suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Secret key packet decryption is working though, there

Browse Source 
is still work to be done in the decryption function
as it's quite a mess still.
This commit is contained in:
Michal Kolodziej 2013-04-27 18:14:57 +02:00
parent a907dfa7c9
commit dd5d0c801c
4 changed files with 203 additions and 320 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

212
resources/openpgp.js
View File

@ -11497,6 +11497,7 @@ function openpgp_packet_secret_key() {
this.public_key = new openpgp_packet_public_key();
this.mpi = [];
this.symmetric_algorithm = openpgp.symmetric.plaintext;
this.hash_algorithm = openpgp.hash.sha1;
this.s2k = null;
this.encrypted = null;
this.iv = null;
@ -11545,7 +11546,6 @@ function openpgp_packet_secret_key() {
if (s2k_usage != 0 && s2k_usage != 255 &&
s2k_usage != 254) {
this.symmetric_algorithm = s2k_usage;
}
if (s2k_usage != 0 && this.s2k.type != 1001) {
@ -11555,6 +11555,11 @@ function openpgp_packet_secret_key() {
i += this.iv.length;
}
if(s2k_usage == 254)
this.hash_algorithm = openpgp.hash.sha1;
else
this.hash_algorithm = 'checksum';
// - Plain or encrypted multiprecision integers comprising the secret
// key data. These algorithm-specific fields are as described
// below.
@ -11616,10 +11621,18 @@ function openpgp_packet_secret_key() {
bytes += String.fromCharCode(254);
bytes += String.fromCharCode(this.symmetric_algorithm);
bytes += this.s2k.write();
bytes += this.encrypted;
}
return bytes;
}
this.encrypt = function(password) {
switch(keyType){
case 1:
body += String.fromCharCode(keyType);//public key algo
@ -11636,8 +11649,8 @@ function openpgp_packet_secret_key() {
body += String.fromCharCode(s2kHash);
//8 octet salt value
//1 octet count
var cleartextMPIs = key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var sha1Hash = str_sha1(cleartextMPIs);
var cleartext = key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var sha1Hash = str_sha1(cleartext);
util.print_debug_hexstr_dump('write_private_key sha1: ',sha1Hash);
var salt = openpgp_crypto_getRandomBytes(8);
util.print_debug_hexstr_dump('write_private_key Salt: ',salt);
@ -11650,93 +11663,23 @@ function openpgp_packet_secret_key() {
//if s2k, IV of same length as cipher's block
switch(this.symmetric_algorithm){
case 3:
this.IVLength = 8;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
this.iv.length = 8;
this.iv = openpgp_crypto_getRandomBytes(this.iv.length);
ciphertextMPIs = normal_cfb_encrypt(function(block, key) {
var cast5 = new openpgp_symenc_cast5();
cast5.setKey(key);
return cast5.encrypt(util.str2bin(block));
}, this.IVLength, util.str2bin(hashKey.substring(0,16)), cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
}, this.iv.length, util.str2bin(hashKey.substring(0,16)), cleartext + sha1Hash, this.iv);
body += this.iv + ciphertextMPIs;
break;
case 7:
case 8:
case 9:
this.IVLength = 16;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
this.iv.length = 16;
this.iv = openpgp_crypto_getRandomBytes(this.iv.length);
ciphertextMPIs = normal_cfb_encrypt(AESencrypt,
this.IVLength, hashKey, cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
break;
}
}
else{
body += String.fromCharCode(0);//1 octet -- s2k, 0 for no s2k
body += key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var checksum = util.calc_checksum(key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI());
body += String.fromCharCode(checksum/0x100) + String.fromCharCode(checksum%0x100);//DEPRECATED:s2k == 0, 255: 2 octet checksum, sum all octets%65536
util.print_debug_hexstr_dump('write_private_key basic checksum: '+ checksum);
}
break;
default :
body = "";
util.print_error("openpgp.packet.keymaterial.js\n"+'error writing private key, unknown type :'+keyType);
}
var header = openpgp_packet.write_packet_header(tag,body.length);
return {string: header+body , header: header, body: body};
}
this.encrypt = function() {
var body = String.fromCharCode(4);
body += timePacket;
switch(keyType){
case 1:
body += String.fromCharCode(keyType);//public key algo
body += key.n.toMPI();
body += key.ee.toMPI();
var algorithmStart = body.length;
//below shows ske/s2k
if(password){
body += String.fromCharCode(254); //octet of 254 indicates s2k with SHA1
//if s2k == 255,254 then 1 octet symmetric encryption algo
body += String.fromCharCode(this.symmetric_algorithm);
//if s2k == 255,254 then s2k specifier
body += String.fromCharCode(3); //s2k salt+iter
body += String.fromCharCode(s2kHash);
//8 octet salt value
//1 octet count
var cleartextMPIs = key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var sha1Hash = str_sha1(cleartextMPIs);
util.print_debug_hexstr_dump('write_private_key sha1: ',sha1Hash);
var salt = openpgp_crypto_getRandomBytes(8);
util.print_debug_hexstr_dump('write_private_key Salt: ',salt);
body += salt;
var c = 96; //c of 96 translates to count of 65536
body += String.fromCharCode(c);
util.print_debug('write_private_key c: '+ c);
var s2k = new openpgp_type_s2k();
var hashKey = s2k.write(3, s2kHash, password, salt, c);
//if s2k, IV of same length as cipher's block
switch(this.symmetric_algorithm){
case 3:
this.IVLength = 8;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
ciphertextMPIs = normal_cfb_encrypt(function(block, key) {
var cast5 = new openpgp_symenc_cast5();
cast5.setKey(key);
return cast5.encrypt(util.str2bin(block));
}, this.IVLength, util.str2bin(hashKey.substring(0,16)), cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
break;
case 7:
case 8:
case 9:
this.IVLength = 16;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
ciphertextMPIs = normal_cfb_encrypt(AESencrypt,
this.IVLength, hashKey, cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
this.iv.length, hashKey, cleartext + sha1Hash, this.iv);
body += this.iv + ciphertextMPIs;
break;
}
}
@ -11772,49 +11715,43 @@ function openpgp_packet_secret_key() {
return;
// creating a key out of the passphrase
var key = this.s2k.produce_key(passphrase);
var key = this.s2k.produce_key(passphrase,
openpgp_crypto_getKeyLength(this.symmetric_algorithm));
var cleartext = '';
var cleartextMPIs = "";
switch (this.symmetric_algorithm) {
case 1: // - IDEA [IDEA]
util.print_error("openpgp.packet.keymaterial.js\n"+"symmetric encryption algorithim: IDEA is not implemented");
util.print_error("openpgp.packet.keymaterial.js\n"
+"symmetric encryption algorithim: IDEA is not implemented");
return false;
case 2: // - TripleDES (DES-EDE, [SCHNEIER] [HAC] - 168 bit key derived from 192)
cleartextMPIs = normal_cfb_decrypt(function(block, key) {
cleartext = normal_cfb_decrypt(function(block, key) {
return des(key, block,1,null,0);
}, this.IVLength, key, this.encrypted, this.IV);
}, this.iv.length, key, this.encrypted, this.iv);
break;
case 3: // - CAST5 (128 bit key, as per [RFC2144])
cleartextMPIs = normal_cfb_decrypt(function(block, key) {
cleartext = normal_cfb_decrypt(function(block, key) {
var cast5 = new openpgp_symenc_cast5();
cast5.setKey(key);
return cast5.encrypt(util.str2bin(block));
}, this.IVLength, util.str2bin(key.substring(0,16)), this.encrypted, this.IV);
}, this.iv.length, util.str2bin(key.substring(0,16)), this.encrypted, this.iv);
break;
case 4: // - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
cleartextMPIs = normal_cfb_decrypt(function(block, key) {
cleartext = normal_cfb_decrypt(function(block, key) {
var blowfish = new Blowfish(key);
return blowfish.encrypt(block);
}, this.IVLength, key, this.encrypted, this.IV);
}, this.iv.length, key, this.encrypted, this.iv);
break;
case 7: // - AES with 128-bit key [AES]
case 8: // - AES with 192-bit key
case 9: // - AES with 256-bit key
var numBytes = 16;
//This is a weird way to achieve this. If's within a switch is probably not ideal.
if(this.symmetric_algorithm == 8){
numBytes = 24;
key = this.s2k.produce_key(str_passphrase,numBytes);
}
if(this.symmetric_algorithm == 9){
numBytes = 32;
key = this.s2k.produce_key(str_passphrase,numBytes);
}
cleartextMPIs = normal_cfb_decrypt(function(block,key){
return AESencrypt(util.str2bin(block),key);
},
this.IVLength, keyExpansion(key.substring(0,numBytes)), this.encrypted, this.IV);
cleartext = normal_cfb_decrypt(function(block,key){
return AESencrypt(util.str2bin(block),key);
},
this.iv.length, keyExpansion(key),
this.encrypted, this.iv);
break;
case 10: // - Twofish with 256-bit key [TWOFISH]
util.print_error("openpgp.packet.keymaterial.js\n"+"Key material is encrypted with twofish: not implemented");
@ -11826,58 +11763,33 @@ function openpgp_packet_secret_key() {
return false;
}
if (cleartextMPIs == null) {
util.print_error("openpgp.packet.keymaterial.js\n"+"cleartextMPIs was null");
if (cleartext == null) {
util.print_error("openpgp.packet.keymaterial.js\n"+"cleartext was null");
return false;
}
var cleartextMPIslength = cleartextMPIs.length;
if (s2k_usage == 254 &&
str_sha1(cleartextMPIs.substring(0,cleartextMPIs.length - 20)) ==
cleartextMPIs.substring(cleartextMPIs.length - 20)) {
cleartextMPIslength -= 20;
} else if (s2k_usage != 254 && util.calc_checksum(cleartextMPIs.substring(0,cleartextMPIs.length - 2)) ==
(cleartextMPIs.charCodeAt(cleartextMPIs.length -2) << 8 | cleartextMPIs.charCodeAt(cleartextMPIs.length -1))) {
cleartextMPIslength -= 2;
if (this.hash_algorithm == openpgp.hash.sha1) {
var hash = str_sha1(cleartext.substring(0,cleartext.length - 20));
if(hash != cleartext.substring(cleartext.length - 20))
throw "Hash mismatch!";
cleartext = cleartext.substr(0, cleartext.length - 20);
} else {
return false;
}
var hash = util.calc_checksum(cleartext.substring(0, cleartext.length - 2));
if(hash != cleartext.substring(cleartext.length -2))
throw "Hash mismatch!";
cleartext = cleartext.substr(0, cleartext.length - 2);
}
if (this.publicKey.publicKeyAlgorithm > 0 && this.publicKey.publicKeyAlgorithm < 4) {
// Algorithm-Specific Fields for RSA secret keys:
// - multiprecision integer (MPI) of RSA secret exponent d.
// - MPI of RSA secret prime value p.
// - MPI of RSA secret prime value q (p < q).
// - MPI of u, the multiplicative inverse of p, mod q.
var i = 0;
this.mpi = new Array();
this.mpi[0] = new openpgp_type_mpi();
this.mpi[0].read(cleartextMPIs, 0, cleartextMPIslength);
i += this.mpi[0].packetLength;
this.mpi[1] = new openpgp_type_mpi();
this.mpi[1].read(cleartextMPIs, i, cleartextMPIslength-i);
i += this.mpi[1].packetLength;
this.mpi[2] = new openpgp_type_mpi();
this.mpi[2].read(cleartextMPIs, i, cleartextMPIslength-i);
i += this.mpi[2].packetLength;
this.mpi[3] = new openpgp_type_mpi();
this.mpi[3].read(cleartextMPIs, i, cleartextMPIslength-i);
i += this.mpi[3].packetLength;
} else if (this.publicKey.publicKeyAlgorithm == 16) {
// Algorithm-Specific Fields for Elgamal secret keys:
// - MPI of Elgamal secret exponent x.
this.mpi = new Array();
this.mpi[0] = new openpgp_type_mpi();
this.mpi[0].read(cleartextMPIs, 0, cleartextMPIs);
} else if (this.publicKey.publicKeyAlgorithm == 17) {
// Algorithm-Specific Fields for DSA secret keys:
// - MPI of DSA secret exponent x.
this.mpi = new Array();
this.mpi[0] = new openpgp_type_mpi();
this.mpi[0].read(cleartextMPIs, 0, cleartextMPIslength);
}
return true;
var mpis = openpgp_crypto_getPrivateMpiCount(this.public_key.algorithm);
var j = 0;
for(var i = 0; i < mpis && j < cleartext.length; i++) {
this.mpi[i] = new openpgp_type_mpi();
j += this.mpi[i].read(cleartext.substr(j));
}
}
/**

32
resources/openpgp.min.js vendored
View File

@ -405,20 +405,16 @@ b[0].byteLength()));this.encrypted=openpgp_crypto_asymetricEncrypt(this.public_k
function(){for(var b="5.1. Public-Key Encrypted Session Key Packets (Tag 1)\n KeyId: "+this.keyId.toString()+"\n length: "+this.packetLength+"\n version:"+this.version+"\n pubAlgUs:"+this.publicKeyAlgorithmUsed+"\n",a=0;a<this.encrypted.length;a++)b+=this.encrypted[a].toString();return b}}
function openpgp_packet_public_key(){this.tag=6;this.version=4;this.created=null;this.mpi=[];this.algorithm=openpgp.publickey.rsa_sign;this.read=function(b){this.version=b[0].charCodeAt();if(3!=this.version){if(4==this.version){this.created=openpgp_packet_time_read(b.substr(1,4));this.algorithm=b[5].charCodeAt();var a=0<this.algorithm&&4>this.algorithm?2:16==this.algorithm?3:17==this.algorithm?4:0;this.mpi=[];for(var b=b.substr(6),c=0,d=0;d<a&&c<b.length;d++)this.mpi[d]=new openpgp_type_mpi,c+=this.mpi[d].read(b.substr(c)),
c>b.length&&util.print_error("openpgp.packet.keymaterial.js\nerror reading MPI @:"+c);return c+6}util.print_error("Unknown packet version")}};this.write=function(){var b=String.fromCharCode(4),b=b+openpgp_packet_time_write(this.created),b=b+String.fromCharCode(this.algorithm),a;for(a in this.mpi)b+=this.mpi[a].write();return b}}function openpgp_packet_public_subkey(){openpgp_packet_public_key.call(this);this.tag=14}
function openpgp_packet_secret_key(){this.tag=5;this.public_key=new openpgp_packet_public_key;this.mpi=[];this.symmetric_algorithm=openpgp.symmetric.plaintext;this.iv=this.encrypted=this.s2k=null;this.read=function(b){var a=this.public_key.read(b),b=b.substr(a),c=b[0].charCodeAt(),a=1;if(255==c||254==c)this.symmetric_algorithm=b[a++].charCodeAt(),this.s2k=new openpgp_type_s2k,a+=this.s2k.read(b.substr(a));if(0!=c&&255!=c&&254!=c)this.symmetric_algorithm=c;if(0!=c&&1001!=this.s2k.type)this.iv=b.substr(a,
openpgp_crypto_getBlockLength(this.symmetric_algorithm)),a+=this.iv.length;if(0!=c&&1001==this.s2k.type)this.encrypted=this.mpi=null;else if(0!=c)this.encrypted=b.substr(a);else{c=openpgp_crypto_getPrivateMpiCount(this.public_key.algorithm);this.mpi=[];for(var d=0;d<c;d++)this.mpi[d]=new openpgp_type_mpi,a+=this.mpi[d].read(b.substr(a));this.checksum=[];this.checksum[0]=b[a++].charCodeAt();this.checksum[1]=b[a++].charCodeAt()}};this.write=function(){var b=this.public_key.write();if(null==this.encrypted){var b=
b+String.fromCharCode(0),a;for(a in this.mpi)b+=this.mpi[a].write();b+="00"}else null==this.s2k?(b+=String.fromCharCode(this.symmetric_algorithm),b+=this.encrypted):(b+=String.fromCharCode(254),b+=String.fromCharCode(this.symmetric_algorithm),b+=this.s2k.write());switch(keyType){case 1:body+=String.fromCharCode(keyType);body+=key.n.toMPI();body+=key.ee.toMPI();if(password){body+=String.fromCharCode(254);body+=String.fromCharCode(this.symmetric_algorithm);body+=String.fromCharCode(3);body+=String.fromCharCode(s2kHash);
b=key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI();a=str_sha1(b);util.print_debug_hexstr_dump("write_private_key sha1: ",a);var c=openpgp_crypto_getRandomBytes(8);util.print_debug_hexstr_dump("write_private_key Salt: ",c);body+=c;body+=String.fromCharCode(96);util.print_debug("write_private_key c: 96");c=(new openpgp_type_s2k).write(3,s2kHash,password,c,96);switch(this.symmetric_algorithm){case 3:this.IVLength=8;this.IV=openpgp_crypto_getRandomBytes(this.IVLength);ciphertextMPIs=normal_cfb_encrypt(function(b,
a){var c=new openpgp_symenc_cast5;c.setKey(a);return c.encrypt(util.str2bin(b))},this.IVLength,util.str2bin(c.substring(0,16)),b+a,this.IV);body+=this.IV+ciphertextMPIs;break;case 7:case 8:case 9:this.IVLength=16,this.IV=openpgp_crypto_getRandomBytes(this.IVLength),ciphertextMPIs=normal_cfb_encrypt(AESencrypt,this.IVLength,c,b+a,this.IV),body+=this.IV+ciphertextMPIs}}else body+=String.fromCharCode(0),body+=key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI(),b=util.calc_checksum(key.d.toMPI()+
key.p.toMPI()+key.q.toMPI()+key.u.toMPI()),body+=String.fromCharCode(b/256)+String.fromCharCode(b%256),util.print_debug_hexstr_dump("write_private_key basic checksum: "+b);break;default:body="",util.print_error("openpgp.packet.keymaterial.js\nerror writing private key, unknown type :"+keyType)}b=openpgp_packet.write_packet_header(tag,body.length);return{string:b+body,header:b,body:body}};this.encrypt=function(){var b=String.fromCharCode(4),b=b+timePacket;switch(keyType){case 1:b+=String.fromCharCode(keyType);
b+=key.n.toMPI();b+=key.ee.toMPI();if(password){var b=b+String.fromCharCode(254),b=b+String.fromCharCode(this.symmetric_algorithm),b=b+String.fromCharCode(3),b=b+String.fromCharCode(s2kHash),a=key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI(),c=str_sha1(a);util.print_debug_hexstr_dump("write_private_key sha1: ",c);var d=openpgp_crypto_getRandomBytes(8);util.print_debug_hexstr_dump("write_private_key Salt: ",d);b=b+d+String.fromCharCode(96);util.print_debug("write_private_key c: 96");d=(new openpgp_type_s2k).write(3,
s2kHash,password,d,96);switch(this.symmetric_algorithm){case 3:this.IVLength=8;this.IV=openpgp_crypto_getRandomBytes(this.IVLength);ciphertextMPIs=normal_cfb_encrypt(function(b,a){var c=new openpgp_symenc_cast5;c.setKey(a);return c.encrypt(util.str2bin(b))},this.IVLength,util.str2bin(d.substring(0,16)),a+c,this.IV);b+=this.IV+ciphertextMPIs;break;case 7:case 8:case 9:this.IVLength=16,this.IV=openpgp_crypto_getRandomBytes(this.IVLength),ciphertextMPIs=normal_cfb_encrypt(AESencrypt,this.IVLength,d,
a+c,this.IV),b+=this.IV+ciphertextMPIs}}else b+=String.fromCharCode(0),b+=key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI(),a=util.calc_checksum(key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI()),b+=String.fromCharCode(a/256)+String.fromCharCode(a%256),util.print_debug_hexstr_dump("write_private_key basic checksum: "+a);break;default:b="",util.print_error("openpgp.packet.keymaterial.js\nerror writing private key, unknown type :"+keyType)}a=openpgp_packet.write_packet_header(tag,b.length);
return{string:a+b,header:a,body:b}};this.decrypt=function(b){if(null!=this.encrypted){var a=this.s2k.produce_key(b),b="";switch(this.symmetric_algorithm){case 1:return util.print_error("openpgp.packet.keymaterial.js\nsymmetric encryption algorithim: IDEA is not implemented"),!1;case 2:b=normal_cfb_decrypt(function(b,a){return des(a,b,1,null,0)},this.IVLength,a,this.encrypted,this.IV);break;case 3:b=normal_cfb_decrypt(function(b,a){var c=new openpgp_symenc_cast5;c.setKey(a);return c.encrypt(util.str2bin(b))},
this.IVLength,util.str2bin(a.substring(0,16)),this.encrypted,this.IV);break;case 4:b=normal_cfb_decrypt(function(b,a){return(new Blowfish(a)).encrypt(b)},this.IVLength,a,this.encrypted,this.IV);break;case 7:case 8:case 9:b=16;8==this.symmetric_algorithm&&(b=24,a=this.s2k.produce_key(str_passphrase,b));9==this.symmetric_algorithm&&(b=32,a=this.s2k.produce_key(str_passphrase,b));b=normal_cfb_decrypt(function(b,a){return AESencrypt(util.str2bin(b),a)},this.IVLength,keyExpansion(a.substring(0,b)),this.encrypted,
this.IV);break;case 10:return util.print_error("openpgp.packet.keymaterial.js\nKey material is encrypted with twofish: not implemented"),!1;default:return util.print_error("openpgp.packet.keymaterial.js\nunknown encryption algorithm for secret key :"+this.symmetric_algorithm),!1}if(null==b)return util.print_error("openpgp.packet.keymaterial.js\ncleartextMPIs was null"),!1;a=b.length;if(254==s2k_usage&&str_sha1(b.substring(0,b.length-20))==b.substring(b.length-20))a-=20;else if(254!=s2k_usage&&util.calc_checksum(b.substring(0,
b.length-2))==(b.charCodeAt(b.length-2)<<8|b.charCodeAt(b.length-1)))a-=2;else return!1;if(0<this.publicKey.publicKeyAlgorithm&&4>this.publicKey.publicKeyAlgorithm){var c=0;this.mpi=[];this.mpi[0]=new openpgp_type_mpi;this.mpi[0].read(b,0,a);c+=this.mpi[0].packetLength;this.mpi[1]=new openpgp_type_mpi;this.mpi[1].read(b,c,a-c);c+=this.mpi[1].packetLength;this.mpi[2]=new openpgp_type_mpi;this.mpi[2].read(b,c,a-c);c+=this.mpi[2].packetLength;this.mpi[3]=new openpgp_type_mpi;this.mpi[3].read(b,c,a-c);
c+=this.mpi[3].packetLength}else if(16==this.publicKey.publicKeyAlgorithm)this.mpi=[],this.mpi[0]=new openpgp_type_mpi,this.mpi[0].read(b,0,b);else if(17==this.publicKey.publicKeyAlgorithm)this.mpi=[],this.mpi[0]=new openpgp_type_mpi,this.mpi[0].read(b,0,a);return!0}}}function openpgp_packet_secret_subkey(){openpgp_packet_secret_key.call(this);this.tag=7}function openpgp_packet_signature(){this.tag=2;this.write=function(){};this.read=function(){}}
function openpgp_packet_secret_key(){this.tag=5;this.public_key=new openpgp_packet_public_key;this.mpi=[];this.symmetric_algorithm=openpgp.symmetric.plaintext;this.hash_algorithm=openpgp.hash.sha1;this.iv=this.encrypted=this.s2k=null;this.read=function(b){var a=this.public_key.read(b),b=b.substr(a),c=b[0].charCodeAt(),a=1;if(255==c||254==c)this.symmetric_algorithm=b[a++].charCodeAt(),this.s2k=new openpgp_type_s2k,a+=this.s2k.read(b.substr(a));if(0!=c&&255!=c&&254!=c)this.symmetric_algorithm=c;if(0!=
c&&1001!=this.s2k.type)this.iv=b.substr(a,openpgp_crypto_getBlockLength(this.symmetric_algorithm)),a+=this.iv.length;this.hash_algorithm=254==c?openpgp.hash.sha1:"checksum";if(0!=c&&1001==this.s2k.type)this.encrypted=this.mpi=null;else if(0!=c)this.encrypted=b.substr(a);else{c=openpgp_crypto_getPrivateMpiCount(this.public_key.algorithm);this.mpi=[];for(var d=0;d<c;d++)this.mpi[d]=new openpgp_type_mpi,a+=this.mpi[d].read(b.substr(a));this.checksum=[];this.checksum[0]=b[a++].charCodeAt();this.checksum[1]=
b[a++].charCodeAt()}};this.write=function(){var b=this.public_key.write();if(null==this.encrypted){var b=b+String.fromCharCode(0),a;for(a in this.mpi)b+=this.mpi[a].write();b+="00"}else null==this.s2k?b+=String.fromCharCode(this.symmetric_algorithm):(b+=String.fromCharCode(254),b+=String.fromCharCode(this.symmetric_algorithm),b+=this.s2k.write()),b+=this.encrypted;return b};this.encrypt=function(b){switch(keyType){case 1:body+=String.fromCharCode(keyType);body+=key.n.toMPI();body+=key.ee.toMPI();
if(b){body+=String.fromCharCode(254);body+=String.fromCharCode(this.symmetric_algorithm);body+=String.fromCharCode(3);body+=String.fromCharCode(s2kHash);var a=key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI(),c=str_sha1(a);util.print_debug_hexstr_dump("write_private_key sha1: ",c);var d=openpgp_crypto_getRandomBytes(8);util.print_debug_hexstr_dump("write_private_key Salt: ",d);body+=d;body+=String.fromCharCode(96);util.print_debug("write_private_key c: 96");b=(new openpgp_type_s2k).write(3,
s2kHash,b,d,96);switch(this.symmetric_algorithm){case 3:this.iv.length=8;this.iv=openpgp_crypto_getRandomBytes(this.iv.length);ciphertextMPIs=normal_cfb_encrypt(function(a,b){var c=new openpgp_symenc_cast5;c.setKey(b);return c.encrypt(util.str2bin(a))},this.iv.length,util.str2bin(b.substring(0,16)),a+c,this.iv);body+=this.iv+ciphertextMPIs;break;case 7:case 8:case 9:this.iv.length=16,this.iv=openpgp_crypto_getRandomBytes(this.iv.length),ciphertextMPIs=normal_cfb_encrypt(AESencrypt,this.iv.length,
b,a+c,this.iv),body+=this.iv+ciphertextMPIs}}else body+=String.fromCharCode(0),body+=key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI(),a=util.calc_checksum(key.d.toMPI()+key.p.toMPI()+key.q.toMPI()+key.u.toMPI()),body+=String.fromCharCode(a/256)+String.fromCharCode(a%256),util.print_debug_hexstr_dump("write_private_key basic checksum: "+a);break;default:body="",util.print_error("openpgp.packet.keymaterial.js\nerror writing private key, unknown type :"+keyType)}a=openpgp_packet.write_packet_header(tag,
body.length);return{string:a+body,header:a,body:body}};this.decrypt=function(b){if(null!=this.encrypted){var a=this.s2k.produce_key(b,openpgp_crypto_getKeyLength(this.symmetric_algorithm)),b="";switch(this.symmetric_algorithm){case 1:return util.print_error("openpgp.packet.keymaterial.js\nsymmetric encryption algorithim: IDEA is not implemented"),!1;case 2:b=normal_cfb_decrypt(function(a,b){return des(b,a,1,null,0)},this.iv.length,a,this.encrypted,this.iv);break;case 3:b=normal_cfb_decrypt(function(a,
b){var c=new openpgp_symenc_cast5;c.setKey(b);return c.encrypt(util.str2bin(a))},this.iv.length,util.str2bin(a.substring(0,16)),this.encrypted,this.iv);break;case 4:b=normal_cfb_decrypt(function(a,b){return(new Blowfish(b)).encrypt(a)},this.iv.length,a,this.encrypted,this.iv);break;case 7:case 8:case 9:b=normal_cfb_decrypt(function(a,b){return AESencrypt(util.str2bin(a),b)},this.iv.length,keyExpansion(a),this.encrypted,this.iv);break;case 10:return util.print_error("openpgp.packet.keymaterial.js\nKey material is encrypted with twofish: not implemented"),
!1;default:return util.print_error("openpgp.packet.keymaterial.js\nunknown encryption algorithm for secret key :"+this.symmetric_algorithm),!1}if(null==b)return util.print_error("openpgp.packet.keymaterial.js\ncleartext was null"),!1;if(this.hash_algorithm==openpgp.hash.sha1){a=str_sha1(b.substring(0,b.length-20));if(a!=b.substring(b.length-20))throw"Hash mismatch!";b=b.substr(0,b.length-20)}else{a=util.calc_checksum(b.substring(0,b.length-2));if(a!=b.substring(b.length-2))throw"Hash mismatch!";b=
b.substr(0,b.length-2)}for(var a=openpgp_crypto_getPrivateMpiCount(this.public_key.algorithm),c=0,d=0;d<a&&c<b.length;d++)this.mpi[d]=new openpgp_type_mpi,c+=this.mpi[d].read(b.substr(c))}}}function openpgp_packet_secret_subkey(){openpgp_packet_secret_key.call(this);this.tag=7}function openpgp_packet_signature(){this.tag=2;this.write=function(){};this.read=function(){}}
function openpgp_packet_sym_encrypted_integrity_protected(){this.tag=18;this.version=1;this.encrypted=null;this.modification=!1;this.packets=new openpgp_packetlist;this.read=function(b){this.version=b[0].charCodeAt();if(1!=this.version)return util.print_error("openpgp.packet.encryptedintegrityprotecteddata.js\nunknown encrypted integrity protected data packet version: "+this.version+"hex:"+util.hexstrdump(b)),null;this.encrypted=b.substr(1)};this.write=function(){return String.fromCharCode(this.version)+
this.encrypted};this.encrypt=function(b,a){var c=this.packets.write(),d=openpgp_crypto_getPrefixRandom(b),e=d+d.charAt(d.length-2)+d.charAt(d.length-1),c=c+String.fromCharCode(211),c=c+String.fromCharCode(20);util.print_debug_hexstr_dump("data to be hashed:",e+c);c+=str_sha1(e+c);util.print_debug_hexstr_dump("hash:",c.substring(c.length-20,c.length));this.encrypted=openpgp_crypto_symmetricEncrypt(d,b,a,c,!1).substring(0,e.length+c.length)};this.decrypt=function(b,a){var c=openpgp_crypto_symmetricDecrypt(b,
a,this.encrypted,!1);this.hash=str_sha1(openpgp_crypto_MDCSystemBytes(b,a,this.encrypted)+c.substring(0,c.length-20));util.print_debug_hexstr_dump("calc hash = ",this.hash);this.hash!=c.substr(c.length-20,20)?(this.packets=new openpgp_packetlist,util.print_error("Decryption stopped: discovered a modification of encrypted data.")):this.packets.read(c.substr(0,c.length-22))};this.toString=function(){var b="";openpgp.config.debug&&(b=" data: Bytes ["+util.hexstrdump(this.encrypted)+"]");return"5.13. Sym. Encrypted Integrity Protected Data Packet (Tag 18)\n\n version: "+
@ -431,7 +427,7 @@ function openpgp_packet_symmetrically_encrypted(){this.tag=9;this.encrypted=null
"\n encrypted data: Bytes ["+util.hexstrdump(this.encryptedData)+"]\n"}}function openpgp_packet_number_read(b){for(var a=0,c=0;c<b.length;c++)a<<=8,a+=b[c].charCodeAt();return a}function openpgp_packet_number_write(b,a){for(var c="",d=0;d<a;d++)c+=String.fromCharCode(b>>8*(a-d-1)&255);return c}function openpgp_packet_time_read(b){var b=openpgp_packet_number_read(b),a=new Date;a.setTime(1E3*b);return a}
function openpgp_packet_time_write(b){b=Math.round(b.getTime()/1E3);return openpgp_packet_number_write(b,4)}function openpgp_packet_userid(){this.userid="";this.tag=13;this.read=function(b){this.userid=util.decode_utf8(b)};this.write=function(){return util.encode_utf8(this.userid)}}
function openpgp_type_mpi(){this.data=null;this.read=function(b){var a=b[0].charCodeAt()<<8|b[1].charCodeAt(),a=Math.ceil(a/8);this.fromBytes(b.substr(2,a));return 2+a};this.fromBytes=function(b){this.data=new BigInteger(util.hexstrdump(b),16)};this.toBytes=function(){return this.write().substr(2)};this.byteLength=function(){return this.toBytes().length};this.write=function(){return this.data.toMPI()};this.toBigInteger=function(){return this.data.clone()};this.fromBigInteger=function(b){this.data=
b.clone()};this.toString=function(){var b=" MPI("+this.mpiBitLength+"b/"+this.mpiByteLength+"B) : 0x",b=b+util.hexstrdump(this.MPI);return b+"\n"}}function openpgp_type_keyid(){for(var b="",a=0;8>a;a++)b+=String.fromCharCode(0);this.read_packet=function(b,a){this.bytes=b.substring(a,a+8);return this};this.toString=function(){return util.hexstrdump(this.bytes)}}
b.clone()};this.toString=function(){var b=" MPI("+this.mpiBitLength+"b/"+this.mpiByteLength+"B) : 0x",b=b+util.hexstrdump(this.MPI);return b+"\n"}}function openpgp_type_keyid(){for(var b="",a=0;8>a;a++)b+=String.fromCharCode(0);this.read_packet=function(a,b){this.bytes=a.substring(b,b+8);return this};this.toString=function(){return util.hexstrdump(this.bytes)}}
function openpgp_type_s2k(){this.read=function(b,a){var c=a;this.type=b[c++].charCodeAt();switch(this.type){case 0:this.hashAlgorithm=b[c++].charCodeAt();this.s2kLength=1;break;case 1:this.hashAlgorithm=b[c++].charCodeAt();this.saltValue=b.substring(c,c+8);c+=8;this.s2kLength=9;break;case 3:this.hashAlgorithm=b[c++].charCodeAt();this.saltValue=b.substring(c,c+8);c+=8;this.EXPBIAS=6;var d=b[c++].charCodeAt();this.count=16+(d&15)<<(d>>4)+this.EXPBIAS;this.s2kLength=10;break;case 101:"GNU"==b.substring(c+
1,c+4)?(this.hashAlgorithm=b[c++].charCodeAt(),c+=3,d=1E3+b[c++].charCodeAt(),1001==d?(this.type=d,this.s2kLength=5):util.print_error("unknown s2k gnu protection mode! "+this.type)):util.print_error("unknown s2k type! "+this.type);break;default:util.print_error("unknown s2k type! "+this.type)}this.packetLength=c-a;return this};this.write=function(b,a,c,d,e){this.type=b;if(3==this.type)this.saltValue=d,this.hashAlgorithm=a,this.count=16+(e&15)<<(e>>4)+6,this.s2kLength=10;return this.produce_key(c)};
this.produce_key=function(b,a){var b=util.encode_utf8(b),c;if(0==this.type)c=openpgp_crypto_hashData(this.hashAlgorithm,b);else if(1==this.type)c=openpgp_crypto_hashData(this.hashAlgorithm,this.saltValue+b);else if(3==this.type){c=[];for(c[0]=this.saltValue+b;c.length*(this.saltValue+b).length<this.count;)c.push(this.saltValue+b);c=c.join("");c.length>this.count&&(c=c.substr(0,this.count));c=a&&(24==a||32==a)?openpgp_crypto_hashData(this.hashAlgorithm,c)+openpgp_crypto_hashData(this.hashAlgorithm,
@ -440,8 +436,8 @@ function openpgp_type_s2k(){this.algorithm=openpgp.hash.sha256;this.type=openpgp
break;case c.gnu:"GNU"==b.substr(a,3)?(a+=3,b=1E3+b[a++].charCodeAt(),1001==b?this.type=b:util.print_error("unknown s2k gnu protection mode! "+this.type)):util.print_error("unknown s2k type! "+this.type);break;default:util.print_error("unknown s2k type! "+this.type)}return a};this.write=function(){var b=String.fromCharCode(this.type),b=b+String.fromCharCode(this.algorithm),a=openpgp_type_s2k.type;switch(this.type){case a.salted:b+=this.salt;break;case a.iterated:b+=this.salt,b+=String.fromCharCode(this.c)}return b};
this.produce_key=function(b,a){for(var b=util.encode_utf8(b),c="",d="";c.length<=a;){var e;a:{e=d;var f=openpgp_type_s2k.type;switch(this.type){case f.simple:e=openpgp_crypto_hashData(this.algorithm,e+b);break a;case f.salted:e=openpgp_crypto_hashData(this.algorithm,e+this.salt+b);break a;case f.iterated:var f=[],g=this.get_count();for(data=this.salt+b;f.length*data.length<g;)f.push(data);f=f.join("");f.length>g&&(f=f.substr(0,g));e=openpgp_crypto_hashData(this.algorithm,e+f);break a}e=void 0}c+=
e;d+=String.fromCharCode(0)}return c.substr(0,a)}}openpgp_type_s2k.type={simple:0,salted:1,iterated:3,gnu:101};
var Util=function(){this.emailRegEx=/[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/;this.debug=!1;this.hexdump=function(b){for(var a=[],e=b.length,f=0,g,h=0;f<e;){for(g=b.charCodeAt(f++).toString(16);2>g.length;)g="0"+g;a.push(" "+g);h++;0==h%32&&a.push("\n ")}return a.join("")};this.hexstrdump=function(b){if(null==b)return"";for(var a=[],e=b.length,f=0,g;f<e;){for(g=b[f++].charCodeAt().toString(16);2>
g.length;)g="0"+g;a.push(""+g)}return a.join("")};this.hex2bin=function(b){for(var a="",e=0;e<b.length;e+=2)a+=String.fromCharCode(parseInt(b.substr(e,2),16));return a};this.hexidump=function(b){for(var a=[],e=b.length,f=0,g;f<e;){for(g=b[f++].toString(16);2>g.length;)g="0"+g;a.push(""+g)}return a.join("")};this.encode_utf8=function(b){return unescape(encodeURIComponent(b))};this.decode_utf8=function(b){return decodeURIComponent(escape(b))};var b=function(b,a){for(var e=0;e<b.length;e++)a[e]=b.charCodeAt(e);
return a},a=function(b){for(var a=[],e=0;e<b.length;e++)a.push(String.fromCharCode(b[e]));return a.join("")};this.str2bin=function(a){return b(a,Array(a.length))};this.bin2str=a;this.str2Uint8Array=function(a){return b(a,new Uint8Array(new ArrayBuffer(a.length)))};this.Uint8Array2str=a;this.calc_checksum=function(a){for(var b={s:0,add:function(a){this.s=(this.s+a)%65536}},e=0;e<a.length;e++)b.add(a.charCodeAt(e));return b.s};this.print_debug=function(a){this.debug&&console.log(a)};this.print_debug_hexstr_dump=
var Util=function(){this.emailRegEx=/[a-z0-9!#$%&'*+/=?^_`{|}~-]+(?:\.[a-z0-9!#$%&'*+/=?^_`{|}~-]+)*@(?:[a-z0-9](?:[a-z0-9-]*[a-z0-9])?\.)+[a-z0-9](?:[a-z0-9-]*[a-z0-9])?/;this.debug=!1;this.hexdump=function(a){for(var b=[],e=a.length,f=0,g,h=0;f<e;){for(g=a.charCodeAt(f++).toString(16);2>g.length;)g="0"+g;b.push(" "+g);h++;0==h%32&&b.push("\n ")}return b.join("")};this.hexstrdump=function(a){if(null==a)return"";for(var b=[],e=a.length,f=0,g;f<e;){for(g=a[f++].charCodeAt().toString(16);2>
g.length;)g="0"+g;b.push(""+g)}return b.join("")};this.hex2bin=function(a){for(var b="",e=0;e<a.length;e+=2)b+=String.fromCharCode(parseInt(a.substr(e,2),16));return b};this.hexidump=function(a){for(var b=[],e=a.length,f=0,g;f<e;){for(g=a[f++].toString(16);2>g.length;)g="0"+g;b.push(""+g)}return b.join("")};this.encode_utf8=function(a){return unescape(encodeURIComponent(a))};this.decode_utf8=function(a){return decodeURIComponent(escape(a))};var b=function(a,b){for(var e=0;e<a.length;e++)b[e]=a.charCodeAt(e);
return b},a=function(a){for(var b=[],e=0;e<a.length;e++)b.push(String.fromCharCode(a[e]));return b.join("")};this.str2bin=function(a){return b(a,Array(a.length))};this.bin2str=a;this.str2Uint8Array=function(a){return b(a,new Uint8Array(new ArrayBuffer(a.length)))};this.Uint8Array2str=a;this.calc_checksum=function(a){for(var b={s:0,add:function(a){this.s=(this.s+a)%65536}},e=0;e<a.length;e++)b.add(a.charCodeAt(e));return b.s};this.print_debug=function(a){this.debug&&console.log(a)};this.print_debug_hexstr_dump=
function(a,b){this.debug&&(a+=this.hexstrdump(b),console.log(a))};this.print_error=function(a){if(this.debug)throw a;console.log(a)};this.print_info=function(a){this.debug&&console.log(a)};this.print_warning=function(a){console.log(a)};this.getLeftNBits=function(a,b){var e=b%8;return 0==e?a.substring(0,b/8):this.shiftRight(a.substring(0,(b-e)/8+1),8-e)};this.shiftRight=function(a,b){var e=util.str2bin(a);if(0!=b%8)for(var f=e.length-1;0<=f;f--)e[f]>>=b%8,0<f&&(e[f]|=e[f-1]<<8-b%8&255);else return a;
return util.bin2str(e)};this.get_hashAlgorithmString=function(a){switch(a){case 1:return"MD5";case 2:return"SHA1";case 3:return"RIPEMD160";case 8:return"SHA256";case 9:return"SHA384";case 10:return"SHA512";case 11:return"SHA224"}return"unknown"}},util=new Util;

212
src/packet/secret_key.js
View File

@ -29,6 +29,7 @@ function openpgp_packet_secret_key() {
this.public_key = new openpgp_packet_public_key();
this.mpi = [];
this.symmetric_algorithm = openpgp.symmetric.plaintext;
this.hash_algorithm = openpgp.hash.sha1;
this.s2k = null;
this.encrypted = null;
this.iv = null;
@ -77,7 +78,6 @@ function openpgp_packet_secret_key() {
if (s2k_usage != 0 && s2k_usage != 255 &&
s2k_usage != 254) {
this.symmetric_algorithm = s2k_usage;
}
if (s2k_usage != 0 && this.s2k.type != 1001) {
@ -87,6 +87,11 @@ function openpgp_packet_secret_key() {
i += this.iv.length;
}
if(s2k_usage == 254)
this.hash_algorithm = openpgp.hash.sha1;
else
this.hash_algorithm = 'checksum';
// - Plain or encrypted multiprecision integers comprising the secret
// key data. These algorithm-specific fields are as described
// below.
@ -148,10 +153,18 @@ function openpgp_packet_secret_key() {
bytes += String.fromCharCode(254);
bytes += String.fromCharCode(this.symmetric_algorithm);
bytes += this.s2k.write();
bytes += this.encrypted;
}
return bytes;
}
this.encrypt = function(password) {
switch(keyType){
case 1:
body += String.fromCharCode(keyType);//public key algo
@ -168,8 +181,8 @@ function openpgp_packet_secret_key() {
body += String.fromCharCode(s2kHash);
//8 octet salt value
//1 octet count
var cleartextMPIs = key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var sha1Hash = str_sha1(cleartextMPIs);
var cleartext = key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var sha1Hash = str_sha1(cleartext);
util.print_debug_hexstr_dump('write_private_key sha1: ',sha1Hash);
var salt = openpgp_crypto_getRandomBytes(8);
util.print_debug_hexstr_dump('write_private_key Salt: ',salt);
@ -182,93 +195,23 @@ function openpgp_packet_secret_key() {
//if s2k, IV of same length as cipher's block
switch(this.symmetric_algorithm){
case 3:
this.IVLength = 8;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
this.iv.length = 8;
this.iv = openpgp_crypto_getRandomBytes(this.iv.length);
ciphertextMPIs = normal_cfb_encrypt(function(block, key) {
var cast5 = new openpgp_symenc_cast5();
cast5.setKey(key);
return cast5.encrypt(util.str2bin(block));
}, this.IVLength, util.str2bin(hashKey.substring(0,16)), cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
}, this.iv.length, util.str2bin(hashKey.substring(0,16)), cleartext + sha1Hash, this.iv);
body += this.iv + ciphertextMPIs;
break;
case 7:
case 8:
case 9:
this.IVLength = 16;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
this.iv.length = 16;
this.iv = openpgp_crypto_getRandomBytes(this.iv.length);
ciphertextMPIs = normal_cfb_encrypt(AESencrypt,
this.IVLength, hashKey, cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
break;
}
}
else{
body += String.fromCharCode(0);//1 octet -- s2k, 0 for no s2k
body += key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var checksum = util.calc_checksum(key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI());
body += String.fromCharCode(checksum/0x100) + String.fromCharCode(checksum%0x100);//DEPRECATED:s2k == 0, 255: 2 octet checksum, sum all octets%65536
util.print_debug_hexstr_dump('write_private_key basic checksum: '+ checksum);
}
break;
default :
body = "";
util.print_error("openpgp.packet.keymaterial.js\n"+'error writing private key, unknown type :'+keyType);
}
var header = openpgp_packet.write_packet_header(tag,body.length);
return {string: header+body , header: header, body: body};
}
this.encrypt = function() {
var body = String.fromCharCode(4);
body += timePacket;
switch(keyType){
case 1:
body += String.fromCharCode(keyType);//public key algo
body += key.n.toMPI();
body += key.ee.toMPI();
var algorithmStart = body.length;
//below shows ske/s2k
if(password){
body += String.fromCharCode(254); //octet of 254 indicates s2k with SHA1
//if s2k == 255,254 then 1 octet symmetric encryption algo
body += String.fromCharCode(this.symmetric_algorithm);
//if s2k == 255,254 then s2k specifier
body += String.fromCharCode(3); //s2k salt+iter
body += String.fromCharCode(s2kHash);
//8 octet salt value
//1 octet count
var cleartextMPIs = key.d.toMPI() + key.p.toMPI() + key.q.toMPI() + key.u.toMPI();
var sha1Hash = str_sha1(cleartextMPIs);
util.print_debug_hexstr_dump('write_private_key sha1: ',sha1Hash);
var salt = openpgp_crypto_getRandomBytes(8);
util.print_debug_hexstr_dump('write_private_key Salt: ',salt);
body += salt;
var c = 96; //c of 96 translates to count of 65536
body += String.fromCharCode(c);
util.print_debug('write_private_key c: '+ c);
var s2k = new openpgp_type_s2k();
var hashKey = s2k.write(3, s2kHash, password, salt, c);
//if s2k, IV of same length as cipher's block
switch(this.symmetric_algorithm){
case 3:
this.IVLength = 8;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
ciphertextMPIs = normal_cfb_encrypt(function(block, key) {
var cast5 = new openpgp_symenc_cast5();
cast5.setKey(key);
return cast5.encrypt(util.str2bin(block));
}, this.IVLength, util.str2bin(hashKey.substring(0,16)), cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
break;
case 7:
case 8:
case 9:
this.IVLength = 16;
this.IV = openpgp_crypto_getRandomBytes(this.IVLength);
ciphertextMPIs = normal_cfb_encrypt(AESencrypt,
this.IVLength, hashKey, cleartextMPIs + sha1Hash, this.IV);
body += this.IV + ciphertextMPIs;
this.iv.length, hashKey, cleartext + sha1Hash, this.iv);
body += this.iv + ciphertextMPIs;
break;
}
}
@ -304,49 +247,43 @@ function openpgp_packet_secret_key() {
return;
// creating a key out of the passphrase
var key = this.s2k.produce_key(passphrase);
var key = this.s2k.produce_key(passphrase,
openpgp_crypto_getKeyLength(this.symmetric_algorithm));
var cleartext = '';
var cleartextMPIs = "";
switch (this.symmetric_algorithm) {
case 1: // - IDEA [IDEA]
util.print_error("openpgp.packet.keymaterial.js\n"+"symmetric encryption algorithim: IDEA is not implemented");
util.print_error("openpgp.packet.keymaterial.js\n"
+"symmetric encryption algorithim: IDEA is not implemented");
return false;
case 2: // - TripleDES (DES-EDE, [SCHNEIER] [HAC] - 168 bit key derived from 192)
cleartextMPIs = normal_cfb_decrypt(function(block, key) {
cleartext = normal_cfb_decrypt(function(block, key) {
return des(key, block,1,null,0);
}, this.IVLength, key, this.encrypted, this.IV);
}, this.iv.length, key, this.encrypted, this.iv);
break;
case 3: // - CAST5 (128 bit key, as per [RFC2144])
cleartextMPIs = normal_cfb_decrypt(function(block, key) {
cleartext = normal_cfb_decrypt(function(block, key) {
var cast5 = new openpgp_symenc_cast5();
cast5.setKey(key);
return cast5.encrypt(util.str2bin(block));
}, this.IVLength, util.str2bin(key.substring(0,16)), this.encrypted, this.IV);
}, this.iv.length, util.str2bin(key.substring(0,16)), this.encrypted, this.iv);
break;
case 4: // - Blowfish (128 bit key, 16 rounds) [BLOWFISH]
cleartextMPIs = normal_cfb_decrypt(function(block, key) {
cleartext = normal_cfb_decrypt(function(block, key) {
var blowfish = new Blowfish(key);
return blowfish.encrypt(block);
}, this.IVLength, key, this.encrypted, this.IV);
}, this.iv.length, key, this.encrypted, this.iv);
break;
case 7: // - AES with 128-bit key [AES]
case 8: // - AES with 192-bit key
case 9: // - AES with 256-bit key
var numBytes = 16;
//This is a weird way to achieve this. If's within a switch is probably not ideal.
if(this.symmetric_algorithm == 8){
numBytes = 24;
key = this.s2k.produce_key(str_passphrase,numBytes);
}
if(this.symmetric_algorithm == 9){
numBytes = 32;
key = this.s2k.produce_key(str_passphrase,numBytes);
}
cleartextMPIs = normal_cfb_decrypt(function(block,key){
return AESencrypt(util.str2bin(block),key);
},
this.IVLength, keyExpansion(key.substring(0,numBytes)), this.encrypted, this.IV);
cleartext = normal_cfb_decrypt(function(block,key){
return AESencrypt(util.str2bin(block),key);
},
this.iv.length, keyExpansion(key),
this.encrypted, this.iv);
break;
case 10: // - Twofish with 256-bit key [TWOFISH]
util.print_error("openpgp.packet.keymaterial.js\n"+"Key material is encrypted with twofish: not implemented");
@ -358,58 +295,33 @@ function openpgp_packet_secret_key() {
return false;
}
if (cleartextMPIs == null) {
util.print_error("openpgp.packet.keymaterial.js\n"+"cleartextMPIs was null");
if (cleartext == null) {
util.print_error("openpgp.packet.keymaterial.js\n"+"cleartext was null");
return false;
}
var cleartextMPIslength = cleartextMPIs.length;
if (s2k_usage == 254 &&
str_sha1(cleartextMPIs.substring(0,cleartextMPIs.length - 20)) ==
cleartextMPIs.substring(cleartextMPIs.length - 20)) {
cleartextMPIslength -= 20;
} else if (s2k_usage != 254 && util.calc_checksum(cleartextMPIs.substring(0,cleartextMPIs.length - 2)) ==
(cleartextMPIs.charCodeAt(cleartextMPIs.length -2) << 8 | cleartextMPIs.charCodeAt(cleartextMPIs.length -1))) {
cleartextMPIslength -= 2;
if (this.hash_algorithm == openpgp.hash.sha1) {
var hash = str_sha1(cleartext.substring(0,cleartext.length - 20));
if(hash != cleartext.substring(cleartext.length - 20))
throw "Hash mismatch!";
cleartext = cleartext.substr(0, cleartext.length - 20);
} else {
return false;
}
var hash = util.calc_checksum(cleartext.substring(0, cleartext.length - 2));
if(hash != cleartext.substring(cleartext.length -2))
throw "Hash mismatch!";
cleartext = cleartext.substr(0, cleartext.length - 2);
}
if (this.publicKey.publicKeyAlgorithm > 0 && this.publicKey.publicKeyAlgorithm < 4) {
// Algorithm-Specific Fields for RSA secret keys:
// - multiprecision integer (MPI) of RSA secret exponent d.
// - MPI of RSA secret prime value p.
// - MPI of RSA secret prime value q (p < q).
// - MPI of u, the multiplicative inverse of p, mod q.
var i = 0;
this.mpi = new Array();
this.mpi[0] = new openpgp_type_mpi();
this.mpi[0].read(cleartextMPIs, 0, cleartextMPIslength);
i += this.mpi[0].packetLength;
this.mpi[1] = new openpgp_type_mpi();
this.mpi[1].read(cleartextMPIs, i, cleartextMPIslength-i);
i += this.mpi[1].packetLength;
this.mpi[2] = new openpgp_type_mpi();
this.mpi[2].read(cleartextMPIs, i, cleartextMPIslength-i);
i += this.mpi[2].packetLength;
this.mpi[3] = new openpgp_type_mpi();
this.mpi[3].read(cleartextMPIs, i, cleartextMPIslength-i);
i += this.mpi[3].packetLength;
} else if (this.publicKey.publicKeyAlgorithm == 16) {
// Algorithm-Specific Fields for Elgamal secret keys:
// - MPI of Elgamal secret exponent x.
this.mpi = new Array();
this.mpi[0] = new openpgp_type_mpi();
this.mpi[0].read(cleartextMPIs, 0, cleartextMPIs);
} else if (this.publicKey.publicKeyAlgorithm == 17) {
// Algorithm-Specific Fields for DSA secret keys:
// - MPI of DSA secret exponent x.
this.mpi = new Array();
this.mpi[0] = new openpgp_type_mpi();
this.mpi[0].read(cleartextMPIs, 0, cleartextMPIslength);
}
return true;
var mpis = openpgp_crypto_getPrivateMpiCount(this.public_key.algorithm);
var j = 0;
for(var i = 0; i < mpis && j < cleartext.length; i++) {
this.mpi[i] = new openpgp_type_mpi();
j += this.mpi[i].read(cleartext.substr(j));
}
}
/**

67
test/general/packet.js
View File

@ -260,9 +260,72 @@ unittests.register("Packet testing", function() {
}, function() {
var armored_key =
'-----BEGIN PGP PRIVATE KEY BLOCK-----\n' +
'Version: GnuPG v2.0.19 (GNU/Linux)\n' +
'\n' +
'lQH+BFF79J8BBADDhRUOMUSGdYM1Kq9J/vVS3qLfaZHweycAKm9SnpLGLJE+Qbki\n' +
'JRXLAhxZ+HgVThR9VXs8wbPR2UXnDhMJGe+VcMA0jiwIOEAF0y9M3ZQsPFWguej2\n' +
'1ZycgOwxYHehbKdPqRK+nFgFbhvg6f6x2Gt+a0ZbvivGL1BqSSGsL+dchQARAQAB\n' +
'/gMDAijatUNeUFZSyfg16x343/1Jo6u07LVTdH6Bcbx4yBQjEHvlgb6m1eqEIbZ1\n' +
'holVzt0fSKTzmlxltDaOwFLf7i42lqNoWyfaqFrOblJ5Ays7Q+6xiJTBROG9po+j\n' +
'Z2AE+hkBIwKghB645OikchR4sn9Ej3ipea5v9+a7YimHlVmIiqgLDygQvXkzXVaf\n' +
'Zi1P2wB7eU6If2xeeX5GSR8rWo+I7ujns0W8S9PxBHlH3n1oXUmFWsWLZCY/qpkD\n' +
'I/FroBhXxBVRpQhQmdsWPUdcgmQTEj8jnP++lwSQexfgk2QboAW7ODUA8Cl9oy87\n' +
'Uor5schwwdD3oRoLGcJZfR6Dyu9dCYdQSDWj+IQs95hJQfHNcfj7XFtTyOi7Kxx0\n' +
'Jxio9De84QnxNAoNYuLtwkaRgkUVKVph2nYWJfAJunuMMosM2WdcidHJ5d6RIdxB\n' +
'U6o3T+d8BPXuRQEZH9+FkDkb4ihakKO3+Zcon85e1ZUUtB1QYXRyaWNrIDxwYXRy\n' +
'aWNrQGV4YW1wbGUuY29tPoi5BBMBAgAjBQJRe/SfAhsDBwsJCAcDAgEGFQgCCQoL\n' +
'BBYCAwECHgECF4AACgkQObliSdM/GEJbjgP/ffei4lU6fXp8Qu0ubNHh4A6swkTO\n' +
'b3suuBELE4A2/pK5YnW5yByFFSi4kq8bJp5O6p9ydXpOA38t3aQ8wrbo0yDvGekr\n' +
'1S1HWOLgCaY7rEDQubuCOHd2R81/VQOJyG3zgX4KFIgkVyV9BZXUpz4PXuhMORmv\n' +
'81uzej9r7BYkJ6GdAf4EUXv0nwEEAKbO02jtGEHet2fQfkAYyO+789sTxyfrUy5y\n' +
'SAf5n3GgkuiHz8dFevhgqYyMK0OYEOCZqdd1lRBjL6Us7PxTljHc2jtGhoAgE4aZ\n' +
'LKarI3j+5Oofcaq0+S0bhqiQ5hl6C4SkdYOEeJ0Hlq2008n0pJIlU4E5yIu0oNvb\n' +
'4+4owTpRABEBAAH+AwMCKNq1Q15QVlLJyeuGBEA+7nXS3aSy6mE4lR5f3Ml5NRqt\n' +
'jm6Q+UUI69DzhLGX4jHRxna6NMP74S3CghOz9eChMndkfWLC/c11h1npzLci+AwJ\n' +
'45xMbw/OW5PLlaxdtkg/SnsHpFGCAuTUWY87kuWoG0HSVMn9Clm+67rdicOW6L5a\n' +
'ChfyWcVZ+Hvwjx8YM0/j11If7oUkCZEstSUeJYOI10JQLhNLpDdkB89vXhAMaCuU\n' +
'Ijhdq0vvJi6JruKQGPK+jajJ4MMannpQtKAvt8aifqpdovYy8w4yh2pGkadFvrsZ\n' +
'mxpjqmmawab6zlOW5WrLxQVL1cQRdrIQ7jYtuLApGWkPfytSCBZ20pSyWnmkxd4X\n' +
'OIms6BjqrP9LxBEXsPBwdUA5Iranr+UBIPDxQrTp5k0DJhXBCpJ1k3ZT+2dxiRS2\n' +
'sk83w2VUBnXdYWZx0YlMqr3bDT6J5fO+8V8pbgY5BkHRCFMacFx45km/fvmInwQY\n' +
'AQIACQUCUXv0nwIbDAAKCRA5uWJJ0z8YQqb3A/97njLl33OQYXVp9OTk/VgE6O+w\n' +
'oSYa+6xMOzsk7tluLIRQtnIprga/e8vEZXGTomV2a77HBksg+YjlTh/l8oMuaoxG\n' +
'QNkMpoRJKPip29RTW4gLdnoJVekZ/awkBN2S3NMArOZGca8U+M1IuV7OyVchSVSl\n' +
'YRlci72GHhlyos8YHA==\n' +
'=KXkj\n' +
'-----END PGP PRIVATE KEY BLOCK-----';
var armored_msg =
'-----BEGIN PGP MESSAGE-----\n' +
'Version: GnuPG v2.0.19 (GNU/Linux)\n' +
'\n' +
'hIwD95D9aHS5fxEBA/98CwH54XZmwobOmHUcvWcDDQysBEC4uf7wASiGcRbejDaO\n' +
'aJqcrK/3k8sBQMO7yOhvrCRqqpGDqnmx7IaaKLnZS7nYAZoHEsK9UyG0hDa8Cfbo\n' +
'CP4xZVcgIvIfAW/in1LeT2td0QcQNbeewBmPea+vQEEvRgIP10tlE7MK8Ay48dJH\n' +
'AagMgNYg7MBUjpuOCVrjM1pWja8uzbULfYhTq3IJ8H3QhbdT+k9khY9f0aJPEeYi\n' +
'dVv6DK9uviMGc/DsVCw5K8lQRLlkcHc=\n' +
'=pR+C\n' +
'-----END PGP MESSAGE-----';
var key = new openpgp_packetlist();
key.read(openpgp_encoding_deArmor(armored_key).openpgp);
key = key[3];
key.decrypt('test');
var msg = new openpgp_packetlist();
msg.read(openpgp_encoding_deArmor(armored_msg).openpgp);
msg[0].decrypt(key.public_key.mpi, key.mpi);
msg[1].decrypt(msg[0].symmetric_algorithm, msg[0].symmetric_key);
var text = msg[1].packets[0].packets[0].data;
return new test_result('Secret key encryption/decryption test',
'tello' == 'Hello world!');
text == 'Hello world!');
}];
tests.reverse();