Support session keys

This commit is contained in:
Stephen Paul Weber 2013-01-26 11:26:55 -05:00
parent 8c60f4e37b
commit 641c07835b
2 changed files with 61 additions and 51 deletions

View File

@ -8,62 +8,46 @@ class OpenPGP_Crypt_AES_TripleDES {
public static function decryptSymmetric($pass, $m) { public static function decryptSymmetric($pass, $m) {
foreach($m as $p) { foreach($m as $p) {
if($p instanceof OpenPGP_SymmetricSessionKeyPacket) { if($p instanceof OpenPGP_SymmetricSessionKeyPacket) {
switch($p->symmetric_algorithm) { list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm);
case 2: if(!$cipher) continue;
$cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
$key_bytes = 24;
$key_block_bytes = 8;
break;
case 7:
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(128);
break;
case 8:
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(192);
break;
case 9:
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(256);
break;
}
if(!$cipher) continue; // Unsupported cipher
if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
$cipher->setKey($p->s2k->make_key($pass, $key_bytes)); $cipher->setKey($p->s2k->make_key($pass, $key_bytes));
if(strlen($p->encrypted_data) > 0) {
$padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes);
$data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data));
list($cipher, $key_bytes, $key_block_bytes) = self::getCipher(ord($data{0}));
if(!$cipher) continue;
$cipher->setKey(substr($data, 1));
}
$epacket = self::getEncryptedData($m); $epacket = self::getEncryptedData($m);
$padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes); $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes);
if(strlen($p->encrypted_data) < 1) { if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) {
if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) { $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data));
$data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data)); $prefix = substr($data, 0, $key_block_bytes + 2);
$prefix = substr($data, 0, $key_block_bytes + 2); $mdc = substr(substr($data, -22, 22), 2);
$mdc = substr(substr($data, -22, 22), 2); $data = substr($data, $key_block_bytes + 2, -22);
$data = substr($data, $key_block_bytes + 2, -22);
$mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true); $mkMDC = hash("sha1", $prefix . $data . "\xD3\x14", true);
if($mkMDC !== $mdc) return false; if($mkMDC !== $mdc) return false;
try { try {
$msg = OpenPGP_Message::parse($data); $msg = OpenPGP_Message::parse($data);
} catch (Exception $ex) { $msg = NULL; } } catch (Exception $ex) { $msg = NULL; }
if($msg) return $msg; /* Otherwise keep trying */ if($msg) return $msg; /* Otherwise keep trying */
} else {
// No MDC mean decrypt with resync
$iv = substr($epacket->data, 2, $key_block_bytes);
$edata = substr($epacket->data, $key_block_bytes + 2);
$cipher->setIV($iv);
$data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata));
try {
$msg = OpenPGP_Message::parse($data);
} catch (Exception $ex) { $msg = NULL; }
if($msg) return $msg; /* Otherwise keep trying */
}
} else { } else {
// TODO // No MDC mean decrypt with resync
$iv = substr($epacket->data, 2, $key_block_bytes);
$edata = substr($epacket->data, $key_block_bytes + 2);
$cipher->setIV($iv);
$data = substr($cipher->decrypt($edata . str_repeat("\0", $padAmount)), 0, strlen($edata));
try {
$msg = OpenPGP_Message::parse($data);
} catch (Exception $ex) { $msg = NULL; }
if($msg) return $msg; /* Otherwise keep trying */
} }
} }
} }
@ -71,6 +55,34 @@ class OpenPGP_Crypt_AES_TripleDES {
return NULL; /* If we get here, we failed */ return NULL; /* If we get here, we failed */
} }
public static function getCipher($algo) {
switch($algo) {
case 2:
$cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
$key_bytes = 24;
$key_block_bytes = 8;
break;
case 7:
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(128);
break;
case 8:
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(192);
break;
case 9:
$cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
$cipher->setKeyLength(256);
break;
default:
$cipher = NULL;
}
if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher
if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
return array($cipher, $key_bytes, $key_block_bytes);
}
public static function getEncryptedData($m) { public static function getEncryptedData($m) {
foreach($m as $p) { foreach($m as $p) {
if($p instanceof OpenPGP_EncryptedDataPacket) return $p; if($p instanceof OpenPGP_EncryptedDataPacket) return $p;

View File

@ -84,11 +84,9 @@ class Decryption extends PHPUnit_Framework_TestCase {
$this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg"); $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg");
} }
/* TODO
public function testDecryptSessionKey() { public function testDecryptSessionKey() {
$this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg"); $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg");
} }
*/
public function testDecryptNoMDC() { public function testDecryptNoMDC() {
$this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg"); $this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg");