From 2ee347154cd6c1982f668ca633a2f7b24721ea88 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Thomas=20Obernd=C3=B6rfer?= <thomas@mailvelope.com>
Date: Tue, 27 Oct 2015 17:34:28 +0100
Subject: [PATCH] Symmetrically encrypted packet: raise error if MDC is missing
 for modern cipher.

---
 src/config/config.js                  |  3 +++
 src/packet/symmetrically_encrypted.js | 15 +++++++++++----
 2 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/src/config/config.js b/src/config/config.js
index 7c300466..609f5674 100644
--- a/src/config/config.js
+++ b/src/config/config.js
@@ -35,7 +35,10 @@ module.exports = {
   prefer_hash_algorithm: enums.hash.sha256,
   encryption_cipher: enums.symmetric.aes256,
   compression: enums.compression.zip,
+  // use integrity protection for symmetric encryption
   integrity_protect: true,
+  // fail on decrypt if message is not integrity protected
+  ignore_mdc_error: false,
   rsa_blinding: true,
   useWebCrypto: true,
 
diff --git a/src/packet/symmetrically_encrypted.js b/src/packet/symmetrically_encrypted.js
index 01a527cd..5a472508 100644
--- a/src/packet/symmetrically_encrypted.js
+++ b/src/packet/symmetrically_encrypted.js
@@ -31,7 +31,8 @@
 module.exports = SymmetricallyEncrypted;
 
 var crypto = require('../crypto'),
-  enums = require('../enums.js');
+  enums = require('../enums.js'),
+  config = require('../config');
 
 /**
  * @constructor
@@ -42,6 +43,7 @@ function SymmetricallyEncrypted() {
   /** Decrypted packets contained within. 
    * @type {module:packet/packetlist} */
   this.packets =  null;
+  this.ignore_mdc_error = config.ignore_mdc_error;
 }
 
 SymmetricallyEncrypted.prototype.read = function (bytes) {
@@ -62,9 +64,14 @@ SymmetricallyEncrypted.prototype.write = function () {
  *            algorithm
  */
 SymmetricallyEncrypted.prototype.decrypt = function (sessionKeyAlgorithm, key) {
-  var decrypted = crypto.cfb.decrypt(
-    sessionKeyAlgorithm, key, this.encrypted, true);
-
+  var decrypted = crypto.cfb.decrypt(sessionKeyAlgorithm, key, this.encrypted, true);
+  // for modern cipher (blocklength != 64 bit, except for Twofish) MDC is required
+  if (!this.ignore_mdc_error &&
+      (sessionKeyAlgorithm === 'aes128' ||
+       sessionKeyAlgorithm === 'aes192' ||
+       sessionKeyAlgorithm === 'aes256')) {
+    throw new Error('Decryption failed due to missing MDC in combination with modern cipher.')
+  }
   this.packets.read(decrypted.join(''))
 };