Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2026-03-06 17:11:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix ECDH fingerprint size of v6 keys (#1771)

Browse Source 
Fingerprint should not be truncated, unlike for v5 keys.
This commit is contained in:
larabr
2024-07-04 14:28:43 +02:00
committed by GitHub
parent 5268c484e9
commit f729d2bfa7
3 changed files with 46 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/crypto/public_key/elliptic/ecdh.js
View File

@@ -53,7 +53,7 @@ function buildEcdhParam(public_algo, oid, kdfParams, fingerprint) {
new Uint8Array([public_algo]),
kdfParams.write(),
util.stringToUint8Array('Anonymous Sender '),
fingerprint.subarray(0, 20)
fingerprint
]);
}
@@ -123,7 +123,7 @@ async function genPublicEphemeralKey(curve, Q) {
* @param {module:type/kdf_params} kdfParams - KDF params including cipher and algorithm to use
* @param {Uint8Array} data - Unpadded session key data
* @param {Uint8Array} Q - Recipient public key
* @param {Uint8Array} fingerprint - Recipient fingerprint
* @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version
* @returns {Promise<{publicKey: Uint8Array, wrappedKey: Uint8Array}>}
* @async
*/
@@ -188,7 +188,7 @@ async function genPrivateEphemeralKey(curve, V, Q, d) {
* @param {Uint8Array} C - Encrypted and wrapped value derived from session key
* @param {Uint8Array} Q - Recipient public key
* @param {Uint8Array} d - Recipient private key
* @param {Uint8Array} fingerprint - Recipient fingerprint
* @param {Uint8Array} fingerprint - Recipient fingerprint, already truncated depending on the key version
* @returns {Promise<Uint8Array>} Value derived from session key.
* @async
*/

6
src/packet/public_key_encrypted_session_key.js
View File

@@ -180,9 +180,10 @@ class PublicKeyEncryptedSessionKeyPacket {
// No symmetric encryption algorithm identifier is passed to the public-key algorithm for a
// v6 PKESK packet, as it is included in the v2 SEIPD packet.
const sessionKeyAlgorithm = this.version === 3 ? this.sessionKeyAlgorithm : null;
const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();
const encoded = encodeSessionKey(this.version, algo, sessionKeyAlgorithm, this.sessionKey);
this.encrypted = await crypto.publicKeyEncrypt(
algo, sessionKeyAlgorithm, key.publicParams, encoded, key.getFingerprintBytes());
algo, sessionKeyAlgorithm, key.publicParams, encoded, fingerprint);
}
/**
@@ -202,7 +203,8 @@ class PublicKeyEncryptedSessionKeyPacket {
const randomPayload = randomSessionKey ?
encodeSessionKey(this.version, this.publicKeyAlgorithm, randomSessionKey.sessionKeyAlgorithm, randomSessionKey.sessionKey) :
null;
const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, key.getFingerprintBytes(), randomPayload);
const fingerprint = key.version === 5 ? key.getFingerprintBytes().subarray(0, 20) : key.getFingerprintBytes();
const decryptedData = await crypto.publicKeyDecrypt(this.publicKeyAlgorithm, key.publicParams, key.privateParams, this.encrypted, fingerprint, randomPayload);
const { sessionKey, sessionKeyAlgorithm } = decodeSessionKey(this.version, this.publicKeyAlgorithm, decryptedData, randomSessionKey);