diff --git a/doc/gpg.texi b/doc/gpg.texi index 544ed1817..baad58657 100644 --- a/doc/gpg.texi +++ b/doc/gpg.texi @@ -2596,21 +2596,18 @@ modern and faster way to do authenticated encrytion than the old MDC method. See also options @option{--aead-algo} and @option{--chunk-size}. -This option requires the use of option @option{--rfc4880bis} to -declare that a not yet standardized feature is used. +As of now this option requires the use of option @option{--rfc4880bis} +to declare that a not yet standardized feature is used. @item --force-mdc +@itemx --disable-mdc @opindex force-mdc -Force the use of encryption with a modification detection code. This -is always used with the newer ciphers (those with a blocksize greater -than 64 bits), or if all of the recipient keys indicate MDC support in -their feature flags. - -@item --disable-mdc @opindex disable-mdc -Disable the use of the modification detection code. Note that by -using this option, the encrypted message becomes vulnerable to a -message modification attack. +These options are obsolete and have no effect since GnuPG 2.2.8. The +MDC is always used unless the keys indicate that an AEAD algorithm can +be used in which case AEAD is used. But note: If the creation or of a +legacy non-MDC message is exceptionally required, the option +@option{--rfc2440} allows for this. @item --disable-signer-uid @opindex disable-signer-uid @@ -2740,7 +2737,10 @@ keys or data may not be usable with future GnuPG versions. @item --rfc2440 @opindex rfc2440 Reset all packet, cipher and digest options to strict RFC-2440 -behavior. +behavior. Note that by using this option encryption packets are +created in a legacy mode without MDC protection. This is dangerous +and should thus only be used for experiments. See also option +@option{--ignore-mdc-error}. @item --pgp6 @opindex pgp6 @@ -2750,8 +2750,9 @@ restricts you to the ciphers IDEA (if the IDEA plugin is installed), compression algorithms none and ZIP. This also disables @option{--throw-keyids}, and making signatures with signing subkeys as PGP 6 does not understand signatures made by signing subkeys. +FIXME: remove this options. -This option implies @option{--disable-mdc --escape-from-lines}. +This option implies @option{--escape-from-lines}. @item --pgp7 @opindex pgp7 @@ -3234,7 +3235,7 @@ It is required to decrypt old messages which did not use an MDC. It may also be useful if a message is partially garbled, but it is necessary to get as much data as possible out of that garbled message. Be aware that a missing or failed MDC can be an indication of an -attack. Use with caution. +attack. Use with great caution; see also option @option{--rfc2440}. @item --allow-weak-digest-algos @opindex allow-weak-digest-algos diff --git a/g10/cipher-cfb.c b/g10/cipher-cfb.c index 48927c558..3ba8eb738 100644 --- a/g10/cipher-cfb.c +++ b/g10/cipher-cfb.c @@ -33,6 +33,7 @@ #include "packet.h" #include "options.h" #include "main.h" +#include "../common/i18n.h" #include "../common/status.h" @@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a) } else { - log_info ("WARNING: " - "encrypting without integrity protection is dangerous\n"); + log_info (_("WARNING: " + "encrypting without integrity protection is dangerous\n")); + log_info (_("Hint: Do not use option %s\n"), "--rfc2440"); } write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d", diff --git a/g10/encrypt.c b/g10/encrypt.c index c6c9e3a03..7de07d234 100644 --- a/g10/encrypt.c +++ b/g10/encrypt.c @@ -212,11 +212,7 @@ use_aead (pk_list_t pk_list, int algo) can_use = openpgp_cipher_get_algo_blklen (algo) == 16; - /* With --force-mdc we clearly do not want AEAD. */ - if (opt.force_mdc) - return 0; - - /* However with --force-aead we want AEAD. */ + /* With --force-aead we want AEAD. */ if (opt.force_aead) { if (!can_use) @@ -232,62 +228,29 @@ use_aead (pk_list_t pk_list, int algo) if (!can_use) return 0; + /* Note the user which keys have no AEAD feature flag set. */ + if (opt.verbose) + warn_missing_aead_from_pklist (pk_list); + /* If all keys support AEAD we can use it. */ return select_aead_from_pklist (pk_list); } -/* We try very hard to use a MDC */ +/* Shall we use the MDC? Yes - unless rfc-2440 compatibility is + * requested. */ int use_mdc (pk_list_t pk_list,int algo) { - /* RFC-2440 don't has MDC */ + (void)pk_list; + (void)algo; + + /* RFC-2440 don't has MDC - this is the only way to create a legacy + * non-MDC encryption packet. */ if (RFC2440) return 0; - /* --force-mdc overrides --disable-mdc */ - if(opt.force_mdc) - return 1; - - if(opt.disable_mdc) - return 0; - - /* Do the keys really support MDC? */ - - if(select_mdc_from_pklist(pk_list)) - return 1; - - /* The keys don't support MDC, so now we do a bit of a hack - if any - of the AESes or TWOFISH are in the prefs, we assume that the user - can handle a MDC. This is valid for PGP 7, which can handle MDCs - though it will not generate them. 2440bis allows this, by the - way. */ - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256) - return 1; - - if(select_algo_from_prefs(pk_list,PREFTYPE_SYM, - CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH) - return 1; - - /* Last try. Use MDC for the modern ciphers. */ - - if (openpgp_cipher_get_algo_blklen (algo) != 8) - return 1; - - if (opt.verbose) - warn_missing_mdc_from_pklist (pk_list); - - return 0; /* No MDC */ + return 1; /* In all other cases we use the MDC */ } diff --git a/g10/gpg.c b/g10/gpg.c index e718fe45e..1a419f7e7 100644 --- a/g10/gpg.c +++ b/g10/gpg.c @@ -301,10 +301,6 @@ enum cmd_and_opt_values oShowPhotos, oNoShowPhotos, oPhotoViewer, - oForceMDC, - oNoForceMDC, - oDisableMDC, - oNoDisableMDC, oForceAEAD, oS2KMode, oS2KDigest, @@ -605,11 +601,6 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oQuiet, "quiet", "@"), ARGPARSE_s_n (oNoTTY, "no-tty", "@"), - ARGPARSE_s_n (oForceMDC, "force-mdc", "@"), - ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"), - ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"), - ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"), - ARGPARSE_s_n (oForceAEAD, "force-aead", "@"), ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"), @@ -924,6 +915,11 @@ static ARGPARSE_OPTS opts[] = { ARGPARSE_s_n (oNoop, "force-v4-certs", "@"), ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"), ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"), + ARGPARSE_s_n (oNoop, "force-mdc", "@"), + ARGPARSE_s_n (oNoop, "no-force-mdc", "@"), + ARGPARSE_s_n (oNoop, "disable-mdc", "@"), + ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"), + ARGPARSE_end () }; @@ -2201,7 +2197,6 @@ set_compliance_option (enum cmd_and_opt_values option) case oDE_VS: set_compliance_option (oOpenPGP); opt.compliance = CO_DE_VS; - opt.force_mdc = 1; opt.def_aead_algo = 0; /* Fixme: Change other options. */ break; @@ -3019,11 +3014,6 @@ main (int argc, char **argv) break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; - case oForceMDC: opt.force_mdc = 1; break; - case oNoForceMDC: opt.force_mdc = 0; break; - case oDisableMDC: opt.disable_mdc = 1; break; - case oNoDisableMDC: opt.disable_mdc = 0; break; - case oForceAEAD: opt.force_aead = 1; break; case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; @@ -3802,7 +3792,6 @@ main (int argc, char **argv) { /* That does not anymore work because we have no more support for v3 signatures. */ - opt.disable_mdc=1; opt.escape_from=1; opt.ask_sig_expire=0; } diff --git a/g10/keydb.h b/g10/keydb.h index c65af0204..bd156a6a3 100644 --- a/g10/keydb.h +++ b/g10/keydb.h @@ -236,7 +236,7 @@ int select_algo_from_prefs( PK_LIST pk_list, int preftype, int request, const union pref_hint *hint); int select_mdc_from_pklist (PK_LIST pk_list); aead_algo_t select_aead_from_pklist (pk_list_t pk_list); -void warn_missing_mdc_from_pklist (PK_LIST pk_list); +void warn_missing_aead_from_pklist (PK_LIST pk_list); void warn_missing_aes_from_pklist (PK_LIST pk_list); /*-- skclist.c --*/ diff --git a/g10/pkclist.c b/g10/pkclist.c index 8b5d0422a..05bbea52d 100644 --- a/g10/pkclist.c +++ b/g10/pkclist.c @@ -1677,9 +1677,10 @@ select_aead_from_pklist (PK_LIST pk_list) } -/* Print a warning for all keys in PK_LIST missing the MDC feature. */ +/* Print a warning for all keys in PK_LIST missing the AEAD feature + * flag or AEAD algorithms. */ void -warn_missing_mdc_from_pklist (PK_LIST pk_list) +warn_missing_aead_from_pklist (PK_LIST pk_list) { PK_LIST pkr; @@ -1688,12 +1689,12 @@ warn_missing_mdc_from_pklist (PK_LIST pk_list) int mdc; if (pkr->pk->user_id) /* selected by user ID */ - mdc = pkr->pk->user_id->flags.mdc; + mdc = pkr->pk->user_id->flags.aead; else - mdc = pkr->pk->flags.mdc; + mdc = pkr->pk->flags.aead; if (!mdc) log_info (_("Note: key %s has no %s feature\n"), - keystr_from_pk (pkr->pk), "MDC"); + keystr_from_pk (pkr->pk), "AEAD"); } } diff --git a/po/POTFILES.in b/po/POTFILES.in index f071651cc..f19cb49c4 100644 --- a/po/POTFILES.in +++ b/po/POTFILES.in @@ -75,6 +75,8 @@ g10/tofu.c g10/trustdb.c g10/trust.c g10/verify.c +g10/cipher-cfb.c +g10/cipher-aead.c kbx/kbxutil.c