From 33d5b158f81ff1d6f2cc6efa9e61d789411bb4f4 Mon Sep 17 00:00:00 2001
From: Sanjana Rajan <srajan1@stanford.edu>
Date: Mon, 14 May 2018 23:39:28 -0700
Subject: [PATCH] fix #706 - if ignore_mdc_error is set to false then MDC is
required for all symmetrically encrypted data
---
src/packet/symmetrically_encrypted.js | 9 +++------
test/general/packet.js | 2 +-
2 files changed, 4 insertions(+), 7 deletions(-)
diff --git a/src/packet/symmetrically_encrypted.js b/src/packet/symmetrically_encrypted.js
index 12590e88..f4858d94 100644
--- a/src/packet/symmetrically_encrypted.js
+++ b/src/packet/symmetrically_encrypted.js
@@ -77,12 +77,9 @@ SymmetricallyEncrypted.prototype.write = function () {
*/
SymmetricallyEncrypted.prototype.decrypt = async function (sessionKeyAlgorithm, key) {
const decrypted = crypto.cfb.decrypt(sessionKeyAlgorithm, key, this.encrypted, true);
- // for modern cipher (blocklength != 64 bit, except for Twofish) MDC is required
- if (!this.ignore_mdc_error &&
- (sessionKeyAlgorithm === 'aes128' ||
- sessionKeyAlgorithm === 'aes192' ||
- sessionKeyAlgorithm === 'aes256')) {
- throw new Error('Decryption failed due to missing MDC in combination with modern cipher.');
+ // If MDC errors are not being ignored, all missing MDC packets in symmetrically encrypted data should throw an error
+ if (!this.ignore_mdc_error) {
+ throw new Error('Decryption failed due to missing MDC.');
}
this.packets.read(decrypted);
diff --git a/test/general/packet.js b/test/general/packet.js
index 25e1e43e..a602f12b 100644
--- a/test/general/packet.js
+++ b/test/general/packet.js
@@ -96,7 +96,7 @@ describe("Packet", function() {
const msg2 = new openpgp.packet.List();
msg2.read(message.write());
- await expect(msg2[0].decrypt(algo, key)).to.eventually.be.rejectedWith('Decryption failed due to missing MDC in combination with modern cipher.');
+ await expect(msg2[0].decrypt(algo, key)).to.eventually.be.rejectedWith('Decryption failed due to missing MDC.');
});
it('Sym. encrypted integrity protected packet', async function() {