Fix LegacyDecryptor and LegacyDecryptorWithMAC (GH #714)

The classes used the wrong hash with the MAC. The legacy gear should have used SHA1, not SHA256.
weidai11 · Sep 11, 2018 · 590f857 · 590f857
1 parent d0946ab
commit 590f857
Show file tree

Hide file tree

Showing 6 changed files with 39 additions and 25 deletions.
diff --git a/Filelist.txt b/Filelist.txt
@@ -388,7 +388,8 @@ TestData/aria.dat
 TestData/camellia.dat
 TestData/cast128v.dat
 TestData/cast256v.dat
-TestData/defdmac.bin
+TestData/defdmac1.bin
+TestData/defdmac2.bin
 TestData/descert.dat
 TestData/dh1024.dat
 TestData/dh2048.dat

diff --git a/TestData/defdmac1.bin b/TestData/defdmac1.bin
@@ -0,0 +1 @@
+nCB�pIb�_�_�|��+"w�������#A�����n�m��ȇ�%���kX���R��w`Z�^s.+�ڵ����`��Bf]z�}�R`}\�di�bftt�^��
diff --git a/TestData/defdmac.bin → TestData/defdmac2.bin b/TestData/defdmac.bin → TestData/defdmac2.bin
diff --git a/default.cpp b/default.cpp
@@ -299,8 +299,8 @@ template class DataEncryptor<LegacyBlockCipher,LegacyHashModule,LegacyParameters
 template class DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo>;
 template class DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
 template class DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo>;
-template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
-template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo>;
+template class DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
+template class DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo>;
 template class DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
 template class DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo>;
 

diff --git a/default.h b/default.h
@@ -275,12 +275,12 @@ struct DefaultDecryptor : public DataDecryptor<DefaultBlockCipher,DefaultHashMod
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
 ///   <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
-struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};
+struct LegacyEncryptorWithMAC : public DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
 /// \brief Password-based decryptor with MAC (deprecated)
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
 ///   <tt>Default*</tt> classes, and the old algorithms are available with the <tt>Legacy*</tt> classes.
-struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> {};
+struct LegacyDecryptorWithMAC : public DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> {};
 /// \brief Password-based encryptor with MAC
 /// \details Crypto++ 5.6.5 and earlier used the legacy algorithms, including DES_EDE2 and SHA1.
 ///   Crypto++ 5.7 switched to AES and SHA256. The updated algorithms are available with the
@@ -298,8 +298,8 @@ typedef DataDecryptor<LegacyBlockCipher,LegacyHashModule,LegacyParametersInfo> L
 typedef DataEncryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultEncryptor;
 typedef DataDecryptor<DefaultBlockCipher,DefaultHashModule,DefaultParametersInfo> DefaultDecryptor;
 
-typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
-typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,DefaultMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
+typedef DataEncryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyEncryptorWithMAC;
+typedef DataDecryptorWithMAC<LegacyBlockCipher,LegacyHashModule,LegacyMAC,LegacyParametersInfo> LegacyDecryptorWithMAC;
 
 typedef DataEncryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultEncryptorWithMAC;
 typedef DataDecryptorWithMAC<DefaultBlockCipher,DefaultHashModule,DefaultMAC,DefaultParametersInfo> DefaultDecryptorWithMAC;

diff --git a/validat0.cpp b/validat0.cpp
@@ -434,10 +434,22 @@ bool TestEncryptors()
 
     try
     {
+        // Common password and message.
         std::string password = "super secret password";
         std::string recovered, message = "Now is the time for all good men to come to the aide of their country.";
-        //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac.bin")));
-        FileSource("TestData/defdmac.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
+
+        // This data was generated with Crypto++ 5.6.2
+        //StringSource(message, true, new LegacyEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac1.bin")));
+        FileSource("TestData/defdmac1.bin", true, new LegacyDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
+        if (message != recovered)
+            throw Exception(Exception::OTHER_ERROR, "LegacyDecryptorWithMAC failed a self test");
+
+        // Reset sink
+        recovered.clear();
+
+        // This data was generated with Crypto++ 6.0
+        //StringSource(message, true, new DefaultEncryptorWithMAC(password.c_str(), new FileSink("TestData/defdmac2.bin")));
+        FileSource("TestData/defdmac2.bin", true, new DefaultDecryptorWithMAC(password.c_str(), new StringSink(recovered)));
         if (message != recovered)
             throw Exception(Exception::OTHER_ERROR, "DefaultDecryptorWithMAC failed a self test");
     }
@@ -1491,22 +1503,22 @@ bool TestASN1Parse()
 #if defined(CRYPTOPP_EXTENDED_VALIDATION)
 bool TestStringSink()
 {
-	try
-	{
-		std::string in = "The quick brown fox jumps over the lazy dog";
-
-		std::string str;
-		StringSource s1(in, true, new StringSink(str));
-
-		std::vector<byte> vec;
-		StringSource s2(in, true, new VectorSink(vec));
-
-		return str.size() == vec.size() && std::equal(str.begin(), str.end(), vec.begin());
-	}
-	catch(const std::exception&)
-	{
-	}
-	return false;
+    try
+    {
+        std::string in = "The quick brown fox jumps over the lazy dog";
+
+        std::string str;
+        StringSource s1(in, true, new StringSink(str));
+
+        std::vector<byte> vec;
+        StringSource s2(in, true, new VectorSink(vec));
+
+        return str.size() == vec.size() && std::equal(str.begin(), str.end(), vec.begin());
+    }
+    catch(const std::exception&)
+    {
+    }
+    return false;
 }
 #endif