feat: Unify mdc integrity error

ProtonMail · Nov 12, 2024 · 2565717 · 2565717
1 parent e1dcc09
commit 2565717
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 5 deletions.
diff --git a/openpgp/errors/errors.go b/openpgp/errors/errors.go
@@ -20,8 +20,10 @@ var (
 	ErrAEADTagVerification error = DecryptWithSessionKeyError("AEAD tag verification failed")
 	// ErrMDCHashMismatch is returned if the final tag verification in SEIPDv1 fails
 	ErrMDCHashMismatch error = DecryptWithSessionKeyError("MDC hash mismatch")
-	// ErrMDCMissing is returned if the final tag in SEIPDv1 is missing
-	ErrMDCMissing error = DecryptWithSessionKeyError("MDC packet not found")
+	// ErrMDCMissing is deprecated and is no longer returned.
+	// Instead, if the MDC tag is missing, an ErrMDCHashMismatch error will be returned.
+	// Reduces the risk of decryption oracles.
+	ErrMDCMissing error = SignatureError("MDC packet not found")
 )
 
 // A StructuralError is returned when OpenPGP data is found to be syntactically

diff --git a/openpgp/packet/symmetrically_encrypted_mdc.go b/openpgp/packet/symmetrically_encrypted_mdc.go
@@ -148,7 +148,7 @@ const mdcPacketTagByte = byte(0x80) | 0x40 | 19
 
 func (ser *seMDCReader) Close() error {
 	if ser.error {
-		return errors.ErrMDCMissing
+		return errors.ErrMDCHashMismatch
 	}
 
 	for !ser.eof {
@@ -159,7 +159,7 @@ func (ser *seMDCReader) Close() error {
 			break
 		}
 		if err != nil {
-			return errors.ErrMDCMissing
+			return errors.ErrMDCHashMismatch
 		}
 	}
 
@@ -172,7 +172,7 @@ func (ser *seMDCReader) Close() error {
 	// The hash already includes the MDC header, but we still check its value
 	// to confirm encryption correctness
 	if ser.trailer[0] != mdcPacketTagByte || ser.trailer[1] != sha1.Size {
-		return errors.ErrMDCMissing
+		return errors.ErrMDCHashMismatch
 	}
 	return nil
 }