openpgp: Change the `decrypt` proxy in the decryption helper.

- Returning rich errors from this function may compromise secret key material due to Bleichenbacher-style attacks. Change the API to prevent this. - Hat tip to Hanno Böck. - Fixes #507.
author: Justus Winter <justus@sequoia-pgp.org> 2020-05-25 13:20:15 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2020-05-28 11:52:26 +0200
commit: 271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch)
tree: d30a6172c9626e6fb36db62f336bd7d80abce819 /tool/src/commands
parent: 94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff)
1 files changed, 8 insertions, 7 deletions
diff --git a/tool/src/commands/decrypt.rs b/tool/src/commands/decrypt.rs
index ea48eb0b..d7657cdb 100644
--- a/tool/src/commands/decrypt.rs
+++ b/tool/src/commands/decrypt.rs
@@ -90,12 +90,12 @@ impl<'a> Helper<'a> {
                       keypair: &mut dyn crypto::Decryptor,
                       decrypt: &mut D)
                       -> Option<Option<Fingerprint>>
-        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
+        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
     {
         let keyid = keypair.public().fingerprint().into();
         match pkesk.decrypt(keypair, sym_algo)
             .and_then(|(algo, sk)| {
-                decrypt(algo, &sk).ok()?; Some(sk)
+                if decrypt(algo, &sk) { Some(sk) } else { None }
             })
         {
             Some(sk) => {
@@ -132,7 +132,7 @@ impl<'a> DecryptionHelper for Helper<'a> {
     fn decrypt<D>(&mut self, pkesks: &[PKESK], skesks: &[SKESK],
                   sym_algo: Option<SymmetricAlgorithm>,
                   mut decrypt: D) -> openpgp::Result<Option<Fingerprint>>
-        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> openpgp::Result<()>
+        where D: FnMut(SymmetricAlgorithm, &SessionKey) -> bool
     {
         // First, we try those keys that we can use without prompting
         // for a password.
@@ -259,8 +259,8 @@ impl<'a> DecryptionHelper for Helper<'a> {
                     "Enter password to decrypt message: "))?.into();
 
             for skesk in skesks {
-                if let Ok(sk) = skesk.decrypt(&password)
-                    .and_then(|(algo, sk)| { decrypt(algo, &sk)?; Ok(sk) })
+                if let Some(sk) = skesk.decrypt(&password).ok()
+                    .and_then(|(algo, sk)| { if decrypt(algo, &sk) { Some(sk) } else { None }})
                 {
                     if self.dump_session_key {
                         eprintln!("Session key: {}", hex::encode(&sk));
@@ -320,8 +320,9 @@ pub fn decrypt_unwrap(ctx: &Context, policy: &dyn Policy,
         match pp.packet {
             Packet::SEIP(_) | Packet::AED(_) => {
                 {
-                    let decrypt =
-                        |algo, secret: &SessionKey| pp.decrypt(algo, secret);
+                    let decrypt = |algo, secret: &SessionKey| {
+                        pp.decrypt(algo, secret).is_ok()
+                    };
                     helper.decrypt(&pkesks[..], &skesks[..], sym_algo_hint,
                                    decrypt)?;
                 }
author	Justus Winter <justus@sequoia-pgp.org>	2020-05-25 13:20:15 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2020-05-28 11:52:26 +0200
commit	271280e62d1e0ee64a8f4cbb5766b17e3edf947d (patch)
tree	d30a6172c9626e6fb36db62f336bd7d80abce819 /tool/src/commands
parent	94dcb41c69c4e16f1f491a9b27148e90a0d713e7 (diff)