Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-07 22:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Delay checking unknown critical signature subpackets (#1766)

Browse Source 
Throw when verifying signatures with unknown critical subpackets,
instead of when parsing them.
This commit is contained in:
Daniel Huigens 2024-06-17 12:31:31 +02:00 committed by GitHub
parent d138b5290b
commit b1e27a1430
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
2 changed files with 35 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
src/packet/signature.js
View File

@ -67,6 +67,7 @@ class SignaturePacket {
this.signatureData = null; this.signatureData = null;
this.unhashedSubpackets = []; this.unhashedSubpackets = [];
this.unknownSubpackets = [];
this.signedHashValue = null; this.signedHashValue = null;
this.salt = null; this.salt = null;
@ -595,14 +596,13 @@ class SignaturePacket {
this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]); this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);
} }
break; break;
default: { default:
const err = new Error(`Unknown signature subpacket type ${type}`); this.unknownSubpackets.push({
if (critical) { type,
throw err; critical,
} else { body: bytes.subarray(mypos, bytes.length)
util.printDebug(err); });
} break;
}
} }
} }
@ -801,6 +801,11 @@ class SignaturePacket {
[enums.signature.binary, enums.signature.text].includes(this.signatureType)) { [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {
throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase()); throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());
} }
this.unknownSubpackets.forEach(({ type, critical }) => {
if (critical) {
throw new Error(`Unknown critical signature subpacket type ${type}`);
}
});
this.rawNotations.forEach(({ name, critical }) => { this.rawNotations.forEach(({ name, critical }) => {
if (critical && (config.knownNotations.indexOf(name) < 0)) { if (critical && (config.knownNotations.indexOf(name) < 0)) {
throw new Error(`Unknown critical notation: ${name}`); throw new Error(`Unknown critical notation: ${name}`);

22
test/general/signature.js
View File

@ -2493,4 +2493,26 @@ JImeZLY02MctIpGZULbqgcUGK0P/yqrPL8Pe4lQM
const verified = await openpgp.verify({ verificationKeys: key, message }); const verified = await openpgp.verify({ verificationKeys: key, message });
expect(await verified.signatures[0].verified).to.be.true; expect(await verified.signatures[0].verified).to.be.true;
}); });
it('Should parse a signature with a critical unknown subpacket, but not verify it', async function() {
const key = await openpgp.readKey({
armoredKey: `-----BEGIN PGP PUBLIC KEY BLOCK-----
xjMEZmsxYRYJKwYBBAHaRw8BAQdAgPH3tbfVO4CNqRQevvYW6kYY0qpNQltw
CegLonECw/vNBFRlc3TCwBgEEBYKAIoFgmZrMWEDCwkHCZAFbxb2+9/G3UUU
AAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3Jn1Bg/fpBZjM6n
CMTgcCh7+NHCoTmgpPef1+7CO792jL4FFQgKDA4EFgACAQIZAQKbAwIeARYh
BL/u0Jl6QJQVEZ0grQVvFvb738bdBOMBAgMAAMAYAQD25k4by+9P5WuOvirp
MhKE441PBb1n3fhaVpLogoVgZwD/ST2+Y5G6NdJM+U45iwfZDfa3ix1/zUSf
DF+cVdXVOwrOOARmazFhEgorBgEEAZdVAQUBAQdAGVw9vpajNPafAzshTmok
O1ZCDuQN9KkV+qTxZ7JGoEIDAQgHwsADBBgWCgB1BYJmazFhCZAFbxb2+9/G
3UUUAAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3JnRIP2KWB1
C8+8vpmscsPPBl+KYeNcCbCOJqo7G3A5ES0CmwwWIQS/7tCZekCUFRGdIK0F
bxb2+9/G3QTjAQIDAABj9wEA2E/C98UXszf4TWH7/xBGICoDDNxceMhSDvtt
nYhoNlUA/Ar+Ofx+vMf9oYcNjPEbYu/yu1AtKY44aZvDBLK2+OAI
=YrJy
-----END PGP PUBLIC KEY BLOCK-----`
});
await expect(key.verifyPrimaryKey()).to.be.rejectedWith(/Unknown critical signature subpacket type 99/);
});
}); });