Support session keys

lib/openpgp_crypt_aes_tripledes.php

@@ -8,34 +8,21 @@ class OpenPGP_Crypt_AES_TripleDES {
   public static function decryptSymmetric($pass, $m) {
     foreach($m as $p) {
       if($p instanceof OpenPGP_SymmetricSessionKeyPacket) {
-        switch($p->symmetric_algorithm) {
+        list($cipher, $key_bytes, $key_block_bytes) = self::getCipher($p->symmetric_algorithm);
-          case 2:
+        if(!$cipher) continue;
-            $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
-            $key_bytes = 24;
-            $key_block_bytes = 8;
-            break;
-          case 7:
-            $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
-            $cipher->setKeyLength(128);
-            break;
-          case 8:
-            $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
-            $cipher->setKeyLength(192);
-            break;
-          case 9:
-            $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
-            $cipher->setKeyLength(256);
-            break;
-        }
-        if(!$cipher) continue; // Unsupported cipher
-        if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
-        if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
-
         $cipher->setKey($p->s2k->make_key($pass, $key_bytes));
+
+        if(strlen($p->encrypted_data) > 0) {
+          $padAmount = $key_block_bytes - (strlen($p->encrypted_data) % $key_block_bytes);
+          $data = substr($cipher->decrypt($p->encrypted_data . str_repeat("\0", $padAmount)), 0, strlen($p->encrypted_data));
+          list($cipher, $key_bytes, $key_block_bytes) = self::getCipher(ord($data{0}));
+          if(!$cipher) continue;
+          $cipher->setKey(substr($data, 1));
+        }
+
         $epacket = self::getEncryptedData($m);
         $padAmount = $key_block_bytes - (strlen($epacket->data) % $key_block_bytes);
 
-        if(strlen($p->encrypted_data) < 1) {
         if($epacket instanceof OpenPGP_IntegrityProtectedDataPacket) {
            $data = substr($cipher->decrypt($epacket->data . str_repeat("\0", $padAmount)), 0, strlen($epacket->data));
            $prefix = substr($data, 0, $key_block_bytes + 2);
@@ -62,15 +49,40 @@ class OpenPGP_Crypt_AES_TripleDES {
            } catch (Exception $ex) { $msg = NULL; }
            if($msg) return $msg; /* Otherwise keep trying */
         }
-        } else {
-          // TODO
-        }
       }
     }
 
     return NULL; /* If we get here, we failed */
   }
 
+  public static function getCipher($algo) {
+    switch($algo) {
+      case 2:
+        $cipher = new Crypt_TripleDES(CRYPT_DES_MODE_CFB);
+        $key_bytes = 24;
+        $key_block_bytes = 8;
+        break;
+      case 7:
+        $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
+        $cipher->setKeyLength(128);
+        break;
+      case 8:
+        $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
+        $cipher->setKeyLength(192);
+        break;
+      case 9:
+        $cipher = new Crypt_AES(CRYPT_AES_MODE_CFB);
+        $cipher->setKeyLength(256);
+        break;
+      default:
+        $cipher = NULL;
+    }
+    if(!$cipher) return array(NULL, NULL, NULL); // Unsupported cipher
+    if(!isset($key_bytes)) $key_bytes = $cipher->key_size;
+    if(!isset($key_block_bytes)) $key_block_bytes = $cipher->block_size;
+    return array($cipher, $key_bytes, $key_block_bytes);
+  }
+
   public static function getEncryptedData($m) {
     foreach($m as $p) {
       if($p instanceof OpenPGP_EncryptedDataPacket) return $p;

tests/phpseclib_suite.php

@@ -84,11 +84,9 @@ class Decryption extends PHPUnit_Framework_TestCase {
     $this->oneSymmetric("hello", "PGP\n", "symmetric-3des.gpg");
   }
 
-/* TODO
   public function testDecryptSessionKey() {
     $this->oneSymmetric("hello", "PGP\n", "symmetric-with-session-key.gpg");
   }
-*/
 
   public function testDecryptNoMDC() {
     $this->oneSymmetric("hello", "PGP\n", "symmetric-no-mdc.gpg");