def testD03RSA(self): """crypto.cipher: decrypt_symmetric() v3 RSA secret key (RSA_d,p,q,u)""" rsasec_armored = read_test_file([ 'pgpfiles', 'interop', 'pgp6.5.3', 'RSA1', 'key.pgp6.5.3.RSA1.sec.asc' ]) rsanopass_armored = read_test_file([ 'pgpfiles', 'interop', 'pgp6.5.3', 'RSA1', 'key.pgp6.5.3.RSA1.sec.nopass.asc' ]) rsasec_d, rsanopass_d = list_armored( rsasec_armored)[0].data, list_armored(rsanopass_armored)[0].data pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsanopass_d) secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0] secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body passphrase = 'test' # for the future.. if secretkey.s2k_usg in [254, 255]: # we have an s2k key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase) else: import md5 key = md5.new(passphrase).digest() # Just comparing bytes, not integer values. The funky notation # 'enc_RSA_d_d', 'enc_RSA_p_d' means "the encrypted *integer* # data from the RSA d and p # MPIs, respectively. # 'len_RSA_d_d' means "the octet length of the integer portion # of the RSA d MPI." idx = 0 # RSA_d len_RSA_d_d = mpilen2int(secretkey._enc_d[idx:idx + 2]) idx = idx + 2 enc_RSA_d_d = secretkey._enc_d[idx:idx + len_RSA_d_d] idx = idx + len_RSA_d_d iv = secretkey.iv # iv provided RSA_d_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_d_d, iv) self.assertEqual(RSA_d_d, nopasskey.RSA_d._int_d) # RSA_p len_RSA_p_d = mpilen2int(secretkey._enc_d[idx:idx + 2]) idx = idx + 2 enc_RSA_p_d = secretkey._enc_d[idx:idx + len_RSA_p_d] idx = idx + len_RSA_p_d iv = enc_RSA_d_d[-8:] # last 8 octets from "pre-sync" instream RSA_p_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_p_d, iv) self.assertEqual(RSA_p_d, nopasskey.RSA_p._int_d) # RSA_q len_RSA_q_d = mpilen2int(secretkey._enc_d[idx:idx + 2]) idx = idx + 2 enc_RSA_q_d = secretkey._enc_d[idx:idx + len_RSA_q_d] idx = idx + len_RSA_q_d iv = enc_RSA_p_d[-8:] # last 8 octets from "pre-sync" instream RSA_q_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_q_d, iv) self.assertEqual(RSA_q_d, nopasskey.RSA_q._int_d) # RSA_u len_RSA_u_d = mpilen2int(secretkey._enc_d[idx:idx + 2]) idx = idx + 2 enc_RSA_u_d = secretkey._enc_d[idx:idx + len_RSA_u_d] idx = idx + len_RSA_u_d iv = enc_RSA_q_d[-8:] # last 8 octets from "pre-sync" instream RSA_u_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_u_d, iv) self.assertEqual(RSA_u_d, nopasskey.RSA_u._int_d)
def testH03EncryptSymmetric(self): """crypto.cipher: encrypt()/decrypt() AES256 (symmetric) w/ integrity""" alg = SYM_AES256 msg = "My secret message." passphrase = 'test' sespkt = encrypt_symmetric_session(alg) key = string2key(sespkt.body.s2k, alg, passphrase) encpkt = encrypt_integrity(alg, key, msg) clrtxt = decrypt(encpkt, passphrase, sespkt) self.assertEqual(msg, clrtxt)
def testD01DSASecretKey(self): """crypto.cipher: decrypt_symmetric() v4 DSA secret key (DSA_x)""" dsasec_d = read_test_file(['pgpfiles','key','DSAELG1.sec.gpg']) dsasecnopass_d = read_test_file(['pgpfiles','key','DSAELG1.sec.nopass.gpg']) pkts, nopasspkts = list_pkts(dsasec_d), list_pkts(dsasecnopass_d) secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0] secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body passphrase = 'test' key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase) result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d, secretkey.iv) self.assertEqual(nopasskey.DSA_x._d, result[:22])
def testB01S2Kv3(self): """crypto.cipher: S2K type 0x03 (SHA1/CAST5)""" self.s2k.type = 0x03 self.s2k.alg_hash = HASH_SHA1 # SHA1 self.s2k.salt = '\xd6\xcd\xd8\x35\x70\x06\x22\xdf' self.s2k.count = 65536 # corresponds to s2k.count_code = 96 (standard GnuPG) ciphertype = SYM_CAST5 passphrase = 'test' testkey = string2key(self.s2k, ciphertype, passphrase) goodkey = '\xa5\xba\x8e\x2f\x81\x4a\xee\xa7\xc5\x25\xd6\xeb\x75\x75\xef\x0c' self.assertEqual(testkey, goodkey) # one more time for good luck self.s2k.type = 0x03 self.s2k.alg_hash = HASH_SHA1 # SHA1 self.s2k.salt = '\x02\xa5\xec\x54\x32\xbd\xf4\xa8' self.s2k.count = 65536 # corresponds to s2k.count_code = 96 (standard GnuPG) ciphertype = SYM_CAST5 passphrase = 'test' testkey = string2key(self.s2k, ciphertype, passphrase) goodkey = '\xb4\x99\xdc\x1d\x1d\x53\x3c\x8c\x6f\x89\x0b\xe3\x42\xf3\x0e\x73' self.assertEqual(testkey, goodkey)
def testC01MDCBlowfish(self): """crypto.cipher: decrypt_symmetric() Blowfish""" # Almost the same, this time with Blowfish and no compressed packet. mdc_d = read_test_file(['pgpfiles','enc','mdc.nocompress.blo.254.196.198.clrtxt.gpg']) pkts = list_pkts(mdc_d) seskey, symint = pkts[0].body, pkts[1].body passphrase = 'test' key = string2key(seskey.s2k, seskey.alg, passphrase) result = decrypt_symmetric(seskey.alg, key, symint.data) result = result[10:] # ditching the prefix + 2 literal = list_pkts(result)[0].body self.assertEqual(self.cleartext, literal.data)
def testD03RSA(self): """crypto.cipher: decrypt_symmetric() v3 RSA secret key (RSA_d,p,q,u)""" rsasec_armored = read_test_file(['pgpfiles','interop','pgp6.5.3','RSA1','key.pgp6.5.3.RSA1.sec.asc']) rsanopass_armored = read_test_file(['pgpfiles','interop','pgp6.5.3','RSA1','key.pgp6.5.3.RSA1.sec.nopass.asc']) rsasec_d, rsanopass_d = list_armored(rsasec_armored)[0].data, list_armored(rsanopass_armored)[0].data pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsanopass_d) secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0] secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body passphrase = 'test' # for the future.. if secretkey.s2k_usg in [254, 255]: # we have an s2k key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase) else: import md5 key = md5.new(passphrase).digest() # Just comparing bytes, not integer values. The funky notation # 'enc_RSA_d_d', 'enc_RSA_p_d' means "the encrypted *integer* # data from the RSA d and p # MPIs, respectively. # 'len_RSA_d_d' means "the octet length of the integer portion # of the RSA d MPI." idx = 0 # RSA_d len_RSA_d_d = mpilen2int(secretkey._enc_d[idx:idx+2]) idx = idx + 2 enc_RSA_d_d = secretkey._enc_d[idx:idx+len_RSA_d_d] idx = idx + len_RSA_d_d iv = secretkey.iv # iv provided RSA_d_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_d_d, iv) self.assertEqual(RSA_d_d, nopasskey.RSA_d._int_d) # RSA_p len_RSA_p_d = mpilen2int(secretkey._enc_d[idx:idx+2]) idx = idx + 2 enc_RSA_p_d = secretkey._enc_d[idx:idx+len_RSA_p_d] idx = idx + len_RSA_p_d iv = enc_RSA_d_d[-8:] # last 8 octets from "pre-sync" instream RSA_p_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_p_d, iv) self.assertEqual(RSA_p_d, nopasskey.RSA_p._int_d) # RSA_q len_RSA_q_d = mpilen2int(secretkey._enc_d[idx:idx+2]) idx = idx + 2 enc_RSA_q_d = secretkey._enc_d[idx:idx+len_RSA_q_d] idx = idx + len_RSA_q_d iv = enc_RSA_p_d[-8:] # last 8 octets from "pre-sync" instream RSA_q_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_q_d, iv) self.assertEqual(RSA_q_d, nopasskey.RSA_q._int_d) # RSA_u len_RSA_u_d = mpilen2int(secretkey._enc_d[idx:idx+2]) idx = idx + 2 enc_RSA_u_d = secretkey._enc_d[idx:idx+len_RSA_u_d] idx = idx + len_RSA_u_d iv = enc_RSA_q_d[-8:] # last 8 octets from "pre-sync" instream RSA_u_d = decrypt_symmetric(secretkey.alg_sym, key, enc_RSA_u_d, iv) self.assertEqual(RSA_u_d, nopasskey.RSA_u._int_d)
def testD02RSASecretKey(self): """crypto.cipher: decrypt_symmetric() v4 RSA secret key (RSA_d,p,q,u)""" rsasec_d = read_test_file(['pgpfiles','key','RSA1.sec.gpg']) rsasecnopass_d = read_test_file(['pgpfiles','key','RSA1.sec.nopass.gpg']) pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsasecnopass_d) secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0] secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body passphrase = 'test' key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase) result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d, secretkey.iv) good_mpi_d = nopasskey.RSA_d._d + nopasskey.RSA_p._d + nopasskey.RSA_q._d + nopasskey.RSA_u._d self.assertEqual(good_mpi_d, result[:328])
def testC01MDCBlowfish(self): """crypto.cipher: decrypt_symmetric() Blowfish""" # Almost the same, this time with Blowfish and no compressed packet. mdc_d = read_test_file( ['pgpfiles', 'enc', 'mdc.nocompress.blo.254.196.198.clrtxt.gpg']) pkts = list_pkts(mdc_d) seskey, symint = pkts[0].body, pkts[1].body passphrase = 'test' key = string2key(seskey.s2k, seskey.alg, passphrase) result = decrypt_symmetric(seskey.alg, key, symint.data) result = result[10:] # ditching the prefix + 2 literal = list_pkts(result)[0].body self.assertEqual(self.cleartext, literal.data)
def testD01DSASecretKey(self): """crypto.cipher: decrypt_symmetric() v4 DSA secret key (DSA_x)""" dsasec_d = read_test_file(['pgpfiles', 'key', 'DSAELG1.sec.gpg']) dsasecnopass_d = read_test_file( ['pgpfiles', 'key', 'DSAELG1.sec.nopass.gpg']) pkts, nopasspkts = list_pkts(dsasec_d), list_pkts(dsasecnopass_d) secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0] secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body passphrase = 'test' key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase) result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d, secretkey.iv) self.assertEqual(nopasskey.DSA_x._d, result[:22])
def testD02RSASecretKey(self): """crypto.cipher: decrypt_symmetric() v4 RSA secret key (RSA_d,p,q,u)""" rsasec_d = read_test_file(['pgpfiles', 'key', 'RSA1.sec.gpg']) rsasecnopass_d = read_test_file( ['pgpfiles', 'key', 'RSA1.sec.nopass.gpg']) pkts, nopasspkts = list_pkts(rsasec_d), list_pkts(rsasecnopass_d) secretkey_pkt, nopasskey_pkt = pkts[0], nopasspkts[0] secretkey, nopasskey = secretkey_pkt.body, nopasskey_pkt.body passphrase = 'test' key = string2key(secretkey.s2k, secretkey.alg_sym, passphrase) result = decrypt_symmetric(secretkey.alg_sym, key, secretkey._enc_d, secretkey.iv) good_mpi_d = nopasskey.RSA_d._d + nopasskey.RSA_p._d + nopasskey.RSA_q._d + nopasskey.RSA_u._d self.assertEqual(good_mpi_d, result[:328])
def testC02IntegrityProtectedCAST(self): """crypto.cipher: decrypt_symmetric() CAST5""" # Same as test above, just wrapped integrity protected packet. mdc_d = read_test_file(['pgpfiles','enc','mdc.14.212.136.clrtxt.gpg']) pkts = list_pkts(mdc_d) seskey, symint = pkts[0].body, pkts[1].body passphrase = 'test' key = string2key(seskey.s2k, seskey.alg, passphrase) result = decrypt_symmetric(seskey.alg, key, symint.data) result = result[10:] # ditching the prefix + 2 compressed = list_pkts(result)[0].body comp_d = compressed.data literal = list_pkts(comp_d)[0].body self.assertEqual(self.cleartext, literal.data)
def testC03DecryptSymmetricCAST(self): """crypto.cipher: decrypt_symmetric_resync() CAST5""" # This message is known to have a compressed packet containing a literal # packet containing the text from cleartext.txt. dektest_d = read_test_file(['pgpfiles','enc','dek.180.153.220.clrtxt.gpg']) pkts = list_pkts(dektest_d) seskey, enc = [x.body for x in pkts] passphrase = 'test' key = string2key(seskey.s2k, seskey.alg, passphrase) result = decrypt_symmetric_resync(seskey.alg, key, enc.data) compressed = list_pkts(result)[0].body comp_d = compressed.data literal = list_pkts(comp_d)[0].body self.assertEqual(self.cleartext, literal.data)
def testC02IntegrityProtectedCAST(self): """crypto.cipher: decrypt_symmetric() CAST5""" # Same as test above, just wrapped integrity protected packet. mdc_d = read_test_file( ['pgpfiles', 'enc', 'mdc.14.212.136.clrtxt.gpg']) pkts = list_pkts(mdc_d) seskey, symint = pkts[0].body, pkts[1].body passphrase = 'test' key = string2key(seskey.s2k, seskey.alg, passphrase) result = decrypt_symmetric(seskey.alg, key, symint.data) result = result[10:] # ditching the prefix + 2 compressed = list_pkts(result)[0].body comp_d = compressed.data literal = list_pkts(comp_d)[0].body self.assertEqual(self.cleartext, literal.data)
def testC03DecryptSymmetricCAST(self): """crypto.cipher: decrypt_symmetric_resync() CAST5""" # This message is known to have a compressed packet containing a literal # packet containing the text from cleartext.txt. dektest_d = read_test_file( ['pgpfiles', 'enc', 'dek.180.153.220.clrtxt.gpg']) pkts = list_pkts(dektest_d) seskey, enc = [x.body for x in pkts] passphrase = 'test' key = string2key(seskey.s2k, seskey.alg, passphrase) result = decrypt_symmetric_resync(seskey.alg, key, enc.data) compressed = list_pkts(result)[0].body comp_d = compressed.data literal = list_pkts(comp_d)[0].body self.assertEqual(self.cleartext, literal.data)