arne
/
cryptopp
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Fix LegacyDecryptor and LegacyDecryptorWithMAC (GH #714) 

The classes used the wrong hash with the MAC. The legacy gear should have used SHA1, not SHA256.
pull/723/head
Jeffrey Walton 2018-09-10 21:55:08 -04:00
parent d0946abb0b
commit 590f8573c4
No known key found for this signature in database
GPG Key ID: B36AB348921B1838
6 changed files with 36 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Filelist.txt
View File

@ -388,7 +388,8 @@ TestData/aria.dat
TestData/camellia.dat TestData/camellia.dat
TestData/cast128v.dat TestData/cast128v.dat
TestData/cast256v.dat TestData/cast256v.dat
TestData/defdmac.bin TestData/defdmac1.bin
TestData/defdmac2.bin
TestData/descert.dat TestData/descert.dat
TestData/dh1024.dat TestData/dh1024.dat
TestData/dh2048.dat TestData/dh2048.dat

1
TestData/defdmac1.bin Normal file
View File

@ -0,0 +1 @@
nCBţ pIbź_¤_ĺ|źâ+"w˙¶¶†Ž˝í#Aýíż‡„nŢmÖéŠČ‡ű%±kXřťąRňłüw`Ză^s.+ÚÚµ<C39A>ř„Š`ŠÝBf]zó•}¦R`}\ŘdiśbfttÉ^ř˛

0
TestData/defdmac.bin → TestData/defdmac2.bin
View File

4
default.cpp
View File

@ -299,8 +299,8 @@ template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParameters
template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>; template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;
template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>; template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>; template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>; template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>; template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>; template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>; template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;

8
default.h
View File

@ -275,12 +275,12 @@ struct DefaultDecryptor : public DataDecryptor<DefaultBlockCipher,DefaultHashMod
/// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1. /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
/// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the /// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
/// <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes. /// <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {}; struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
/// \brief Password-based decryptor with MAC (deprecated) /// \brief Password-based decryptor with MAC (deprecated)
/// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1. /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
/// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the /// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
/// <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes. /// <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {}; struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
/// \brief Password-based encryptor with MAC /// \brief Password-based encryptor with MAC
/// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1. /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
/// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the /// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
@ -298,8 +298,8 @@ typedef DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo> L
typedef DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultEncryptor; typedef DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultEncryptor;
typedef DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultDecryptor; typedef DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultDecryptor;
typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyEncryptorWithMAC; typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyDecryptorWithMAC; typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
typedef DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultEncryptorWithMAC; typedef DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultEncryptorWithMAC;
typedef DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultDecryptorWithMAC; typedef DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultDecryptorWithMAC;

16
validat0.cpp
View File

@ -434,10 +434,22 @@ bool TestEncryptors()
try try
{ {
// Common password and message.
std::string password = "super secret password"; std::string password = "super secret password";
std::string recovered, message = "Now is the time for all good men to come to the aide of their country."; std::string recovered, message = "Now is the time for all good men to come to the aide of their country.";
//StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac.bin")));
FileSource("TestData/defdmac.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered))); // This data was generated with Crypto++ 5.6.2
//StringSource(message, true, new LegacyEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac1.bin")));
FileSource("TestData/defdmac1.bin", true, new LegacyDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
if (message != recovered)
throw Exception(Exception::OTHER_ERROR, "LegacyDecryptorWithMAC failed a self test");
// Reset sink
recovered.clear();
// This data was generated with Crypto++ 6.0
//StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac2.bin")));
FileSource("TestData/defdmac2.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
if (message != recovered) if (message != recovered)
throw Exception(Exception::OTHER_ERROR, "DefaultDecryptorWithMAC failed a self test"); throw Exception(Exception::OTHER_ERROR, "DefaultDecryptorWithMAC failed a self test");
} }