+81
-17
lines changedFilter options
+81
-17
lines changed Original file line number Diff line number Diff line change
@@ -153,6 +153,7 @@ Message.prototype.decrypt = async function(privateKeys, passwords, sessionKeys,
153 153
Message.prototype.decryptSessionKeys = async function(privateKeys, passwords) {
154 154
let keyPackets = [];
155 155 156 +
let exception;
156 157
if (passwords) {
157 158
const symESKeyPacketlist = this.packets.filterByTag(enums.packet.symEncryptedSessionKey);
158 159
if (!symESKeyPacketlist) {
@@ -181,23 +182,36 @@ Message.prototype.decryptSessionKeys = async function(privateKeys, passwords) {
181 182
throw new Error('No public key encrypted session key packet found.');
182 183
}
183 184
await Promise.all(pkESKeyPacketlist.map(async function(keyPacket) {
184 -
const privateKeyPackets = new packet.List();
185 -
privateKeys.forEach(privateKey => {
186 -
privateKeyPackets.concat(privateKey.getKeys(keyPacket.publicKeyId).map(key => key.keyPacket));
187 -
});
188 -
await Promise.all(privateKeyPackets.map(async function(privateKeyPacket) {
189 -
if (!privateKeyPacket) {
190 -
return;
191 -
}
192 -
if (!privateKeyPacket.isDecrypted()) {
193 -
throw new Error('Private key is not decrypted.');
194 -
}
195 -
try {
196 -
await keyPacket.decrypt(privateKeyPacket);
197 -
keyPackets.push(keyPacket);
198 -
} catch (err) {
199 -
util.print_debug_error(err);
185 +
await Promise.all(privateKeys.map(async function(privateKey) {
186 +
const primaryUser = await privateKey.getPrimaryUser(); // TODO: Pass userId from somewhere.
187 +
let algos = [
188 +
enums.symmetric.aes256, // Old OpenPGP.js default fallback
189 +
enums.symmetric.aes128, // RFC4880bis fallback
190 +
enums.symmetric.tripledes // RFC4880 fallback
191 +
];
192 +
if (primaryUser && primaryUser.selfCertification.preferredSymmetricAlgorithms) {
193 +
algos = algos.concat(primaryUser.selfCertification.preferredSymmetricAlgorithms);
200 194
}
195 + 196 +
const privateKeyPackets = privateKey.getKeys(keyPacket.publicKeyId).map(key => key.keyPacket);
197 +
await Promise.all(privateKeyPackets.map(async function(privateKeyPacket) {
198 +
if (!privateKeyPacket) {
199 +
return;
200 +
}
201 +
if (!privateKeyPacket.isDecrypted()) {
202 +
throw new Error('Private key is not decrypted.');
203 +
}
204 +
try {
205 +
await keyPacket.decrypt(privateKeyPacket);
206 +
if (!algos.includes(enums.write(enums.symmetric, keyPacket.sessionKeyAlgorithm))) {
207 +
throw new Error('A non-preferred symmetric algorithm was used.');
208 +
}
209 +
keyPackets.push(keyPacket);
210 +
} catch (err) {
211 +
util.print_debug_error(err);
212 +
exception = err;
213 +
}
214 +
}));
201 215
}));
202 216
stream.cancel(keyPacket.encrypted); // Don't keep copy of encrypted data in memory.
203 217
keyPacket.encrypted = null;
@@ -222,7 +236,7 @@ Message.prototype.decryptSessionKeys = async function(privateKeys, passwords) {
222 236 223 237
return keyPackets.map(packet => ({ data: packet.sessionKey, algorithm: packet.sessionKeyAlgorithm }));
224 238
}
225 -
throw new Error('Session key decryption failed.');
239 +
throw exception || new Error('Session key decryption failed.');
226 240
};
227 241 228 242
/**
@@ -2,4 +2,5 @@ describe('Security', function () {
2 2
require('./message_signature_bypass');
3 3
require('./unsigned_subpackets');
4 4
require('./subkey_trust');
5 +
require('./preferred_algo_mismatch');
5 6
});
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
1 +
const openpgp = typeof window !== 'undefined' && window.openpgp ? window.openpgp : require('../../dist/openpgp');
2 + 3 +
const { key, cleartext, enums, packet: { List, Signature } } = openpgp;
4 + 5 +
const chai = require('chai');
6 +
chai.use(require('chai-as-promised'));
7 + 8 +
const expect = chai.expect;
9 + 10 +
const messageArmor = `-----BEGIN PGP MESSAGE-----
11 +
Version: OpenPGP.js VERSION
12 +
Comment: https://openpgpjs.org
13 + 14 +
wYwD3eCUoDfD5yoBA/4rhxaaw+E2ma+LdmLVDBRqxglhIgnM6EgNxzf8J5Ty
15 +
ecQBLOf3BjjC72mJ9RqMmvQ16aG4EXXDAUmCP1sBLj+b7V1t4keeyTn+2nXu
16 +
7Wgu2yq9CvZahRLsayt3y8VodZwTi3K/+gmx1f8EhdLPONQgGkYAqZ3Tyyd0
17 +
KF3pknplvdI+AXqRs0n2vVr89oIdmQPJFSHEoJtltbSNxhwShdzDvOor2FKJ
18 +
vhGWNysion2aBg0fIbgDUKeXKp8YN44LDTk=
19 +
=RYrv
20 +
-----END PGP MESSAGE-----`;
21 + 22 +
const privateKeyArmor = `-----BEGIN PGP PRIVATE KEY BLOCK-----
23 +
Version: OpenPGP.js VERSION
24 +
Comment: https://openpgpjs.org
25 + 26 +
xcEYBFvbA08BBACl8U5VEY7TNq1PAzwU0f3soqNfFpKtNFt+LY3q5sasouJ7
27 +
zE4/TPYrAaAoM5/yOjfvbfJP5myBUCtkdtIRIY2iP2uOPhfaly8U+zH25Qnq
28 +
bmgLfvu4ytPAPrKZF8f98cIeJmHD81SPRgDMuB2U9wwgN6stgVBBCUS+lu/L
29 +
/4pyuwARAQABAAP+Jz6BIvcrCuJ0bCo8rEPZRHxWHKfO+m1Wcem+FV6Mf8lp
30 +
vJNdsfS2hwc0ZC2JVxTTo6kh1CmPYamfCXxcQ7bmsqWkkq/6d17zKE6BqE/n
31 +
spW7qTnZ14VPC0iPrBetAWRlCk+m0cEkRnBxqPOVBNd6VPcZyM7GUOGf/kiw
32 +
AsHf+nECANkN1tsqLJ3+pH2MRouF7yHevQ9OGg+rwetBO2a8avvcsAuoFjVw
33 +
hERpkHv/PQjKAE7KcBzqLLad0QbrQW+sUcMCAMO3to0tSBJrNA9YkrViT76I
34 +
siiahSB/FC9JlO+T46xncRleZeBHc0zoVAP+W/PjRo2CR4ydtwjjalrxcKX9
35 +
E6kCALfDyhkRNzZLxg2XOGDWyeXqe80VWnMBqTZK73nZlACRcUoXuvjRc15Q
36 +
K2c3/nZ7LMyQidj8XsTq4sz1zfWz4Cejj80cVGVzdCBVc2VyIDx0ZXN0QGV4
37 +
YW1wbGUuY29tPsK1BBABCAApBQJb2wNPAgsJCRDd4JSgN8PnKgQVCAoCAxYC
38 +
AQIZAQIbDwIeBwMiAQIAABGjA/4y6HjthMU03AC3bIUyYPv6EJc9czS5wysa
39 +
5rKuNhzka0Klb0INcX1YZ8usPIIl1rtr8f8xxCdSiqhJpn+uqIPVROHi0XLG
40 +
ej3gSJM5i1lIt1jxyJlvVI/7W0vzuE85KDzGXQFNFyO/T9D7T1SDHnS8KbBh
41 +
EnxUPL95HuMKoVkf4w==
42 +
=oopr
43 +
-----END PGP PRIVATE KEY BLOCK-----`;
44 + 45 +
it('Does not accept message encrypted with algo not mentioned in preferred algorithms', async function() {
46 +
const message = await openpgp.message.readArmored(messageArmor);
47 +
const privKey = (await openpgp.key.readArmored(privateKeyArmor)).keys[0];
48 +
await expect(openpgp.decrypt({ message, privateKeys: [privKey] })).to.be.rejectedWith('A non-preferred symmetric algorithm was used.');
49 +
});
You can’t perform that action at this time.
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4