Merge PR #260, Fix AES256 encryption

FastJack2 · FastJack2 · piksel · commit 18b6e4741dd9 · 2018-09-16T15:35:54.000+02:00
Fixes #181 by using an empty IV for AES encryption instead of the second derived key Co-authored-by: FastJack2 <FastJack2@users.noreply.github.com>
diff --git a/src/ICSharpCode.SharpZipLib/Encryption/ZipAESTransform.cs b/src/ICSharpCode.SharpZipLib/Encryption/ZipAESTransform.cs
@@ -78,15 +78,17 @@ public ZipAESTransform(string key, byte[] saltBytes, int blockSize, bool writeMo
 
 			// Performs the equivalent of derive_key in Dr Brian Gladman's pwd2key.c
 			var pdb = new Rfc2898DeriveBytes(key, saltBytes, KEY_ROUNDS);
-            var rm = Aes.Create();
+			var rm = Aes.Create();
 			rm.Mode = CipherMode.ECB;           // No feedback from cipher for CTR mode
 			_counterNonce = new byte[_blockSize];
-			byte[] byteKey1 = pdb.GetBytes(_blockSize);
-			byte[] byteKey2 = pdb.GetBytes(_blockSize);
-			_encryptor = rm.CreateEncryptor(byteKey1, byteKey2);
+			byte[] key1bytes = pdb.GetBytes(_blockSize);
+			byte[] key2bytes = pdb.GetBytes(_blockSize);
+			
+			// Use empty IV for AES
+			_encryptor = rm.CreateEncryptor(key1bytes, new byte[16]);
 			_pwdVerifier = pdb.GetBytes(PWD_VER_LENGTH);
 			//
-			_hmacsha1 = IncrementalHash.CreateHMAC(HashAlgorithmName.SHA1, byteKey2);
+			_hmacsha1 = IncrementalHash.CreateHMAC(HashAlgorithmName.SHA1, key2bytes);
 			_writeMode = writeMode;
 		}
 
