zip: read AES-encrypted zip files (AE-1 and AE-2)

[konimarti]

Read AES-encrypyted Zip files using the AE-1 or AE-2 format 1;

[lerno]

Can the Zip password ever be an empty string?

[konimarti]

The empty string for the password doesn't make sense but I just added it as the default function value when it's not encrypted. I need to reconsider that. Also, there's an issue with an encrypted deflate stream that I initially didn't see and haven't resolved yet. This needs more work.

[konimarti]

I discovered that WinZip’s AES-CTR uses a little-endian counter, so I had to increment the IV starting at the lowest-order byte instead of the highest (which is the common way). After adding a little-endian counter to AES-CTR, the decrypted DEFLATE streams should be correct now.

[konimarti]

The failed nix test is because of a stochastic element in std::math::distributions. I thought I removed most of them but apprently not. Will provide a fix for this soon, too.

[konimarti]

Can the Zip password ever be an empty string?

I changed the password handling to a callback which provides for a cleaner api.

[konimarti]

For testing purposes, AES-encrypted zip files can be created with 7z:

7z a -tzip -mem=AES256 -pYourPassword secure.zip file_to_encrypt.txt

[lerno]

Are you imagining that the callback would pop some dialog or something? I think more reasonable would be to fail on PASSWORD_NEEDED if the password isn't provided and it's passworded, and a PASSWORD_MISMATCH if the password doesn't work.

[konimarti]

It was meant for flexibility: you can have different passwords for different zip entry files in the same archive and an empty string as a password is technically valid. I'm fine with changing it back to have the password in the function signature, though.