From 10e10effb683a9a5f3d5a60827cef2333daaa206 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Sun, 24 Feb 2019 19:05:14 +0100
Subject: [PATCH] Support GNU export-secret-subkeys extension

---
 src/packet/secret_key.js  |  3 +++
 src/type/s2k.js           |  9 ++++++---
 test/general/signature.js | 15 ++++++---------
 3 files changed, 15 insertions(+), 12 deletions(-)

diff --git a/src/packet/secret_key.js b/src/packet/secret_key.js
index 13f660f1..ffe07e83 100644
--- a/src/packet/secret_key.js
+++ b/src/packet/secret_key.js
@@ -257,6 +257,9 @@ SecretKey.prototype.decrypt = async function (passphrase) {
     const s2k = new type_s2k();
     i += s2k.read(this.encrypted.subarray(i, this.encrypted.length));
 
+    if (s2k.type === 'gnu-dummy') {
+      return false;
+    }
     key = await produceEncryptionKey(s2k, passphrase, symmetric);
   } else {
     symmetric = s2k_usage;
diff --git a/src/type/s2k.js b/src/type/s2k.js
index 8864a6b8..02d86f36 100644
--- a/src/type/s2k.js
+++ b/src/type/s2k.js
@@ -67,7 +67,10 @@ S2K.prototype.get_count = function () {
 S2K.prototype.read = function (bytes) {
   let i = 0;
   this.type = enums.read(enums.s2k, bytes[i++]);
-  this.algorithm = enums.read(enums.hash, bytes[i++]);
+  this.algorithm = bytes[i++];
+  if (this.type !== 'gnu') {
+    this.algorithm = enums.read(enums.hash, this.algorithm);
+  }
 
   switch (this.type) {
     case 'simple':
@@ -87,11 +90,11 @@ S2K.prototype.read = function (bytes) {
       break;
 
     case 'gnu':
-      if (util.Uint8Array_to_str(bytes.subarray(i, 3)) === "GNU") {
+      if (util.Uint8Array_to_str(bytes.subarray(i, i + 3)) === "GNU") {
         i += 3; // GNU
         const gnuExtType = 1000 + bytes[i++];
         if (gnuExtType === 1001) {
-          this.type = gnuExtType;
+          this.type = 'gnu-dummy';
           // GnuPG extension mode 1001 -- don't write secret key at all
         } else {
           throw new Error("Unknown s2k gnu protection mode.");
diff --git a/test/general/signature.js b/test/general/signature.js
index 14e67a8c..72429ab2 100644
--- a/test/general/signature.js
+++ b/test/general/signature.js
@@ -340,15 +340,12 @@ describe("Signature", function() {
     const pub_key = (await openpgp.key.readArmored(pub_key_arm1)).keys[0];
     const msg = await openpgp.message.readArmored(msg_arm1);
 
-    await priv_key_gnupg_ext.subKeys[0].keyPacket.decrypt("abcd");
-    return msg.decrypt([priv_key_gnupg_ext]).then(function(msg) {
-      return msg.verify([pub_key]).then(async verified => {
-        openpgp.stream.pipe(msg.getLiteralData(), new WritableStream());
-        expect(verified).to.exist;
-        expect(verified).to.have.length(1);
-        expect(await verified[0].verified).to.be.true;
-        expect((await verified[0].signature).packets.length).to.equal(1);
-      });
+    await priv_key_gnupg_ext.decrypt("abcd");
+    return openpgp.decrypt({ message: msg, privateKeys: [priv_key_gnupg_ext], publicKeys: [pub_key] }).then(function(msg) {
+      expect(msg.signatures).to.exist;
+      expect(msg.signatures).to.have.length(1);
+      expect(msg.signatures[0].valid).to.be.true;
+      expect(msg.signatures[0].signature.packets.length).to.equal(1);
     });
   });