Skip to content

Commit

Permalink
Fix session key length generation (#198)
Browse files Browse the repository at this point in the history 
If AEAD is in use, we should generate a session key of the length of the cipher suite. 
This triggers when a key has a different AEAD preference than the cipher.
  • Loading branch information
@wussler
wussler authored Jun 24, 2024
1 parent 3a86725 commit 140b3d6
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
7 changes: 6 additions & 1 deletion openpgp/v2/write.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -664,7 +664,12 @@ func encrypt(
}

if params.SessionKey == nil {
params.SessionKey = make([]byte, cipher.KeySize())
if aeadSupported {
params.SessionKey = make([]byte, aeadCipherSuite.Cipher.KeySize())
} else {
params.SessionKey = make([]byte, cipher.KeySize())
}

if _, err := io.ReadFull(config.Random(), params.SessionKey); err != nil {
return nil, err
}
Expand Down
8 changes: 7 additions & 1 deletion openpgp/write.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -444,7 +444,13 @@ func encrypt(keyWriter io.Writer, dataWriter io.Writer, to []*Entity, signed *En
}
}

symKey := make([]byte, cipher.KeySize())
var symKey []byte
if aeadSupported {
symKey = make([]byte, aeadCipherSuite.Cipher.KeySize())
} else {
symKey = make([]byte, cipher.KeySize())
}

if _, err := io.ReadFull(config.Random(), symKey); err != nil {
return nil, err
}
Expand Down

0 comments on commit 140b3d6

Please sign in to comment.