aboutsummaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
authorPhilipp Weber <[email protected]>2016-05-23 15:03:17 +0200
committerPhilipp Weber <[email protected]>2016-05-23 15:03:17 +0200
commitc3603924ab8d758831eefe8709e250b5be4088f5 (patch)
treebd61bce9dbd085e59dbc14560b64d1a27edd99a0 /src
parentc951ad50c6af7d93c16f53dffb69b0be23f1c647 (diff)
ecies review change: decrypt only if mac is correct and catch exceptions during decryption
Diffstat (limited to 'src')
-rw-r--r--src/lib/pubkey/ecies/ecies.cpp36
1 files changed, 25 insertions, 11 deletions
diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp
index 51ba3d172..0efdc64e1 100644
--- a/src/lib/pubkey/ecies/ecies.cpp
+++ b/src/lib/pubkey/ecies/ecies.cpp
@@ -368,18 +368,32 @@ secure_vector<byte> ECIES_Decryptor::do_decrypt(byte& valid_mask, const byte in[
const secure_vector<byte> calculated_mac = mac->final();
valid_mask = CT::expand_mask<byte>(same_mem(mac_data.data(), calculated_mac.data(), mac_data.size()));
- // decrypt data
- std::unique_ptr<Keyed_Filter> cipher = m_params.create_cipher(DECRYPTION);
- BOTAN_ASSERT(cipher != nullptr, "Cipher is found");
-
- cipher->set_key(SymmetricKey(secret_key.begin(), m_params.dem_keylen()));
- if(m_iv.size() != 0)
+ if(valid_mask)
{
- cipher->set_iv(m_iv);
- }
- Pipe pipe(cipher.release());
- pipe.process_msg(encrypted_data);
- return pipe.read_all(0);
+ // decrypt data
+ std::unique_ptr<Keyed_Filter> cipher = m_params.create_cipher(DECRYPTION);
+ BOTAN_ASSERT(cipher != nullptr, "Cipher is found");
+
+ cipher->set_key(SymmetricKey(secret_key.begin(), m_params.dem_keylen()));
+ if(m_iv.size() != 0)
+ {
+ cipher->set_iv(m_iv);
+ }
+
+ try
+ {
+ // the decryption can fail:
+ // e.g. Integrity_Failure is thrown if GCM is used and the message does not have a valid tag
+ Pipe pipe(cipher.release());
+ pipe.process_msg(encrypted_data);
+ return pipe.read_all(0);
+ }
+ catch(...)
+ {
+ valid_mask = 0;
+ }
+ }
+ return secure_vector<byte>();
}
}