Fix LegacyDecryptor and LegacyDecryptorWithMAC (GH #714)

The classes used the wrong hash with the MAC. The legacy gear should have used SHA1, not SHA256.

6 files changed, 39 insertions, 25 deletions

diff --git a/Filelist.txt b/Filelist.txt
index af30fe81..581fcee0 100644
--- a/Filelist.txt
+++ b/Filelist.txt
@@ -388,7 +388,8 @@ TestData/aria.dat
 TestData/camellia.dat

 TestData/cast128v.dat

 TestData/cast256v.dat

-TestData/defdmac.bin

+TestData/defdmac1.bin

+TestData/defdmac2.bin

 TestData/descert.dat

 TestData/dh1024.dat

 TestData/dh2048.dat

diff --git a/TestData/defdmac1.bin b/TestData/defdmac1.bin
new file mode 100644
index 00000000..b02ac428
--- /dev/null
+++ b/TestData/defdmac1.bin
@@ -0,0 +1 @@
+nCB�pIb�_�_�|��+"w�������#A�����n�m��ȇ�%���kX���R��w`Z�^s.+�ڵ����`��Bf]z
�}�R`}\�di�bftt�^��
\ No newline at end of file
diff --git a/TestData/defdmac.bin b/TestData/defdmac2.bin
index 6efc49c7..6efc49c7 100644
--- a/TestData/defdmac.bin
+++ b/TestData/defdmac2.bin
diff --git a/default.cpp b/default.cpp
index eda6cb14..ab1890b5 100644
--- a/default.cpp
+++ b/default.cpp
@@ -299,8 +299,8 @@ template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParameters
 template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;

 template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;

 template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;

-template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;

-template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;

+template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;

+template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;

 template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;

 template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;

 

diff --git a/default.h b/default.h
index 2fb7982f..12360018 100644
--- a/default.h
+++ b/default.h
@@ -275,12 +275,12 @@ struct DefaultDecryptor : public DataDecryptor<DefaultBlockCipher,DefaultHashMod
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.

 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the

 ///   <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.

-struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};

+struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};

 /// \brief Password-based decryptor with MAC (deprecated)

 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.

 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the

 ///   <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.

-struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};

+struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};

 /// \brief Password-based encryptor with MAC

 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.

 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the

@@ -298,8 +298,8 @@ typedef DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo> L
 typedef DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultEncryptor;

 typedef DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultDecryptor;

 

-typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;

-typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;

+typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;

+typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;

 

 typedef DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultEncryptorWithMAC;

 typedef DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultDecryptorWithMAC;

diff --git a/validat0.cpp b/validat0.cpp
index 62e5ec30..d9c445f1 100644
--- a/validat0.cpp
+++ b/validat0.cpp
@@ -434,10 +434,22 @@ bool TestEncryptors()
 

     try

     {

+        // Common password and message.

         std::string password = "super secret password";

         std::string recovered, message = "Now is the time for all good men to come to the aide of their country.";

-        //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac.bin")));

-        FileSource("TestData/defdmac.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));

+

+        // This data was generated with Crypto++ 5.6.2

+        //StringSource(message, true, new LegacyEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac1.bin")));

+        FileSource("TestData/defdmac1.bin", true, new LegacyDecryptorWithMAC(password.c_str(), new StringSink(recovered)));

+        if (message != recovered)

+            throw Exception(Exception::OTHER_ERROR, "LegacyDecryptorWithMAC failed a self test");

+

+        // Reset sink

+        recovered.clear();

+

+        // This data was generated with Crypto++ 6.0

+        //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac2.bin")));

+        FileSource("TestData/defdmac2.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));

         if (message != recovered)

             throw Exception(Exception::OTHER_ERROR, "DefaultDecryptorWithMAC failed a self test");

     }

@@ -1491,22 +1503,22 @@ bool TestASN1Parse()
 #if defined(CRYPTOPP_EXTENDED_VALIDATION)

 bool TestStringSink()

 {

-	try

-	{

-		std::string in = "The quick brown fox jumps over the lazy dog";

-

-		std::string str;

-		StringSource s1(in, true, new StringSink(str));

-

-		std::vector<byte> vec;

-		StringSource s2(in, true, new VectorSink(vec));

-

-		return str.size() == vec.size() && std::equal(str.begin(), str.end(), vec.begin());

-	}

-	catch(const std::exception&)

-	{

-	}

-	return false;

+    try

+    {

+        std::string in = "The quick brown fox jumps over the lazy dog";

+

+        std::string str;

+        StringSource s1(in, true, new StringSink(str));

+

+        std::vector<byte> vec;

+        StringSource s2(in, true, new VectorSink(vec));

+

+        return str.size() == vec.size() && std::equal(str.begin(), str.end(), vec.begin());

+    }

+    catch(const std::exception&)

+    {

+    }

+    return false;

 }

 #endif