zip/README.txt

This is a fork of the Go archive/zip package to add support
for reading/writing password protected AES encrypted files. Only supports
Winzip's AES extension: http://www.winzip.com/aes_info.htm. This
package DOES NOT intend to implement the encryption methods
mentioned in the original PKWARE spec (sections 6.0 and 7.0):
https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT

The process
==============================================================================
hello.txt -> compress -> encrypt -> .zip -> decrypt -> decompress -> hello.txt

Roadmap
==============================================================================
Reading - Works. See ctr.go for implementation.
Writing - Not started.
Testing - Needs more.


WinZip AES specifies
==============================================================================
1. Encryption-Decryption w/ AES-CTR (128, 192, or 256 bits)
2. Key generation with PBKDF2-HMAC-SHA1 (1000 iteration count) that
generates a master key broken into the following:
    a. First m bytes is for the encryption key
    b. Next n bytes is for the authentication key
    c. Last 2 bytes is the password verification value.
3. Following salt lengths are used w/ password during keygen:
    ------------------------------
    AES Key Size    | Salt Size
    ------------------------------
    128bit(16bytes) | 8 bytes
    192bit(24bytes) | 12 bytes
    256bit(32bytes) | 16 bytes
    -------------------------------
4. Master key len = AESKeyLen + AuthKeyLen + PWVLen:
    a. AES 128 = 16 + 16 + 2 = 34 bytes of key material
    b. AES 192 = 24 + 24 + 2 = 50 bytes of key material
    c. AES 256 = 32 + 32 + 2 = 66 bytes of key material
5. Authentication Key is same size as AES key.
6. Authentication with HMAC-SHA1-80 (truncated to 80bits).
7. A new master key is generated for every file.
8. The file header and directory header compression method will
be 99 (decimal) indicating Winzip AES encryption. The actual
compression method will be in the extra's payload at the end
of the headers.
9. A extra field will be added to the file header and directory
header identified by the ID 0x9901 and contains the following info:
    a. Header ID (2 bytes)
    b. Data Size (2 bytes)
    c. Vendor Version (2 bytes)
    d. Vendor ID (2 bytes)
    e. AES Strength (1 byte)
    f. Compression Method (2 bytes)
10. The Data Size is always 7.
11. The Vendor Version can be either 0x0001 (AE-1) or
0x0002 (AE-2).
12. Vendor ID is ASCII "AE"
13. AES Strength:
    a. 0x01 - AES-128
    b. 0x02 - AES-192
    c. 0x03 - AES-256
14. Compression Method is the actual compression method
used that was replaced by the encryption process mentioned in #8.
15. AE-1 keeps the CRC and should be verified after decompression.
AE-2 removes the CRC and shouldn't be verified after decompression.
Refer to http://www.winzip.com/aes_info.htm#winzip11 for the reasoning.
16. Storage Format (file data payload) totals CompressedSize64 bytes:
    a. Salt - 8, 12, or 16 bytes depending on keysize
    b. Password Verification Value - 2 bytes
    c. Encrypted Data - compressed size - satl - pwv - auth lengths
    d. Authentication code - 10 bytes
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`This is a fork of the Go archive/zip package to add support`
change README.txt 2015-10-30 01:50:49 +03:00			`for reading/writing password protected AES encrypted files. Only supports`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`Winzip's AES extension: http://www.winzip.com/aes_info.htm. This`
			`package DOES NOT intend to implement the encryption methods`
			`mentioned in the original PKWARE spec (sections 6.0 and 7.0):`
			`https://pkware.cachefly.net/webdocs/casestudies/APPNOTE.TXT`

Added initial support for reading pw protected files. 2015-10-30 00:14:19 +03:00			`The process`
			`==============================================================================`
			`hello.txt -> compress -> encrypt -> .zip -> decrypt -> decompress -> hello.txt`

			`Roadmap`
change README.txt 2015-10-30 01:58:39 +03:00			`==============================================================================`
Added little-endian, left-aligned CTR mode 2015-11-01 03:45:55 +03:00			`Reading - Works. See ctr.go for implementation.`
Added initial support for reading pw protected files. 2015-10-30 00:14:19 +03:00			`Writing - Not started.`
			`Testing - Needs more.`


Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`WinZip AES specifies`
change README.txt 2015-10-30 01:58:39 +03:00			`==============================================================================`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`1. Encryption-Decryption w/ AES-CTR (128, 192, or 256 bits)`
			`2. Key generation with PBKDF2-HMAC-SHA1 (1000 iteration count) that`
			`generates a master key broken into the following:`
			`a. First m bytes is for the encryption key`
			`b. Next n bytes is for the authentication key`
			`c. Last 2 bytes is the password verification value.`
			`3. Following salt lengths are used w/ password during keygen:`
			`------------------------------`
			`AES Key Size \| Salt Size`
			`------------------------------`
			`128bit(16bytes) \| 8 bytes`
			`192bit(24bytes) \| 12 bytes`
			`256bit(32bytes) \| 16 bytes`
			`-------------------------------`
			`4. Master key len = AESKeyLen + AuthKeyLen + PWVLen:`
			`a. AES 128 = 16 + 16 + 2 = 34 bytes of key material`
			`b. AES 192 = 24 + 24 + 2 = 50 bytes of key material`
			`c. AES 256 = 32 + 32 + 2 = 66 bytes of key material`
			`5. Authentication Key is same size as AES key.`
			`6. Authentication with HMAC-SHA1-80 (truncated to 80bits).`
			`7. A new master key is generated for every file.`
			`8. The file header and directory header compression method will`
update README.txt 2015-10-27 12:25:11 +03:00			`be 99 (decimal) indicating Winzip AES encryption. The actual`
			`compression method will be in the extra's payload at the end`
			`of the headers.`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`9. A extra field will be added to the file header and directory`
update README.txt 2015-10-27 12:25:11 +03:00			`header identified by the ID 0x9901 and contains the following info:`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`a. Header ID (2 bytes)`
			`b. Data Size (2 bytes)`
			`c. Vendor Version (2 bytes)`
			`d. Vendor ID (2 bytes)`
			`e. AES Strength (1 byte)`
			`f. Compression Method (2 bytes)`
			`10. The Data Size is always 7.`
update README.txt 2015-10-27 12:25:11 +03:00			`11. The Vendor Version can be either 0x0001 (AE-1) or`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`0x0002 (AE-2).`
			`12. Vendor ID is ASCII "AE"`
			`13. AES Strength:`
			`a. 0x01 - AES-128`
			`b. 0x02 - AES-192`
			`c. 0x03 - AES-256`
			`14. Compression Method is the actual compression method`
update README.txt 2015-10-27 12:25:11 +03:00			`used that was replaced by the encryption process mentioned in #8.`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`15. AE-1 keeps the CRC and should be verified after decompression.`
update README.txt 2015-10-27 12:25:11 +03:00			`AE-2 removes the CRC and shouldn't be verified after decompression.`
Initial commit and README.txt 2015-10-27 12:12:51 +03:00			`Refer to http://www.winzip.com/aes_info.htm#winzip11 for the reasoning.`
add Storage Format section to README.txt 2015-10-30 01:57:24 +03:00			`16. Storage Format (file data payload) totals CompressedSize64 bytes:`
add Storage Format section to README.txt 2015-10-30 01:56:21 +03:00			`a. Salt - 8, 12, or 16 bytes depending on keysize`
			`b. Password Verification Value - 2 bytes`
fix slice index out of range when dealing with compressed files. 2015-10-30 03:14:48 +03:00			`c. Encrypted Data - compressed size - satl - pwv - auth lengths`
add Storage Format section to README.txt 2015-10-30 01:56:21 +03:00			`d. Authentication code - 10 bytes`