22a68878e4
Implement optional constant-time decryption flow to hinder Bleichenbacher-like attacks against RSA- and ElGamal public-key encrypted session keys. Changes: - Add `config.constantTimePKCS1Decryption` to enable the constant-time processing (defaults to `false`). The constant-time option is off by default since it has measurable performance impact on message decryption, and it is only helpful in specific application scenarios (more info below). - Add `config.constantTimePKCS1DecryptionSupportedSymmetricAlgorithms` (defaults to the AES algorithms). The set of supported ciphers is restricted by default since the number of algorithms negatively affects performance. Bleichenbacher-like attacks are of concern for applications where both of the following conditions are met: 1. new/incoming messages are automatically decrypted (without user interaction); 2. an attacker can determine how long it takes to decrypt each message (e.g. due to decryption errors being logged remotely). |
||
|---|---|---|
| .. | ||
| armor.js | ||
| biginteger.js | ||
| brainpool.js | ||
| config.js | ||
| decompression.js | ||
| ecc_nist.js | ||
| ecc_secp256k1.js | ||
| index.js | ||
| key.js | ||
| oid.js | ||
| openpgp.js | ||
| packet.js | ||
| signature.js | ||
| streaming.js | ||
| testInputs.js | ||
| util.js | ||
| x25519.js | ||