Skip to content

Commit

Permalink
Fix symmetric v6 message encryption
Browse files Browse the repository at this point in the history
Commits 7d95b08 and ea31631
introduced an error where the plain session key was passed in the wrong format
causing the session-key wrapper to fail due to an invalid block size.
  • Loading branch information
vanitasvitae committed Dec 9, 2024
1 parent 35667a1 commit bfec434
Show file tree
Hide file tree
Showing 2 changed files with 7 additions and 3 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -230,10 +230,13 @@ private OutputStream open(

boolean directS2K = !forceSessionKey && methods.size() == 1 &&
methods.get(0) instanceof PBEKeyEncryptionMethodGenerator; // not public key

boolean isV5StyleAEAD = dataEncryptorBuilder.isV5StyleAEAD(); //v5
if (dataEncryptorBuilder.getAeadAlgorithm() != -1 && !isV5StyleAEAD)
boolean isSeipdV2 = dataEncryptorBuilder.getAeadAlgorithm() != -1 && !isV5StyleAEAD;
if (isSeipdV2)
{
sessionKey = PGPUtil.makeRandomKey(defAlgorithm, rand);
sessionInfo = createSessionInfo(defAlgorithm, sessionKey);
// In OpenPGP v6, we need an additional step to derive a message key and IV from the session info.
// Since we cannot inject the IV into the data encryptor, we append it to the message key.
byte[] info = SymmetricEncIntegrityPacket.createAAData(
Expand Down Expand Up @@ -282,7 +285,7 @@ else if (directS2K)
{
//https://www.rfc-editor.org/rfc/rfc9580.html#section-3.7.2.1 Table 2
//AEAD(HKDF(S2K(passphrase), info), secrets, packetprefix)
writeOpenPGPv6ESKPacket(method, aeadDataEncryptor.getAEADAlgorithm(), sessionKey);
writeOpenPGPv6ESKPacket(method, aeadDataEncryptor.getAEADAlgorithm(), sessionInfo);
}
}
// OpenPGP v4
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -201,7 +201,7 @@ private ContainedPacket generateV5ESK(int kekAlgorithm, int aeadAlgorithm, byte[
return SymmetricKeyEncSessionPacket.createV5Packet(kekAlgorithm, aeadAlgorithm, iv, s2k, esk, tag);
}

private ContainedPacket generateV6ESK(int kekAlgorithm, int aeadAlgorithm, byte[] sessionKey)
private ContainedPacket generateV6ESK(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo)
throws PGPException
{
byte[] ikm = getKey(kekAlgorithm);
Expand All @@ -217,6 +217,7 @@ private ContainedPacket generateV6ESK(int kekAlgorithm, int aeadAlgorithm, byte[
random.nextBytes(iv);

int tagLen = AEADUtils.getAuthTagLength(aeadAlgorithm);
byte[] sessionKey = getSessionKey(sessionInfo);
byte[] eskAndTag = getEskAndTag(kekAlgorithm, aeadAlgorithm, sessionKey, kek, iv, info);
byte[] esk = Arrays.copyOfRange(eskAndTag, 0, eskAndTag.length - tagLen);
byte[] tag = Arrays.copyOfRange(eskAndTag, esk.length, eskAndTag.length);
Expand Down

0 comments on commit bfec434

Please sign in to comment.