Merge branch 'main' into fix/unarmor-error-message

2022-02-28 11:48:28 +01:00 · 2022-02-28 11:48:28 +01:00 · e9a93f4cfd
commit e9a93f4cfd
parent 52f4749d87 6495eca204
6 changed files with 64 additions and 4 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,7 +4,10 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).

-## Unreleased
+## [2.4.3] 2022-02-24
+
+### Security
+- Fixed incorrect MDC parsing for session key decryption

 ### Changed
 - `SeparateKeyAndData` is now implemented in a more generic way, by checking for the location in the bytes of the last session key packet, then splitting the binary message after that point.
@ -13,7 +16,6 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 - `SeparateKeyAndData` now correctly parses AEAD packets.
 - `(ap *AttachmentProcessor) Finish()` now returns encryption errors correctly.

-
 ## [2.4.2] 2022-01-13

 ### Changed
--- a/constants/armor.go
+++ b/constants/armor.go
@ -3,7 +3,7 @@ package constants

 // Constants for armored data.
 const (
-	ArmorHeaderVersion = "GopenPGP 2.4.2"
+	ArmorHeaderVersion = "GopenPGP 2.4.3"
 	ArmorHeaderComment = "https://gopenpgp.org"
 	PGPMessageHeader   = "PGP MESSAGE"
 	PGPSignatureHeader = "PGP SIGNATURE"
--- a/constants/version.go
+++ b/constants/version.go
@ -1,3 +1,3 @@
 package constants

-const Version = "2.4.2"
+const Version = "2.4.3"
--- a/crypto/sessionkey.go
+++ b/crypto/sessionkey.go
@ -11,6 +11,7 @@ import (
 	"github.com/pkg/errors"

 	"github.com/ProtonMail/go-crypto/openpgp"
+	pgpErrors "github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )

@ -31,6 +32,28 @@ var symKeyAlgos = map[string]packet.CipherFunction{
 	constants.AES256:    packet.CipherAES256,
 }

+type checkReader struct {
+	decrypted io.ReadCloser
+	body      io.Reader
+}
+
+func (cr checkReader) Read(buf []byte) (int, error) {
+	n, sensitiveParsingError := cr.body.Read(buf)
+	if sensitiveParsingError == io.EOF {
+		mdcErr := cr.decrypted.Close()
+		if mdcErr != nil {
+			return n, mdcErr
+		}
+		return n, io.EOF
+	}
+
+	if sensitiveParsingError != nil {
+		return n, pgpErrors.StructuralError("parsing error")
+	}
+
+	return n, nil
+}
+
 // GetCipherFunc returns the cipher function corresponding to the algorithm used
 // with this SessionKey.
 func (sk *SessionKey) GetCipherFunc() (packet.CipherFunction, error) {
@ -335,6 +358,7 @@ func decryptStreamWithSessionKey(sk *SessionKey, messageReader io.Reader, verify
 		return nil, errors.Wrap(err, "gopenpgp: unable to decode symmetric packet")
 	}

+	md.UnverifiedBody = checkReader{decrypted, md.UnverifiedBody}
 	return md, nil
 }

--- a/crypto/sessionkey_test.go
+++ b/crypto/sessionkey_test.go
@ -2,6 +2,7 @@ package crypto

 import (
 	"encoding/base64"
+	"encoding/hex"
 	"errors"
 	"testing"

@ -271,6 +272,25 @@ func TestDataPacketDecryption(t *testing.T) {
 	assert.Exactly(t, readTestFile("message_plaintext", true), decrypted.GetString())
 }

+func TestMDCFailDecryption(t *testing.T) {
+	pgpMessage, err := NewPGPMessageFromArmored(readTestFile("message_badmdc", false))
+	if err != nil {
+		t.Fatal("Expected no error when unarmoring, got:", err)
+	}
+
+	split, err := pgpMessage.SeparateKeyAndData()
+	if err != nil {
+		t.Fatal("Expected no error when splitting, got:", err)
+	}
+
+	sk, _ := hex.DecodeString("F76D3236E4F8A38785C50BDE7167475E95360BCE67A952710F6C16F18BB0655E")
+
+	sessionKey := NewSessionKeyFromToken(sk, "aes256")
+
+	_, err = sessionKey.Decrypt(split.GetBinaryDataPacket())
+	assert.NotNil(t, err)
+}
+
 func TestSessionKeyClear(t *testing.T) {
 	testSessionKey.Clear()
 	assertMemCleared(t, testSessionKey.Key)
--- a/crypto/testdata/message_badmdc
+++ b/crypto/testdata/message_badmdc
@ -0,0 +1,14 @@
+-----BEGIN PGP MESSAGE-----
+
+wcDMA3wvqk35PDeyAQv/bxxV95z095aN6D+s6ayatoZc2xakyZenaCYiDIY26CmW
+iLmzNHasoPAmKa3dN3diiMuquKQLJQEoAeAd0L5xDwi7nTpan8E7F9p2krP+hGGy
+bNaWez5O0Eyw2D5VPokybYIJ+bLo0MEZ/DOzUQ8HijDt2pPQ37CJP6jhA3rcFgwb
+pEEjF2zWwI3PLrVdO8XcBI5y34ZCUO94FzQUN6/xVpeFQ3vlc9mOajv03l+wyisb
+4UeXbSJMEnZr915UqNiu8L9/y9BwVtZ2StRSiumMT4OPDjRAQMQQL7FcpogzVwPm
+oCmVw1ZcBltnBtpdH7F+M4+PUaaVZTTIYOxCBa1rfpnIcKefJpsAS7aaFZQUs+8a
+DxEygVzUF6rk2/WajmefwrZ+7EGWFQU0VfPHXqozDAuryzx7p9jMCn+QnyVvtYkv
+QqvO1SLa3RqLjqV67QnwCs2lo9WMQDcUchsAC34t1bOtzzqxZOlN12PHn4SyjRdo
+74vEv+SPViLjZPfcB3Kz0kwBQump/fZNQys1LvrAevWs+1UIaUhLzb5UmdELsCAY
+ebkFfoWZdskeR+1qSeui57C4ggOHu0Mm/JCbJxAFAHHn+RE8oQhnYiD6xTsA
+=cHtj
+-----END PGP MESSAGE-----