Add ConsumerOptions.setIgnoreMDCErrors()

This method can be used to make PGPainless ignore certain MDC related errors or mishabits. Use of this options is discouraged, but may come in handy in some situations. Fixes #190
pgpainless · Oct 1, 2021 · 8ec8a55 · 8ec8a55
1 parent dd77d6b
commit 8ec8a55
Show file tree

Hide file tree

Showing 5 changed files with 255 additions and 60 deletions.
diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/ConsumerOptions.java
@@ -43,6 +43,8 @@
  */
 public class ConsumerOptions {
 
+    private boolean ignoreMDCErrors = false;
+
     private Date verifyNotBefore = null;
     private Date verifyNotAfter = new Date();
 
@@ -264,4 +266,38 @@ public ConsumerOptions addDecryptionPassphrase(@Nonnull Passphrase passphrase) {
     public @Nonnull Set<PGPSignature> getDetachedSignatures() {
         return Collections.unmodifiableSet(detachedSignatures);
     }
+
+    /**
+     * By default, PGPainless will require encrypted messages to make use of SEIP data packets.
+     * Those are Symmetrically Encrypted Integrity Protected Data packets.
+     * Symmetrically Encrypted Data Packets without integrity protection are rejected by default.
+     * Furthermore, PGPainless will throw an exception if verification of the MDC error detection code of the SEIP packet
+     * fails.
+     *
+     * Failure of MDC verification indicates a tampered ciphertext, which might be the cause of an attack or data corruption.
+     *
+     * This method can be used to ignore MDC errors and allow PGPainless to consume encrypted data without integrity protection.
+     * If the flag <pre>ignoreMDCErrors</pre> is set to true, PGPainless will
+     * <ul>
+     *     <li>not throw exceptions for SEIP packets with tampered ciphertext</li>
+     *     <li>not throw exceptions for SEIP packets with tampered MDC</li>
+     *     <li>not throw exceptions for MDCs with bad CTB</li>
+     *     <li>not throw exceptions for MDCs with bad length</li>
+     * </ul>
+     *
+     * It will however still throw an exception if it encounters a SEIP packet with missing or truncated MDC
+     *
+     * @see <a href="https://datatracker.ietf.org/doc/html/rfc4880#section-5.13">Sym. Encrypted Integrity Protected Data Packet</a>
+     * @param ignoreMDCErrors true if MDC errors or missing MDCs shall be ignored, false otherwise.
+     * @return options
+     */
+    @Deprecated
+    public ConsumerOptions setIgnoreMDCErrors(boolean ignoreMDCErrors) {
+        this.ignoreMDCErrors = ignoreMDCErrors;
+        return this;
+    }
+
+    boolean isIgnoreMDCErrors() {
+        return ignoreMDCErrors;
+    }
 }
diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStream.java
@@ -20,7 +20,6 @@
 import javax.annotation.Nonnull;
 
 import org.bouncycastle.util.io.Streams;
-import org.pgpainless.util.IntegrityProtectedInputStream;
 
 /**
  * Decryption Stream that handles updating and verification of detached signatures,

diff --git a/...ss-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java b/...ss-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@@ -67,7 +67,6 @@
 import org.pgpainless.signature.OnePassSignatureCheck;
 import org.pgpainless.signature.SignatureUtils;
 import org.pgpainless.util.CRCingArmoredInputStreamWrapper;
-import org.pgpainless.util.IntegrityProtectedInputStream;
 import org.pgpainless.util.Passphrase;
 import org.pgpainless.util.Tuple;
 import org.slf4j.Logger;
@@ -286,8 +285,8 @@ private InputStream decryptSessionKey(@Nonnull PGPEncryptedDataList encryptedDat
         // Sort PKESK and SKESK packets
         while (encryptedDataIterator.hasNext()) {
             PGPEncryptedData encryptedData = encryptedDataIterator.next();
-            // TODO: Maybe just skip non-integrity-protected packages?
-            if (!encryptedData.isIntegrityProtected()) {
+
+            if (!encryptedData.isIntegrityProtected() && !options.isIgnoreMDCErrors()) {
                 throw new MessageNotIntegrityProtectedException();
             }
 
@@ -314,7 +313,7 @@ else if (encryptedData instanceof PGPPublicKeyEncryptedData) {
                     throwIfAlgorithmIsRejected(symmetricKeyAlgorithm);
                     resultBuilder.setSymmetricKeyAlgorithm(symmetricKeyAlgorithm);
 
-                    integrityProtectedEncryptedInputStream = new IntegrityProtectedInputStream(decryptedDataStream, pbeEncryptedData);
+                    integrityProtectedEncryptedInputStream = new IntegrityProtectedInputStream(decryptedDataStream, pbeEncryptedData, options);
 
                     return integrityProtectedEncryptedInputStream;
                 } catch (PGPException e) {
@@ -461,7 +460,7 @@ private InputStream decryptWith(PGPPublicKeyEncryptedData encryptedSessionKey, P
         throwIfAlgorithmIsRejected(symmetricKeyAlgorithm);
         resultBuilder.setSymmetricKeyAlgorithm(symmetricKeyAlgorithm);
 
-        integrityProtectedEncryptedInputStream = new IntegrityProtectedInputStream(encryptedSessionKey.getDataStream(dataDecryptor), encryptedSessionKey);
+        integrityProtectedEncryptedInputStream = new IntegrityProtectedInputStream(encryptedSessionKey.getDataStream(dataDecryptor), encryptedSessionKey, options);
         return integrityProtectedEncryptedInputStream;
     }
 

diff --git a/...s/util/IntegrityProtectedInputStream.java → ...cation/IntegrityProtectedInputStream.java b/...s/util/IntegrityProtectedInputStream.java → ...cation/IntegrityProtectedInputStream.java
@@ -13,11 +13,10 @@
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
-package org.pgpainless.util;
+package org.pgpainless.decryption_verification;
 
 import java.io.IOException;
 import java.io.InputStream;
-
 import javax.annotation.Nonnull;
 
 import org.bouncycastle.openpgp.PGPEncryptedData;
@@ -28,10 +27,12 @@ public class IntegrityProtectedInputStream extends InputStream {
 
     private final InputStream inputStream;
     private final PGPEncryptedData encryptedData;
+    private final ConsumerOptions options;
 
-    public IntegrityProtectedInputStream(InputStream inputStream, PGPEncryptedData encryptedData) {
+    public IntegrityProtectedInputStream(InputStream inputStream, PGPEncryptedData encryptedData, ConsumerOptions options) {
         this.inputStream = inputStream;
         this.encryptedData = encryptedData;
+        this.options = options;
     }
 
     @Override
@@ -46,7 +47,7 @@ public int read(@Nonnull byte[] b, int offset, int length) throws IOException {
 
     @Override
     public void close() throws IOException {
-        if (encryptedData.isIntegrityProtected()) {
+        if (encryptedData.isIntegrityProtected() && !options.isIgnoreMDCErrors()) {
             try {
                 if (!encryptedData.verify()) {
                     throw new ModificationDetectionException();