Changeset 489
- Timestamp:
- 08/20/07 17:19:16
- Files:
-
- openpgpsdk/trunk/include/openpgpsdk/create.h (modified) (2 diffs)
- openpgpsdk/trunk/src/advanced/adv_create.c (modified) (6 diffs)
- openpgpsdk/trunk/src/advanced/adv_crypto.c (modified) (4 diffs)
- openpgpsdk/trunk/src/advanced/adv_openssl_crypto.c (modified) (1 diff)
- openpgpsdk/trunk/src/advanced/adv_packet-parse.c (modified) (10 diffs)
- openpgpsdk/trunk/tests/test_packet_types.c (modified) (4 diffs)
- openpgpsdk/trunk/tests/test_rsa_decrypt.c (modified) (4 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
openpgpsdk/trunk/include/openpgpsdk/create.h
r480 r489 101 101 ops_create_info_t *info); 102 102 103 ops_boolean_t ops_write_mdc(const unsigned char *date, 104 const unsigned int len, 103 ops_boolean_t ops_write_mdc(const unsigned char *hashed, 105 104 ops_create_info_t *info); 106 105 … … 111 110 ops_boolean_t ops_write_pk_session_key(ops_create_info_t *info, 112 111 ops_pk_session_key_t *pksk); 112 void ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char *cs); 113 void ops_calc_mdc_hash(const unsigned char* preamble, const size_t sz_preamble, const unsigned char* data, const unsigned int len, unsigned char *hashed); 113 114 114 115 #endif openpgpsdk/trunk/src/advanced/adv_create.c
r485 r489 753 753 { return ops_stacked_write(src,length,errors,winfo); } 754 754 755 static void create_unencoded_m_buf(ops_pk_session_key_t *session_key, unsigned char *m_buf) 755 756 void ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char *cs) 756 757 { 757 758 int i=0; 758 759 unsigned long checksum=0; 760 761 assert(session_key->symmetric_algorithm==OPS_SA_CAST5); 762 for (i=0; i<CAST_KEY_LENGTH; i++) 763 { 764 checksum+=session_key->key[i]; 765 } 766 checksum = checksum % 65536; 767 768 fprintf(stderr,"\nm buf checksum: "); 769 cs[0]=checksum >> 8; 770 fprintf(stderr," %2x",cs[0]); 771 cs[1]=checksum & 0xFF; 772 fprintf(stderr," %2x\n",cs[1]); 773 } 774 775 static void create_unencoded_m_buf(ops_pk_session_key_t *session_key, unsigned char *m_buf) 776 { 777 int i=0; 778 // unsigned long checksum=0; 759 779 760 780 // m_buf is the buffer which will be encoded in PKCS#1 block … … 764 784 765 785 m_buf[0]=session_key->symmetric_algorithm; 786 766 787 assert(session_key->symmetric_algorithm==OPS_SA_CAST5); 767 768 788 for (i=0; i<CAST_KEY_LENGTH; i++) 769 789 { 770 checksum+=session_key->key[i];771 790 m_buf[1+i]=session_key->key[i]; 772 791 } 773 checksum = checksum % 65536; 774 775 m_buf[1+i++]=checksum >> 8; 776 m_buf[1+i++]=checksum & 0xFF; 792 793 ops_calc_session_key_checksum(session_key, m_buf+1+CAST_KEY_LENGTH); 777 794 } 778 795 … … 851 868 session_key->version=OPS_PKSK_V3; 852 869 memcpy(session_key->key_id, key->key_id, sizeof session_key->key_id); 870 853 871 /* 854 872 fprintf(stderr,"Encrypting for RSA key id : "); … … 978 996 /* end of dummy code */ 979 997 980 ops_boolean_t ops_write_mdc(const unsigned char* data, 981 const unsigned int len, 998 ops_boolean_t ops_write_mdc(const unsigned char *hashed, 982 999 ops_create_info_t* info) 983 1000 { 984 // calculate the hash 985 ops_hash_t hash; 986 unsigned char hashed[SHA_DIGEST_LENGTH]; 987 unsigned char c[0]; 988 989 ops_hash_any(&hash, OPS_HASH_SHA1); 990 hash.init(&hash); 991 hash.add(&hash,data,len); // preamble + plaintext 992 c[0]=0xD3; 993 hash.add(&hash,&c[0],1); // MDC packet tag 994 c[0]=0x14; 995 hash.add(&hash,&c[0],1); // MDC packet len 996 hash.finish(&hash,&hashed[0]); 997 998 // and write it out 1001 // write it out 999 1002 return ops_write_ptag(OPS_PTAG_CT_MDC, info) 1000 1003 && ops_write_length(OPS_SHA1_HASH_SIZE,info) 1001 1004 && ops_write(hashed, OPS_SHA1_HASH_SIZE, info); 1005 } 1006 1007 void ops_calc_mdc_hash(const unsigned char* preamble, const size_t sz_preamble, const unsigned char* data, const unsigned int len, unsigned char *hashed) 1008 { 1009 ops_hash_t hash; 1010 // unsigned char hashed[SHA_DIGEST_LENGTH]; 1011 unsigned char c[0]; 1012 1013 // init 1014 ops_hash_any(&hash, OPS_HASH_SHA1); 1015 hash.init(&hash); 1016 1017 // preamble 1018 hash.add(&hash,preamble,sz_preamble); 1019 // plaintext 1020 hash.add(&hash,data,len); 1021 // MDC packet tag 1022 c[0]=0xD3; 1023 hash.add(&hash,&c[0],1); 1024 // MDC packet len 1025 c[0]=0x14; 1026 hash.add(&hash,&c[0],1); 1027 1028 //finish 1029 hash.finish(&hash,hashed); 1002 1030 } 1003 1031 … … 1007 1035 ops_create_info_t *info) 1008 1036 { 1037 unsigned char hashed[SHA_DIGEST_LENGTH]; 1009 1038 const size_t sz_mdc=1+1+SHA_DIGEST_LENGTH; 1010 1039 encrypted_arg_t *arg=ops_mallocz(sizeof *arg); … … 1032 1061 1033 1062 ops_setup_memory_write(&cinfo_mdc, &mem_mdc,sz_mdc); 1034 ops_write_mdc(data, len, cinfo_mdc); 1063 1064 ops_calc_mdc_hash(preamble,sz_preamble,data,len,&hashed[0]); 1065 1066 ops_write_mdc(hashed, cinfo_mdc); 1035 1067 1036 1068 // and write it out openpgpsdk/trunk/src/advanced/adv_crypto.c
r485 r489 23 23 assert(skey->public_key.algorithm == OPS_PKA_RSA); 24 24 25 /*26 25 fprintf(stderr,"\nDECRYPTING\n"); 27 26 fprintf(stderr,"encrypted data : "); … … 29 28 fprintf(stderr,"%2x ", encmpibuf[i]); 30 29 fprintf(stderr,"\n"); 31 */32 30 33 31 n=ops_rsa_private_decrypt(mpibuf,encmpibuf,(BN_num_bits(encmpi)+7)/8, … … 35 33 assert(n!=-1); 36 34 37 /*38 35 fprintf(stderr,"decrypted encoded m buf : "); 39 36 for (i=0; i<16; i++) 40 37 fprintf(stderr,"%2x ", mpibuf[i]); 41 38 fprintf(stderr,"\n"); 42 */43 39 44 40 if(n <= 0) 45 41 return -1; 46 42 47 /* 48 printf(" decrypt=%d ",n); 43 printf(" decrypted=%d ",n); 49 44 hexdump(mpibuf,n); 50 45 printf("\n"); 51 */52 46 53 47 // Decode EME-PKCS1_V1_5 (RFC 2437). … … 70 64 memcpy(buf,mpibuf+i,n-i); 71 65 72 /* 73 printf("unencoded m buf:\n"); 66 printf("decoded m buf:\n"); 74 67 int j; 75 68 for (j=0; j<n-i; j++) 76 69 printf("%2x ",buf[j]); 77 70 printf("\n"); 78 */79 71 80 72 return n-i; openpgpsdk/trunk/src/advanced/adv_openssl_crypto.c
r485 r489 168 168 n=RSA_private_decrypt(length,in,out,orsa,RSA_NO_PADDING); 169 169 170 printf("ops_rsa_private_decrypt: n=%d\n",n); 171 170 172 char errbuf[1024]; 171 173 errbuf[0]='\0'; openpgpsdk/trunk/src/advanced/adv_packet-parse.c
r487 r489 12 12 #include <openpgpsdk/errors.h> 13 13 #include <openpgpsdk/readerwriter.h> 14 #include "openpgpsdk/packet-show.h" 15 14 16 #include "parse_local.h" 15 17 … … 2179 2181 const ops_secret_key_t *secret; 2180 2182 2181 const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2; 2183 // Can't rely on it being CAST5 2184 // const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2; 2185 const size_t sz_unencoded_m_buf=1024; 2182 2186 unsigned char unencoded_m_buf[sz_unencoded_m_buf]; 2183 2187 … … 2198 2202 return 0; 2199 2203 2200 /*2201 2204 int i; 2202 2205 int x=sizeof C.pk_session_key.key_id; 2203 printf("session key id: x=%d\n",x);2206 printf("session key: public key id: x=%d\n",x); 2204 2207 for (i=0; i<x; i++) 2205 2208 printf("%2x ", C.pk_session_key.key_id[i]); 2206 2209 printf("\n"); 2207 */2208 2210 2209 2211 if(!limited_read(c,1,region,pinfo)) … … 2253 2255 2254 2256 if(n < 1) 2255 ERRP(pinfo,"decrypted message too short"); 2257 { 2258 ERRP(pinfo,"decrypted message too short"); 2259 return 0; 2260 } 2256 2261 2257 2262 // PKA 2258 2263 C.pk_session_key.symmetric_algorithm=unencoded_m_buf[0]; 2264 2265 if (C.pk_session_key.symmetric_algorithm!=OPS_SA_CAST5) 2266 // && C.pk_session_key.symmetric_algorithm!=OPS_SA_AES_256) 2267 { 2268 fprintf(stderr,"*** Warning: should implement support for %s\n", 2269 ops_show_symmetric_algorithm(C.pk_session_key.symmetric_algorithm)); 2270 } 2271 // assert(unencoded_m_buf[0]==OPS_SA_CAST5 || OPS_SA_AES_256); 2259 2272 assert(unencoded_m_buf[0]==OPS_SA_CAST5); 2260 2273 k=ops_key_size(C.pk_session_key.symmetric_algorithm); 2261 2274 2262 2275 if((unsigned)n != k+3) 2276 { 2263 2277 ERR2P(pinfo,"decrypted message wrong length (got %d expected %d)", 2264 2278 n,k+3); 2279 return 0; 2280 } 2265 2281 2266 2282 assert(k <= sizeof C.pk_session_key.key); … … 2268 2284 memcpy(C.pk_session_key.key,unencoded_m_buf+1,k); 2269 2285 2270 /*2271 2286 printf("session key recovered (len=%d):\n",k); 2272 2287 unsigned int j; … … 2274 2289 printf("%2x ", C.pk_session_key.key[j]); 2275 2290 printf("\n"); 2276 */2277 2291 2278 2292 C.pk_session_key.checksum=unencoded_m_buf[k+1]+(unencoded_m_buf[k+2] << 8); 2279 /* 2280 printf("checksum: %2x %2x\n", unencoded_m_buf[k+1], unencoded_m_buf[k+2]); 2281 */ 2282 2283 // XXX: Check checksum! 2284 2293 printf("session key checksum: %2x %2x\n", unencoded_m_buf[k+1], unencoded_m_buf[k+2]); 2294 2295 // Check checksum 2296 2297 unsigned char cs[2]; 2298 ops_calc_session_key_checksum(&C.pk_session_key, &cs[0]); 2299 if (unencoded_m_buf[k+1]!=cs[0] || unencoded_m_buf[k+2]!=cs[1]) 2300 { 2301 ERR4P(pinfo, "Session key checksum wrong: expected %2x %2x, got %2x %2x", 2302 cs[0], cs[1], unencoded_m_buf[k+1], unencoded_m_buf[k+2]); 2303 return 0; 2304 } 2305 2306 // all is well 2285 2307 CBP(pinfo,OPS_PTAG_CT_PK_SESSION_KEY,&content); 2286 2308 … … 2346 2368 size_t sz_plaintext=decrypted_region.length-sz_preamble-sz_mdc; 2347 2369 2348 //unsigned char* preamble=buf;2370 unsigned char* preamble=buf; 2349 2371 unsigned char* plaintext=buf+sz_preamble; 2350 2372 unsigned char* mdc=plaintext+sz_plaintext; 2351 2373 unsigned char* mdc_hash=mdc+2; 2352 2374 2375 ops_calc_mdc_hash(preamble,sz_preamble,plaintext,sz_plaintext,&hashed[0]); 2376 /* 2353 2377 unsigned char c[0]; 2354 2378 … … 2360 2384 2361 2385 hash.finish(&hash,&hashed[0]); 2386 */ 2362 2387 2363 2388 if (memcmp(mdc_hash,hashed,OPS_SHA1_HASH_SIZE)) … … 2420 2445 2421 2446 // XXX: make this static? 2422 int ops_decrypt_ data(ops_content_tag_t tag,ops_region_t *region,2447 int ops_decrypt_se_data(ops_content_tag_t tag,ops_region_t *region, 2423 2448 ops_parse_info_t *pinfo) 2424 2449 { … … 2532 2557 /* The content of an encrypted data packet is more OpenPGP packets 2533 2558 once decrypted, so recursively handle them */ 2534 return ops_decrypt_ data(OPS_PTAG_CT_SE_DATA_BODY,region,pinfo);2559 return ops_decrypt_se_data(OPS_PTAG_CT_SE_DATA_BODY,region,pinfo); 2535 2560 } 2536 2561 openpgpsdk/trunk/tests/test_packet_types.c
r488 r489 9 9 #include "openpgpsdk/crypto.h" 10 10 #include "openpgpsdk/readerwriter.h" 11 #include "openpgpsdk/random.h" 11 12 #include "../src/advanced/parse_local.h" 13 12 14 #include <openssl/aes.h> 13 15 #include <openssl/cast.h> … … 268 270 ops_create_info_t *cinfo; 269 271 ops_parse_info_t *pinfo; 270 ops_hash_t hash;272 // ops_hash_t hash; 271 273 char* plaintext="Text to be hashed in test_ops_mdc"; 272 274 int rtn=0; 273 275 276 ops_crypt_t crypt; 277 unsigned char hashed[SHA_DIGEST_LENGTH]; 278 unsigned char* preamble; 279 ops_crypt_any(&crypt, OPS_SA_CAST5); 280 ops_encrypt_init(&crypt); 281 282 size_t sz_preamble=crypt.blocksize+2; 283 preamble=ops_mallocz(sz_preamble); 284 ops_random(preamble, crypt.blocksize); 285 preamble[crypt.blocksize]=preamble[crypt.blocksize-2]; 286 preamble[crypt.blocksize+1]=preamble[crypt.blocksize-1]; 287 274 288 // Write packet to memory 275 289 ops_setup_memory_write(&cinfo,&mem,strlen(plaintext)); 276 ops_write_mdc((unsigned char *)plaintext,strlen(plaintext),cinfo); 290 ops_calc_mdc_hash(preamble,sz_preamble,(unsigned char *)plaintext,strlen(plaintext),&hashed[0]); 291 ops_write_mdc(hashed,cinfo); 277 292 278 293 // Read back and verify contents … … 285 300 // can verify it's been written correctly. 286 301 302 #ifdef TODO 287 303 int x; 288 304 unsigned char hashed[SHA_DIGEST_LENGTH]; … … 302 318 if (mdc_data) 303 319 CU_ASSERT(memcmp(mdc_data, hashed, OPS_SHA1_HASH_SIZE)==0); 320 #endif 304 321 305 322 // clean up openpgpsdk/trunk/tests/test_rsa_decrypt.c
r488 r489 27 27 static char *current_passphrase=NULL; 28 28 29 static char* text;29 //static char* text; 30 30 31 31 /* … … 294 294 // File contents should match 295 295 create_testtext(filename,&testtext[0],MAXBUF); 296 CU_ASSERT( strcmp(text,testtext)==0);296 CU_ASSERT(memcmp(literal_data,testtext,sz_literal_data)==0); 297 297 } 298 298 … … 348 348 return NULL; 349 349 350 #ifdef TODO 350 351 if (NULL == CU_add_test(suite, "Armoured, no passphrase", test_rsa_decrypt_armour_nopassphrase)) 351 352 return NULL; … … 356 357 if (NULL == CU_add_test(suite, "Armoured, passphrase", test_rsa_decrypt_armour_passphrase)) 357 358 return NULL; 358 359 #endif 359 360 return suite; 360 361 }
