From 4d2d8740dc0fe0977a7ff233587302cb356ffd83 Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Wed, 20 Nov 2024 16:57:38 +0100
Subject: [PATCH] Fix decryption support for non-standard, legacy AEAD messages
 and keys that used `experimentalGCM`

This adds back support for decrypting password-protected messages which
were encrypted in OpenPGP.js v5 with custom config settings
`config.aeadProtect = true` together with
`config.preferredAEADAlgorithm = openpgp.enums.aead.experimentalGCM`.

Public-key-encrypted messages are affected if they were encrypted using the same config, while also providing `encryptionKeys` that declared `experimentalGCM` in their AEAD prefs.
Such keys could be generated in OpenPGP.js v5 by setting the aforementioned config values.
---
 src/crypto/crypto.js    | 13 +++++++++++--
 test/general/openpgp.js | 23 +++++++++++++++++++++++
 2 files changed, 34 insertions(+), 2 deletions(-)

diff --git a/src/crypto/crypto.js b/src/crypto/crypto.js
index d0c0fa7a..d40eb900 100644
--- a/src/crypto/crypto.js
+++ b/src/crypto/crypto.js
@@ -472,8 +472,17 @@ export function generateSessionKey(algo) {
  * @throws {Error} on invalid algo
  */
 export function getAEADMode(algo) {
-  const algoName = enums.read(enums.aead, algo);
-  return mode[algoName];
+  switch (algo) {
+    case enums.aead.eax:
+      return mode.eax;
+    case enums.aead.ocb:
+      return mode.ocb;
+    case enums.aead.gcm:
+    case enums.aead.experimentalGCM:
+      return mode.gcm;
+    default:
+      throw new Error('Unsupported AEAD mode');
+  }
 }
 
 /**
diff --git a/test/general/openpgp.js b/test/general/openpgp.js
index df105dc4..f5754a6a 100644
--- a/test/general/openpgp.js
+++ b/test/general/openpgp.js
@@ -1716,6 +1716,29 @@ aOU=
       }
     });
 
+    it('supports decrypting a legacy AEAD message encrypted by OpenPGP.js v5 with `experimentalGCM` (AEADEncryptedDataPacket)', async () => {
+      const plaintext = 'test';
+      const passphrase = 'passphrase';
+      const messageLegacyAEAD = await openpgp.readMessage({
+        armoredMessage: `-----BEGIN PGP MESSAGE-----
+
+w0oFCWQDCMbFipDX5vyLAFXhzn5i6iGJY/4BhPed85Yl62F1j8JWGT/8Mw3/
+s7f058pohmXCztkTnrSo5+LUmRX8YwlGC5+5LbczD9Q8AQlkDHfOCyGb8NSF
+mnk1YJIgLeTgPF4F1TK1ead1VfPqvUHK2Z/FzlaY94wK9f8QcA9RUSvjoKGH
+BdPq
+=+vdf
+-----END PGP MESSAGE-----`,
+        config: { enableParsingV5Entities: true }
+      });
+
+      const { data: decryptedData } = await openpgp.decrypt({
+        message: messageLegacyAEAD,
+        passwords: passphrase
+      });
+
+      expect(decryptedData).to.equal(plaintext);
+    });
+
     it('decrypt with `config.constantTimePKCS1Decryption` option should succeed', async function () {
       const publicKey = await openpgp.readKey({ armoredKey: pub_key });
       const publicKey2 = await openpgp.readKey({ armoredKey: eccPrivateKey });