Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: AES-2 encryption #94

Merged
merged 4 commits into from
Jan 4, 2024
Merged

feat: AES-2 encryption #94

merged 4 commits into from
Jan 4, 2024

Conversation

michalc
Copy link
Member

@michalc michalc commented Jan 3, 2024
edited
Loading

This adds AES-2 encryption as requested/discussed in #93 and defined at https://www.winzip.com/en/support/aes-encryption/

For now, AES-2 is used over AES-1 to prevent leakage of information via CRC-32 for small files, at the price of not having a checksum on the uncompressed plain text data (although there is an HMAC check on the encrypted compressed data as part of AES-2). In a later change, we should be able to make it AES-1 for larger files as recommended at https://www.winzip.com/en/support/aes-encryption/, but not doing this now to keep this change reasonably small.

@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch 6 times, most recently from 47203b9 to 8f48f53 Compare January 3, 2024 16:51
@michalc michalc mentioned this pull request Jan 3, 2024
Closed
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch 23 times, most recently from 864cb08 to 65f4c92 Compare January 3, 2024 23:06
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch 11 times, most recently from b70201b to 5d3a1c3 Compare January 4, 2024 13:11
@michalc
ci: bump version of pytest
c64d926 
Without this for some reason the following error can happen if when we add
other dependencies in later commits:

> ImportError: cannot import name 'Config' from 'pytest'

(Specifically the dependencies of pycryptodome and pyzipper)

Have to admit I'm not really sure why, and haven't spent that long trying to
work out why, but I think it's reasonable to use a more recent version even
without this issue and not really worth the time investigating it.

We're not using the most recent version of pytest because I don't think it can
be installed with Python 3.6.7 that we're still testing on. Will like to
maintain support for older Python for as long as possible to not cause
annoyances for people that are restricted to older Python but want the latest
stream-zip.
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch 3 times, most recently from 4d57095 to 44f6b3b Compare January 4, 2024 13:38
@michalc
refactor: flags defined for each mode in single place
f1c008b 
This reduces a little big of duplication for each mode - the flags are now
defined in a single line. Also, the flags are defined as a 2-byte unsigned
integer rather than a 2-byte bytes array.

This changes allow for the flags to be more easily dynamic for each mode - set
in a single place and then use binary or | to combine flags. This will be
useful in the upcoming chnage that adds AES encryption for each mode that will
require the first bit of the flags to be set if encryption is enabled.
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch 2 times, most recently from 802c2d8 to d37b9c9 Compare January 4, 2024 13:54
@michalc
refactor: allow compression type to be injected into each mode function
666dc16 
This reduces a bit of duplication, and more easily allows the compression type
of "99" to be set in a later commit, which is one of the things that indicates
that AES encryption is used.
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch from d37b9c9 to 666dc16 Compare January 4, 2024 14:59
@michalc michalc marked this pull request as ready for review January 4, 2024 15:05
@mmguero mmguero mentioned this pull request Jan 4, 2024
Closed
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch 4 times, most recently from 47b4f34 to 7c0defb Compare January 4, 2024 15:47
@michalc
feat: AES-2 encryption
28287a3 
This adds AES-2 encryption as requested/discussed in
#93 and defined at
https://www.winzip.com/en/support/aes-encryption/

For now, AES-2 is used over AES-1 to prevent leakage of information via CRC-32
for small files, at the price of not having a checksum on the uncompressed
plain text data (although there is an HMAC check on the encrypted compressed
data as part of AES-2). In a later change, we should be able to make it AES-1
for larger files as recommended at
https://www.winzip.com/en/support/aes-encryption/, but not doing this now to
keep this change reasonably small.
@michalc michalc force-pushed the feat/encrpyt-with-aes-2 branch from 7c0defb to 28287a3 Compare January 4, 2024 16:05
@michalc michalc merged commit 4776afa into main Jan 4, 2024
5 checks passed
@michalc michalc deleted the feat/encrpyt-with-aes-2 branch January 4, 2024 16:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@michalc