fix: do not allow decryption with "Plaintext" algorithm

According to <https://datatracker.ietf.org/doc/html/rfc4880#section-13.4> "plaintext" MUST NOT be used to encrypt data packets.
rpgp · Feb 13, 2024 · e07d51f · e07d51f
1 parent 4d9144d
commit e07d51f
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/src/composed/message/types.rs b/src/composed/message/types.rs
@@ -270,7 +270,7 @@ impl Message {
         self.encrypt_symmetric(rng, esk, alg, session_key)
     }
 
-    /// Encrytp the message using the given password.
+    /// Encrypt the message using the given password.
     pub fn encrypt_with_password<R, F>(
         &self,
         rng: &mut R,
@@ -544,6 +544,7 @@ impl Message {
                 };
 
                 let ids = session_keys.into_iter().map(|(k, _)| k).collect();
+                ensure!(alg != SymmetricKeyAlgorithm::Plaintext, "algorithm cannot be plaintext");
 
                 Ok((MessageDecrypter::new(session_key, alg, edata), ids))
             }
@@ -575,6 +576,7 @@ impl Message {
 
                 let (session_key, alg) =
                     decrypt_session_key_with_password(skesk.expect("checked above"), msg_pw)?;
+                ensure!(alg != SymmetricKeyAlgorithm::Plaintext, "algorithm cannot be plaintext");
 
                 Ok(MessageDecrypter::new(session_key, alg, edata))
             }