Add session key size check (#62)

* Add session key size check Co-authored-by: Daniel Huigens <d.huigens@protonmail.com>
2020-07-20 11:43:36 +02:00 · 2020-07-20 11:43:36 +02:00 · 8c04ff64a5
commit 8c04ff64a5
parent 3b2e53c586
3 changed files with 50 additions and 4 deletions
--- a/crypto/sessionkey.go
+++ b/crypto/sessionkey.go
@ -98,12 +98,16 @@ func newSessionKeyFromEncrypted(ek *packet.EncryptedKey) (*SessionKey, error) {
 		return nil, fmt.Errorf("gopenpgp: unsupported cipher function: %v", ek.CipherFunc)
 	}

-	symmetricKey := &SessionKey{
+	sk := &SessionKey{
 		Key:  ek.Key,
 		Algo: algo,
 	}

-	return symmetricKey, nil
+	if err := sk.checkSize(); err != nil {
+		return nil, errors.Wrap(err, "gopenpgp: unable to decrypt session key")
+	}
+
+	return sk, nil
 }

 // Encrypt encrypts a PlainMessage to PGPMessage with a SessionKey.
@ -209,6 +213,19 @@ func (sk *SessionKey) Decrypt(dataPacket []byte) (*PlainMessage, error) {
 	return NewPlainMessage(messageBuf.Bytes()), nil
 }

+func (sk *SessionKey) checkSize() error {
+	cf, ok := symKeyAlgos[sk.Algo]
+	if !ok {
+		return errors.New("unknown symmetric key algorithm")
+	}
+
+	if cf.KeySize() != len(sk.Key) {
+		return errors.New("wrong session key size")
+	}
+
+	return nil
+}
+
 func getAlgo(cipher packet.CipherFunction) string {
 	algo := constants.AES256
 	for k, v := range symKeyAlgos {