mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-12-25 08:28:50 -05:00
Handle missing integrity protection MDC packet as if integrity check would have failed.
An attacker could strip the MDC on its way to the receiver...
This commit is contained in:
parent
b0821a3ddd
commit
c981902aba
@ -399,8 +399,7 @@ public class PgpDecryptVerify {
|
|||||||
signingKey = signingRing.getPublicKey(sigKeyId);
|
signingKey = signingRing.getPublicKey(sigKeyId);
|
||||||
signatureIndex = i;
|
signatureIndex = i;
|
||||||
} catch (ProviderHelper.NotFoundException e) {
|
} catch (ProviderHelper.NotFoundException e) {
|
||||||
Log.d(Constants.TAG, "key not found!");
|
Log.d(Constants.TAG, "key not found, trying next signature…");
|
||||||
// try next one...
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -537,8 +536,10 @@ public class PgpDecryptVerify {
|
|||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// no integrity check
|
// no integrity check
|
||||||
Log.e(Constants.TAG, "Encrypted data was not integrity protected!");
|
Log.d(Constants.TAG, "Encrypted data was not integrity protected! MDC packet is missing!");
|
||||||
// TODO: inform user?
|
// Handle missing integrity protection like failed integrity protection!
|
||||||
|
// The MDC packet can be stripped by an attacker!
|
||||||
|
throw new IntegrityCheckFailedException();
|
||||||
}
|
}
|
||||||
|
|
||||||
updateProgress(R.string.progress_done, 100, 100);
|
updateProgress(R.string.progress_done, 100, 100);
|
||||||
|
Loading…
Reference in New Issue
Block a user