SafeZip32RaesDriver


1   /*
2    * Copyright 2006 Schlichtherle IT Services
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   */
16  
17  package de.schlichtherle.io.archive.zip.raes;
18  
19  import de.schlichtherle.io.archive.zip.*;
20  import de.schlichtherle.io.rof.*;
21  
22  import java.io.*;
23  import java.util.zip.*;
24  
25  /**
26   * A safe archive driver which builds RAES encrypted ZIP32 archives.
27   * For input archive files up to 512 KB, the cipher text gets authenticated
28   * using the RAES provided Message Authentication Code (MAC) <em>before</em>
29   * the archive can be accessed by a client application.
30   * For larger input archive files, the MAC is not used, but instead the
31   * CRC-32 value of the decrypted and deflated archive entries is checked
32   * when the archive entry stream is <em>closed</em> by the client application,
33   * resulting in some {@link IOException}.
34   * <p>
35   * This operation mode is considered to be safe:
36   * Although a formal prove is missing, it should be computationally
37   * infeasible to modify an archive file so that <em>after</em> decryption
38   * of the archive and <em>after</em> inflation (decompression) of an
39   * entry's data its CRC-32 value still matches!
40   * This should hold true even though CRC-32 is not at all a good cryptographic
41   * hash function because of its frequent collisions, its linear output and
42   * small output size.
43   * It's the ZIP inflation algorithm which actually comes to our rescue!
44   * <p>
45   * Instances of this class are immutable.
46   * 
47   * @see UnsafeZip32RaesDriver
48   * @see ParanoidZip32RaesDriver
49   * @author Christian Schlichtherle
50   * @version @version@
51   * @since TrueZIP 6.0
52   */
53  public class SafeZip32RaesDriver extends AbstractZip32RaesDriver {
54  
55      /**
56       * The default trigger for authentication.
57       * Input archive files smaller than or equal to this size in bytes
58       * get authenticated using the RAES Message Authentication Code (MAC)
59       * before they are accessed.
60       * This is 512 KB.
61       */
62      private static final long AUTHENTICATION_TRIGGER = 512 * 1024;
63  
64      public SafeZip32RaesDriver() {
65          super(AUTHENTICATION_TRIGGER);
66      }
67  
68      protected Zip32InputArchive createZip32InputArchive(
69              ReadOnlyFile rof,
70              String   encoding,
71              boolean preambled,
72              boolean postambled)
73      throws  NullPointerException  ,
74              UnsupportedEncodingException,
75              FileNotFoundException,
76              ZipException,
77              IOException {
78          // Optimization: If the read-only file is smaller than the
79          // authentication trigger, then its entire cipher text has already
80          // been authenticated by
81          // {@link AbstractZip32RaesDriver#createInputArchive}.
82          // Hence, checking the CRC-32 value of the plain text ZIP32 file is
83          // redundant.
84          return rof.length() > getAuthenticationTrigger()
85                  ? new CheckedZip32InputArchive(rof, encoding, preambled, postambled)
86                  : new Zip32InputArchive(rof, encoding, preambled, postambled);
87      }
88  
89      protected Zip32OutputArchive createZip32OutputArchive(
90              final OutputStream out,
91              final String   encoding,
92              final Zip32InputArchive source)
93      throws  NullPointerException  ,
94              UnsupportedEncodingException,
95              IOException {
96          return new Zip32OutputArchive(out, encoding, source);
97      }
98  }
99
A to Z: JavaDoc & Examples Daily Java News & Articles Open Source Projects Open Source Codes Free Computer Books Remove Frame
Popular Tags