From 8720adcf65ee6ec653757329208b2e89d00707f0 Mon Sep 17 00:00:00 2001
From: Daniel Huigens <d.huigens@protonmail.com>
Date: Tue, 11 Dec 2018 18:11:10 +0100
Subject: [PATCH] Check signature public key algorithm against issuer key
algorithm
---
src/packet/public_key.js | 5 +++++
src/packet/public_key_encrypted_session_key.js | 3 +++
src/packet/signature.js | 4 ++++
3 files changed, 12 insertions(+)
diff --git a/src/packet/public_key.js b/src/packet/public_key.js
index ca43ea05..2d6c6895 100644
--- a/src/packet/public_key.js
+++ b/src/packet/public_key.js
@@ -62,6 +62,11 @@ function PublicKey(date=new Date()) {
* @type {Date}
*/
this.created = util.normalizeDate(date);
+ /**
+ * Public key algorithm.
+ * @type {String}
+ */
+ this.algorithm = null;
/**
* Algorithm specific params
* @type {Array<Object>}
diff --git a/src/packet/public_key_encrypted_session_key.js b/src/packet/public_key_encrypted_session_key.js
index 260497da..bf91be5e 100644
--- a/src/packet/public_key_encrypted_session_key.js
+++ b/src/packet/public_key_encrypted_session_key.js
@@ -52,7 +52,10 @@ function PublicKeyEncryptedSessionKey() {
this.version = 3;
this.publicKeyId = new type_keyid();
+ this.publicKeyAlgorithm = null;
+
this.sessionKey = null;
+ this.sessionKeyAlgorithm = null;
/** @type {Array<module:type/mpi>} */
this.encrypted = [];
diff --git a/src/packet/signature.js b/src/packet/signature.js
index 0faf2875..bd78c8f3 100644
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@@ -666,6 +666,10 @@ Signature.prototype.verify = async function (key, signatureType, data) {
const publicKeyAlgorithm = enums.write(enums.publicKey, this.publicKeyAlgorithm);
const hashAlgorithm = enums.write(enums.hash, this.hashAlgorithm);
+ if (publicKeyAlgorithm !== enums.write(enums.publicKey, key.algorithm)) {
+ throw new Error('Public key algorithm used to sign signature does not match issuer key algorithm.');
+ }
+
let toHash;
let hash;
if (this.hashed) {