suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Throw on critical unknown signature subpackets

Browse Source
This commit is contained in:
Daniel Huigens 2018-10-29 16:38:31 +01:00
parent 47138eed61
commit 8c97112449
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/packet/signature.js
View File

@ -338,8 +338,10 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
}
};
// The leftwost bit denotes a "critical" packet, but we ignore it.
const type = bytes[mypos++] & 0x7F;
// The leftmost bit denotes a "critical" packet
const critical = bytes[mypos] & 0x80;
const type = bytes[mypos] & 0x7F;
mypos++;
// GPG puts the Issuer and Signature subpackets in the unhashed area.
// Tampering with those invalidates the signature, so we can trust them.
@ -351,22 +353,21 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
return;
}
let seconds;
// subpacket type
switch (type) {
case 2:
// Signature Creation Time
this.created = util.readDate(bytes.subarray(mypos, bytes.length));
break;
case 3:
case 3: {
// Signature Expiration Time in seconds
seconds = util.readNumber(bytes.subarray(mypos, bytes.length));
const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));
this.signatureNeverExpires = seconds === 0;
this.signatureExpirationTime = seconds;
break;
}
case 4:
// Exportable Certification
this.exportable = bytes[mypos++] === 1;
@ -384,14 +385,15 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
// Revocable
this.revocable = bytes[mypos++] === 1;
break;
case 9:
case 9: {
// Key Expiration Time in seconds
seconds = util.readNumber(bytes.subarray(mypos, bytes.length));
const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));
this.keyExpirationTime = seconds;
this.keyNeverExpires = seconds === 0;
break;
}
case 11:
// Preferred Symmetric Algorithms
read_array('preferredSymmetricAlgorithms', bytes.subarray(mypos, bytes.length));
@ -502,8 +504,14 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
// Preferred AEAD Algorithms
read_array.call(this, 'preferredAeadAlgorithms', bytes.subarray(mypos, bytes.length));
break;
default:
util.print_debug("Unknown signature subpacket type " + type + " @:" + mypos);
default: {
const err = new Error("Unknown signature subpacket type " + type + " @:" + mypos);
if (critical) {
throw err;
} else {
util.print_debug(err);
}
}
}
};