diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2020-02-12 12:32:36 +0100 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2020-02-12 15:12:21 +0100 |
commit | b0648d984bc618686a18d5e0a5173c16b2328549 (patch) | |
tree | e09b99d4fd9cceea8eb064f6a2267d5df757e5b8 /openpgp/src/packet/pkesk.rs | |
parent | e5d72b7c92d5af171855c8267c57f5e33ff6cc2e (diff) |
openpgp: Add optional cipher argument to PKESK3::decrypt.
Diffstat (limited to 'openpgp/src/packet/pkesk.rs')
-rw-r--r-- | openpgp/src/packet/pkesk.rs | 53 |
1 files changed, 43 insertions, 10 deletions
diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs index 7e85c61b..8f32d86d 100644 --- a/openpgp/src/packet/pkesk.rs +++ b/openpgp/src/packet/pkesk.rs @@ -130,12 +130,25 @@ impl PKESK3 { ::std::mem::replace(&mut self.esk, esk) } - /// Decrypts the ESK and returns the session key and symmetric algorithm - /// used to encrypt the following payload. - pub fn decrypt(&self, decryptor: &mut dyn Decryptor) + /// Decrypts the encrypted session key. + /// + /// If the symmetric algorithm used to encrypt the message is + /// known in advance, it should be given as argument. This allows + /// us to reduce the side-channel leakage of the decryption + /// operation for RSA. + /// + /// Returns the session key and symmetric algorithm used to + /// encrypt the following payload. + pub fn decrypt(&self, decryptor: &mut dyn Decryptor, + sym_algo_hint: Option<SymmetricAlgorithm>) -> Result<(SymmetricAlgorithm, SessionKey)> { - let plain = decryptor.decrypt(&self.esk, None)?; + let plaintext_len = if let Some(s) = sym_algo_hint { + Some(1 /* cipher octet */ + s.key_size()? + 2 /* chksum */) + } else { + None + }; + let plain = decryptor.decrypt(&self.esk, plaintext_len)?; let key_rgn = 1..(plain.len() - 2); let sym_algo: SymmetricAlgorithm = plain[0].into(); let mut key: SessionKey = vec![0u8; sym_algo.key_size()?].into(); @@ -216,7 +229,11 @@ mod tests { let pkg = pile.descendants().skip(0).next().clone(); if let Some(Packet::PKESK(ref pkesk)) = pkg { - let plain = pkesk.decrypt(&mut keypair).unwrap(); + let plain = pkesk.decrypt(&mut keypair, None).unwrap(); + let plain_ = + pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256)) + .unwrap(); + assert_eq!(plain, plain_); eprintln!("plain: {:?}", plain); } else { @@ -237,7 +254,11 @@ mod tests { let pkg = pile.descendants().skip(0).next().clone(); if let Some(Packet::PKESK(ref pkesk)) = pkg { - let plain = pkesk.decrypt(&mut keypair).unwrap(); + let plain = pkesk.decrypt(&mut keypair, None).unwrap(); + let plain_ = + pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256)) + .unwrap(); + assert_eq!(plain, plain_); eprintln!("plain: {:?}", plain); } else { @@ -258,7 +279,11 @@ mod tests { let pkg = pile.descendants().skip(0).next().clone(); if let Some(Packet::PKESK(ref pkesk)) = pkg { - let plain = pkesk.decrypt(&mut keypair).unwrap(); + let plain = pkesk.decrypt(&mut keypair, None).unwrap(); + let plain_ = + pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256)) + .unwrap(); + assert_eq!(plain, plain_); eprintln!("plain: {:?}", plain); } else { @@ -279,7 +304,11 @@ mod tests { let pkg = pile.descendants().skip(0).next().clone(); if let Some(Packet::PKESK(ref pkesk)) = pkg { - let plain = pkesk.decrypt(&mut keypair).unwrap(); + let plain = pkesk.decrypt(&mut keypair, None).unwrap(); + let plain_ = + pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256)) + .unwrap(); + assert_eq!(plain, plain_); eprintln!("plain: {:?}", plain); } else { @@ -300,7 +329,11 @@ mod tests { let pkg = pile.descendants().skip(0).next().clone(); if let Some(Packet::PKESK(ref pkesk)) = pkg { - let plain = pkesk.decrypt(&mut keypair).unwrap(); + let plain = pkesk.decrypt(&mut keypair, None).unwrap(); + let plain_ = + pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256)) + .unwrap(); + assert_eq!(plain, plain_); eprintln!("plain: {:?}", plain); } else { @@ -353,6 +386,6 @@ mod tests { &key).unwrap(); let mut keypair = key.mark_parts_secret().unwrap().into_keypair().unwrap(); - pkesk.decrypt(&mut keypair).unwrap(); + pkesk.decrypt(&mut keypair, None).unwrap(); } } |