1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-03 12:11:33 +01:00

gpg: Remove MDC options

* g10/gpg.c: Tuen options --force-mdc, --no-force-mdc, --disable-mdc
and --no-disable-mdc into NOPs.
* g10/encrypt.c (use_mdc): Simplify.  MDC is now almost always used.
(use_aead): Ignore MDC options. Print warning for missing MDC feature
flags.
* g10/pkclist.c (warn_missing_mdc_from_pklist): Rename to ...
(warn_missing_aead_from_pklist): this and adjust.
--

The MDC is now always used except with --rfc2440 which will lead to a
a big fat warning.

Signed-off-by: Werner Koch <wk@gnupg.org>
This commit is contained in:
Werner Koch 2018-05-29 12:42:44 +02:00
parent af4a5dbe57
commit 253e8bdd90
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B
7 changed files with 46 additions and 88 deletions

View File

@ -2596,21 +2596,18 @@ modern and faster way to do authenticated encrytion than the old MDC
method. See also options @option{--aead-algo} and method. See also options @option{--aead-algo} and
@option{--chunk-size}. @option{--chunk-size}.
This option requires the use of option @option{--rfc4880bis} to As of now this option requires the use of option @option{--rfc4880bis}
declare that a not yet standardized feature is used. to declare that a not yet standardized feature is used.
@item --force-mdc @item --force-mdc
@itemx --disable-mdc
@opindex force-mdc @opindex force-mdc
Force the use of encryption with a modification detection code. This
is always used with the newer ciphers (those with a blocksize greater
than 64 bits), or if all of the recipient keys indicate MDC support in
their feature flags.
@item --disable-mdc
@opindex disable-mdc @opindex disable-mdc
Disable the use of the modification detection code. Note that by These options are obsolete and have no effect since GnuPG 2.2.8. The
using this option, the encrypted message becomes vulnerable to a MDC is always used unless the keys indicate that an AEAD algorithm can
message modification attack. be used in which case AEAD is used. But note: If the creation or of a
legacy non-MDC message is exceptionally required, the option
@option{--rfc2440} allows for this.
@item --disable-signer-uid @item --disable-signer-uid
@opindex disable-signer-uid @opindex disable-signer-uid
@ -2740,7 +2737,10 @@ keys or data may not be usable with future GnuPG versions.
@item --rfc2440 @item --rfc2440
@opindex rfc2440 @opindex rfc2440
Reset all packet, cipher and digest options to strict RFC-2440 Reset all packet, cipher and digest options to strict RFC-2440
behavior. behavior. Note that by using this option encryption packets are
created in a legacy mode without MDC protection. This is dangerous
and should thus only be used for experiments. See also option
@option{--ignore-mdc-error}.
@item --pgp6 @item --pgp6
@opindex pgp6 @opindex pgp6
@ -2750,8 +2750,9 @@ restricts you to the ciphers IDEA (if the IDEA plugin is installed),
compression algorithms none and ZIP. This also disables compression algorithms none and ZIP. This also disables
@option{--throw-keyids}, and making signatures with signing subkeys as PGP 6 @option{--throw-keyids}, and making signatures with signing subkeys as PGP 6
does not understand signatures made by signing subkeys. does not understand signatures made by signing subkeys.
FIXME: remove this options.
This option implies @option{--disable-mdc --escape-from-lines}. This option implies @option{--escape-from-lines}.
@item --pgp7 @item --pgp7
@opindex pgp7 @opindex pgp7
@ -3234,7 +3235,7 @@ It is required to decrypt old messages which did not use an MDC. It
may also be useful if a message is partially garbled, but it is may also be useful if a message is partially garbled, but it is
necessary to get as much data as possible out of that garbled message. necessary to get as much data as possible out of that garbled message.
Be aware that a missing or failed MDC can be an indication of an Be aware that a missing or failed MDC can be an indication of an
attack. Use with caution. attack. Use with great caution; see also option @option{--rfc2440}.
@item --allow-weak-digest-algos @item --allow-weak-digest-algos
@opindex allow-weak-digest-algos @opindex allow-weak-digest-algos

View File

@ -33,6 +33,7 @@
#include "packet.h" #include "packet.h"
#include "options.h" #include "options.h"
#include "main.h" #include "main.h"
#include "../common/i18n.h"
#include "../common/status.h" #include "../common/status.h"
@ -66,8 +67,9 @@ write_header (cipher_filter_context_t *cfx, iobuf_t a)
} }
else else
{ {
log_info ("WARNING: " log_info (_("WARNING: "
"encrypting without integrity protection is dangerous\n"); "encrypting without integrity protection is dangerous\n"));
log_info (_("Hint: Do not use option %s\n"), "--rfc2440");
} }
write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d", write_status_printf (STATUS_BEGIN_ENCRYPTION, "%d %d",

View File

@ -212,11 +212,7 @@ use_aead (pk_list_t pk_list, int algo)
can_use = openpgp_cipher_get_algo_blklen (algo) == 16; can_use = openpgp_cipher_get_algo_blklen (algo) == 16;
/* With --force-mdc we clearly do not want AEAD. */ /* With --force-aead we want AEAD. */
if (opt.force_mdc)
return 0;
/* However with --force-aead we want AEAD. */
if (opt.force_aead) if (opt.force_aead)
{ {
if (!can_use) if (!can_use)
@ -232,62 +228,29 @@ use_aead (pk_list_t pk_list, int algo)
if (!can_use) if (!can_use)
return 0; return 0;
/* Note the user which keys have no AEAD feature flag set. */
if (opt.verbose)
warn_missing_aead_from_pklist (pk_list);
/* If all keys support AEAD we can use it. */ /* If all keys support AEAD we can use it. */
return select_aead_from_pklist (pk_list); return select_aead_from_pklist (pk_list);
} }
/* We try very hard to use a MDC */ /* Shall we use the MDC? Yes - unless rfc-2440 compatibility is
* requested. */
int int
use_mdc (pk_list_t pk_list,int algo) use_mdc (pk_list_t pk_list,int algo)
{ {
/* RFC-2440 don't has MDC */ (void)pk_list;
(void)algo;
/* RFC-2440 don't has MDC - this is the only way to create a legacy
* non-MDC encryption packet. */
if (RFC2440) if (RFC2440)
return 0; return 0;
/* --force-mdc overrides --disable-mdc */ return 1; /* In all other cases we use the MDC */
if(opt.force_mdc)
return 1;
if(opt.disable_mdc)
return 0;
/* Do the keys really support MDC? */
if(select_mdc_from_pklist(pk_list))
return 1;
/* The keys don't support MDC, so now we do a bit of a hack - if any
of the AESes or TWOFISH are in the prefs, we assume that the user
can handle a MDC. This is valid for PGP 7, which can handle MDCs
though it will not generate them. 2440bis allows this, by the
way. */
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
CIPHER_ALGO_AES,NULL)==CIPHER_ALGO_AES)
return 1;
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
CIPHER_ALGO_AES192,NULL)==CIPHER_ALGO_AES192)
return 1;
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
CIPHER_ALGO_AES256,NULL)==CIPHER_ALGO_AES256)
return 1;
if(select_algo_from_prefs(pk_list,PREFTYPE_SYM,
CIPHER_ALGO_TWOFISH,NULL)==CIPHER_ALGO_TWOFISH)
return 1;
/* Last try. Use MDC for the modern ciphers. */
if (openpgp_cipher_get_algo_blklen (algo) != 8)
return 1;
if (opt.verbose)
warn_missing_mdc_from_pklist (pk_list);
return 0; /* No MDC */
} }

View File

@ -301,10 +301,6 @@ enum cmd_and_opt_values
oShowPhotos, oShowPhotos,
oNoShowPhotos, oNoShowPhotos,
oPhotoViewer, oPhotoViewer,
oForceMDC,
oNoForceMDC,
oDisableMDC,
oNoDisableMDC,
oForceAEAD, oForceAEAD,
oS2KMode, oS2KMode,
oS2KDigest, oS2KDigest,
@ -605,11 +601,6 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oQuiet, "quiet", "@"), ARGPARSE_s_n (oQuiet, "quiet", "@"),
ARGPARSE_s_n (oNoTTY, "no-tty", "@"), ARGPARSE_s_n (oNoTTY, "no-tty", "@"),
ARGPARSE_s_n (oForceMDC, "force-mdc", "@"),
ARGPARSE_s_n (oNoForceMDC, "no-force-mdc", "@"),
ARGPARSE_s_n (oDisableMDC, "disable-mdc", "@"),
ARGPARSE_s_n (oNoDisableMDC, "no-disable-mdc", "@"),
ARGPARSE_s_n (oForceAEAD, "force-aead", "@"), ARGPARSE_s_n (oForceAEAD, "force-aead", "@"),
ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"), ARGPARSE_s_n (oDisableSignerUID, "disable-signer-uid", "@"),
@ -924,6 +915,11 @@ static ARGPARSE_OPTS opts[] = {
ARGPARSE_s_n (oNoop, "force-v4-certs", "@"), ARGPARSE_s_n (oNoop, "force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"), ARGPARSE_s_n (oNoop, "no-force-v4-certs", "@"),
ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"), ARGPARSE_s_n (oNoop, "no-mdc-warning", "@"),
ARGPARSE_s_n (oNoop, "force-mdc", "@"),
ARGPARSE_s_n (oNoop, "no-force-mdc", "@"),
ARGPARSE_s_n (oNoop, "disable-mdc", "@"),
ARGPARSE_s_n (oNoop, "no-disable-mdc", "@"),
ARGPARSE_end () ARGPARSE_end ()
}; };
@ -2201,7 +2197,6 @@ set_compliance_option (enum cmd_and_opt_values option)
case oDE_VS: case oDE_VS:
set_compliance_option (oOpenPGP); set_compliance_option (oOpenPGP);
opt.compliance = CO_DE_VS; opt.compliance = CO_DE_VS;
opt.force_mdc = 1;
opt.def_aead_algo = 0; opt.def_aead_algo = 0;
/* Fixme: Change other options. */ /* Fixme: Change other options. */
break; break;
@ -3019,11 +3014,6 @@ main (int argc, char **argv)
break; break;
case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break; case oPhotoViewer: opt.photo_viewer = pargs.r.ret_str; break;
case oForceMDC: opt.force_mdc = 1; break;
case oNoForceMDC: opt.force_mdc = 0; break;
case oDisableMDC: opt.disable_mdc = 1; break;
case oNoDisableMDC: opt.disable_mdc = 0; break;
case oForceAEAD: opt.force_aead = 1; break; case oForceAEAD: opt.force_aead = 1; break;
case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break; case oDisableSignerUID: opt.flags.disable_signer_uid = 1; break;
@ -3802,7 +3792,6 @@ main (int argc, char **argv)
{ {
/* That does not anymore work because we have no more support /* That does not anymore work because we have no more support
for v3 signatures. */ for v3 signatures. */
opt.disable_mdc=1;
opt.escape_from=1; opt.escape_from=1;
opt.ask_sig_expire=0; opt.ask_sig_expire=0;
} }

View File

@ -236,7 +236,7 @@ int select_algo_from_prefs( PK_LIST pk_list, int preftype,
int request, const union pref_hint *hint); int request, const union pref_hint *hint);
int select_mdc_from_pklist (PK_LIST pk_list); int select_mdc_from_pklist (PK_LIST pk_list);
aead_algo_t select_aead_from_pklist (pk_list_t pk_list); aead_algo_t select_aead_from_pklist (pk_list_t pk_list);
void warn_missing_mdc_from_pklist (PK_LIST pk_list); void warn_missing_aead_from_pklist (PK_LIST pk_list);
void warn_missing_aes_from_pklist (PK_LIST pk_list); void warn_missing_aes_from_pklist (PK_LIST pk_list);
/*-- skclist.c --*/ /*-- skclist.c --*/

View File

@ -1677,9 +1677,10 @@ select_aead_from_pklist (PK_LIST pk_list)
} }
/* Print a warning for all keys in PK_LIST missing the MDC feature. */ /* Print a warning for all keys in PK_LIST missing the AEAD feature
* flag or AEAD algorithms. */
void void
warn_missing_mdc_from_pklist (PK_LIST pk_list) warn_missing_aead_from_pklist (PK_LIST pk_list)
{ {
PK_LIST pkr; PK_LIST pkr;
@ -1688,12 +1689,12 @@ warn_missing_mdc_from_pklist (PK_LIST pk_list)
int mdc; int mdc;
if (pkr->pk->user_id) /* selected by user ID */ if (pkr->pk->user_id) /* selected by user ID */
mdc = pkr->pk->user_id->flags.mdc; mdc = pkr->pk->user_id->flags.aead;
else else
mdc = pkr->pk->flags.mdc; mdc = pkr->pk->flags.aead;
if (!mdc) if (!mdc)
log_info (_("Note: key %s has no %s feature\n"), log_info (_("Note: key %s has no %s feature\n"),
keystr_from_pk (pkr->pk), "MDC"); keystr_from_pk (pkr->pk), "AEAD");
} }
} }

View File

@ -75,6 +75,8 @@ g10/tofu.c
g10/trustdb.c g10/trustdb.c
g10/trust.c g10/trust.c
g10/verify.c g10/verify.c
g10/cipher-cfb.c
g10/cipher-aead.c
kbx/kbxutil.c kbx/kbxutil.c