From 000e1335a2b4b1b4125137b11f327f125b9419a7 Mon Sep 17 00:00:00 2001 From: wussler Date: Tue, 30 Aug 2022 13:46:05 +0200 Subject: [PATCH] Leave unhashed subpackets as-is when re-serializing signatures (#1561) When re-serializing a signature packet, don't add Issuer, Issuer Fingerprint, and Embedded Signature subpackets to the unhashed subpackets if they weren't already there. Also, store all unhashed subpackets in `signature.unhashedSubpackets`, not just the "disallowed" ones. --- src/packet/signature.js | 47 ++++++++++++++++++++++++++++++++++------- 1 file changed, 39 insertions(+), 8 deletions(-) diff --git a/src/packet/signature.js b/src/packet/signature.js index ea2d656e..b28cd9a6 100644 --- a/src/packet/signature.js +++ b/src/packet/signature.js @@ -188,6 +188,9 @@ class SignaturePacket { // Add hashed subpackets arr.push(this.writeHashedSubPackets()); + // Set unhashed subpackets for serialization + this.unhashedSubpackets = this.createUnhashedSubPackets(); + this.signatureData = util.concat(arr); const toHash = this.toHash(this.signatureType, data, detached); @@ -315,26 +318,36 @@ class SignaturePacket { } /** - * Creates Uint8Array of bytes of Issuer and Embedded Signature subpackets - * @returns {Uint8Array} Subpacket data. + * Returns the Issuer, Issuer Fingperprint, and Embedded Signature subpacket bodies + * @returns {Array} Subpackets. */ - writeUnhashedSubPackets() { + createUnhashedSubPackets() { const sub = enums.signatureSubpacket; const arr = []; let bytes; if (!this.issuerKeyID.isNull() && this.issuerKeyVersion !== 5) { // If the version of [the] key is greater than 4, this subpacket // MUST NOT be included in the signature. - arr.push(writeSubPacket(sub.issuer, this.issuerKeyID.write())); + arr.push(writeSubPacketBody(sub.issuer, this.issuerKeyID.write())); } if (this.embeddedSignature !== null) { - arr.push(writeSubPacket(sub.embeddedSignature, this.embeddedSignature.write())); + arr.push(writeSubPacketBody(sub.embeddedSignature, this.embeddedSignature.write())); } if (this.issuerFingerprint !== null) { bytes = [new Uint8Array([this.issuerKeyVersion]), this.issuerFingerprint]; bytes = util.concat(bytes); - arr.push(writeSubPacket(sub.issuerFingerprint, bytes)); + arr.push(writeSubPacketBody(sub.issuerFingerprint, bytes)); } + + return arr; + } + + /** + * Creates an Uint8Array containing the unhashed subpackets + * @returns {Uint8Array} Subpacket data. + */ + writeUnhashedSubPackets() { + const arr = []; this.unhashedSubpackets.forEach(data => { arr.push(writeSimpleLength(data.length)); arr.push(data); @@ -354,9 +367,11 @@ class SignaturePacket { const critical = bytes[mypos] & 0x80; const type = bytes[mypos] & 0x7F; - if (!hashed && !allowedUnhashedSubpackets.has(type)) { + if (!hashed) { this.unhashedSubpackets.push(bytes.subarray(mypos, bytes.length)); - return; + if (!allowedUnhashedSubpackets.has(type)) { + return; + } } mypos++; @@ -762,3 +777,19 @@ function writeSubPacket(type, data) { arr.push(data); return util.concat(arr); } + +/** + * Creates a string representation of the body of a sub-packet (without length) + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.1|RFC4880 5.2.3.1} + * @see {@link https://tools.ietf.org/html/rfc4880#section-5.2.3.2|RFC4880 5.2.3.2} + * @param {Integer} type - Subpacket signature type. + * @param {String} data - Data to be included + * @returns {Uint8Array} A string-representation of a sub signature packet. + * @private + */ +function writeSubPacketBody(type, data) { + const arr = []; + arr.push(new Uint8Array([type])); + arr.push(data); + return util.concat(arr); +}