diff options
author | Jeffrey Walton <noloader@gmail.com> | 2018-09-10 21:55:08 -0400 |
---|---|---|
committer | Jeffrey Walton <noloader@gmail.com> | 2018-09-10 21:55:08 -0400 |
commit | 590f8573c4ed9bd586410baa8082b4c502051c78 (patch) | |
tree | 72448ecdabee514a07343c2cdc6bac3b7c22f5d7 | |
parent | d0946abb0b10dd76ab2d307148f74fda664844bc (diff) | |
download | cryptopp-git-590f8573c4ed9bd586410baa8082b4c502051c78.tar.gz |
Fix LegacyDecryptor and LegacyDecryptorWithMAC (GH #714)
The classes used the wrong hash with the MAC. The legacy gear should have used SHA1, not SHA256.
-rw-r--r-- | Filelist.txt | 3 | ||||
-rw-r--r-- | TestData/defdmac1.bin | 1 | ||||
-rw-r--r-- | TestData/defdmac2.bin (renamed from TestData/defdmac.bin) | bin | 136 -> 136 bytes | |||
-rw-r--r-- | default.cpp | 4 | ||||
-rw-r--r-- | default.h | 8 | ||||
-rw-r--r-- | validat0.cpp | 48 |
6 files changed, 39 insertions, 25 deletions
diff --git a/Filelist.txt b/Filelist.txt index af30fe81..581fcee0 100644 --- a/Filelist.txt +++ b/Filelist.txt @@ -388,7 +388,8 @@ TestData/aria.dat TestData/camellia.dat
TestData/cast128v.dat
TestData/cast256v.dat
-TestData/defdmac.bin
+TestData/defdmac1.bin
+TestData/defdmac2.bin
TestData/descert.dat
TestData/dh1024.dat
TestData/dh2048.dat
diff --git a/TestData/defdmac1.bin b/TestData/defdmac1.bin new file mode 100644 index 00000000..b02ac428 --- /dev/null +++ b/TestData/defdmac1.bin @@ -0,0 +1 @@ +nCBpIb__|+"w#Anmȇ%kXRw`Z^s.+ڵ`Bf]z}R`}\dibftt^
\ No newline at end of file diff --git a/TestData/defdmac.bin b/TestData/defdmac2.bin Binary files differindex 6efc49c7..6efc49c7 100644 --- a/TestData/defdmac.bin +++ b/TestData/defdmac2.bin diff --git a/default.cpp b/default.cpp index eda6cb14..ab1890b5 100644 --- a/default.cpp +++ b/default.cpp @@ -299,8 +299,8 @@ template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParameters template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;
template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
-template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
-template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
+template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
+template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
@@ -275,12 +275,12 @@ struct DefaultDecryptor : public DataDecryptor<DefaultBlockCipher,DefaultHashMod /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
/// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
/// <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
-struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};
+struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
/// \brief Password-based decryptor with MAC (deprecated)
/// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
/// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
/// <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
-struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};
+struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
/// \brief Password-based encryptor with MAC
/// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
/// Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
@@ -298,8 +298,8 @@ typedef DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo> L typedef DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultEncryptor;
typedef DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultDecryptor;
-typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
-typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
+typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
+typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
typedef DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultEncryptorWithMAC;
typedef DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultDecryptorWithMAC;
diff --git a/validat0.cpp b/validat0.cpp index 62e5ec30..d9c445f1 100644 --- a/validat0.cpp +++ b/validat0.cpp @@ -434,10 +434,22 @@ bool TestEncryptors() try
{
+ // Common password and message.
std::string password = "super secret password";
std::string recovered, message = "Now is the time for all good men to come to the aide of their country.";
- //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac.bin")));
- FileSource("TestData/defdmac.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
+
+ // This data was generated with Crypto++ 5.6.2
+ //StringSource(message, true, new LegacyEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac1.bin")));
+ FileSource("TestData/defdmac1.bin", true, new LegacyDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
+ if (message != recovered)
+ throw Exception(Exception::OTHER_ERROR, "LegacyDecryptorWithMAC failed a self test");
+
+ // Reset sink
+ recovered.clear();
+
+ // This data was generated with Crypto++ 6.0
+ //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac2.bin")));
+ FileSource("TestData/defdmac2.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
if (message != recovered)
throw Exception(Exception::OTHER_ERROR, "DefaultDecryptorWithMAC failed a self test");
}
@@ -1491,22 +1503,22 @@ bool TestASN1Parse() #if defined(CRYPTOPP_EXTENDED_VALIDATION)
bool TestStringSink()
{
- try
- {
- std::string in = "The quick brown fox jumps over the lazy dog";
-
- std::string str;
- StringSource s1(in, true, new StringSink(str));
-
- std::vector<byte> vec;
- StringSource s2(in, true, new VectorSink(vec));
-
- return str.size() == vec.size() && std::equal(str.begin(), str.end(), vec.begin());
- }
- catch(const std::exception&)
- {
- }
- return false;
+ try
+ {
+ std::string in = "The quick brown fox jumps over the lazy dog";
+
+ std::string str;
+ StringSource s1(in, true, new StringSink(str));
+
+ std::vector<byte> vec;
+ StringSource s2(in, true, new VectorSink(vec));
+
+ return str.size() == vec.size() && std::equal(str.begin(), str.end(), vec.begin());
+ }
+ catch(const std::exception&)
+ {
+ }
+ return false;
}
#endif
|