lysann/passforios-gopenpgp
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Allow multiple keypackets in session key decryption (#99)

Browse source 
* Fix session key decryption

* Break on all data packets

Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
This commit is contained in:
wussler 2020-11-13 14:13:11 +01:00 committed by GitHub
parent f8d9ba516a
commit 4166d25a63
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 47 additions and 17 deletions
Download patch file Download diff file Expand all files Collapse all files

5
CHANGELOG.md
View file

@ -4,6 +4,11 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html). and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [Unreleased]
### Changed
- Session key decryption now considers multiple key packets
## [2.1.0] 2020-11-04 ## [2.1.0] 2020-11-04
### Security ### Security
- Updated underlying crypto library - Updated underlying crypto library

39
crypto/keyring_session.go
View file

@ -9,19 +9,29 @@ import (
"golang.org/x/crypto/openpgp/packet" "golang.org/x/crypto/openpgp/packet"
) )
// DecryptSessionKey returns the decrypted session key from a binary encrypted session key packet. // DecryptSessionKey returns the decrypted session key from one or multiple binary encrypted session key packets.
func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error) { func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error) {
var p packet.Packet
var ek *packet.EncryptedKey
var err error
var hasPacket = false
var decryptErr error
keyReader := bytes.NewReader(keyPacket) keyReader := bytes.NewReader(keyPacket)
packets := packet.NewReader(keyReader) packets := packet.NewReader(keyReader)
var p packet.Packet Loop:
var err error for {
if p, err = packets.Next(); err != nil { if p, err = packets.Next(); err != nil {
return nil, errors.Wrap(err, "gopenpgp: error in reading packets") break
} }
ek := p.(*packet.EncryptedKey) switch p := p.(type) {
var decryptErr error case *packet.EncryptedKey:
hasPacket = true
ek = p
for _, key := range keyRing.entities.DecryptionKeys() { for _, key := range keyRing.entities.DecryptionKeys() {
priv := key.PrivateKey priv := key.PrivateKey
if priv.Encrypted { if priv.Encrypted {
@ -29,10 +39,25 @@ func (keyRing *KeyRing) DecryptSessionKey(keyPacket []byte) (*SessionKey, error)
} }
if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil { if decryptErr = ek.Decrypt(priv, nil); decryptErr == nil {
break break Loop
} }
} }
case *packet.SymmetricallyEncrypted,
*packet.AEADEncrypted,
*packet.Compressed,
*packet.LiteralData:
break Loop
default:
continue Loop
}
}
if !hasPacket {
return nil, errors.Wrap(err, "gopenpgp: couldn't find a session key packet that could be decrypted")
}
if decryptErr != nil { if decryptErr != nil {
return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting") return nil, errors.Wrap(decryptErr, "gopenpgp: error in decrypting")
} }

2
crypto/sessionkey_test.go
View file

@ -51,7 +51,7 @@ func TestMultipleAsymmetricKeyPacket(t *testing.T) {
} }
// Password defined in keyring_test // Password defined in keyring_test
outputSymmetricKey, err := keyRingTestMultiple.DecryptSessionKey(keyPacket) outputSymmetricKey, err := keyRingTestPrivate.DecryptSessionKey(keyPacket)
if err != nil { if err != nil {
t.Fatal("Expected no error while decrypting key packet, got:", err) t.Fatal("Expected no error while decrypting key packet, got:", err)
} }