) throws ZipException {
+    if (size <= 0) {
+      throw new ZipException("size is either 0 or less than 0, cannot generate header for standard encryptor");
+    }
+
+    byte[] buff = new byte[size];
+    SecureRandom random = new SecureRandom();
+    for (int i = 0; i < buff.length; i++) {
+      buff[i] = encryptByte((byte) random.nextInt(256));
+    }
+
+    return buff;
+  }
+
+  public byte[] getHeaderBytes() {
+    return headerBytes;
+  }
+
+}



View it on GitLab: https://salsa.debian.org/java-team/zip4j/-/commit/f7d218210dfa6ea0a971ffd2ef95e4b18c391011

-- 
View it on GitLab: https://salsa.debian.org/java-team/zip4j/-/commit/f7d218210dfa6ea0a971ffd2ef95e4b18c391011
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-java-commits/attachments/20200928/8619b0d3/attachment.html>


More information about the pkg-java-commits mailing list