suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

correctly handle cleartext headers with no hash specified

Browse Source
This commit is contained in:
Sanjana Rajan 2018-02-14 17:07:39 +01:00
parent 8dd27722a3
commit 94b12e566b
2 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/cleartext.js
View File

@ -29,6 +29,7 @@ import armor from './encoding/armor';
import enums from './enums'; import enums from './enums';
import packet from './packet'; import packet from './packet';
import { Signature } from './signature'; import { Signature } from './signature';
import { getPreferredHashAlgo } from './key';
/** /**
* @class * @class
@ -93,8 +94,8 @@ CleartextMessage.prototype.signDetached = async function(privateKeys) {
} }
const signaturePacket = new packet.Signature(); const signaturePacket = new packet.Signature();
signaturePacket.signatureType = enums.signature.text; signaturePacket.signatureType = enums.signature.text;
signaturePacket.hashAlgorithm = config.prefer_hash_algorithm;
signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm; signaturePacket.publicKeyAlgorithm = signingKeyPacket.algorithm;
signaturePacket.hashAlgorithm = getPreferredHashAlgo(privateKey);
if (!signingKeyPacket.isDecrypted) { if (!signingKeyPacket.isDecrypted) {
throw new Error('Private key is not decrypted.'); throw new Error('Private key is not decrypted.');
} }
@ -164,8 +165,12 @@ CleartextMessage.prototype.getText = function() {
* @return {String} ASCII armor * @return {String} ASCII armor
*/ */
CleartextMessage.prototype.armor = function() { CleartextMessage.prototype.armor = function() {
let hashes = this.signature.packets.map(function(packet) {
return enums.read(enums.hash, packet.hashAlgorithm).toUpperCase();
});
hashes = hashes.filter(function(item, i, ar) { return ar.indexOf(item) === i; });
const body = { const body = {
hash: enums.read(enums.hash, config.prefer_hash_algorithm).toUpperCase(), hash: hashes.join(),
text: this.text, text: this.text,
data: this.signature.packets.write() data: this.signature.packets.write()
}; };
@ -233,7 +238,7 @@ function verifyHeaders(headers, packetlist) {
if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) { if (!hashAlgos.length && !checkHashAlgos([enums.hash.md5])) {
throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed'); throw new Error('If no "Hash" header in cleartext signed message, then only MD5 signatures allowed');
} else if (!checkHashAlgos(hashAlgos)) { } else if (hashAlgos.length && !checkHashAlgos(hashAlgos)) {
throw new Error('Hash algorithm mismatch in armor header and signature'); throw new Error('Hash algorithm mismatch in armor header and signature');
} }
} }

1
src/message.js
View File

@ -404,7 +404,6 @@ Message.prototype.sign = async function(privateKeys=[], signature=null) {
} }
const onePassSig = new packet.OnePassSignature(); const onePassSig = new packet.OnePassSignature();
onePassSig.type = signatureType; onePassSig.type = signatureType;
//TODO get preferred hash algo from key signature
onePassSig.hashAlgorithm = getPreferredHashAlgo(privateKey); onePassSig.hashAlgorithm = getPreferredHashAlgo(privateKey);
onePassSig.publicKeyAlgorithm = signingKeyPacket.algorithm; onePassSig.publicKeyAlgorithm = signingKeyPacket.algorithm;
onePassSig.signingKeyId = signingKeyPacket.getKeyId(); onePassSig.signingKeyId = signingKeyPacket.getKeyId();