suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Throw on critical unknown signature subpackets

Browse Source
This commit is contained in:
Daniel Huigens 2018-10-29 16:38:31 +01:00
parent 47138eed61
commit 8c97112449
1 changed files with 18 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
src/packet/signature.js
View File

@ -338,8 +338,10 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
} }
}; };
// The leftwost bit denotes a "critical" packet, but we ignore it. // The leftmost bit denotes a "critical" packet
const type = bytes[mypos++] & 0x7F; const critical = bytes[mypos] & 0x80;
const type = bytes[mypos] & 0x7F;
mypos++;
// GPG puts the Issuer and Signature subpackets in the unhashed area. // GPG puts the Issuer and Signature subpackets in the unhashed area.
// Tampering with those invalidates the signature, so we can trust them. // Tampering with those invalidates the signature, so we can trust them.
@ -351,22 +353,21 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
return; return;
} }
let seconds;
// subpacket type // subpacket type
switch (type) { switch (type) {
case 2: case 2:
// Signature Creation Time // Signature Creation Time
this.created = util.readDate(bytes.subarray(mypos, bytes.length)); this.created = util.readDate(bytes.subarray(mypos, bytes.length));
break; break;
case 3: case 3: {
// Signature Expiration Time in seconds // Signature Expiration Time in seconds
seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));
this.signatureNeverExpires = seconds === 0; this.signatureNeverExpires = seconds === 0;
this.signatureExpirationTime = seconds; this.signatureExpirationTime = seconds;
break; break;
}
case 4: case 4:
// Exportable Certification // Exportable Certification
this.exportable = bytes[mypos++] === 1; this.exportable = bytes[mypos++] === 1;
@ -384,14 +385,15 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
// Revocable // Revocable
this.revocable = bytes[mypos++] === 1; this.revocable = bytes[mypos++] === 1;
break; break;
case 9: case 9: {
// Key Expiration Time in seconds // Key Expiration Time in seconds
seconds = util.readNumber(bytes.subarray(mypos, bytes.length)); const seconds = util.readNumber(bytes.subarray(mypos, bytes.length));
this.keyExpirationTime = seconds; this.keyExpirationTime = seconds;
this.keyNeverExpires = seconds === 0; this.keyNeverExpires = seconds === 0;
break; break;
}
case 11: case 11:
// Preferred Symmetric Algorithms // Preferred Symmetric Algorithms
read_array('preferredSymmetricAlgorithms', bytes.subarray(mypos, bytes.length)); read_array('preferredSymmetricAlgorithms', bytes.subarray(mypos, bytes.length));
@ -502,8 +504,14 @@ Signature.prototype.read_sub_packet = function (bytes, trusted=true) {
// Preferred AEAD Algorithms // Preferred AEAD Algorithms
read_array.call(this, 'preferredAeadAlgorithms', bytes.subarray(mypos, bytes.length)); read_array.call(this, 'preferredAeadAlgorithms', bytes.subarray(mypos, bytes.length));
break; break;
default: default: {
util.print_debug("Unknown signature subpacket type " + type + " @:" + mypos); const err = new Error("Unknown signature subpacket type " + type + " @:" + mypos);
if (critical) {
throw err;
} else {
util.print_debug(err);
}
}
} }
}; };