openpgp: Change the `decrypt` proxy in the decryption helper.

- Returning rich errors from this function may compromise secret key material due to Bleichenbacher-style attacks. Change the API to prevent this. - Hat tip to Hanno Böck. - Fixes #507.
author: Justus Winter <justus@sequoia-pgp.org> 2020-05-25 13:20:15 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-05-28 11:52:26 +0200
commit: 271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch)
tree: d30a6172c9626e6fb36db62f336bd7d80abce819 /sop
parent: 94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff)
1 files changed, 10 insertions, 7 deletions
diff --git a/sop/src/main.rs b/sop/src/main.rs
index 5d707b8c..15eccf4c 100644
--- a/sop/src/main.rs
+++ b/sop/src/main.rs
@@ -672,12 +672,12 @@ impl<'a> Helper<'a> {
                       -> Option<(SymmetricAlgorithm,
                                  SessionKey,
                                  Option<Fingerprint>)>
-        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
+        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
     {
         let keyid = keypair.public().fingerprint().into();
         let (algo, sk) = pkesk.decrypt(keypair, algo)
             .and_then(|(algo, sk)| {
-                decrypt(algo, &sk).ok()?; Some((algo, sk))
+                if decrypt(algo, &sk) { Some((algo, sk)) } else { None }
             })?;
 
         Some((algo, sk, self.identities.get(&keyid).map(|fp| fp.clone())))
@@ -705,7 +705,7 @@ impl<'a> DecryptionHelper for Helper<'a> {
     fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK],
                   algo: Option<SymmetricAlgorithm>,
                   mut decrypt: D) -> openpgp::Result<Option<Fingerprint>>
-        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
+        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
     {
         // First, try all supplied session keys.
         while let Some(sk) = self.session_keys.pop() {
@@ -713,7 +713,7 @@ impl<'a> DecryptionHelper for Helper<'a> {
                 .filter(|a| a.key_size().map(|size| size == sk.len())
                         .unwrap_or(false))
             {
-                if decrypt(algo, &sk).is_ok() {
+                if decrypt(algo, &sk) {
                     self.dump_session_key(algo, &sk)?;
                     return Ok(None);
                 }
@@ -764,10 +764,13 @@ impl<'a> DecryptionHelper for Helper<'a> {
         // Finally, try to decrypt using the SKESKs.
         for password in self.passwords.iter() {
             for skesk in skesks {
-                if let Ok((algo, sk)) = skesk.decrypt(password)
+                if let Some((algo, sk)) = skesk.decrypt(password).ok()
                     .and_then(|(algo, sk)| {
-                        decrypt(algo, &sk)?;
-                        Ok((algo, sk))
+                        if decrypt(algo, &sk) {
+                            Some((algo, sk))
+                        } else {
+                            None
+                        }
                     })
                 {
                     self.dump_session_key(algo, &sk)?;
author	Justus Winter <justus@sequoia-pgp.org>	2020-05-25 13:20:15 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-05-28 11:52:26 +0200
commit	271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch)
tree	d30a6172c9626e6fb36db62f336bd7d80abce819 /sop
parent	94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff)