Delay checking unknown critical signature subpackets (#1766)

Throw when verifying signatures with unknown critical subpackets, instead of when parsing them.
2025-06-07 14:46:42 +00:00 · 2024-06-17 12:31:31 +02:00 · 2024-06-17 12:31:31 +02:00 · b1e27a1430
commit b1e27a1430
parent d138b5290b
2 changed files with 35 additions and 8 deletions
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@ -67,6 +67,7 @@ class SignaturePacket {

    this.signatureData = null;
    this.unhashedSubpackets = [];
+    this.unknownSubpackets = [];
    this.signedHashValue = null;
    this.salt = null;

@ -595,14 +596,13 @@ class SignaturePacket {
          this.preferredCipherSuites.push([bytes[i], bytes[i + 1]]);
        }
        break;
-      default: {
-        const err = new Error(`Unknown signature subpacket type ${type}`);
-        if (critical) {
-          throw err;
-        } else {
-          util.printDebug(err);
-        }
-      }
+      default:
+        this.unknownSubpackets.push({
+          type,
+          critical,
+          body: bytes.subarray(mypos, bytes.length)
+        });
+        break;
    }
  }

@ -801,6 +801,11 @@ class SignaturePacket {
      [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {
      throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, this.hashAlgorithm).toUpperCase());
    }
+    this.unknownSubpackets.forEach(({ type, critical }) => {
+      if (critical) {
+        throw new Error(`Unknown critical signature subpacket type ${type}`);
+      }
+    });
    this.rawNotations.forEach(({ name, critical }) => {
      if (critical && (config.knownNotations.indexOf(name) < 0)) {
        throw new Error(`Unknown critical notation: ${name}`);
--- a/test/general/signature.js
+++ b/test/general/signature.js
@ -2493,4 +2493,26 @@ JImeZLY02MctIpGZULbqgcUGK0P/yqrPL8Pe4lQM
    const verified = await openpgp.verify({ verificationKeys: key, message });
    expect(await verified.signatures[0].verified).to.be.true;
  });
+
+  it('Should parse a signature with a critical unknown subpacket, but not verify it', async function() {
+    const key = await openpgp.readKey({
+      armoredKey: `-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+xjMEZmsxYRYJKwYBBAHaRw8BAQdAgPH3tbfVO4CNqRQevvYW6kYY0qpNQltw
+CegLonECw/vNBFRlc3TCwBgEEBYKAIoFgmZrMWEDCwkHCZAFbxb2+9/G3UUU
+AAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3Jn1Bg/fpBZjM6n
+CMTgcCh7+NHCoTmgpPef1+7CO792jL4FFQgKDA4EFgACAQIZAQKbAwIeARYh
+BL/u0Jl6QJQVEZ0grQVvFvb738bdBOMBAgMAAMAYAQD25k4by+9P5WuOvirp
+MhKE441PBb1n3fhaVpLogoVgZwD/ST2+Y5G6NdJM+U45iwfZDfa3ix1/zUSf
+DF+cVdXVOwrOOARmazFhEgorBgEEAZdVAQUBAQdAGVw9vpajNPafAzshTmok
+O1ZCDuQN9KkV+qTxZ7JGoEIDAQgHwsADBBgWCgB1BYJmazFhCZAFbxb2+9/G
+3UUUAAAAAAAcACBzYWx0QG5vdGF0aW9ucy5vcGVucGdwanMub3JnRIP2KWB1
+C8+8vpmscsPPBl+KYeNcCbCOJqo7G3A5ES0CmwwWIQS/7tCZekCUFRGdIK0F
+bxb2+9/G3QTjAQIDAABj9wEA2E/C98UXszf4TWH7/xBGICoDDNxceMhSDvtt
+nYhoNlUA/Ar+Ofx+vMf9oYcNjPEbYu/yu1AtKY44aZvDBLK2+OAI
+=YrJy
+-----END PGP PUBLIC KEY BLOCK-----`
+    });
+    await expect(key.verifyPrimaryKey()).to.be.rejectedWith(/Unknown critical signature subpacket type 99/);
+  });
 });