From c3603924ab8d758831eefe8709e250b5be4088f5 Mon Sep 17 00:00:00 2001
From: Philipp Weber
Date: Mon, 23 May 2016 15:03:17 +0200
Subject: ecies review change: decrypt only if mac is correct and catch
exceptions during decryption
---
src/lib/pubkey/ecies/ecies.cpp | 36 +++++++++++++++++++++++++-----------
1 file changed, 25 insertions(+), 11 deletions(-)
(limited to 'src')
diff --git a/src/lib/pubkey/ecies/ecies.cpp b/src/lib/pubkey/ecies/ecies.cpp
index 51ba3d172..0efdc64e1 100644
--- a/src/lib/pubkey/ecies/ecies.cpp
+++ b/src/lib/pubkey/ecies/ecies.cpp
@@ -368,18 +368,32 @@ secure_vector ECIES_Decryptor::do_decrypt(byte& valid_mask, const byte in[
const secure_vector calculated_mac = mac->final();
valid_mask = CT::expand_mask(same_mem(mac_data.data(), calculated_mac.data(), mac_data.size()));
- // decrypt data
- std::unique_ptr cipher = m_params.create_cipher(DECRYPTION);
- BOTAN_ASSERT(cipher != nullptr, "Cipher is found");
-
- cipher->set_key(SymmetricKey(secret_key.begin(), m_params.dem_keylen()));
- if(m_iv.size() != 0)
+ if(valid_mask)
{
- cipher->set_iv(m_iv);
- }
- Pipe pipe(cipher.release());
- pipe.process_msg(encrypted_data);
- return pipe.read_all(0);
+ // decrypt data
+ std::unique_ptr cipher = m_params.create_cipher(DECRYPTION);
+ BOTAN_ASSERT(cipher != nullptr, "Cipher is found");
+
+ cipher->set_key(SymmetricKey(secret_key.begin(), m_params.dem_keylen()));
+ if(m_iv.size() != 0)
+ {
+ cipher->set_iv(m_iv);
+ }
+
+ try
+ {
+ // the decryption can fail:
+ // e.g. Integrity_Failure is thrown if GCM is used and the message does not have a valid tag
+ Pipe pipe(cipher.release());
+ pipe.process_msg(encrypted_data);
+ return pipe.read_all(0);
+ }
+ catch(...)
+ {
+ valid_mask = 0;
+ }
+ }
+ return secure_vector();
}
}
--
cgit v1.2.3