package Crypt::OpenPGP::Ciphertext;
use strict;
use Crypt::OpenPGP::Util;
use Crypt::OpenPGP::Cipher;
use Crypt::OpenPGP::Constants qw( DEFAULT_CIPHER
PGP_PKT_ENCRYPTED
PGP_PKT_ENCRYPTED_MDC );
use Crypt::OpenPGP::ErrorHandler;
use base qw( Crypt::OpenPGP::ErrorHandler );
use constant MDC_TRAILER => chr(0xd3) . chr(0x14);
sub pkt_type { $_[0]->{is_mdc} ? PGP_PKT_ENCRYPTED_MDC : PGP_PKT_ENCRYPTED }
sub new {
my $class = shift;
my $enc = bless { }, $class;
$enc->init(@_);
}
sub init {
my $enc = shift;
my %param = @_;
if ((my $key = $param{SymKey}) && (my $data = $param{Data})) {
$enc->{is_mdc} = $param{MDC} || 0;
$enc->{version} = 1;
my $alg = $param{Cipher} || DEFAULT_CIPHER;
my $cipher = Crypt::OpenPGP::Cipher->new($alg, $key);
my $bs = $cipher->blocksize;
my $pad = Crypt::OpenPGP::Util::get_random_bytes($bs);
$pad .= substr $pad, -2, 2;
$enc->{ciphertext} = $cipher->encrypt($pad);
$cipher->sync unless $enc->{is_mdc};
$enc->{ciphertext} .= $cipher->encrypt($data);
if ($enc->{is_mdc}) {
require Crypt::OpenPGP::MDC;
my $mdc = Crypt::OpenPGP::MDC->new(
Data => $pad . $data . MDC_TRAILER );
my $mdc_buf = Crypt::OpenPGP::PacketFactory->save($mdc);
$enc->{ciphertext} .= $cipher->encrypt($mdc_buf);
}
}
$enc;
}
sub parse {
my $class = shift;
my($buf, $is_mdc) = @_;
my $enc = $class->new;
$enc->{is_mdc} = $is_mdc;
if ($is_mdc) {
$enc->{version} = $buf->get_int8;
}
$enc->{ciphertext} = $buf->get_bytes($buf->length - $buf->offset);
$enc;
}
sub save {
my $enc = shift;
my $buf = Crypt::OpenPGP::Buffer->new;
if ($enc->{is_mdc}) {
$buf->put_int8($enc->{version});
}
$buf->put_bytes($enc->{ciphertext});
$buf->bytes;
}
sub display {
my $enc = shift;
my $str = ":encrypted data packet:\n" .
" length: " . length($enc->{ciphertext}) . "\n";
if ($enc->{is_mdc}) {
$str .= " is_mdc: $enc->{version}\n";
}
$str;
}
sub decrypt {
my $enc = shift;
my($key, $sym_alg) = @_;
my $cipher = Crypt::OpenPGP::Cipher->new($sym_alg, $key) or
return $enc->error( Crypt::OpenPGP::Cipher->errstr );
my $padlen = $cipher->blocksize + 2;
my $pt = $enc->{prefix} =
$cipher->decrypt(substr $enc->{ciphertext}, 0, $padlen);
return $enc->error("Bad checksum")
unless substr($pt, -4, 2) eq substr($pt, -2, 2);
$cipher->sync unless $enc->{is_mdc};
$pt = $cipher->decrypt(substr $enc->{ciphertext}, $padlen);
if ($enc->{is_mdc}) {
my $mdc_buf = Crypt::OpenPGP::Buffer->new_with_init(substr $pt,-22,22);
$pt = substr $pt, 0, -22;
my $mdc = Crypt::OpenPGP::PacketFactory->parse($mdc_buf);
return $enc->error("Encrypted MDC packet without MDC")
unless $mdc && ref($mdc) eq 'Crypt::OpenPGP::MDC';
require Crypt::OpenPGP::Digest;
my $dgst = Crypt::OpenPGP::Digest->new('SHA1');
my $hash = $dgst->hash($enc->{prefix} . $pt . chr(0xd3) . chr(0x14));
return $enc->error("SHA-1 hash of plaintext does not match MDC body")
unless $mdc->digest eq $hash;
}
$pt;
}
1;
__END__
=head1 NAME
Crypt::OpenPGP::Ciphertext - Encrypted data packet
=head1 SYNOPSIS
use Crypt::OpenPGP::Ciphertext;
my $key_data = 'f' x 64; ## Not a very good key :)
my $ct = Crypt::OpenPGP::Ciphertext->new(
Data => "foo bar baz",
SymKey => $key_data,
);
my $serialized = $ct->save;
my $buffer = Crypt::OpenPGP::Buffer->new;
my $ct2 = Crypt::OpenPGP::Ciphertext->parse( $buffer );
my $data = $ct->decrypt( $key_data );
=head1 DESCRIPTION
I<Crypt::OpenPGP::Ciphertext> implements symmetrically encrypted data
packets, providing both encryption and decryption functionality. Both
standard encrypted data packets and encrypted-MDC (modification
detection code) packets are supported by this class. In the first case,
the encryption used in the packets is a variant on standard CFB mode,
and is described in the OpenPGP RFC, in section 13.9 (OpenPGP CFB mode).
In the second case (encrypted-MDC packets), the encryption is performed
in standard CFB mode, without the special resync used in PGP's CFB.
=head1 USAGE
=head2 Crypt::OpenPGP::Ciphertext->new( %arg )
Creates a new symmetrically encrypted data packet object and returns
that object. If there are no arguments in I<%arg>, the object is
created with an empty data container; this is used, for example, in
I<parse> (below), to create an empty packet which is then filled from
the data in the buffer.
If you wish to initialize a non-empty object, I<%arg> can contain:
=over 4
=item * Data
A block of octets that make up the plaintext data to be encrypted.
This argument is required (for a non-empty object).
=item * SymKey
The symmetric cipher key: a string of octets that make up the key data
of the symmetric cipher key. This should be at least long enough for
the key length of your chosen cipher (see I<Cipher>, below), or, if
you have not specified a cipher, at least 64 bytes (to allow for
long cipher key sizes).
This argument is required (for a non-empty object).
=item * Cipher
The name (or ID) of a supported PGP cipher. See I<Crypt::OpenPGP::Cipher>
for a list of valid cipher names.
This argument is optional; by default I<Crypt::OpenPGP::Cipher> will
use C<DES3>.
=item * MDC
When set to a true value, encrypted texts will use encrypted MDC
(modification detection code) packets instead of standard encrypted data
packets. These are a newer form of encrypted data packets that
are followed by a C<SHA-1> hash of the plaintext data. This prevents
attacks that modify the encrypted text by using a message digest to
detect changes.
By default I<MDC> is set to C<0>, and encrypted texts use standard
encrypted data packets. Set it to a true value to turn on MDC packets.
=back
=head2 $ct->save
Returns the block of ciphertext created in I<new> (assuming that you
created a non-empty packet by specifying some data; otherwise returns
an empty string).
=head2 Crypt::OpenPGP::Ciphertext->parse($buffer)
Given I<$buffer>, a I<Crypt::OpenPGP::Buffer> object holding (or
with offset pointing to) a symmetrically encrypted data packet, returns
a new I<Crypt::OpenPGP::Ciphertext> object, initialized with the
ciphertext in the buffer.
=head2 $ct->decrypt($key, $alg)
Decrypts the ciphertext in the I<Crypt::OpenPGP::Ciphertext> object
and returns the plaintext. I<$key> is the encryption key, and I<$alg>
is the name (or ID) of the I<Crypt::OpenPGP::Cipher> type used to
encrypt the message. Obviously you can't just guess at these
parameters; this method (along with I<parse>, above) is best used along
with the I<Crypt::OpenPGP::SessionKey> object, which holds an encrypted
version of the key and cipher algorithm.
=head1 AUTHOR & COPYRIGHTS
Please see the Crypt::OpenPGP manpage for author, copyright, and
license information.
=cut