diff options
author | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-08-10 21:50:46 +0200 |
---|---|---|
committer | Dominik Schürmann <dominik@dominikschuermann.de> | 2014-08-10 21:50:46 +0200 |
commit | 13f86890d68f68529df692531a830c0a8b3134c0 (patch) | |
tree | 9e577e33f35d4d8d7f31c9100a95472d5807343d /OpenKeychain/src | |
parent | 33a4d6852008c81070adabb2795c256ea34cac55 (diff) | |
download | open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.tar.gz open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.tar.bz2 open-keychain-13f86890d68f68529df692531a830c0a8b3134c0.zip |
Handle missing MDC as failed only if no valid signature is present
Diffstat (limited to 'OpenKeychain/src')
2 files changed, 9 insertions, 1 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java index 75f8bdb66..a116ea665 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java @@ -65,6 +65,10 @@ public class OpenPgpSignatureResultBuilder { this.mSignatureAvailable = signatureAvailable; } + public boolean isValidSignature() { + return mValidSignature; + } + public OpenPgpSignatureResult build() { if (mSignatureAvailable) { OpenPgpSignatureResult result = new OpenPgpSignatureResult(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java index b38caa80e..518975907 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java @@ -535,9 +535,13 @@ public class PgpDecryptVerify { } else { // no integrity check Log.d(Constants.TAG, "Encrypted data was not integrity protected! MDC packet is missing!"); + + // If no valid signature is present: // Handle missing integrity protection like failed integrity protection! // The MDC packet can be stripped by an attacker! - throw new IntegrityCheckFailedException(); + if (!signatureResultBuilder.isValidSignature()) { + throw new IntegrityCheckFailedException(); + } } updateProgress(R.string.progress_done, 100, 100); |