search

brendan-duncan / archive

Dart library to encode and decode various archive and compression formats, such as Zip, Tar, GZip, ZLib, and BZip2.
MIT License
403 stars 140 forks source link

192-bit AES encryption is misdetected as 256-bit #262

Closed alexhenrie closed 1 year ago

alexhenrie commented 1 year ago

zip_file.dart currently contains the following:

    if (_aesHeader!.encryptionStrength == 1) {
      // 128-bit
      salt = input.readBytes(8).toUint8List();
      keySize = 16;
    } else if (_aesHeader!.encryptionStrength == 1) {
      // 192-bit
      salt = input.readBytes(12).toUint8List();
      keySize = 24;
    } else {
      // 256-bit
      salt = input.readBytes(16).toUint8List();
      keySize = 32;
    }

Look at how the if and the else if have the same condition: That means that the else if can never be true, so 192-bit encryption gets processed as 256-bit encryption.

brendan-duncan commented 1 year ago

Yup. Looks like someone got lazy with copy/paste. I'll get that fixed up shortly.

brendan-duncan commented 1 year ago

It's fixed in Git now. I'll try to get to pushing a release with the fix when I get another free moment.

alexhenrie commented 1 year ago

Thank you!