[OpenPGP:SDK svn] r495 - in openpgpsdk/trunk: include/openpgpsdk src/advanced tests
Subversion
ben at links.org
Mon Aug 27 15:43:36 BST 2007
Author: rachel
Date: 2007-08-27 15:43:34 +0100 (Mon, 27 Aug 2007)
New Revision: 495
Modified:
openpgpsdk/trunk/include/openpgpsdk/create.h
openpgpsdk/trunk/include/openpgpsdk/crypto.h
openpgpsdk/trunk/include/openpgpsdk/errors.h
openpgpsdk/trunk/src/advanced/adv_create.c
openpgpsdk/trunk/src/advanced/adv_packet-parse.c
openpgpsdk/trunk/src/advanced/adv_symmetric.c
openpgpsdk/trunk/tests/test_packet_types.c
openpgpsdk/trunk/tests/test_rsa_decrypt.c
Log:
Improve error-handling for unsupported symmetric algorithms
Modified: openpgpsdk/trunk/include/openpgpsdk/create.h
===================================================================
--- openpgpsdk/trunk/include/openpgpsdk/create.h 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/include/openpgpsdk/create.h 2007-08-27 14:43:34 UTC (rev 495)
@@ -109,7 +109,7 @@
ops_create_info_t *info);
ops_boolean_t ops_write_pk_session_key(ops_create_info_t *info,
ops_pk_session_key_t *pksk);
-void ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char *cs);
+ops_boolean_t ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char *cs);
void ops_calc_mdc_hash(const unsigned char* preamble, const size_t sz_preamble, const unsigned char* data, const unsigned int len, unsigned char *hashed);
#endif
Modified: openpgpsdk/trunk/include/openpgpsdk/crypto.h
===================================================================
--- openpgpsdk/trunk/include/openpgpsdk/crypto.h 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/include/openpgpsdk/crypto.h 2007-08-27 14:43:34 UTC (rev 495)
@@ -105,7 +105,7 @@
size_t count);
size_t ops_encrypt_se_ip(ops_crypt_t *encrypt,void *out,const void *in,
size_t count);
-int ops_is_sa_supported(ops_symmetric_algorithm_t alg);
+ops_boolean_t ops_is_sa_supported(ops_symmetric_algorithm_t alg);
void ops_reader_push_decrypt(ops_parse_info_t *pinfo,ops_crypt_t *decrypt,
ops_region_t *region);
Modified: openpgpsdk/trunk/include/openpgpsdk/errors.h
===================================================================
--- openpgpsdk/trunk/include/openpgpsdk/errors.h 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/include/openpgpsdk/errors.h 2007-08-27 14:43:34 UTC (rev 495)
@@ -36,9 +36,13 @@
/* creator errors */
OPS_E_C=0x4000, /* general creator error */
+ /* Algorithm support errors */
+ OPS_E_ALG=0x5000, /* general algorithm error */
+ OPS_E_ALG_UNSUPPORTED_SYMMETRIC =OPS_E_ALG+1,
+
/* Protocol errors */
- OPS_E_PROTO=0x5000, /* general protocol error */
- OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT =OPS_E_PROTO+1,
+ OPS_E_PROTO=0x6000, /* general protocol error */
+ OPS_E_PROTO_BAD_SYMMETRIC_DECRYPT =OPS_E_PROTO+2,
} ops_errcode_t;
Modified: openpgpsdk/trunk/src/advanced/adv_create.c
===================================================================
--- openpgpsdk/trunk/src/advanced/adv_create.c 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/src/advanced/adv_create.c 2007-08-27 14:43:34 UTC (rev 495)
@@ -753,14 +753,15 @@
{ return ops_stacked_write(src,length,errors,winfo); }
-void ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char *cs)
+ops_boolean_t ops_calc_session_key_checksum(ops_pk_session_key_t *session_key, unsigned char *cs)
{
- int i=0;
+ unsigned int i=0;
unsigned long checksum=0;
- assert(session_key->symmetric_algorithm==OPS_SA_CAST5
- || session_key->symmetric_algorithm==OPS_SA_AES_128);
- for (i=0; i<CAST_KEY_LENGTH; i++)
+ if (!ops_is_sa_supported(session_key->symmetric_algorithm))
+ return ops_false;
+
+ for (i=0; i<ops_key_size(session_key->symmetric_algorithm); i++)
{
checksum+=session_key->key[i];
}
@@ -769,12 +770,13 @@
cs[0]=checksum >> 8;
cs[1]=checksum & 0xFF;
+ return ops_true;
// fprintf(stderr,"\nm buf checksum: ");
// fprintf(stderr," %2x",cs[0]);
// fprintf(stderr," %2x\n",cs[1]);
}
-static void create_unencoded_m_buf(ops_pk_session_key_t *session_key, unsigned char *m_buf)
+static ops_boolean_t create_unencoded_m_buf(ops_pk_session_key_t *session_key, unsigned char *m_buf)
{
int i=0;
// unsigned long checksum=0;
@@ -792,7 +794,7 @@
m_buf[1+i]=session_key->key[i];
}
- ops_calc_session_key_checksum(session_key, m_buf+1+CAST_KEY_LENGTH);
+ return(ops_calc_session_key_checksum(session_key, m_buf+1+CAST_KEY_LENGTH));
}
ops_boolean_t encode_m_buf(const unsigned char *M, size_t mLen,
@@ -884,6 +886,7 @@
session_key->symmetric_algorithm=OPS_SA_AES_256;
ops_random(session_key->key, 256/8);
*/
+ // \todo allow user to specify other algorithm
session_key->symmetric_algorithm=OPS_SA_CAST5;
ops_random(session_key->key, CAST_KEY_LENGTH);
@@ -894,7 +897,9 @@
fprintf(stderr,"\n");
*/
- create_unencoded_m_buf(session_key, &unencoded_m_buf[0]);
+ if (create_unencoded_m_buf(session_key, &unencoded_m_buf[0])==ops_false)
+ return NULL;
+
/*
printf("unencoded m buf:\n");
for (i=0; i<sz_unencoded_m_buf; i++)
@@ -922,6 +927,7 @@
ops_boolean_t ops_write_pk_session_key(ops_create_info_t *info,
ops_pk_session_key_t *pksk)
{
+ assert(pksk);
assert(pksk->algorithm == OPS_PKA_RSA);
return ops_write_ptag(OPS_PTAG_CT_PK_SESSION_KEY, info)
Modified: openpgpsdk/trunk/src/advanced/adv_packet-parse.c
===================================================================
--- openpgpsdk/trunk/src/advanced/adv_packet-parse.c 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/src/advanced/adv_packet-parse.c 2007-08-27 14:43:34 UTC (rev 495)
@@ -2174,21 +2174,17 @@
unsigned char c[1];
ops_parser_content_t content;
ops_parser_content_t pc;
- // unsigned char buf[8192];
+
int n;
BIGNUM *enc_m;
unsigned k;
const ops_secret_key_t *secret;
-
+
// Can't rely on it being CAST5
// const size_t sz_unencoded_m_buf=CAST_KEY_LENGTH+1+2;
const size_t sz_unencoded_m_buf=1024;
unsigned char unencoded_m_buf[sz_unencoded_m_buf];
- // const size_t sz_encoded_m_buf=BN_num_bytes(pub_key->key.rsa.n);
- // const size_t sz_encoded_m_buf=128; //\todo FIXME RW
- //unsigned char encoded_m_buf[sz_encoded_m_buf];
-
if(!limited_read(c,1,region,pinfo))
return 0;
C.pk_session_key.version=c[0];
@@ -2264,6 +2260,13 @@
// PKA
C.pk_session_key.symmetric_algorithm=unencoded_m_buf[0];
+ if (!ops_is_sa_supported(C.pk_session_key.symmetric_algorithm))
+ {
+ // ERR1P
+ OPS_ERROR_1(&pinfo->errors,OPS_E_ALG_UNSUPPORTED_SYMMETRIC,"Symmetric algorithm %s not supported", ops_show_symmetric_algorithm(C.pk_session_key.symmetric_algorithm));
+ return 0;
+ }
+
if (C.pk_session_key.symmetric_algorithm!=OPS_SA_CAST5
&& C.pk_session_key.symmetric_algorithm!=OPS_SA_AES_128)
// && C.pk_session_key.symmetric_algorithm!=OPS_SA_AES_256)
Modified: openpgpsdk/trunk/src/advanced/adv_symmetric.c
===================================================================
--- openpgpsdk/trunk/src/advanced/adv_symmetric.c 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/src/advanced/adv_symmetric.c 2007-08-27 14:43:34 UTC (rev 495)
@@ -9,6 +9,7 @@
#include <openssl/des.h>
#include "parse_local.h"
+#include <openpgpsdk/packet-show.h>
#include <openpgpsdk/final.h>
// \todo there's also a encrypted_arg_t in adv_create.c
@@ -500,42 +501,82 @@
return saved;
}
-int ops_is_sa_supported(ops_symmetric_algorithm_t alg)
+ops_boolean_t ops_is_sa_supported(ops_symmetric_algorithm_t alg)
{
switch (alg)
{
case OPS_SA_AES_128:
- case OPS_SA_AES_256:
+ // case OPS_SA_AES_256:
case OPS_SA_CAST5:
case OPS_SA_TRIPLEDES:
#ifndef OPENSSL_NO_IDEA
case OPS_SA_IDEA:
#endif
- return 1;
+ return ops_true;
+ break;
default:
- return 0;
+ fprintf(stderr,"\nWarning: %s not supported\n",
+ ops_show_symmetric_algorithm(alg));
+ return ops_false;
}
}
size_t ops_encrypt_se_ip(ops_crypt_t *crypt,void *out_,const void *in_,
size_t count)
{
- assert(crypt->algorithm==OPS_SA_CAST5);
+ if (!ops_is_sa_supported(crypt->algorithm))
+ return -1;
- CAST_cfb64_encrypt(in_, out_, count,
- crypt->encrypt_key, crypt->iv, (int *)&crypt->num, CAST_ENCRYPT);
+ switch(crypt->algorithm)
+ {
+ case OPS_SA_CAST5:
+ CAST_cfb64_encrypt(in_, out_, count,
+ crypt->encrypt_key, crypt->iv,
+ (int *)&crypt->num, CAST_ENCRYPT);
+ break;
+
+ case OPS_SA_AES_128:
+ case OPS_SA_AES_256:
+ AES_cfb128_encrypt(in_,out_,count,
+ crypt->encrypt_key, crypt->iv, (int *)&crypt->num, AES_ENCRYPT);
+ break;
+
+ default:
+ fprintf(stderr,"ops_encrypt_se_ip: Implement support for %s\n",
+ ops_show_symmetric_algorithm(crypt->algorithm));
+ assert(0);
+ }
+
return count;
}
size_t ops_decrypt_se_ip(ops_crypt_t *crypt,void *out_,const void *in_,
size_t count)
{
- assert(crypt->algorithm==OPS_SA_CAST5);
+ if (!ops_is_sa_supported(crypt->algorithm))
+ return -1;
- // \todo should not be hard-coded to CAST
+ switch(crypt->algorithm)
+ {
+ case OPS_SA_CAST5:
+ CAST_cfb64_encrypt(in_, out_, count,
+ crypt->encrypt_key, crypt->iv,
+ (int *)&crypt->num, CAST_DECRYPT);
+ break;
- CAST_cfb64_encrypt(in_, out_, count,
- crypt->encrypt_key, crypt->iv, (int *)&crypt->num, CAST_DECRYPT);
+ case OPS_SA_AES_128:
+ case OPS_SA_AES_256:
+ AES_cfb128_encrypt(in_,out_,count,
+ crypt->encrypt_key, crypt->iv,
+ (int *)&crypt->num, AES_DECRYPT);
+ break;
+
+ default:
+ fprintf(stderr,"ops_decrypt_se_ip: Implement support for %s\n",
+ ops_show_symmetric_algorithm(crypt->algorithm));
+ assert(0);
+ }
+
return count;
}
Modified: openpgpsdk/trunk/tests/test_packet_types.c
===================================================================
--- openpgpsdk/trunk/tests/test_packet_types.c 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/tests/test_packet_types.c 2007-08-27 14:43:34 UTC (rev 495)
@@ -406,6 +406,7 @@
assert(pub_key);
encrypted_pk_session_key=ops_create_pk_session_key(pub_key);
+ CU_ASSERT_FATAL(encrypted_pk_session_key!=NULL);
ops_write_pk_session_key(cinfo,encrypted_pk_session_key);
// setup for read
Modified: openpgpsdk/trunk/tests/test_rsa_decrypt.c
===================================================================
--- openpgpsdk/trunk/tests/test_rsa_decrypt.c 2007-08-27 10:02:20 UTC (rev 494)
+++ openpgpsdk/trunk/tests/test_rsa_decrypt.c 2007-08-27 14:43:34 UTC (rev 495)
@@ -132,6 +132,7 @@
}
#ifndef OPENSSL_NO_IDEA
+ // \todo write test which uses PGP2 instead of using gpg to test IDEA
/*
// IDEA
snprintf(cmd,MAXBUF,"gpg --homedir=%s --cipher-algo \"IDEA\" --output=%s/IDEA_%s.gpg --force-mdc --compress-level 0 --quiet --encrypt --recipient Alpha %s/%s", dir, dir, filename_rsa_noarmour_nopassphrase, dir, filename_rsa_noarmour_nopassphrase);
@@ -319,16 +320,6 @@
test_rsa_decrypt(armour,passphrase,filename_rsa_armour_passphrase,NULL);
}
-/*
-int main()
- {
- CU_pSuite suite_rsa_decrypt = NULL;
- CU_pSuite suite_rsa_encrypt = NULL;
-
- if (CUE_SUCCESS != CU_initialize_registry())
- return CU_get_error();
-*/
-
CU_pSuite suite_rsa_decrypt()
{
CU_pSuite suite = NULL;
@@ -339,17 +330,20 @@
// add tests to suite
+ if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (Default)", test_rsa_decrypt_noarmour_nopassphrase))
+ return NULL;
+
if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (CAST5)", test_rsa_decrypt_noarmour_nopassphrase_cast5))
return NULL;
if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (AES128)", test_rsa_decrypt_noarmour_nopassphrase_aes128))
return NULL;
- if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (Default)", test_rsa_decrypt_noarmour_nopassphrase))
+ if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (AES256)", test_rsa_decrypt_noarmour_nopassphrase_aes256))
return NULL;
#ifndef OPENSSL_NO_IDEA
- /*
+ /* \todo
if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (IDEA)", test_rsa_decrypt_noarmour_nopassphrase_idea))
return NULL;
*/
@@ -358,9 +352,6 @@
if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (3DES)", test_rsa_decrypt_noarmour_nopassphrase_3des))
return NULL;
- if (NULL == CU_add_test(suite, "Unarmoured, no passphrase (AES256)", test_rsa_decrypt_noarmour_nopassphrase_aes256))
- return NULL;
-
#ifdef TODO
if (NULL == CU_add_test(suite, "Armoured, no passphrase", test_rsa_decrypt_armour_nopassphrase))
return NULL;
More information about the OpenPGPsdk-svn
mailing list