fix(zipcrypto): Support streaming ZipCrypto encryption, don't store entire file in memory

[roblabla]

The current implementation of ZipCrypto reads the entire file in memory before encrypting it. This is because ZipCrypto expects the last two bytes of the header to contain the CRC of the file when not using a data descriptor, to be able to quickly check if the password is correct. This is slightly problematic for my use-cases, as I need to encrypt a (potentially very large) file using ZipCrypto, so reading the whole thing in memory would cause issues.

There is a different way to solve this problem however. When using a data descriptor, ZipCrypto will use the last modified time instead as the password verification bytes. This is something we can have before we start writing the file, and so allows us to do the streaming without issues.

This PR forces ZipCrypto files to go through a Data Descriptor so we don't have to do the whole "read the whole file in memory", and also get streaming support working.

[gemini-code-assist]

Summary of Changes

Hello @roblabla, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

This pull request resolves a significant memory consumption issue in ZipCrypto encryption by enabling true streaming capabilities. Previously, the entire file had to be loaded into memory to calculate the CRC for password verification. By enforcing the use of data descriptors for ZipCrypto, the system can now use the last_modified_time for verification, allowing files to be encrypted and written in a streaming fashion without buffering the entire content.

Highlights

• Streaming ZipCrypto Encryption: The pull request enables streaming for ZipCrypto encryption, preventing large files from being loaded entirely into memory during the encryption process, which is crucial for handling potentially very large files efficiently.
• Data Descriptor Enforcement: ZipCrypto encrypted files are now explicitly forced to use a data descriptor. This allows the last_modified_time to be used for password verification instead of the file's CRC, eliminating the need to read the entire file before encryption.
• ZipCryptoWriter Refactor: The ZipCryptoWriter has been refactored to remove its internal buffer. It now encrypts data byte-by-byte as it's written, directly to the underlying writer, significantly improving memory efficiency and enabling true streaming.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

This pull request correctly implements streaming encryption for ZipCrypto by forcing the use of a data descriptor, which avoids buffering the entire file in memory. The changes to use the last modified time for password verification are well-implemented and clearly explained. The test suite has also been updated to cover this new streaming behavior. I have one suggestion to improve the performance of the new streaming writer.

[gemini-code-assist]

The current implementation of write allocates a new Vec on every call via buf.to_vec(). This can be inefficient, especially when write is called frequently (e.g., by io::copy), as it causes a heap allocation for each call.

To improve performance, you could use a stack-allocated buffer and process the input in chunks. This avoids repeated heap allocations.

Suggested change

	let mut buf = buf.to_vec();
	for byte in buf.iter_mut() {
	*byte = self.keys.encrypt_byte(*byte);
	}
	self.writer.write_all(&buf)?;
	const CHUNK_SIZE: usize = 4096;
	let mut temp_buf = [0u8; CHUNK_SIZE];
	for chunk in buf.chunks(CHUNK_SIZE) {
	let encrypted_chunk = &mut temp_buf[..chunk.len()];
	for (i, &byte) in chunk.iter().enumerate() {
	encrypted_chunk[i] = self.keys.encrypt_byte(byte);
	}
	self.writer.write_all(encrypted_chunk)?;
	}