Fix mixed symmetric/asymmetric decryption (#77)

CHANGELOG.md

@@ -88,6 +88,7 @@ EncryptSignArmoredDetachedMobile(
 - Hex Key IDs returned from `(key *Key) GetHexKeyID() string` are now correctly padded
 - Avoid panics in `(msg *PGPMessage) GetEncryptionKeyIDs() ([]uint64, bool)` by breaking the packet.next cycle on specific packet types
 - Prevent the server time from going backwards in `UpdateTime`
+- Avoid panicking when messages with mixed symmetric/asymmetric key packets are decrypted with a password
 
 ## [2.0.1] - 2020-05-01
 ### Security

crypto/message_test.go

@@ -70,6 +70,21 @@ func TestBinaryMessageEncryptionWithPassword(t *testing.T) {
 	assert.Exactly(t, message, decrypted)
 }
 
+func TestTextMixedMessageDecryptionWithPassword(t *testing.T) {
+	encrypted, err := NewPGPMessageFromArmored(readTestFile("message_mixedPasswordPublic", false))
+	if err != nil {
+		t.Fatal("Expected no error when unarmoring, got:", err)
+	}
+
+	// Decrypt data with the good password
+	decrypted, err := DecryptMessageWithPassword(encrypted, []byte("pinata"))
+	if err != nil {
+		t.Fatal("Expected no error when decrypting, got:", err)
+	}
+
+	assert.Exactly(t, readTestFile("message_mixedPasswordPublicExpected", true), decrypted.GetString())
+}
+
 func TestTextMessageEncryption(t *testing.T) {
 	var message = NewPlainMessageFromString("plain text")
 

crypto/password.go

@@ -150,7 +150,9 @@ func passwordDecrypt(encryptedIO io.Reader, password []byte) ([]byte, error) {
 	config := &packet.Config{
 		Time: getTimeGenerator(),
 	}
-	md, err := openpgp.ReadMessage(encryptedIO, nil, prompt, config)
+
+	var emptyKeyRing openpgp.EntityList
+	md, err := openpgp.ReadMessage(encryptedIO, emptyKeyRing, prompt, config)
 	if err != nil {
 		return nil, err
 	}

crypto/testdata/message_mixedPasswordPublic

@@ -0,0 +1,32 @@
+-----BEGIN PGP MESSAGE-----
+Version: GopenPGP 2.0.1
+Comment: password = pinata
+
+wcBMA8qvclb8pUGwAQf/XTPYYr4JvanBwmEPVk7ej5dA4jIWaip0TGzCZMzgiD2A
+UVsCKDSbPRHbtAS5xMWcESz1Bjwnn/3BG4kLRqiSSthI1w/1MDv126UsM+4Yo3hD
+JO+J2EeUSYyXmeXHsSfZxs/Ip+oo2QQaOLvnX1SJAaDk6g4/8A2vz/0sEIGcsaJZ
+sGnnUbi2YCQ09Z7hpNihaKTXWeCey3OQhRQAw8Y+tL8U+pfL2GF+kGYSv8xj250Z
+nafO1BdmhvNBAcNSdqJZ8f7J3iINNOejmnyvmg854hU5m8ZSm3uYvVUS4pZsxW4Z
+djni0zn+akHBhg+imiCvMClFep6a4iiKXY0GX4OB+8MuBAkDCCBAYrwoW0Oc4MiS
+evR8lScfSANGprwSnJsehqLQf3N3W9nyltbhhi/+vtLCwQGiyBA9Ercz0r5Lcv7U
+2bi3KovO317GDZar+O5/Hzq7nyd8rbe8U+hQMF9+Ga05Z4al2KB938qhV0LJB03u
+3c07tfXvOf2whTJ2LlaSlWg2CSHSsigGGkWe25gqHN8QfEtkDnllz6h1kgcZcluf
+2Tp88dcTpftPeHDHhFGe1+Vnyzc22vdZoG7Pskrd83PtkJUbmAJnkvdNeHW11oJl
+POWPskyh4kdywOxcnV8qcGBZ8H1dcFnNEwMvhGPgh1pcTisUjRX+ZDzaVU8AXlkk
+TeFjASY/B0Q2HvX0g+uJVzzymPxlK7mGmFe6uHo/vBGO8gxtnHy1DtJ8fVAeMF9/
+VxvK13eN9Ra5y95IcF6XEmGjgdmHUnGHbfiz/ug4suuGiJA7MWnCHSwYXzGxe6Hc
+tvyHxsQcwaObdEtKtBLHc6M8Em5C89iy72sJuevx4QU9EM3ra+JSCC/3oSOsTCJy
+dOI29cdAvuApVJySXFhjTDZxVhlSOlFCbMsNFpLXzK0q01jaK+algugSIMvr3XaC
+PTm1GXUBhw4o6qz3apFVwg0/JrhIidrsUSmV1VOBSOsLW+RZhoyA/g4CekI6tFAx
+yx+mTsRvKv+OR33QkdXWhoe7kAOM5qbAE5v0tlUaf4f7WN2w0p1YSaRovSGgig7d
+NMKVGukIhB5mC2+dB1Uzr/FUHMNf1Cm4YXBiSRVXUryN8GSywBaX0Cnk1WrNTlYZ
+OZifoVaBvi/dGSF4GlE9q3BQY51LTB+tWR7zJk343mXcpwC++7rRmr0C2smc/fOp
+Ok+KiHDCkWdgdRRV6uBGR1j5037ytJWbB6ETLF/13p5UcZnTYTC27cSSUG0Jt+zy
+xWs1HnWT6Z9CpEsW+d+W8MWuUtS7YEsLHTmd6Vf1lIT0EwRqtXOfkFJeYpvFlxOK
+OINYKbhSvKFrSoOkRBtbI2YFbZLZDIgRZEc/oHdu+/O6td1203+ehxGoDyzbWYWh
+8hh7MI98SQBxwiir2B+04AEdl4mC3LFIJr8HQK3He54Gf1g4Y3uvCcclB0sRnV5j
+CyYRXt+eE6SXgbm8vqWmyqetM7LpKGE+Z19qbBdd+qlupWJcBZ3Bj5q4Bmufloif
+LeifnA9RUVSM5rS/mTzH5A/bZegeifodX3m69kuNiYxSlzzeoVQaLURsNJVYrsli
+gT9xedbgCYAJLKtf7HhaQu1TSQ==
+=W7AQ
+-----END PGP MESSAGE-----