Add quick check for session key decryption (#249)
This commit adds the function QuickCheckDecrypt to the helper package. The function allows to check with high probability if a session key can decrypt a data packet given its 24-byte prefix. It only works for SEIPDv1 data packets that uses AES as a cipher.
This commit is contained in:
Lukas Burkhalter
GitHub
parent
b97d994962
commit
987923f9d8
2 changed files with 129 additions and 0 deletions
86
helper/decrypt_check.go
Normal file
86
helper/decrypt_check.go
Normal file
|
|
@ -0,0 +1,86 @@
|
|||
package helper
|
||||
|
||||
import (
|
||||
"bytes"
|
||||
"crypto/aes"
|
||||
"crypto/cipher"
|
||||
"io"
|
||||
|
||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||||
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||
"github.com/pkg/errors"
|
||||
)
|
||||
|
||||
const AES_BLOCK_SIZE = 16
|
||||
|
||||
func supported(cipher packet.CipherFunction) bool {
|
||||
switch cipher {
|
||||
case packet.CipherAES128, packet.CipherAES192, packet.CipherAES256:
|
||||
return true
|
||||
case packet.CipherCAST5, packet.Cipher3DES:
|
||||
return false
|
||||
}
|
||||
return false
|
||||
}
|
||||
|
||||
func blockSize(cipher packet.CipherFunction) int {
|
||||
switch cipher {
|
||||
case packet.CipherAES128, packet.CipherAES192, packet.CipherAES256:
|
||||
return AES_BLOCK_SIZE
|
||||
case packet.CipherCAST5, packet.Cipher3DES:
|
||||
return 0
|
||||
}
|
||||
return 0
|
||||
}
|
||||
|
||||
func blockCipher(cipher packet.CipherFunction, key []byte) (cipher.Block, error) {
|
||||
switch cipher {
|
||||
case packet.CipherAES128, packet.CipherAES192, packet.CipherAES256:
|
||||
return aes.NewCipher(key)
|
||||
case packet.CipherCAST5, packet.Cipher3DES:
|
||||
return nil, errors.New("gopenpgp: cipher not supported for quick check")
|
||||
}
|
||||
return nil, errors.New("gopenpgp: unknown cipher")
|
||||
}
|
||||
|
||||
// QuickCheckDecryptReader checks with high probability if the provided session key
|
||||
// can decrypt a data packet given its 24 byte long prefix.
|
||||
// The method reads up to but not exactly 24 bytes from the prefixReader.
|
||||
// NOTE: Only works for SEIPDv1 packets with AES.
|
||||
func QuickCheckDecryptReader(sessionKey *crypto.SessionKey, prefixReader crypto.Reader) (bool, error) {
|
||||
algo, err := sessionKey.GetCipherFunc()
|
||||
if err != nil {
|
||||
return false, errors.New("gopenpgp: cipher algorithm not found")
|
||||
}
|
||||
if !supported(algo) {
|
||||
return false, errors.New("gopenpgp: cipher not supported for quick check")
|
||||
}
|
||||
packetParser := packet.NewReader(prefixReader)
|
||||
_, err = packetParser.Next()
|
||||
if err != nil {
|
||||
return false, errors.New("gopenpgp: failed to parse packet prefix")
|
||||
}
|
||||
|
||||
blockSize := blockSize(algo)
|
||||
encryptedData := make([]byte, blockSize+2)
|
||||
_, err = io.ReadFull(prefixReader, encryptedData)
|
||||
if err != nil {
|
||||
return false, errors.New("gopenpgp: prefix is too short to check")
|
||||
}
|
||||
|
||||
blockCipher, err := blockCipher(algo, sessionKey.Key)
|
||||
if err != nil {
|
||||
return false, errors.New("gopenpgp: failed to initialize the cipher")
|
||||
}
|
||||
_ = packet.NewOCFBDecrypter(blockCipher, encryptedData, packet.OCFBNoResync)
|
||||
return encryptedData[blockSize-2] == encryptedData[blockSize] &&
|
||||
encryptedData[blockSize-1] == encryptedData[blockSize+1], nil
|
||||
}
|
||||
|
||||
// QuickCheckDecrypt checks with high probability if the provided session key
|
||||
// can decrypt the encrypted data packet given its 24 byte long prefix.
|
||||
// The method only considers the first 24 bytes of the prefix slice (prefix[:24]).
|
||||
// NOTE: Only works for SEIPDv1 packets with AES.
|
||||
func QuickCheckDecrypt(sessionKey *crypto.SessionKey, prefix []byte) (bool, error) {
|
||||
return QuickCheckDecryptReader(sessionKey, bytes.NewReader(prefix))
|
||||
}
|
||||
43
helper/decrypt_check_test.go
Normal file
43
helper/decrypt_check_test.go
Normal file
|
|
@ -0,0 +1,43 @@
|
|||
package helper
|
||||
|
||||
import (
|
||||
"encoding/hex"
|
||||
"testing"
|
||||
|
||||
"github.com/ProtonMail/gopenpgp/v2/crypto"
|
||||
)
|
||||
|
||||
const testQuickCheckSessionKey = `038c9cb9d408074e36bac22c6b90973082f86e5b01f38b787da3927000365a81`
|
||||
const testQuickCheckSessionKeyAlg = "aes256"
|
||||
const testQuickCheckDataPacket = `d2540152ab2518950f282d98d901eb93c00fb55a3bb30b3b517d6a356f57884bac6963060ebb167ffc3296e5e99ec058aeff5003a4784a0734a62861ae56d2921b9b790d50586cd21cad45e2d84ac93fb5d8af2ce6c5`
|
||||
|
||||
func TestCheckDecrypt(t *testing.T) {
|
||||
sessionKeyData, err := hex.DecodeString(testQuickCheckSessionKey)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
dataPacket, err := hex.DecodeString(testQuickCheckDataPacket)
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
sessionKey := &crypto.SessionKey{
|
||||
Key: sessionKeyData,
|
||||
Algo: testQuickCheckSessionKeyAlg,
|
||||
}
|
||||
ok, err := QuickCheckDecrypt(sessionKey, dataPacket[:22])
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
if !ok {
|
||||
t.Error("should be able to decrypt")
|
||||
}
|
||||
|
||||
sessionKey.Key[0] += 1
|
||||
ok, err = QuickCheckDecrypt(sessionKey, dataPacket[:22])
|
||||
if err != nil {
|
||||
t.Error(err)
|
||||
}
|
||||
if ok {
|
||||
t.Error("should no be able to decrypt")
|
||||
}
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue