suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OP-01-010 Invalid Armor Checksum Validation (Low)

Browse Source
This commit is contained in:
Thomas Oberndörfer 2014-03-29 16:25:28 +01:00
parent 5eca11ca5b
commit e8ef355604
2 changed files with 30 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
src/encoding/armor.js
View File

@ -131,7 +131,7 @@ function getCheckSum(data) {
function verifyCheckSum(data, checksum) { function verifyCheckSum(data, checksum) {
var c = getCheckSum(data); var c = getCheckSum(data);
var d = checksum; var d = checksum;
return c[0] == d[0] && c[1] == d[1] && c[2] == d[2]; return c[0] == d[0] && c[1] == d[1] && c[2] == d[2] && c[3] == d[3];
} }
/** /**
* Internal function to calculate a CRC-24 checksum over a given string (data) * Internal function to calculate a CRC-24 checksum over a given string (data)
@ -323,11 +323,13 @@ function dearmor(text) {
checksum = sig_sum.checksum; checksum = sig_sum.checksum;
} }
checksum = checksum.substr(0, 4);
if (!verifyCheckSum(result.data, checksum)) { if (!verifyCheckSum(result.data, checksum)) {
throw new Error("Ascii armor integrity check on message failed: '" + throw new Error("Ascii armor integrity check on message failed: '" +
checksum + checksum +
"' should be '" + "' should be '" +
getCheckSum(result) + "'"); getCheckSum(result.data) + "'");
} }
verifyHeaders(result.headers); verifyHeaders(result.headers);

26
test/general/armor.js
View File

@ -131,6 +131,32 @@ describe("ASCII armor", function() {
expect(msg).to.throw(Error, /Unknow ASCII armor type/); expect(msg).to.throw(Error, /Unknow ASCII armor type/);
}); });
it('Armor checksum validation', function () {
var privKey =
['-----BEGIN PGP PRIVATE KEY BLOCK-----',
'Version: OpenPGP.js v0.3.0',
'Comment: http://openpgpjs.org',
'',
'xbYEUubX7gEBANDWhzoP+Tr/IyRSv++vl5jBesQIPTYGQBdzF4YDnGEBABEB',
'AAH+CQMIfzdw4/PKNl5gVXdtfDFdSIN8yJT2rbeg3+SsWexXZNNdRaONWaiB',
'Z5cG9Q6+BoXKsEshIdcYOgwsAgRxlPpRA34Vvmg2QBk7PhdrkbK7aqENsJ1w',
'dIlLD6p9GmLE20yVff58/fMiUtPRgsD83SpKTAX6EM1ulpkuQQNjmrVc5qc8',
'7AMdF80JdW5kZWZpbmVkwj8EEAEIABMFAlLm1+4JEBD8MASZrpALAhsDAAAs',
'QgD8CUrwv7Hrp/INR0/UvAvzS52VztREQwQWTJMrgTNHBGjHtgRS5tfuAQEA',
'nys9SaSgR+l6iZc/M8hGIUmbuahE2/+mtw+/l0RO+WcAEQEAAf4JAwjr39Yi',
'FzjxImDN1IoYVsonA9M+BtIIJHafuQUHjyEr1paJJK5xS6KlyGgpMTXTD6y/',
'qxS3ZSPPzHGRrs2CmkVEiPmurn9Ed05tb0y9OnJkWtuh3z9VVq9d8zHzuENa',
'bUfli+P/v+dRaZ+1rSOxUFbFYbFB5XK/A9b/OPFrv+mb4KrtLxugwj8EGAEI',
'ABMFAlLm1+4JEBD8MASZrpALAhsMAAC3IgD8DnLGbMnpLtrX72RCkPW1ffLq',
'71vlXMJNXvoCeuejiRw=',
'=wJN@',
'-----END PGP PRIVATE KEY BLOCK-----'].join('\n');
var result = openpgp.key.readArmored(privKey);
expect(result.err).to.exist;
expect(result.err[0].message).to.match(/Ascii armor integrity check on message failed/);
});
}); });