OpenPGP: Missing MDC protection not discovered
Categories
(MailNews Core :: Security: OpenPGP, defect, P1)
Tracking
(thunderbird78 fixed)
| Tracking | Status | |
|---|---|---|
| thunderbird78 | --- | fixed |
People
(Reporter: patrick, Assigned: KaiE)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
|
2.93 KB,
text/plain
|
Details | |
|
1.66 KB,
message/rfc822
|
Details | |
|
47 bytes,
text/x-phabricator-request
|
wsmwk
:
approval-comm-beta+
|
Details | Review |
If an encrypted message does not contain any MDC protection, then the message is decrypted and the result is displayed as "successfully decrypted".
However, a one of the Efail attacks is based upon modification of messages without MDC protection. The general consensus is that encrypted message MUST have an MDC protection, otherwise they should be treated as invalid.
|
Assignee | |
Comment 1•4 years ago
|
||
Patrick, thanks for testing this scenario. How could we get to a test case that can be shared?
How about creating an encrypted message to one of the test keys from https://gitlab.com/openpgp-wg/openpgp-samples ?
|
||
Updated•4 years ago
|
|
|
Assignee | |
Comment 2•4 years ago
|
||
I found that RNP cannot import the example keys as they are, but it simply doesn't seem to like multiple comment lines. After removing the second comment line, I was able to import the secret key.
|
|
Assignee | |
Comment 3•4 years ago
|
||
Here are edited versions of the test keys from the above repository.
I have edited the user IDs, and added email addresses that I control. This makes it easier to use the keys. However, they still use the same key material, so we can easily share the produced test messages, and everyone can decrypt them.
If you are able to create test messages that demonstrate this bug, could you please send them to one of these keys and email address? E.g. alice-test at kuix dot de, or bob-test at kuix dot de. Thanks.
|
Reporter | |
Comment 4•4 years ago
|
||
Attached is an example message.
To create such a message yourself using gpg use the following command:
gpg -a --rfc2440 --disable-mdc -r recipient -e
|
|
Assignee | |
Comment 5•4 years ago
|
||
Thanks Patrick, that's very helpful.
The API rnp_op_verify_t returns a "good" result after decryption.
I have raised the issue with the RNP developers at https://github.com/rnpgp/rnp/issues/1142
|
|
Assignee | |
Comment 6•4 years ago
|
||
Pushed by kaie@kuix.de:
https://hg.mozilla.org/comm-central/rev/cdef6999ca32
OpenPGP: Missing MDC protection not discovered. r=PatrickBrunschwig DONTBUILD
|
|
Assignee | |
Comment 8•4 years ago
•
|
||
Comment on attachment 9159906 [details]
Bug 1638645 - OpenPGP: Missing MDC protection not discovered. r=PatrickBrunschwig
Important security correctness enhancement for OpenPGP
|
||
Comment 9•4 years ago
|
||
Comment on attachment 9159906 [details]
Bug 1638645 - OpenPGP: Missing MDC protection not discovered. r=PatrickBrunschwig
Approved for beta
|
|
Assignee | |
Comment 10•4 years ago
|
||
|
|
||
Updated•4 years ago
|
Description
•