def testD03RSA(self):
"""crypto.cipher: decrypt_symmetric() v3 RSA secret key (RSA_d,p,q,u)"""
rsasec_armored = read_test_file([
'pgpfiles', 'interop', 'pgp6.5.3', 'RSA1',
'key.pgp6.5.3.RSA1.sec.asc'
])
rsanopass_armored = read_test_file([
'pgpfiles', 'interop', 'pgp6.5.3', 'RSA1',
'key.pgp6.5.3.RSA1.sec.nopass.asc'
])
rsasec_d, rsanopass_d = list_armored(
rsasec_armored)[0].data, list_armored(rsanopass_armored)[0].data
pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsanopass_d)
secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0]
secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body
passphrase = 'test'
# for the future..
if secretkey.s2k_usg in [254, 255]: # we have an s2k
key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase)
else:
import md5
key = md5.new(passphrase).digest()
# Just comparing bytes, not integer values. The funky notation
# 'enc_RSA_d_d', 'enc_RSA_p_d' means "the encrypted *integer*
# data from the RSA d and p # MPIs, respectively.
# 'len_RSA_d_d' means "the octet length of the integer portion
# of the RSA d MPI."
idx = 0
# RSA_d
len_RSA_d_d = mpilen2int(secretkey._enc_d[idx:idx + 2])
idx = idx + 2
enc_RSA_d_d = secretkey._enc_d[idx:idx + len_RSA_d_d]
idx = idx + len_RSA_d_d
iv = secretkey.iv # iv provided
RSA_d_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_d_d, iv)
self.assertEqual(RSA_d_d, nopasskey.RSA_d._int_d)
# RSA_p
len_RSA_p_d = mpilen2int(secretkey._enc_d[idx:idx + 2])
idx = idx + 2
enc_RSA_p_d = secretkey._enc_d[idx:idx + len_RSA_p_d]
idx = idx + len_RSA_p_d
iv = enc_RSA_d_d[-8:] # last 8 octets from "pre-sync" instream
RSA_p_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_p_d, iv)
self.assertEqual(RSA_p_d, nopasskey.RSA_p._int_d)
# RSA_q
len_RSA_q_d = mpilen2int(secretkey._enc_d[idx:idx + 2])
idx = idx + 2
enc_RSA_q_d = secretkey._enc_d[idx:idx + len_RSA_q_d]
idx = idx + len_RSA_q_d
iv = enc_RSA_p_d[-8:] # last 8 octets from "pre-sync" instream
RSA_q_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_q_d, iv)
self.assertEqual(RSA_q_d, nopasskey.RSA_q._int_d)
# RSA_u
len_RSA_u_d = mpilen2int(secretkey._enc_d[idx:idx + 2])
idx = idx + 2
enc_RSA_u_d = secretkey._enc_d[idx:idx + len_RSA_u_d]
idx = idx + len_RSA_u_d
iv = enc_RSA_q_d[-8:] # last 8 octets from "pre-sync" instream
RSA_u_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_u_d, iv)
self.assertEqual(RSA_u_d, nopasskey.RSA_u._int_d)
def testH03EncryptSymmetric(self):
"""crypto.cipher: encrypt()/decrypt() AES256 (symmetric) w/ integrity"""
alg = SYM_AES256
msg = "My secret message."
passphrase = 'test'
sespkt = encrypt_symmetric_session(alg)
key = string2key(sespkt.body.s2k, alg, passphrase)
encpkt = encrypt_integrity(alg, key, msg)
clrtxt = decrypt(encpkt, passphrase, sespkt)
self.assertEqual(msg, clrtxt)
def testH03EncryptSymmetric(self):
"""crypto.cipher: encrypt()/decrypt() AES256 (symmetric) w/ integrity"""
alg = SYM_AES256
msg = "My secret message."
passphrase = 'test'
sespkt = encrypt_symmetric_session(alg)
key = string2key(sespkt.body.s2k, alg, passphrase)
encpkt = encrypt_integrity(alg, key, msg)
clrtxt = decrypt(encpkt, passphrase, sespkt)
self.assertEqual(msg, clrtxt)
def testD01DSASecretKey(self):
"""crypto.cipher: decrypt_symmetric() v4 DSA secret key (DSA_x)"""
dsasec_d = read_test_file(['pgpfiles','key','DSAELG1.sec.gpg'])
dsasecnopass_d = read_test_file(['pgpfiles','key','DSAELG1.sec.nopass.gpg'])
pkts, nopasspkts = list_pkts(dsasec_d), list_pkts(dsasecnopass_d)
secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0]
secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body
passphrase = 'test'
key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase)
result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d, secretkey.iv)
self.assertEqual(nopasskey.DSA_x._d, result[:22])
def testB01S2Kv3(self):
"""crypto.cipher: S2K type 0x03 (SHA1/CAST5)"""
self.s2k.type = 0x03
self.s2k.alg_hash = HASH_SHA1 # SHA1
self.s2k.salt = '\xd6\xcd\xd8\x35\x70\x06\x22\xdf'
self.s2k.count = 65536 # corresponds to s2k.count_code = 96 (standard GnuPG)
ciphertype = SYM_CAST5
passphrase = 'test'
testkey = string2key(self.s2k, ciphertype, passphrase)
goodkey = '\xa5\xba\x8e\x2f\x81\x4a\xee\xa7\xc5\x25\xd6\xeb\x75\x75\xef\x0c'
self.assertEqual(testkey, goodkey)
# one more time for good luck
self.s2k.type = 0x03
self.s2k.alg_hash = HASH_SHA1 # SHA1
self.s2k.salt = '\x02\xa5\xec\x54\x32\xbd\xf4\xa8'
self.s2k.count = 65536 # corresponds to s2k.count_code = 96 (standard GnuPG)
ciphertype = SYM_CAST5
passphrase = 'test'
testkey = string2key(self.s2k, ciphertype, passphrase)
goodkey = '\xb4\x99\xdc\x1d\x1d\x53\x3c\x8c\x6f\x89\x0b\xe3\x42\xf3\x0e\x73'
self.assertEqual(testkey, goodkey)
def testC01MDCBlowfish(self):
"""crypto.cipher: decrypt_symmetric() Blowfish"""
# Almost the same, this time with Blowfish and no compressed packet.
mdc_d = read_test_file(['pgpfiles','enc','mdc.nocompress.blo.254.196.198.clrtxt.gpg'])
pkts = list_pkts(mdc_d)
seskey, symint = pkts[0].body, pkts[1].body
passphrase = 'test'
key = string2key(seskey.s2k, seskey.alg, passphrase)
result = decrypt_symmetric(seskey.alg, key, symint.data)
result = result[10:] # ditching the prefix + 2
literal = list_pkts(result)[0].body
self.assertEqual(self.cleartext, literal.data)
def testB01S2Kv3(self):
"""crypto.cipher: S2K type 0x03 (SHA1/CAST5)"""
self.s2k.type = 0x03
self.s2k.alg_hash = HASH_SHA1 # SHA1
self.s2k.salt = '\xd6\xcd\xd8\x35\x70\x06\x22\xdf'
self.s2k.count = 65536 # corresponds to s2k.count_code = 96 (standard GnuPG)
ciphertype = SYM_CAST5
passphrase = 'test'
testkey = string2key(self.s2k, ciphertype, passphrase)
goodkey = '\xa5\xba\x8e\x2f\x81\x4a\xee\xa7\xc5\x25\xd6\xeb\x75\x75\xef\x0c'
self.assertEqual(testkey, goodkey)
# one more time for good luck
self.s2k.type = 0x03
self.s2k.alg_hash = HASH_SHA1 # SHA1
self.s2k.salt = '\x02\xa5\xec\x54\x32\xbd\xf4\xa8'
self.s2k.count = 65536 # corresponds to s2k.count_code = 96 (standard GnuPG)
ciphertype = SYM_CAST5
passphrase = 'test'
testkey = string2key(self.s2k, ciphertype, passphrase)
goodkey = '\xb4\x99\xdc\x1d\x1d\x53\x3c\x8c\x6f\x89\x0b\xe3\x42\xf3\x0e\x73'
self.assertEqual(testkey, goodkey)
def testD03RSA(self):
"""crypto.cipher: decrypt_symmetric() v3 RSA secret key (RSA_d,p,q,u)"""
rsasec_armored = read_test_file(['pgpfiles','interop','pgp6.5.3','RSA1','key.pgp6.5.3.RSA1.sec.asc'])
rsanopass_armored = read_test_file(['pgpfiles','interop','pgp6.5.3','RSA1','key.pgp6.5.3.RSA1.sec.nopass.asc'])
rsasec_d, rsanopass_d = list_armored(rsasec_armored)[0].data, list_armored(rsanopass_armored)[0].data
pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsanopass_d)
secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0]
secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body
passphrase = 'test'
# for the future..
if secretkey.s2k_usg in [254, 255]: # we have an s2k
key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase)
else:
import md5
key = md5.new(passphrase).digest()
# Just comparing bytes, not integer values. The funky notation
# 'enc_RSA_d_d', 'enc_RSA_p_d' means "the encrypted *integer*
# data from the RSA d and p # MPIs, respectively.
# 'len_RSA_d_d' means "the octet length of the integer portion
# of the RSA d MPI."
idx = 0
# RSA_d
len_RSA_d_d = mpilen2int(secretkey._enc_d[idx:idx+2])
idx = idx + 2
enc_RSA_d_d = secretkey._enc_d[idx:idx+len_RSA_d_d]
idx = idx + len_RSA_d_d
iv = secretkey.iv # iv provided
RSA_d_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_d_d, iv)
self.assertEqual(RSA_d_d, nopasskey.RSA_d._int_d)
# RSA_p
len_RSA_p_d = mpilen2int(secretkey._enc_d[idx:idx+2])
idx = idx + 2
enc_RSA_p_d = secretkey._enc_d[idx:idx+len_RSA_p_d]
idx = idx + len_RSA_p_d
iv = enc_RSA_d_d[-8:] # last 8 octets from "pre-sync" instream
RSA_p_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_p_d, iv)
self.assertEqual(RSA_p_d, nopasskey.RSA_p._int_d)
# RSA_q
len_RSA_q_d = mpilen2int(secretkey._enc_d[idx:idx+2])
idx = idx + 2
enc_RSA_q_d = secretkey._enc_d[idx:idx+len_RSA_q_d]
idx = idx + len_RSA_q_d
iv = enc_RSA_p_d[-8:] # last 8 octets from "pre-sync" instream
RSA_q_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_q_d, iv)
self.assertEqual(RSA_q_d, nopasskey.RSA_q._int_d)
# RSA_u
len_RSA_u_d = mpilen2int(secretkey._enc_d[idx:idx+2])
idx = idx + 2
enc_RSA_u_d = secretkey._enc_d[idx:idx+len_RSA_u_d]
idx = idx + len_RSA_u_d
iv = enc_RSA_q_d[-8:] # last 8 octets from "pre-sync" instream
RSA_u_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_u_d, iv)
self.assertEqual(RSA_u_d, nopasskey.RSA_u._int_d)
def testD02RSASecretKey(self):
"""crypto.cipher: decrypt_symmetric() v4 RSA secret key (RSA_d,p,q,u)"""
rsasec_d = read_test_file(['pgpfiles','key','RSA1.sec.gpg'])
rsasecnopass_d = read_test_file(['pgpfiles','key','RSA1.sec.nopass.gpg'])
pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsasecnopass_d)
secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0]
secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body
passphrase = 'test'
key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase)
result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d, secretkey.iv)
good_mpi_d = nopasskey.RSA_d._d + nopasskey.RSA_p._d + nopasskey.RSA_q._d + nopasskey.RSA_u._d
self.assertEqual(good_mpi_d, result[:328])
def testC01MDCBlowfish(self):
"""crypto.cipher: decrypt_symmetric() Blowfish"""
# Almost the same, this time with Blowfish and no compressed packet.
mdc_d = read_test_file(
['pgpfiles', 'enc', 'mdc.nocompress.blo.254.196.198.clrtxt.gpg'])
pkts = list_pkts(mdc_d)
seskey, symint = pkts[0].body, pkts[1].body
passphrase = 'test'
key = string2key(seskey.s2k, seskey.alg, passphrase)
result = decrypt_symmetric(seskey.alg, key, symint.data)
result = result[10:] # ditching the prefix + 2
literal = list_pkts(result)[0].body
self.assertEqual(self.cleartext, literal.data)
def testD01DSASecretKey(self):
"""crypto.cipher: decrypt_symmetric() v4 DSA secret key (DSA_x)"""
dsasec_d = read_test_file(['pgpfiles', 'key', 'DSAELG1.sec.gpg'])
dsasecnopass_d = read_test_file(
['pgpfiles', 'key', 'DSAELG1.sec.nopass.gpg'])
pkts, nopasspkts = list_pkts(dsasec_d), list_pkts(dsasecnopass_d)
secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0]
secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body
passphrase = 'test'
key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase)
result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d,
secretkey.iv)
self.assertEqual(nopasskey.DSA_x._d, result[:22])
def testD02RSASecretKey(self):
"""crypto.cipher: decrypt_symmetric() v4 RSA secret key (RSA_d,p,q,u)"""
rsasec_d = read_test_file(['pgpfiles', 'key', 'RSA1.sec.gpg'])
rsasecnopass_d = read_test_file(
['pgpfiles', 'key', 'RSA1.sec.nopass.gpg'])
pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsasecnopass_d)
secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0]
secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body
passphrase = 'test'
key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase)
result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d,
secretkey.iv)
good_mpi_d = nopasskey.RSA_d._d + nopasskey.RSA_p._d + nopasskey.RSA_q._d + nopasskey.RSA_u._d
self.assertEqual(good_mpi_d, result[:328])
def testC02IntegrityProtectedCAST(self):
"""crypto.cipher: decrypt_symmetric() CAST5"""
# Same as test above, just wrapped integrity protected packet.
mdc_d = read_test_file(['pgpfiles','enc','mdc.14.212.136.clrtxt.gpg'])
pkts = list_pkts(mdc_d)
seskey, symint = pkts[0].body, pkts[1].body
passphrase = 'test'
key = string2key(seskey.s2k, seskey.alg, passphrase)
result = decrypt_symmetric(seskey.alg, key, symint.data)
result = result[10:] # ditching the prefix + 2
compressed = list_pkts(result)[0].body
comp_d = compressed.data
literal = list_pkts(comp_d)[0].body
self.assertEqual(self.cleartext, literal.data)
def testC03DecryptSymmetricCAST(self):
"""crypto.cipher: decrypt_symmetric_resync() CAST5"""
# This message is known to have a compressed packet containing a literal
# packet containing the text from cleartext.txt.
dektest_d = read_test_file(['pgpfiles','enc','dek.180.153.220.clrtxt.gpg'])
pkts = list_pkts(dektest_d)
seskey, enc = [x.body for x in pkts]
passphrase = 'test'
key = string2key(seskey.s2k, seskey.alg, passphrase)
result = decrypt_symmetric_resync(seskey.alg, key, enc.data)
compressed = list_pkts(result)[0].body
comp_d = compressed.data
literal = list_pkts(comp_d)[0].body
self.assertEqual(self.cleartext, literal.data)
def testC02IntegrityProtectedCAST(self):
"""crypto.cipher: decrypt_symmetric() CAST5"""
# Same as test above, just wrapped integrity protected packet.
mdc_d = read_test_file(
['pgpfiles', 'enc', 'mdc.14.212.136.clrtxt.gpg'])
pkts = list_pkts(mdc_d)
seskey, symint = pkts[0].body, pkts[1].body
passphrase = 'test'
key = string2key(seskey.s2k, seskey.alg, passphrase)
result = decrypt_symmetric(seskey.alg, key, symint.data)
result = result[10:] # ditching the prefix + 2
compressed = list_pkts(result)[0].body
comp_d = compressed.data
literal = list_pkts(comp_d)[0].body
self.assertEqual(self.cleartext, literal.data)
def testC03DecryptSymmetricCAST(self):
"""crypto.cipher: decrypt_symmetric_resync() CAST5"""
# This message is known to have a compressed packet containing a literal
# packet containing the text from cleartext.txt.
dektest_d = read_test_file(
['pgpfiles', 'enc', 'dek.180.153.220.clrtxt.gpg'])
pkts = list_pkts(dektest_d)
seskey, enc = [x.body for x in pkts]
passphrase = 'test'
key = string2key(seskey.s2k, seskey.alg, passphrase)
result = decrypt_symmetric_resync(seskey.alg, key, enc.data)
compressed = list_pkts(result)[0].body
comp_d = compressed.data
literal = list_pkts(comp_d)[0].body
self.assertEqual(self.cleartext, literal.data)
