openpgp: Change PKESK::decrypt to return an Option<_>.

- Returning rich errors from this function may compromise secret key material due to Bleichenbacher-style attacks. Change the API to prevent this. - Hat tip to Hanno Böck. - See #507.
author: Justus Winter <justus@sequoia-pgp.org> 2020-05-18 13:06:12 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-05-28 11:51:33 +0200
commit: 47362eed301a4954af94afe84df16ab6eddecf8d (patch)
tree: f341bceb44d84b0cf071376f1165537e9ee39cb9 /sop
parent: b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff)
1 files changed, 13 insertions, 11 deletions
diff --git a/sop/src/main.rs b/sop/src/main.rs
index f8abce91..5d707b8c 100644
--- a/sop/src/main.rs
+++ b/sop/src/main.rs
@@ -669,18 +669,18 @@ impl<'a> Helper<'a> {
                       algo: Option<SymmetricAlgorithm>,
                       keypair: &mut dyn crypto::Decryptor,
                       decrypt: &mut D)
-                      -> openpgp::Result<(SymmetricAlgorithm,
-                                          SessionKey,
-                                          Option<Fingerprint>)>
+                      -> Option<(SymmetricAlgorithm,
+                                 SessionKey,
+                                 Option<Fingerprint>)>
         where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
     {
         let keyid = keypair.public().fingerprint().into();
         let (algo, sk) = pkesk.decrypt(keypair, algo)
             .and_then(|(algo, sk)| {
-                decrypt(algo, &sk)?; Ok((algo, sk))
+                decrypt(algo, &sk).ok()?; Some((algo, sk))
             })?;
 
-        Ok((algo, sk, self.identities.get(&keyid).map(|fp| fp.clone())))
+        Some((algo, sk, self.identities.get(&keyid).map(|fp| fp.clone())))
     }
 
     /// Dumps the session key.
@@ -726,9 +726,10 @@ impl<'a> DecryptionHelper for Helper<'a> {
             let keyid = pkesk.recipient();
             if let Some(key) = self.secret_keys.get(&keyid) {
                 if ! key.secret().is_encrypted() {
-                    if let Ok((algo, sk, fp)) = key.clone().into_keypair()
-                        .and_then(|mut k|
-                                  self.try_decrypt(pkesk, algo, &mut k, &mut decrypt))
+                    if let Some((algo, sk, fp)) =
+                        key.clone().into_keypair().ok().and_then(|mut k| {
+                            self.try_decrypt(pkesk, algo, &mut k, &mut decrypt)
+                        })
                     {
                         self.dump_session_key(algo, &sk)?;
                         return Ok(fp);
@@ -743,9 +744,10 @@ impl<'a> DecryptionHelper for Helper<'a> {
         for pkesk in pkesks.iter().filter(|p| p.recipient().is_wildcard()) {
             for key in self.secret_keys.values() {
                 if ! key.secret().is_encrypted() {
-                    if let Ok((algo, sk, fp)) = key.clone().into_keypair()
-                        .and_then(|mut k|
-                                  self.try_decrypt(pkesk, algo, &mut k, &mut decrypt))
+                    if let Some((algo, sk, fp)) =
+                        key.clone().into_keypair().ok().and_then(|mut k| {
+                            self.try_decrypt(pkesk, algo, &mut k, &mut decrypt)
+                        })
                     {
                         self.dump_session_key(algo, &sk)?;
                         return Ok(fp);
author	Justus Winter <justus@sequoia-pgp.org>	2020-05-18 13:06:12 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-05-28 11:51:33 +0200
commit	47362eed301a4954af94afe84df16ab6eddecf8d (patch)
tree	f341bceb44d84b0cf071376f1165537e9ee39cb9 /sop
parent	b902ef1bbe7ab1aa0f28554340550fb5cacef73b (diff)