Fix decryption support for non-standard, legacy AEAD messages and keys that used experimentalGCM

This adds back support for decrypting password-protected messages which were encrypted in OpenPGP.js v5 with custom config settings `config.aeadProtect = true` together with `config.preferredAEADAlgorithm = openpgp.enums.aead.experimentalGCM`. Public-key-encrypted messages are affected if they were encrypted using the same config, while also providing `encryptionKeys` that declared `experimentalGCM` in their AEAD prefs. Such keys could be generated in OpenPGP.js v5 by setting the aforementioned config values.
2025-06-24 07:02:30 +00:00 · 2024-11-20 16:57:38 +01:00 · 2024-11-20 16:57:38 +01:00 · 4d2d8740dc
commit 4d2d8740dc
parent bbdaad0cba
2 changed files with 34 additions and 2 deletions
--- a/src/crypto/crypto.js
+++ b/src/crypto/crypto.js
@ -472,8 +472,17 @@ export function generateSessionKey(algo) {
 * @throws {Error} on invalid algo
 */
 export function getAEADMode(algo) {
-  const algoName = enums.read(enums.aead, algo);
-  return mode[algoName];
+  switch (algo) {
+    case enums.aead.eax:
+      return mode.eax;
+    case enums.aead.ocb:
+      return mode.ocb;
+    case enums.aead.gcm:
+    case enums.aead.experimentalGCM:
+      return mode.gcm;
+    default:
+      throw new Error('Unsupported AEAD mode');
+  }
 }

 /**
--- a/test/general/openpgp.js
+++ b/test/general/openpgp.js
@ -1716,6 +1716,29 @@ aOU=
      }
    });

+    it('supports decrypting a legacy AEAD message encrypted by OpenPGP.js v5 with `experimentalGCM` (AEADEncryptedDataPacket)', async () => {
+      const plaintext = 'test';
+      const passphrase = 'passphrase';
+      const messageLegacyAEAD = await openpgp.readMessage({
+        armoredMessage: `-----BEGIN PGP MESSAGE-----
+
+w0oFCWQDCMbFipDX5vyLAFXhzn5i6iGJY/4BhPed85Yl62F1j8JWGT/8Mw3/
+s7f058pohmXCztkTnrSo5+LUmRX8YwlGC5+5LbczD9Q8AQlkDHfOCyGb8NSF
+mnk1YJIgLeTgPF4F1TK1ead1VfPqvUHK2Z/FzlaY94wK9f8QcA9RUSvjoKGH
+BdPq
+=+vdf
+-----END PGP MESSAGE-----`,
+        config: { enableParsingV5Entities: true }
+      });
+
+      const { data: decryptedData } = await openpgp.decrypt({
+        message: messageLegacyAEAD,
+        passwords: passphrase
+      });
+
+      expect(decryptedData).to.equal(plaintext);
+    });
+
    it('decrypt with `config.constantTimePKCS1Decryption` option should succeed', async function () {
      const publicKey = await openpgp.readKey({ armoredKey: pub_key });
      const publicKey2 = await openpgp.readKey({ armoredKey: eccPrivateKey });