Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[v6] Fix wrong serialization of PKESK v6 for x25519/x448 #1734

Merged
merged 4 commits into from
Mar 22, 2024
Merged

[v6] Fix wrong serialization of PKESK v6 for x25519/x448 #1734

merged 4 commits into from
Mar 22, 2024

Conversation

larabr
Copy link
Collaborator

@larabr larabr commented Mar 21, 2024

The cleartext session key symmetric algorithm was accidentally included in the packet.
As a result, the generated messages could fail to parse and/or decrypt in other implementations.
The messages would still decrypt successfully in OpenPGP.js, due to a laax parsing procedure, which simply discarded the unused additional byte.

This only affects v6 PKESK packets, that are only generated starting from OpenPGP.js v6, if the keys were generated enabling config.aeadProtect (off by default).

@larabr larabr requested a review from twiss March 21, 2024 11:37
@larabr
Fix wrong serialization of PKESK v6 for x25519/x448
172c674 
The cleartext session key symmetric algorithm was accidentally included in the packet.
As a result, the generated messages may fail to parse and/or decrypt in other implementations.
The messages would still decrypt successfully in OpenPGP.js, due to an overly permissive parsing procedure,
which simply discarded the unused additional byte.
@larabr
Uniform returned type for decodeSessionKey
3663570
@larabr
Throw on unexpected cleartext symmetric algo in PKESK v6 for x25519/x448
da88cc2
@larabr
Add test for PKESK encrypt/decrypt flow for different public key algos
8a0c60f
@larabr larabr force-pushed the v6-fix-eddsa-pkesk-v6-encrypt branch from 38f4450 to 8a0c60f Compare March 22, 2024 14:32
@larabr larabr merged commit 2574795 into openpgpjs:v6 Mar 22, 2024
10 of 12 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@twiss twiss twiss approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@larabr @twiss