Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-24 15:12:31 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix decryption support for non-standard, legacy AEAD messages and keys that used experimentalGCM

Browse Source 
This adds back support for decrypting password-protected messages which
were encrypted in OpenPGP.js v5 with custom config settings
`config.aeadProtect = true` together with
`config.preferredAEADAlgorithm = openpgp.enums.aead.experimentalGCM`.

Public-key-encrypted messages are affected if they were encrypted using the same config, while also providing `encryptionKeys` that declared `experimentalGCM` in their AEAD prefs.
Such keys could be generated in OpenPGP.js v5 by setting the aforementioned config values.
This commit is contained in:
larabr 2024-11-20 16:57:38 +01:00
parent bbdaad0cba
commit 4d2d8740dc
2 changed files with 34 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/crypto/crypto.js
View File

@ -472,8 +472,17 @@ export function generateSessionKey(algo) {
* @throws {Error} on invalid algo * @throws {Error} on invalid algo
*/ */
export function getAEADMode(algo) { export function getAEADMode(algo) {
const algoName = enums.read(enums.aead, algo); switch (algo) {
return mode[algoName]; case enums.aead.eax:
return mode.eax;
case enums.aead.ocb:
return mode.ocb;
case enums.aead.gcm:
case enums.aead.experimentalGCM:
return mode.gcm;
default:
throw new Error('Unsupported AEAD mode');
}
} }
/** /**

23
test/general/openpgp.js
View File

@ -1716,6 +1716,29 @@ aOU=
} }
}); });
it('supports decrypting a legacy AEAD message encrypted by OpenPGP.js v5 with `experimentalGCM` (AEADEncryptedDataPacket)', async () => {
const plaintext = 'test';
const passphrase = 'passphrase';
const messageLegacyAEAD = await openpgp.readMessage({
armoredMessage: `-----BEGIN PGP MESSAGE-----
w0oFCWQDCMbFipDX5vyLAFXhzn5i6iGJY/4BhPed85Yl62F1j8JWGT/8Mw3/
s7f058pohmXCztkTnrSo5+LUmRX8YwlGC5+5LbczD9Q8AQlkDHfOCyGb8NSF
mnk1YJIgLeTgPF4F1TK1ead1VfPqvUHK2Z/FzlaY94wK9f8QcA9RUSvjoKGH
BdPq
=+vdf
-----END PGP MESSAGE-----`,
config: { enableParsingV5Entities: true }
});
const { data: decryptedData } = await openpgp.decrypt({
message: messageLegacyAEAD,
passwords: passphrase
});
expect(decryptedData).to.equal(plaintext);
});
it('decrypt with `config.constantTimePKCS1Decryption` option should succeed', async function () { it('decrypt with `config.constantTimePKCS1Decryption` option should succeed', async function () {
const publicKey = await openpgp.readKey({ armoredKey: pub_key }); const publicKey = await openpgp.readKey({ armoredKey: pub_key });
const publicKey2 = await openpgp.readKey({ armoredKey: eccPrivateKey }); const publicKey2 = await openpgp.readKey({ armoredKey: eccPrivateKey });