; Password handling in 7-Zip: "7zAES" filter (SHA256 + AES256).
; Ported from C++ sources of 7-Zip (c) Igor Pavlov.
aes7z_decoder:
virtual at 0
.outStream rb streamInfo.size
.inStream dd ?
.inLen dd ?
.inPtr dd ?
.bufRest dd ?
; key data
.NumCyclesPower dd ?
.SaltSize dd ?
.Salt rb 16
; AES data
.iv rb 16
.Key rb 32
.nr dd ?
.KeyExpanded rb 32*15
.size = $
end virtual
.fillBuf:
mov esi, [eax+.inPtr]
mov ebp, eax
add edi, [eax+.bufRest]
sub ecx, [eax+.bufRest]
js .rest1
and [eax+.bufRest], 0
.mainloop:
test ecx, ecx
jz .done
sub [ebp+.inLen], 16
js .refill
.refilled:
push esi edi ecx
mov ebx, edi
lea edi, [ebp+.nr]
call aes_decode
pop ecx edi esi
mov eax, dword [ebp+.iv]
xor [edi], eax
lodsd
mov dword [ebp+.iv], eax
mov eax, dword [ebp+.iv+4]
xor [edi+4], eax
lodsd
mov dword [ebp+.iv+4], eax
mov eax, dword [ebp+.iv+8]
xor [edi+8], eax
lodsd
mov dword [ebp+.iv+8], eax
mov eax, dword [ebp+.iv+12]
xor [edi+12], eax
lodsd
mov dword [ebp+.iv+12], eax
add edi, 16
sub ecx, 16
jns .mainloop
.rest1:
neg ecx
mov [ebp+.bufRest], ecx
.done:
mov [ebp+.inPtr], esi
popad
ret
.refill:
mov edx, [ebp+.inLen]
add edx, 16
jnz .rest
js return.err
mov eax, [ebp+.inStream]
call fillBuf
mov edx, [eax+streamInfo.bufDataLen]
test edx, edx
jz return.err
mov esi, [eax+streamInfo.bufPtr]
mov [ebp+.inLen], edx
sub [ebp+.inLen], 16
jns .refilled
.rest:
; ASSERT([eax+streamInfo.fullSize] == 0);
sub edx, ecx
jb return.err
add ecx, edx
rep movsb
mov [ebp+.bufRest], edx
jmp .done
aes7z_get_buf_size:
mov eax, aes7z_decoder.size
mov edx, 0x4000
ret
aes7z_init_decoder:
; zero all
xor eax, eax
mov [ebp+aes7z_decoder.inLen], eax
mov [ebp+aes7z_decoder.bufRest], eax
mov [ebp+aes7z_decoder.NumCyclesPower], eax
mov [ebp+aes7z_decoder.SaltSize], eax
lea edi, [ebp+aes7z_decoder.Salt]
push 8
pop ecx
rep stosd ; zero .Salt and .iv
mov [ebp+streamInfo.fillBuf], aes7z_decoder.fillBuf
; parse parameters
cmp dword [esi-4], eax
jz .parok ; no parameters - OK
lodsb
mov cl, al
and al, 0x3F
mov byte [ebp+aes7z_decoder.NumCyclesPower], al
test cl, 0xC0
jz .parok
test cl, 0x80
setnz byte [ebp+aes7z_decoder.SaltSize]
shr cl, 6
and ecx, 1
cmp dword [esi-1-4], 2
jb return.err
lodsb
mov dl, al
shr al, 4
add byte [ebp+aes7z_decoder.SaltSize], al
and edx, 0xF
add ecx, edx
lea edx, [ecx+2]
push ecx
mov ecx, [ebp+aes7z_decoder.SaltSize]
add edx, ecx
cmp dword [esi-2-4], edx
jb return.err
lea edi, [ebp+aes7z_decoder.Salt]
rep movsb
pop ecx
lea edi, [ebp+aes7z_decoder.iv]
rep movsb
.parok:
test bl, bl
jnz .ret ; if reinitializing - all calculations have been already done
call query_password
jz return.clear
;.CalculateDigest:
mov cl, byte [ebp+aes7z_decoder.NumCyclesPower]
cmp cl, 0x3F
jnz .sha
lea edi, [ebp+aes7z_decoder.Key]
mov ecx, [ebp+aes7z_decoder.SaltSize]
push 32
pop edx
sub edx, ecx
lea esi, [ebp+aes7z_decoder.Salt]
rep movsb
mov ecx, [password_size]
add ecx, ecx
cmp ecx, edx
jbe @f
mov ecx, edx
@@:
sub edx, ecx
mov esi, password_unicode
rep movsb
mov ecx, edx
xor eax, eax
rep stosb
jmp .setkey
.sha:
cmp cl, 32
jb .normal
push 1
shl dword [esp], cl
push 0
jmp @f
.normal:
push 0
push 1
shl dword [esp], cl
@@:
push 0
push 0
call sha256_init
.loop:
lea esi, [ebp+aes7z_decoder.Salt]
mov edx, [ebp+aes7z_decoder.SaltSize]
call sha256_update
mov esi, password_unicode
mov edx, [password_size]
add edx, edx
call sha256_update
mov esi, esp
push 8
pop edx
call sha256_update
mov esi, esp
dec esi
@@:
inc esi
inc byte [esi]
jz @b
sub dword [esp+8], 1
sbb dword [esp+12], 0
mov eax, [esp+8]
or eax, [esp+12]
jnz .loop
lea edi, [ebp+aes7z_decoder.Key]
call sha256_final
add esp, 16
.setkey:
lea esi, [ebp+aes7z_decoder.Key]
push 8
pop edx ; 7z uses 256-bit keys
lea edi, [ebp+aes7z_decoder.nr]
call aes_setkey
.ret:
ret