diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-08-11 14:38:49 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-08-11 15:32:07 +0200 |
commit | 07ab892191120e20696818619c5e4171b6e777fb (patch) | |
tree | b64b9de3aff8570ea273f467856b0a1d7fac9d81 | |
parent | 1627487e88d50657fd753ebbd71514f37c4989f7 (diff) |
openpgp: Check session key size.
- Fix session key size in test.
-rw-r--r-- | openpgp/src/message/mod.rs | 5 | ||||
-rw-r--r-- | openpgp/src/packet/skesk.rs | 12 |
2 files changed, 15 insertions, 2 deletions
diff --git a/openpgp/src/message/mod.rs b/openpgp/src/message/mod.rs index 65b6d34c..094779dd 100644 --- a/openpgp/src/message/mod.rs +++ b/openpgp/src/message/mod.rs @@ -1052,10 +1052,11 @@ mod tests { // 0: SK-ESK // => bad. let mut packets : Vec<Packet> = Vec::new(); - let sk = crate::crypto::SessionKey::new(8); + let cipher = SymmetricAlgorithm::AES256; + let sk = crate::crypto::SessionKey::new(cipher.key_size().unwrap()); #[allow(deprecated)] packets.push(SKESK4::with_password( - SymmetricAlgorithm::AES256, + cipher, S2K::Simple { hash: HashAlgorithm::SHA256 }, &sk, &"12345678".into()).unwrap().into()); diff --git a/openpgp/src/packet/skesk.rs b/openpgp/src/packet/skesk.rs index 0b9de42b..9e6d9a2c 100644 --- a/openpgp/src/packet/skesk.rs +++ b/openpgp/src/packet/skesk.rs @@ -103,6 +103,12 @@ impl SKESK4 { pub fn with_password(algo: SymmetricAlgorithm, s2k: S2K, session_key: &SessionKey, password: &Password) -> Result<SKESK4> { + if session_key.len() != algo.key_size()? { + return Err(Error::InvalidArgument(format!( + "Invalid size of session key, got {} want {}", + session_key.len(), algo.key_size()?)).into()); + } + // Derive key and make a cipher. let key = s2k.derive_key(password, algo.key_size()?)?; let mut cipher = algo.make_encrypt_cfb(&key[..])?; @@ -290,6 +296,12 @@ impl SKESK5 { aead: AEADAlgorithm, s2k: S2K, session_key: &SessionKey, password: &Password) -> Result<Self> { + if session_key.len() != cipher.key_size()? { + return Err(Error::InvalidArgument(format!( + "Invalid size of session key, got {} want {}", + session_key.len(), cipher.key_size()?)).into()); + } + // Derive key and make a cipher. let key = s2k.derive_key(password, cipher.key_size()?)?; let mut iv = vec![0u8; aead.iv_size()?]; |