openpgp: Add optional cipher argument to PKESK3::decrypt.

author: Justus Winter <justus@sequoia-pgp.org> 2020-02-12 12:32:36 +0100
committer: Justus Winter <justus@sequoia-pgp.org> 2020-02-12 15:12:21 +0100
commit: b0648d984bc618686a18d5e0a5173c16b2328549 (patch)
tree: e09b99d4fd9cceea8eb064f6a2267d5df757e5b8 /openpgp
parent: e5d72b7c92d5af171855c8267c57f5e33ff6cc2e (diff)
5 files changed, 54 insertions, 16 deletions
diff --git a/openpgp/examples/decrypt-with.rs b/openpgp/examples/decrypt-with.rs
index fdcb3f7e..a72f0a7d 100644
--- a/openpgp/examples/decrypt-with.rs
+++ b/openpgp/examples/decrypt-with.rs
@@ -91,7 +91,7 @@ impl DecryptionHelper for Helper {
         // Try each PKESK until we succeed.
         for pkesk in pkesks {
             if let Some(pair) = self.keys.get_mut(pkesk.recipient()) {
-                if let Ok(_) = pkesk.decrypt(pair)
+                if let Ok(_) = pkesk.decrypt(pair, None)
                     .and_then(|(algo, session_key)| decrypt(algo, &session_key))
                 {
                     break;
diff --git a/openpgp/examples/generate-encrypt-decrypt.rs b/openpgp/examples/generate-encrypt-decrypt.rs
index 9f3b8d6a..abf0d04b 100644
--- a/openpgp/examples/generate-encrypt-decrypt.rs
+++ b/openpgp/examples/generate-encrypt-decrypt.rs
@@ -130,7 +130,7 @@ impl<'a> DecryptionHelper for Helper<'a> {
         // The secret key is not encrypted.
         let mut pair = key.mark_parts_secret().unwrap().into_keypair().unwrap();
 
-        pkesks[0].decrypt(&mut pair)
+        pkesks[0].decrypt(&mut pair, None)
             .and_then(|(algo, session_key)| decrypt(algo, &session_key))
             .map(|_| None)
         // XXX: In production code, return the Fingerprint of the
diff --git a/openpgp/src/packet/key/mod.rs b/openpgp/src/packet/key/mod.rs
index f01b0257..875cf5b1 100644
--- a/openpgp/src/packet/key/mod.rs
+++ b/openpgp/src/packet/key/mod.rs
@@ -1658,7 +1658,13 @@ mod tests {
             let pkesk =
                 PKESK3::for_recipient(cipher, &sk, &key.mark_parts_public())
                 .unwrap();
-            let (cipher_, sk_) = pkesk.decrypt(&mut keypair).unwrap();
+            let (cipher_, sk_) = pkesk.decrypt(&mut keypair, None).unwrap();
+
+            assert_eq!(cipher, cipher_);
+            assert_eq!(sk, sk_);
+
+            let (cipher_, sk_) =
+                pkesk.decrypt(&mut keypair, Some(cipher)).unwrap();
 
             assert_eq!(cipher, cipher_);
             assert_eq!(sk, sk_);
@@ -1802,8 +1808,7 @@ mod tests {
 
         // Expected
         let mut decryptor = key.into_keypair().unwrap();
-        let got_sk = pkesk.decrypt(&mut decryptor).unwrap();
-
+        let got_sk = pkesk.decrypt(&mut decryptor, None).unwrap();
         assert_eq!(got_sk.1, sk);
     }
 
diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs
index 7e85c61b..8f32d86d 100644
--- a/openpgp/src/packet/pkesk.rs
+++ b/openpgp/src/packet/pkesk.rs
@@ -130,12 +130,25 @@ impl PKESK3 {
         ::std::mem::replace(&mut self.esk, esk)
     }
 
-    /// Decrypts the ESK and returns the session key and symmetric algorithm
-    /// used to encrypt the following payload.
-    pub fn decrypt(&self, decryptor: &mut dyn Decryptor)
+    /// Decrypts the encrypted session key.
+    ///
+    /// If the symmetric algorithm used to encrypt the message is
+    /// known in advance, it should be given as argument.  This allows
+    /// us to reduce the side-channel leakage of the decryption
+    /// operation for RSA.
+    ///
+    /// Returns the session key and symmetric algorithm used to
+    /// encrypt the following payload.
+    pub fn decrypt(&self, decryptor: &mut dyn Decryptor,
+                   sym_algo_hint: Option<SymmetricAlgorithm>)
         -> Result<(SymmetricAlgorithm, SessionKey)>
     {
-        let plain = decryptor.decrypt(&self.esk, None)?;
+        let plaintext_len = if let Some(s) = sym_algo_hint {
+            Some(1 /* cipher octet */ + s.key_size()? + 2 /* chksum */)
+        } else {
+            None
+        };
+        let plain = decryptor.decrypt(&self.esk, plaintext_len)?;
         let key_rgn = 1..(plain.len() - 2);
         let sym_algo: SymmetricAlgorithm = plain[0].into();
         let mut key: SessionKey = vec![0u8; sym_algo.key_size()?].into();
@@ -216,7 +229,11 @@ mod tests {
         let pkg = pile.descendants().skip(0).next().clone();
 
         if let Some(Packet::PKESK(ref pkesk)) = pkg {
-            let plain = pkesk.decrypt(&mut keypair).unwrap();
+            let plain = pkesk.decrypt(&mut keypair, None).unwrap();
+            let plain_ =
+                pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256))
+                .unwrap();
+            assert_eq!(plain, plain_);
 
             eprintln!("plain: {:?}", plain);
         } else {
@@ -237,7 +254,11 @@ mod tests {
         let pkg = pile.descendants().skip(0).next().clone();
 
         if let Some(Packet::PKESK(ref pkesk)) = pkg {
-            let plain = pkesk.decrypt(&mut keypair).unwrap();
+            let plain = pkesk.decrypt(&mut keypair, None).unwrap();
+            let plain_ =
+                pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256))
+                .unwrap();
+            assert_eq!(plain, plain_);
 
             eprintln!("plain: {:?}", plain);
         } else {
@@ -258,7 +279,11 @@ mod tests {
         let pkg = pile.descendants().skip(0).next().clone();
 
         if let Some(Packet::PKESK(ref pkesk)) = pkg {
-            let plain = pkesk.decrypt(&mut keypair).unwrap();
+            let plain = pkesk.decrypt(&mut keypair, None).unwrap();
+            let plain_ =
+                pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256))
+                .unwrap();
+            assert_eq!(plain, plain_);
 
             eprintln!("plain: {:?}", plain);
         } else {
@@ -279,7 +304,11 @@ mod tests {
         let pkg = pile.descendants().skip(0).next().clone();
 
         if let Some(Packet::PKESK(ref pkesk)) = pkg {
-            let plain = pkesk.decrypt(&mut keypair).unwrap();
+            let plain = pkesk.decrypt(&mut keypair, None).unwrap();
+            let plain_ =
+                pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256))
+                .unwrap();
+            assert_eq!(plain, plain_);
 
             eprintln!("plain: {:?}", plain);
         } else {
@@ -300,7 +329,11 @@ mod tests {
         let pkg = pile.descendants().skip(0).next().clone();
 
         if let Some(Packet::PKESK(ref pkesk)) = pkg {
-            let plain = pkesk.decrypt(&mut keypair).unwrap();
+            let plain = pkesk.decrypt(&mut keypair, None).unwrap();
+            let plain_ =
+                pkesk.decrypt(&mut keypair, Some(SymmetricAlgorithm::AES256))
+                .unwrap();
+            assert_eq!(plain, plain_);
 
             eprintln!("plain: {:?}", plain);
         } else {
@@ -353,6 +386,6 @@ mod tests {
                                           &key).unwrap();
         let mut keypair =
             key.mark_parts_secret().unwrap().into_keypair().unwrap();
-        pkesk.decrypt(&mut keypair).unwrap();
+        pkesk.decrypt(&mut keypair, None).unwrap();
     }
 }
diff --git a/openpgp/src/serialize/stream.rs b/openpgp/src/serialize/stream.rs
index a3760b84..f8d3ed4b 100644
--- a/openpgp/src/serialize/stream.rs
+++ b/openpgp/src/serialize/stream.rs
@@ -1707,7 +1707,7 @@ mod test {
                     .map(|ka| ka.key()).next().unwrap()
                     .clone().mark_parts_secret().unwrap()
                     .into_keypair().unwrap();
-                pkesks[0].decrypt(&mut keypair)
+                pkesks[0].decrypt(&mut keypair, None)
                     .and_then(|(algo, session_key)| decrypt(algo, &session_key))
                     .map(|_| None)
             }
author	Justus Winter <justus@sequoia-pgp.org>	2020-02-12 12:32:36 +0100
committer	Justus Winter <justus@sequoia-pgp.org>	2020-02-12 15:12:21 +0100
commit	b0648d984bc618686a18d5e0a5173c16b2328549 (patch)
tree	e09b99d4fd9cceea8eb064f6a2267d5df757e5b8 /openpgp
parent	e5d72b7c92d5af171855c8267c57f5e33ff6cc2e (diff)