Handle missing MDC as failed only if no valid signature is present

author: Dominik Schürmann <dominik@dominikschuermann.de> 2014-08-10 21:50:46 +0200
committer: Dominik Schürmann <dominik@dominikschuermann.de> 2014-08-10 21:50:46 +0200
commit: 13f86890d68f68529df692531a830c0a8b3134c0 (patch)
tree: 9e577e33f35d4d8d7f31c9100a95472d5807343d /OpenKeychain/src/main/java/org
parent: 33a4d6852008c81070adabb2795c256ea34cac55 (diff)
download: open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.tar.gz
open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.tar.bz2
open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.zip
2 files changed, 9 insertions, 1 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
index 75f8bdb66..a116ea665 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
@@ -65,6 +65,10 @@ public class OpenPgpSignatureResultBuilder {
         this.mSignatureAvailable = signatureAvailable;
     }
 
+    public boolean isValidSignature() {
+        return mValidSignature;
+    }
+
     public OpenPgpSignatureResult build() {
         if (mSignatureAvailable) {
             OpenPgpSignatureResult result = new OpenPgpSignatureResult();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index b38caa80e..518975907 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -535,9 +535,13 @@ public class PgpDecryptVerify {
         } else {
             // no integrity check
             Log.d(Constants.TAG, "Encrypted data was not integrity protected! MDC packet is missing!");
+
+            // If no valid signature is present:
             // Handle missing integrity protection like failed integrity protection!
             // The MDC packet can be stripped by an attacker!
-            throw new IntegrityCheckFailedException();
+            if (!signatureResultBuilder.isValidSignature()) {
+                throw new IntegrityCheckFailedException();
+            }
         }
 
         updateProgress(R.string.progress_done, 100, 100);
author	Dominik Schürmann <dominik@dominikschuermann.de>	2014-08-10 21:50:46 +0200
committer	Dominik Schürmann <dominik@dominikschuermann.de>	2014-08-10 21:50:46 +0200
commit	13f86890d68f68529df692531a830c0a8b3134c0 (patch)
tree	9e577e33f35d4d8d7f31c9100a95472d5807343d /OpenKeychain/src/main/java/org
parent	33a4d6852008c81070adabb2795c256ea34cac55 (diff)
download	open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.tar.gz open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.tar.bz2 open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.zip