From 2aa8c003a99afef4e8199e92cfa403a5048cdf7c Mon Sep 17 00:00:00 2001 From: Justus Winter Date: Wed, 12 Aug 2020 13:11:33 +0200 Subject: openpgp: Improve SKESK5::decrypt. - Previously, this function returned the symmetric algorithm used to encrypt the session key. However, that is not necessarily the same as the symmetric algorithm used to encrypt the payload. SKESKv5 packets simply don't have that information. Return a placeholder instead. Properly fixing this requires changing SKESK::decrypt to return an optional symmetric algorithm, and that repples through to DecryptionHelper::decrypt and PacketParser::decrypt. --- openpgp/src/packet/skesk.rs | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/openpgp/src/packet/skesk.rs b/openpgp/src/packet/skesk.rs index f9fdb499..fc6b9437 100644 --- a/openpgp/src/packet/skesk.rs +++ b/openpgp/src/packet/skesk.rs @@ -345,9 +345,17 @@ impl SKESK5 { digest.into_boxed_slice()) } - /// Derives the key inside this SKESK4 from `password`. Returns a - /// tuple of the symmetric cipher to use with the key and the key - /// itself. + /// Derives the key inside this `SKESK5` from `password`. + /// + /// Returns a tuple containing a placeholder symmetric cipher and + /// the key itself. `SKESK5` packets do not contain the symmetric + /// cipher algorithm and instead rely on the `AED` packet that + /// contains it. + // XXX: This function should return Result, but then + // SKESK::decrypt must return an + // Result<(Option, _)> and + // DecryptionHelper::decrypt and PacketParser::decrypt must be + // adapted as well. pub fn decrypt(&self, password: &Password) -> Result<(SymmetricAlgorithm, SessionKey)> { let key = self.s2k().derive_key(password, @@ -366,7 +374,7 @@ impl SKESK5 { cipher.decrypt(&mut plain, esk); cipher.digest(&mut digest); if &digest[..] == &self.aead_digest[..] { - Ok((self.symmetric_algo(), plain)) + Ok((SymmetricAlgorithm::Unencrypted, plain)) } else { Err(Error::ManipulatedMessage.into()) } -- cgit v1.2.3