From c3603924ab8d758831eefe8709e250b5be4088f5 Mon Sep 17 00:00:00 2001 From: Philipp Weber Date: Mon, 23 May 2016 15:03:17 +0200 Subject: ecies review change: decrypt only if mac is correct and catch exceptions during decryption --- src/lib/pubkey/ecies/ecies.cpp | 36 +++++++++++++++++++++++++----------- 1 file changed, 25 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp index 51ba3d172..0efdc64e1 100644 --- a/src/lib/pubkey/ecies/ecies.cpp +++ b/src/lib/pubkey/ecies/ecies.cpp @@ -368,18 +368,32 @@ secure_vector ECIES_Decryptor::do_decrypt(byte& valid_mask, const byte in[ const secure_vector calculated_mac = mac->final(); valid_mask = CT::expand_mask(same_mem(mac_data.data(), calculated_mac.data(), mac_data.size())); - // decrypt data - std::unique_ptr cipher = m_params.create_cipher(DECRYPTION); - BOTAN_ASSERT(cipher != nullptr, "Cipher is found"); - - cipher->set_key(SymmetricKey(secret_key.begin(), m_params.dem_keylen())); - if(m_iv.size() != 0) + if(valid_mask) { - cipher->set_iv(m_iv); - } - Pipe pipe(cipher.release()); - pipe.process_msg(encrypted_data); - return pipe.read_all(0); + // decrypt data + std::unique_ptr cipher = m_params.create_cipher(DECRYPTION); + BOTAN_ASSERT(cipher != nullptr, "Cipher is found"); + + cipher->set_key(SymmetricKey(secret_key.begin(), m_params.dem_keylen())); + if(m_iv.size() != 0) + { + cipher->set_iv(m_iv); + } + + try + { + // the decryption can fail: + // e.g. Integrity_Failure is thrown if GCM is used and the message does not have a valid tag + Pipe pipe(cipher.release()); + pipe.process_msg(encrypted_data); + return pipe.read_all(0); + } + catch(...) + { + valid_mask = 0; + } + } + return secure_vector(); } } -- cgit v1.2.3