diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2020-08-12 13:11:33 +0200 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2020-08-12 13:34:02 +0200 |
| commit | 2aa8c003a99afef4e8199e92cfa403a5048cdf7c (patch) | |
| tree | fb685911ab8e429d9160ea8d74f4bacd59177629 | |
| parent | e59a49767ffdc5b90137cfe03ea7512c5f437404 (diff) | |
openpgp: Improve SKESK5::decrypt.
- Previously, this function returned the symmetric algorithm used to
encrypt the session key. However, that is not necessarily the
same as the symmetric algorithm used to encrypt the payload.
SKESKv5 packets simply don't have that information. Return a
placeholder instead. Properly fixing this requires changing
SKESK::decrypt to return an optional symmetric algorithm, and that
repples through to DecryptionHelper::decrypt and
PacketParser::decrypt.
| -rw-r--r-- | openpgp/src/packet/skesk.rs | 16 |
1 files changed, 12 insertions, 4 deletions
diff --git a/openpgp/src/packet/skesk.rs b/openpgp/src/packet/skesk.rs index f9fdb499..fc6b9437 100644 --- a/openpgp/src/packet/skesk.rs +++ b/openpgp/src/packet/skesk.rs @@ -345,9 +345,17 @@ impl SKESK5 { digest.into_boxed_slice()) } - /// Derives the key inside this SKESK4 from `password`. Returns a - /// tuple of the symmetric cipher to use with the key and the key - /// itself. + /// Derives the key inside this `SKESK5` from `password`. + /// + /// Returns a tuple containing a placeholder symmetric cipher and + /// the key itself. `SKESK5` packets do not contain the symmetric + /// cipher algorithm and instead rely on the `AED` packet that + /// contains it. + // XXX: This function should return Result<SessionKey>, but then + // SKESK::decrypt must return an + // Result<(Option<SymmetricAlgorithm>, _)> and + // DecryptionHelper::decrypt and PacketParser::decrypt must be + // adapted as well. pub fn decrypt(&self, password: &Password) -> Result<(SymmetricAlgorithm, SessionKey)> { let key = self.s2k().derive_key(password, @@ -366,7 +374,7 @@ impl SKESK5 { cipher.decrypt(&mut plain, esk); cipher.digest(&mut digest); if &digest[..] == &self.aead_digest[..] { - Ok((self.symmetric_algo(), plain)) + Ok((SymmetricAlgorithm::Unencrypted, plain)) } else { Err(Error::ManipulatedMessage.into()) } |