Fix panic in ec decrypt (#89)

* fix panic in ec decrypt * add testcase for multiple recipients
fortanix · Jan 23, 2025 · 5a8d6cf · 5a8d6cf
1 parent 830c5d0
commit 5a8d6cf
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/openpgp-dsm/src/lib.rs b/openpgp-dsm/src/lib.rs
@@ -1922,7 +1922,7 @@ impl Decryptor for DsmAgent {
             MpiCiphertext::ECDH { e, .. } => {
                 let curve = match &self.public.mpis() {
                     MpiPublic::ECDH { curve, .. } => curve,
-                    _ => panic!("inconsistent pk algo"),
+                    _ => return Err(Error::msg("inconsistent pk algo")),
                 };
 
                 let ephemeral_der = der::serialize::spki_ec(curve, e);

diff --git a/sq/tests/dsm/sq_roundtrips.sh b/sq/tests/dsm/sq_roundtrips.sh
@@ -76,4 +76,13 @@ $sq decrypt $apikey --signer-cert="$bob_dsm" --signer-cert="$bob_local_pub" --ds
 
 diff "$message" "$decrypted_signed"
 
+# Encrypt to multiple recipients, Decrypt with one of the recipient
+comm "encrypt to both Bob and Alice"
+$sq --force encrypt --recipient-cert "$bob_dsm" --recipient-cert "$alice_public" "$message" --output "$encrypted_nosign"
+my_cat "$encrypted_nosign"
+
+comm "decrypt with Alice key"
+$sq --force decrypt --dsm-key="$alice_key_name" "$encrypted_nosign" --output "$decrypted_nosign"
+diff "$message" "$decrypted_nosign"
+
 echo "SUCCESS"