Support session keys
This commit is contained in:
parent
8c60f4e37b
commit
641c07835b
@ -8,62 +8,46 @@ class OpenPGP_Crypt_AES_TripleDES {
|
|||||||
public static function decryptSymmetric($pass, $m) {
|
public static function decryptSymmetric($pass, $m) {
|
||||||
foreach($m as $p) {
|
foreach($m as $p) {
|
||||||
if($p instanceof OpenPGP_SymmetricSessionKeyPacket) {
|
if($p instanceof OpenPGP_SymmetricSessionKeyPacket) {
|
||||||
switch($p->symmetric_algorithm) {
|
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm);
|
||||||
case 2:
|
if(!$cipher) continue;
|
||||||
$cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
|
|
||||||
$key_bytes = 24;
|
|
||||||
$key_block_bytes = 8;
|
|
||||||
break;
|
|
||||||
case 7:
|
|
||||||
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
|
|
||||||
$cipher->setKeyLength(128);
|
|
||||||
break;
|
|
||||||
case 8:
|
|
||||||
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
|
|
||||||
$cipher->setKeyLength(192);
|
|
||||||
break;
|
|
||||||
case 9:
|
|
||||||
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
|
|
||||||
$cipher->setKeyLength(256);
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
if(!$cipher) continue; // Unsupported cipher
|
|
||||||
if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
|
|
||||||
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
|
|
||||||
|
|
||||||
$cipher->setKey($p->s2k->make_key($pass, $key_bytes));
|
$cipher->setKey($p->s2k->make_key($pass, $key_bytes));
|
||||||
|
|
||||||
|
if(strlen($p->encrypted_data) > 0) {
|
||||||
|
$padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes);
|
||||||
|
$data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data));
|
||||||
|
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher(ord($data{0}));
|
||||||
|
if(!$cipher) continue;
|
||||||
|
$cipher->setKey(substr($data, 1));
|
||||||
|
}
|
||||||
|
|
||||||
$epacket = self::getEncryptedData($m);
|
$epacket = self::getEncryptedData($m);
|
||||||
$padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes);
|
$padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes);
|
||||||
|
|
||||||
if(strlen($p->encrypted_data) < 1) {
|
if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) {
|
||||||
if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) {
|
$data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data));
|
||||||
$data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data));
|
$prefix = substr($data, 0, $key_block_bytes + 2);
|
||||||
$prefix = substr($data, 0, $key_block_bytes + 2);
|
$mdc = substr(substr($data, -22, 22), 2);
|
||||||
$mdc = substr(substr($data, -22, 22), 2);
|
$data = substr($data, $key_block_bytes + 2, -22);
|
||||||
$data = substr($data, $key_block_bytes + 2, -22);
|
|
||||||
|
|
||||||
$mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true);
|
$mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true);
|
||||||
if($mkMDC !== $mdc) return false;
|
if($mkMDC !== $mdc) return false;
|
||||||
|
|
||||||
try {
|
try {
|
||||||
$msg = OpenPGP_Message::parse($data);
|
$msg = OpenPGP_Message::parse($data);
|
||||||
} catch (Exception $ex) { $msg = NULL; }
|
} catch (Exception $ex) { $msg = NULL; }
|
||||||
if($msg) return $msg; /* Otherwise keep trying */
|
if($msg) return $msg; /* Otherwise keep trying */
|
||||||
} else {
|
|
||||||
// No MDC mean decrypt with resync
|
|
||||||
$iv = substr($epacket->data, 2, $key_block_bytes);
|
|
||||||
$edata = substr($epacket->data, $key_block_bytes + 2);
|
|
||||||
|
|
||||||
$cipher->setIV($iv);
|
|
||||||
$data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata));
|
|
||||||
|
|
||||||
try {
|
|
||||||
$msg = OpenPGP_Message::parse($data);
|
|
||||||
} catch (Exception $ex) { $msg = NULL; }
|
|
||||||
if($msg) return $msg; /* Otherwise keep trying */
|
|
||||||
}
|
|
||||||
} else {
|
} else {
|
||||||
// TODO
|
// No MDC mean decrypt with resync
|
||||||
|
$iv = substr($epacket->data, 2, $key_block_bytes);
|
||||||
|
$edata = substr($epacket->data, $key_block_bytes + 2);
|
||||||
|
|
||||||
|
$cipher->setIV($iv);
|
||||||
|
$data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata));
|
||||||
|
|
||||||
|
try {
|
||||||
|
$msg = OpenPGP_Message::parse($data);
|
||||||
|
} catch (Exception $ex) { $msg = NULL; }
|
||||||
|
if($msg) return $msg; /* Otherwise keep trying */
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -71,6 +55,34 @@ class OpenPGP_Crypt_AES_TripleDES {
|
|||||||
return NULL; /* If we get here, we failed */
|
return NULL; /* If we get here, we failed */
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static function getCipher($algo) {
|
||||||
|
switch($algo) {
|
||||||
|
case 2:
|
||||||
|
$cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
|
||||||
|
$key_bytes = 24;
|
||||||
|
$key_block_bytes = 8;
|
||||||
|
break;
|
||||||
|
case 7:
|
||||||
|
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
|
||||||
|
$cipher->setKeyLength(128);
|
||||||
|
break;
|
||||||
|
case 8:
|
||||||
|
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
|
||||||
|
$cipher->setKeyLength(192);
|
||||||
|
break;
|
||||||
|
case 9:
|
||||||
|
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
|
||||||
|
$cipher->setKeyLength(256);
|
||||||
|
break;
|
||||||
|
default:
|
||||||
|
$cipher = NULL;
|
||||||
|
}
|
||||||
|
if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher
|
||||||
|
if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
|
||||||
|
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
|
||||||
|
return array($cipher, $key_bytes, $key_block_bytes);
|
||||||
|
}
|
||||||
|
|
||||||
public static function getEncryptedData($m) {
|
public static function getEncryptedData($m) {
|
||||||
foreach($m as $p) {
|
foreach($m as $p) {
|
||||||
if($p instanceof OpenPGP_EncryptedDataPacket) return $p;
|
if($p instanceof OpenPGP_EncryptedDataPacket) return $p;
|
||||||
|
@ -84,11 +84,9 @@ class Decryption extends PHPUnit_Framework_TestCase {
|
|||||||
$this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg");
|
$this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg");
|
||||||
}
|
}
|
||||||
|
|
||||||
/* TODO
|
|
||||||
public function testDecryptSessionKey() {
|
public function testDecryptSessionKey() {
|
||||||
$this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg");
|
$this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg");
|
||||||
}
|
}
|
||||||
*/
|
|
||||||
|
|
||||||
public function testDecryptNoMDC() {
|
public function testDecryptNoMDC() {
|
||||||
$this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg");
|
$this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg");
|
||||||
|
Loading…
Reference in New Issue
Block a user