#103 Avoid using arrays when decrypt encrypted central directory

src/main/java/ru/olegcherednik/zip4jvm/crypto/Decoder.java

@@ -18,7 +18,7 @@
  */
 package ru.olegcherednik.zip4jvm.crypto;
 
-import ru.olegcherednik.zip4jvm.io.in.data.xxx.DataInput;
+import ru.olegcherednik.zip4jvm.io.in.data.DataInput;
 
 import java.io.IOException;
 

src/main/java/ru/olegcherednik/zip4jvm/crypto/aes/AesCentralDirectoryDecoder.java

@@ -0,0 +1,91 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ */
+package ru.olegcherednik.zip4jvm.crypto.aes;
+
+import ru.olegcherednik.zip4jvm.crypto.Decoder;
+import ru.olegcherednik.zip4jvm.crypto.strong.DecryptionHeader;
+import ru.olegcherednik.zip4jvm.io.ByteOrder;
+
+import lombok.AccessLevel;
+import lombok.Getter;
+import lombok.RequiredArgsConstructor;
+
+import java.io.IOException;
+import javax.crypto.Cipher;
+
+/**
+ * @author Oleg Cherednik
+ * @since 21.11.2024
+ */
+@RequiredArgsConstructor(access = AccessLevel.PRIVATE)
+public final class AesCentralDirectoryDecoder implements Decoder {
+
+    private final AesStrongEngine engine;
+    @Getter
+    private final long compressedSize;
+
+    @SuppressWarnings("NewMethodNamingConvention")
+    public static AesCentralDirectoryDecoder create128(DecryptionHeader decryptionHeader,
+                                                       char[] password,
+                                                       long compressedSize,
+                                                       ByteOrder byteOrder) throws IOException {
+        return create(decryptionHeader, password, AesStrength.S128, compressedSize, byteOrder);
+    }
+
+    @SuppressWarnings("NewMethodNamingConvention")
+    public static AesCentralDirectoryDecoder create192(DecryptionHeader decryptionHeader,
+                                                       char[] password,
+                                                       long compressedSize,
+                                                       ByteOrder byteOrder) throws IOException {
+        return create(decryptionHeader, password, AesStrength.S192, compressedSize, byteOrder);
+    }
+
+    @SuppressWarnings("NewMethodNamingConvention")
+    public static AesCentralDirectoryDecoder create256(DecryptionHeader decryptionHeader,
+                                                       char[] password,
+                                                       long compressedSize,
+                                                       ByteOrder byteOrder) throws IOException {
+        return create(decryptionHeader, password, AesStrength.S256, compressedSize, byteOrder);
+    }
+
+    private static AesCentralDirectoryDecoder create(DecryptionHeader decryptionHeader,
+                                                     char[] password,
+                                                     AesStrength strength,
+                                                     long compressedSize,
+                                                     ByteOrder byteOrder) throws IOException {
+        Cipher cipher = AesStrongEngine.createCipher(decryptionHeader, password, strength, byteOrder);
+        AesStrongEngine engine = new AesStrongEngine(cipher);
+        return new AesCentralDirectoryDecoder(engine, compressedSize);
+    }
+
+    // ---------- Decoder ----------
+
+    @Override
+    public int getBlockSize() {
+        return engine.getBlockSize();
+    }
+
+    // ---------- Decrypt ----------
+
+    @Override
+    public int decrypt(byte[] buf, int offs, int len) {
+        return engine.decrypt(buf, offs, len);
+    }
+
+}

src/main/java/ru/olegcherednik/zip4jvm/crypto/aes/AesDecoder.java

@@ -21,9 +21,8 @@
 import ru.olegcherednik.zip4jvm.crypto.Decoder;
 import ru.olegcherednik.zip4jvm.exception.IncorrectZipEntryPasswordException;
 import ru.olegcherednik.zip4jvm.exception.Zip4jvmException;
-import ru.olegcherednik.zip4jvm.io.in.data.xxx.DataInput;
+import ru.olegcherednik.zip4jvm.io.in.data.DataInput;
 import ru.olegcherednik.zip4jvm.model.entry.ZipEntry;
-import ru.olegcherednik.zip4jvm.utils.quitely.Quietly;
 
 import lombok.AccessLevel;
 import lombok.Getter;
@@ -49,21 +48,33 @@ public final class AesDecoder implements Decoder {
     @Getter
     private final long compressedSize;
 
-    public static AesDecoder create(ZipEntry zipEntry, DataInput in) {
-        return Quietly.doQuietly(() -> {
-            AesStrength strength = AesEngine.getStrength(zipEntry.getEncryptionMethod());
-            byte[] salt = in.readBytes(strength.getSaltSize());
-            byte[] key = AesEngine.createKey(zipEntry.getPassword(), salt, strength);
-
-            Cipher cipher = AesEngine.createCipher(strength.createSecretKeyForCipher(key));
-            byte[] passwordChecksum = strength.createPasswordChecksum(key);
-            checkPasswordChecksum(passwordChecksum, zipEntry, in);
-
-            Mac mac = AesEngine.createMac(strength.createSecretKeyForMac(key));
-            AesEngine engine = new AesEngine(cipher, mac);
-            long compressedSize = AesEngine.getDataCompressedSize(zipEntry.getCompressedSize(), strength);
-            return new AesDecoder(engine, compressedSize);
-        });
+    @SuppressWarnings("NewMethodNamingConvention")
+    public static AesDecoder create128(ZipEntry zipEntry, DataInput in) throws IOException {
+        return create(zipEntry, AesStrength.S128, in);
+    }
+
+    @SuppressWarnings("NewMethodNamingConvention")
+    public static AesDecoder create192(ZipEntry zipEntry, DataInput in) throws IOException {
+        return create(zipEntry, AesStrength.S192, in);
+    }
+
+    @SuppressWarnings("NewMethodNamingConvention")
+    public static AesDecoder create256(ZipEntry zipEntry, DataInput in) throws IOException {
+        return create(zipEntry, AesStrength.S256, in);
+    }
+
+    private static AesDecoder create(ZipEntry zipEntry, AesStrength strength, DataInput in) throws IOException {
+        byte[] salt = in.readBytes(strength.getSaltSize());
+        byte[] key = AesEngine.createKey(zipEntry.getPassword(), salt, strength);
+
+        Cipher cipher = AesEngine.createCipher(strength.createSecretKeyForCipher(key));
+        byte[] passwordChecksum = strength.createPasswordChecksum(key);
+        checkPasswordChecksum(passwordChecksum, zipEntry, in);
+
+        Mac mac = AesEngine.createMac(strength.createSecretKeyForMac(key));
+        AesEngine engine = new AesEngine(cipher, mac);
+        long compressedSize = AesEngine.getDataCompressedSize(zipEntry.getCompressedSize(), strength);
+        return new AesDecoder(engine, compressedSize);
     }
 
     // ---------- Decrypt ----------

src/main/java/ru/olegcherednik/zip4jvm/crypto/aes/AesEngine.java

@@ -27,13 +27,9 @@
 import lombok.AccessLevel;
 import lombok.RequiredArgsConstructor;
 
-import java.security.InvalidKeyException;
-import java.security.NoSuchAlgorithmException;
-import java.security.spec.InvalidKeySpecException;
 import java.security.spec.KeySpec;
 import javax.crypto.Cipher;
 import javax.crypto.Mac;
-import javax.crypto.NoSuchPaddingException;
 import javax.crypto.SecretKeyFactory;
 import javax.crypto.ShortBufferException;
 import javax.crypto.spec.PBEKeySpec;
@@ -121,25 +117,29 @@ public byte[] getMac() {
         return mac.doFinal();
     }
 
-    public static byte[] createKey(char[] password, byte[] salt, AesStrength strength)
-            throws NoSuchAlgorithmException, InvalidKeySpecException {
-        int keyLength = strength.getSize() * 2 + 16;
-        KeySpec keySpec = new PBEKeySpec(password, salt, ITERATION_COUNT, keyLength);
-        return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(keySpec).getEncoded();
+    public static byte[] createKey(char[] password, byte[] salt, AesStrength strength) {
+        return Quietly.doQuietly(() -> {
+            int keyLength = strength.getSize() * 2 + 16;
+            KeySpec keySpec = new PBEKeySpec(password, salt, ITERATION_COUNT, keyLength);
+            return SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1").generateSecret(keySpec).getEncoded();
+        });
     }
 
-    public static Cipher createCipher(SecretKeySpec secretKeySpec)
-            throws NoSuchPaddingException, NoSuchAlgorithmException, InvalidKeyException {
-        Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
-        // use custom AES implementation, so no worry for DECRYPT_MODE
-        cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
-        return cipher;
+    public static Cipher createCipher(SecretKeySpec secretKeySpec) {
+        return Quietly.doQuietly(() -> {
+            Cipher cipher = Cipher.getInstance("AES/ECB/NoPadding");
+            // use custom AES implementation, so no worry for DECRYPT_MODE
+            cipher.init(Cipher.ENCRYPT_MODE, secretKeySpec);
+            return cipher;
+        });
     }
 
-    public static Mac createMac(SecretKeySpec secretKeySpec) throws NoSuchAlgorithmException, InvalidKeyException {
-        Mac mac = Mac.getInstance("HmacSHA1");
-        mac.init(secretKeySpec);
-        return mac;
+    public static Mac createMac(SecretKeySpec secretKeySpec) {
+        return Quietly.doQuietly(() -> {
+            Mac mac = Mac.getInstance("HmacSHA1");
+            mac.init(secretKeySpec);
+            return mac;
+        });
     }
 
     public static AesStrength getStrength(EncryptionMethod encryptionMethod) {

src/main/java/ru/olegcherednik/zip4jvm/crypto/aes/AesStrongDecoder.java

@@ -19,11 +19,11 @@
 package ru.olegcherednik.zip4jvm.crypto.aes;
 
 import ru.olegcherednik.zip4jvm.crypto.Decoder;
-import ru.olegcherednik.zip4jvm.crypto.strong.AesCentralDirectoryCipherCreator;
 import ru.olegcherednik.zip4jvm.crypto.strong.DecryptionHeader;
+import ru.olegcherednik.zip4jvm.crypto.strong.EncryptionAlgorithm;
 import ru.olegcherednik.zip4jvm.exception.IncorrectPasswordException;
 import ru.olegcherednik.zip4jvm.exception.IncorrectZipEntryPasswordException;
-import ru.olegcherednik.zip4jvm.io.in.data.xxx.DataInput;
+import ru.olegcherednik.zip4jvm.io.in.data.DataInput;
 import ru.olegcherednik.zip4jvm.io.readers.crypto.strong.DecryptionHeaderReader;
 import ru.olegcherednik.zip4jvm.model.entry.ZipEntry;
 import ru.olegcherednik.zip4jvm.utils.quitely.Quietly;
@@ -49,21 +49,20 @@ public final class AesStrongDecoder implements Decoder {
 
     private long decryptedBytes;
 
-    public static AesStrongDecoder create(ZipEntry zipEntry, DataInput in) {
-        return Quietly.doQuietly(() -> {
-            in.mark(DECRYPTION_HEADER);
-            Cipher cipher = createCipher(zipEntry, in);
-            int decryptionHeaderSize = (int) in.getMarkSize(DECRYPTION_HEADER);
-            long compressedSize = zipEntry.getCompressedSize() - decryptionHeaderSize;
-            return new AesStrongDecoder(cipher, compressedSize);
-        });
+    public static AesStrongDecoder create(ZipEntry zipEntry, DataInput in) throws IOException {
+        in.mark(DECRYPTION_HEADER);
+        Cipher cipher = createCipher(zipEntry, in);
+        int decryptionHeaderSize = (int) in.getMarkSize(DECRYPTION_HEADER);
+        long compressedSize = zipEntry.getCompressedSize() - decryptionHeaderSize;
+        return new AesStrongDecoder(cipher, compressedSize);
     }
 
     private static Cipher createCipher(ZipEntry zipEntry, DataInput in) throws IOException {
+        DecryptionHeader decryptionHeader = new DecryptionHeaderReader().read(in);
+        EncryptionAlgorithm encryptionAlgorithm = decryptionHeader.getEncryptionAlgorithm();
+
         try {
-            DecryptionHeader decryptionHeader = new DecryptionHeaderReader().read(in);
-            return new AesCentralDirectoryCipherCreator(zipEntry.getPassword())
-                    .createCipher(in.getByteOrder(), decryptionHeader);
+            return encryptionAlgorithm.createCipher(decryptionHeader, zipEntry.getPassword(), in.getByteOrder());
         } catch (IncorrectPasswordException e) {
             throw new IncorrectZipEntryPasswordException(zipEntry.getFileName());
         }