222 lines
7.0 KiB
Perl
222 lines
7.0 KiB
Perl
package Crypt::OpenPGP::Ciphertext;
|
|
use strict;
|
|
|
|
use Crypt::OpenPGP::Util;
|
|
use Crypt::OpenPGP::Cipher;
|
|
use Crypt::OpenPGP::Constants qw( DEFAULT_CIPHER
|
|
PGP_PKT_ENCRYPTED
|
|
PGP_PKT_ENCRYPTED_MDC );
|
|
use Crypt::OpenPGP::ErrorHandler;
|
|
use base qw( Crypt::OpenPGP::ErrorHandler );
|
|
|
|
use constant MDC_TRAILER => chr(0xd3) . chr(0x14);
|
|
|
|
sub pkt_type { $_[0]->{is_mdc} ? PGP_PKT_ENCRYPTED_MDC : PGP_PKT_ENCRYPTED }
|
|
|
|
sub new {
|
|
my $class = shift;
|
|
my $enc = bless { }, $class;
|
|
$enc->init(@_);
|
|
}
|
|
|
|
sub init {
|
|
my $enc = shift;
|
|
my %param = @_;
|
|
if ((my $key = $param{SymKey}) && (my $data = $param{Data})) {
|
|
$enc->{is_mdc} = $param{MDC} || 0;
|
|
$enc->{version} = 1;
|
|
my $alg = $param{Cipher} || DEFAULT_CIPHER;
|
|
my $cipher = Crypt::OpenPGP::Cipher->new($alg, $key);
|
|
my $bs = $cipher->blocksize;
|
|
my $pad = Crypt::OpenPGP::Util::get_random_bytes($bs);
|
|
$pad .= substr $pad, -2, 2;
|
|
$enc->{ciphertext} = $cipher->encrypt($pad);
|
|
$cipher->sync unless $enc->{is_mdc};
|
|
$enc->{ciphertext} .= $cipher->encrypt($data);
|
|
|
|
if ($enc->{is_mdc}) {
|
|
require Crypt::OpenPGP::MDC;
|
|
my $mdc = Crypt::OpenPGP::MDC->new(
|
|
Data => $pad . $data . MDC_TRAILER );
|
|
my $mdc_buf = Crypt::OpenPGP::PacketFactory->save($mdc);
|
|
$enc->{ciphertext} .= $cipher->encrypt($mdc_buf);
|
|
}
|
|
}
|
|
$enc;
|
|
}
|
|
|
|
sub parse {
|
|
my $class = shift;
|
|
my($buf, $is_mdc) = @_;
|
|
my $enc = $class->new;
|
|
$enc->{is_mdc} = $is_mdc;
|
|
if ($is_mdc) {
|
|
$enc->{version} = $buf->get_int8;
|
|
}
|
|
$enc->{ciphertext} = $buf->get_bytes($buf->length - $buf->offset);
|
|
$enc;
|
|
}
|
|
|
|
sub save {
|
|
my $enc = shift;
|
|
my $buf = Crypt::OpenPGP::Buffer->new;
|
|
if ($enc->{is_mdc}) {
|
|
$buf->put_int8($enc->{version});
|
|
}
|
|
$buf->put_bytes($enc->{ciphertext});
|
|
$buf->bytes;
|
|
}
|
|
|
|
sub display {
|
|
my $enc = shift;
|
|
my $str = ":encrypted data packet:\n" .
|
|
" length: " . length($enc->{ciphertext}) . "\n";
|
|
if ($enc->{is_mdc}) {
|
|
$str .= " is_mdc: $enc->{version}\n";
|
|
}
|
|
$str;
|
|
}
|
|
|
|
sub decrypt {
|
|
my $enc = shift;
|
|
my($key, $sym_alg) = @_;
|
|
my $cipher = Crypt::OpenPGP::Cipher->new($sym_alg, $key) or
|
|
return $enc->error( Crypt::OpenPGP::Cipher->errstr );
|
|
my $padlen = $cipher->blocksize + 2;
|
|
my $pt = $enc->{prefix} =
|
|
$cipher->decrypt(substr $enc->{ciphertext}, 0, $padlen);
|
|
return $enc->error("Bad checksum")
|
|
unless substr($pt, -4, 2) eq substr($pt, -2, 2);
|
|
$cipher->sync unless $enc->{is_mdc};
|
|
$pt = $cipher->decrypt(substr $enc->{ciphertext}, $padlen);
|
|
if ($enc->{is_mdc}) {
|
|
my $mdc_buf = Crypt::OpenPGP::Buffer->new_with_init(substr $pt,-22,22);
|
|
$pt = substr $pt, 0, -22;
|
|
my $mdc = Crypt::OpenPGP::PacketFactory->parse($mdc_buf);
|
|
return $enc->error("Encrypted MDC packet without MDC")
|
|
unless $mdc && ref($mdc) eq 'Crypt::OpenPGP::MDC';
|
|
require Crypt::OpenPGP::Digest;
|
|
my $dgst = Crypt::OpenPGP::Digest->new('SHA1');
|
|
my $hash = $dgst->hash($enc->{prefix} . $pt . chr(0xd3) . chr(0x14));
|
|
return $enc->error("SHA-1 hash of plaintext does not match MDC body")
|
|
unless $mdc->digest eq $hash;
|
|
}
|
|
$pt;
|
|
}
|
|
|
|
1;
|
|
__END__
|
|
|
|
=head1 NAME
|
|
|
|
Crypt::OpenPGP::Ciphertext - Encrypted data packet
|
|
|
|
=head1 SYNOPSIS
|
|
|
|
use Crypt::OpenPGP::Ciphertext;
|
|
|
|
my $key_data = 'f' x 64; ## Not a very good key :)
|
|
|
|
my $ct = Crypt::OpenPGP::Ciphertext->new(
|
|
Data => "foo bar baz",
|
|
SymKey => $key_data,
|
|
);
|
|
my $serialized = $ct->save;
|
|
|
|
my $buffer = Crypt::OpenPGP::Buffer->new;
|
|
my $ct2 = Crypt::OpenPGP::Ciphertext->parse( $buffer );
|
|
my $data = $ct->decrypt( $key_data );
|
|
|
|
=head1 DESCRIPTION
|
|
|
|
I<Crypt::OpenPGP::Ciphertext> implements symmetrically encrypted data
|
|
packets, providing both encryption and decryption functionality. Both
|
|
standard encrypted data packets and encrypted-MDC (modification
|
|
detection code) packets are supported by this class. In the first case,
|
|
the encryption used in the packets is a variant on standard CFB mode,
|
|
and is described in the OpenPGP RFC, in section 13.9 (OpenPGP CFB mode).
|
|
In the second case (encrypted-MDC packets), the encryption is performed
|
|
in standard CFB mode, without the special resync used in PGP's CFB.
|
|
|
|
=head1 USAGE
|
|
|
|
=head2 Crypt::OpenPGP::Ciphertext->new( %arg )
|
|
|
|
Creates a new symmetrically encrypted data packet object and returns
|
|
that object. If there are no arguments in I<%arg>, the object is
|
|
created with an empty data container; this is used, for example, in
|
|
I<parse> (below), to create an empty packet which is then filled from
|
|
the data in the buffer.
|
|
|
|
If you wish to initialize a non-empty object, I<%arg> can contain:
|
|
|
|
=over 4
|
|
|
|
=item * Data
|
|
|
|
A block of octets that make up the plaintext data to be encrypted.
|
|
|
|
This argument is required (for a non-empty object).
|
|
|
|
=item * SymKey
|
|
|
|
The symmetric cipher key: a string of octets that make up the key data
|
|
of the symmetric cipher key. This should be at least long enough for
|
|
the key length of your chosen cipher (see I<Cipher>, below), or, if
|
|
you have not specified a cipher, at least 64 bytes (to allow for
|
|
long cipher key sizes).
|
|
|
|
This argument is required (for a non-empty object).
|
|
|
|
=item * Cipher
|
|
|
|
The name (or ID) of a supported PGP cipher. See I<Crypt::OpenPGP::Cipher>
|
|
for a list of valid cipher names.
|
|
|
|
This argument is optional; by default I<Crypt::OpenPGP::Cipher> will
|
|
use C<DES3>.
|
|
|
|
=item * MDC
|
|
|
|
When set to a true value, encrypted texts will use encrypted MDC
|
|
(modification detection code) packets instead of standard encrypted data
|
|
packets. These are a newer form of encrypted data packets that
|
|
are followed by a C<SHA-1> hash of the plaintext data. This prevents
|
|
attacks that modify the encrypted text by using a message digest to
|
|
detect changes.
|
|
|
|
By default I<MDC> is set to C<0>, and encrypted texts use standard
|
|
encrypted data packets. Set it to a true value to turn on MDC packets.
|
|
|
|
=back
|
|
|
|
=head2 $ct->save
|
|
|
|
Returns the block of ciphertext created in I<new> (assuming that you
|
|
created a non-empty packet by specifying some data; otherwise returns
|
|
an empty string).
|
|
|
|
=head2 Crypt::OpenPGP::Ciphertext->parse($buffer)
|
|
|
|
Given I<$buffer>, a I<Crypt::OpenPGP::Buffer> object holding (or
|
|
with offset pointing to) a symmetrically encrypted data packet, returns
|
|
a new I<Crypt::OpenPGP::Ciphertext> object, initialized with the
|
|
ciphertext in the buffer.
|
|
|
|
=head2 $ct->decrypt($key, $alg)
|
|
|
|
Decrypts the ciphertext in the I<Crypt::OpenPGP::Ciphertext> object
|
|
and returns the plaintext. I<$key> is the encryption key, and I<$alg>
|
|
is the name (or ID) of the I<Crypt::OpenPGP::Cipher> type used to
|
|
encrypt the message. Obviously you can't just guess at these
|
|
parameters; this method (along with I<parse>, above) is best used along
|
|
with the I<Crypt::OpenPGP::SessionKey> object, which holds an encrypted
|
|
version of the key and cipher algorithm.
|
|
|
|
=head1 AUTHOR & COPYRIGHTS
|
|
|
|
Please see the Crypt::OpenPGP manpage for author, copyright, and
|
|
license information.
|
|
|
|
=cut
|