From 0e08abb3e210231cabd7946f7a1d16a438761584 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Sat, 18 Mar 2023 00:30:30 +0100
Subject: [PATCH] When decrypting a v6 PKESK in constant-time, use the v2 SEIPD
 algorithm

Rather than using the config to determine which algorithms to try
to decrypt session keys for, try the algorithm we know the message
was encrypted with.
---
 src/message.js | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/message.js b/src/message.js
index ce103022..44d69a1c 100644
--- a/src/message.js
+++ b/src/message.js
@@ -243,7 +243,11 @@ export class Message {
               // NB: as a result, if the data is encrypted with a non-suported cipher, decryption will always fail.
 
               const serialisedPKESK = pkeskPacket.write(); // make copies to be able to decrypt the PKESK packet multiple times
-              await Promise.all(Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms).map(async sessionKeyAlgorithm => {
+              await Promise.all((
+                expectedSymmetricAlgorithm ?
+                [expectedSymmetricAlgorithm] :
+                Array.from(config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms)
+              ).map(async sessionKeyAlgorithm => {
                 const pkeskPacketCopy = new PublicKeyEncryptedSessionKeyPacket();
                 pkeskPacketCopy.read(serialisedPKESK);
                 const randomSessionKey = {