Improve error message for decryption with a session key #237
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
lubux
force-pushed
the
feat/error-message-decrypt-with-session-key
branch
3 times, most recently
from
bd40c5c to
f88b68e
Compare
twiss
reviewed
Nov 11, 2024
lubux
force-pushed
the
feat/error-message-decrypt-with-session-key
branch
from
f88b68e to
e0431bc
Compare
twiss
reviewed
Nov 11, 2024
larabr
reviewed
Nov 12, 2024
| @@ -819,7 +819,7 @@ func TestCorruptedMessageInvalidSigHeader(t *testing.T) { | |||
| promptFunc := func(keys []Key, symmetric bool) ([]byte, error) { | |||
| return passphrase, nil | |||
| } | |||
| const expectedErr string = "openpgp: invalid data: parsing error" | |||
| const expectedErr string = "openpgp: decryption with session key failed: parsing error" | |||
There was a problem hiding this comment.
Let's add similar tests for SEIPDv2 to test (and "demo") what kind of errors are thrown with AEAD (hopefully the AEAD chunks are not released/parsed even with streaming).
There was a problem hiding this comment.
Added a test for a missing last aead authentication tag:
6525f78
larabr
reviewed
Nov 12, 2024
larabr
reviewed
Nov 14, 2024
lubux
force-pushed
the
feat/error-message-decrypt-with-session-key
branch
from
32d52e6 to
89db31a
Compare
larabr
approved these changes
Nov 15, 2024
twiss
approved these changes
Nov 15, 2024
lubux
force-pushed
the
feat/error-message-decrypt-with-session-key
branch
from
89db31a to
b13d2fd
Compare
lubux
force-pushed
the
feat/error-message-decrypt-with-session-key
branch
from
b13d2fd to
c895e57
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR enhances the error messages returned during decryption with a session key by adding more context to improve clarity. Currently, a generic error like
openpgp: invalid data: parsing erroris returned, which makes it difficult to pinpoint the specific stage of failure and determine whether the session key itself is incorrect.With this PR, the error message now includes additional context, for example:
openpgp: decryption with session key failed: parsing error. This change helps identify the context the error occurs in while retaining the generic parsing error to avoid oracle attacks (#78).Further, it refactors the error handling slightly to avoid repetitions.