Check critical notations during signature verification instead of parsing (#1259)
This commit is contained in:
larabr
GitHub
parent
30ddc3b90a
commit
f41412a5a2
|
|
@ -89,10 +89,9 @@ class SignaturePacket {
|
|||
/**
|
||||
* parsing function for a signature packet (tag 2).
|
||||
* @param {String} bytes - Payload of a tag 2 packet
|
||||
* @param {Object} [config] - Full configuration, defaults to openpgp.config
|
||||
* @returns {SignaturePacket} Object representation.
|
||||
*/
|
||||
read(bytes, config = defaultConfig) {
|
||||
read(bytes) {
|
||||
let i = 0;
|
||||
this.version = bytes[i++];
|
||||
|
||||
|
|
@ -105,7 +104,7 @@ class SignaturePacket {
|
|||
this.hashAlgorithm = bytes[i++];
|
||||
|
||||
// hashed subpackets
|
||||
i += this.read_sub_packets(bytes.subarray(i, bytes.length), true, config);
|
||||
i += this.read_sub_packets(bytes.subarray(i, bytes.length), true);
|
||||
|
||||
// A V4 signature hashes the packet body
|
||||
// starting from its first field, the version number, through the end
|
||||
|
|
@ -116,7 +115,7 @@ class SignaturePacket {
|
|||
this.signatureData = bytes.subarray(0, i);
|
||||
|
||||
// unhashed subpackets
|
||||
i += this.read_sub_packets(bytes.subarray(i, bytes.length), false, config);
|
||||
i += this.read_sub_packets(bytes.subarray(i, bytes.length), false);
|
||||
|
||||
// Two-octet field holding left 16 bits of signed hash value.
|
||||
this.signedHashValue = bytes.subarray(i, i + 2);
|
||||
|
|
@ -331,7 +330,7 @@ class SignaturePacket {
|
|||
|
||||
// V4 signature sub packets
|
||||
|
||||
read_sub_packet(bytes, trusted = true, config) {
|
||||
read_sub_packet(bytes, trusted = true) {
|
||||
let mypos = 0;
|
||||
|
||||
const read_array = (prop, bytes) => {
|
||||
|
|
@ -434,15 +433,11 @@ class SignaturePacket {
|
|||
const name = util.uint8ArrayToStr(bytes.subarray(mypos, mypos + m));
|
||||
const value = bytes.subarray(mypos + m, mypos + m + n);
|
||||
|
||||
this.rawNotations.push({ name, humanReadable, value });
|
||||
this.rawNotations.push({ name, humanReadable, value, critical });
|
||||
|
||||
if (humanReadable) {
|
||||
this.notations[name] = util.uint8ArrayToStr(value);
|
||||
}
|
||||
|
||||
if (critical && (config.knownNotations.indexOf(name) === -1)) {
|
||||
throw new Error("Unknown critical notation: " + name);
|
||||
}
|
||||
break;
|
||||
}
|
||||
case 21:
|
||||
|
|
@ -705,6 +700,11 @@ class SignaturePacket {
|
|||
[enums.signature.binary, enums.signature.text].includes(this.signatureType)) {
|
||||
throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, hashAlgorithm).toUpperCase());
|
||||
}
|
||||
this.rawNotations.forEach(({ name, critical }) => {
|
||||
if (critical && (config.knownNotations.indexOf(name) < 0)) {
|
||||
throw new Error(`Unknown critical notation: ${name}`);
|
||||
}
|
||||
});
|
||||
if (this.revocationKeyClass !== null) {
|
||||
throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -917,32 +917,6 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
|
|||
expect(notation.humanReadable).to.equal(false);
|
||||
});
|
||||
|
||||
it('Checks for critical bit in non-human-readable notations', async function() {
|
||||
try {
|
||||
await openpgp.readSignature({
|
||||
config: { tolerant: false },
|
||||
armoredSignature: `-----BEGIN PGP SIGNATURE-----
|
||||
|
||||
wsEfBAABCABJBYJfKDH0K5QAAAAAAB0ABXVua25vd25AdGVzdHMuc2VxdW9pYS1w
|
||||
Z3Aub3JndmFsdWUWIQTRpm4aI7GCyZgPeIz7/MgqAV5zMAAKCRD7/MgqAV5zMLBK
|
||||
C/9Vdte8yq8QFp7Bo3mWWXiUDJ2vOdEpJs9PB12hN97wewjFKWvKcWRHofBrK+0v
|
||||
P4/sixMjqSXB75iz/lzCbPjkmgmaGKN6Smq6Pj5kIdpWIdtfjNoa+OEn1emrxpY1
|
||||
dT0Pe7r8w3Y/JmfK1ZoFfiq5YBP+rsjmAXf6BQ9RH+kMUsOgOVCjqzI5vPibTD91
|
||||
Aefm7XS35Wlj/O/zFXR9tiZyE/dKIujohB3bsV6sAmYzPxZVuZCYaj+6afRlAuWg
|
||||
IYs+aFmldMg4p1t1Ab/bRHbBxIlzhtbNE6IyOfc17mgOcjQzVJBc/EaxD7S3KjU2
|
||||
4aFmOaLyWDrvAJu1Ror2b+zekEiq90CnCtAUiAq6/qbWlGCGX4zFKWyHousDJcEB
|
||||
1n0xDkFUhndisMZanaU3S1hwzawMnpHi1RHI2a/etPPk0Ryrzo2rFi8ZdAHLWY6o
|
||||
4ymAWpppg47NhCwuYh/EG5G1P4ccxksRj1GX2r5HxH8ZeAQWWdviINErgrUONWHy
|
||||
bwM=
|
||||
=0x2S
|
||||
-----END PGP SIGNATURE-----`
|
||||
});
|
||||
throw new Error('openpgp.readSignature should throw but it did not.');
|
||||
} catch (e) {
|
||||
expect(e.message).to.equal('Unknown critical notation: unknown@tests.sequoia-pgp.org');
|
||||
}
|
||||
});
|
||||
|
||||
it('Verify V4 signature. Hash: SHA1. PK: RSA. Signature Type: 0x00 (binary document)', async function() {
|
||||
const { rejectMessageHashAlgorithms } = openpgp.config;
|
||||
Object.assign(openpgp.config, { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]) });
|
||||
|
|
@ -1046,36 +1020,19 @@ bwM=
|
|||
});
|
||||
|
||||
it('Verify fails with signed message with critical notations', async function() {
|
||||
let testFailed = true;
|
||||
try {
|
||||
openpgp.config.tolerant = false;
|
||||
const sMsg = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
|
||||
const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||
const verified = await sMsg.verify([pub_key]);
|
||||
await verified[0].verified;
|
||||
testFailed = false;
|
||||
} catch (e) {
|
||||
expect(e.message).to.equal('Unknown critical notation: test@example.com');
|
||||
} finally {
|
||||
openpgp.config.tolerant = true;
|
||||
}
|
||||
// fail the test if execution does not throw an exception
|
||||
expect(testFailed).to.be.true;
|
||||
const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
|
||||
const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||
const { signatures: [sig] } = await openpgp.verify({ message, publicKeys: key });
|
||||
expect(sig.valid).to.be.false;
|
||||
expect(sig.error).to.match(/Unknown critical notation: test@example.com/);
|
||||
});
|
||||
|
||||
it('Verify succeeds with known signed message with critical notations', async function() {
|
||||
openpgp.config.tolerant = false;
|
||||
openpgp.config.knownNotations.push('test@example.com');
|
||||
try {
|
||||
const sMsg = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
|
||||
const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||
const verified = await sMsg.verify([pub_key]);
|
||||
openpgp.stream.pipe(sMsg.getLiteralData(), new openpgp.stream.WritableStream());
|
||||
expect(await verified[0].verified).to.be.true;
|
||||
} finally {
|
||||
openpgp.config.knownNotations.pop();
|
||||
openpgp.config.tolerant = true;
|
||||
}
|
||||
const config = { knownNotations: ['test@example.com'] };
|
||||
const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
|
||||
const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
|
||||
const { signatures: [sig] } = await openpgp.verify({ message, publicKeys: key, config });
|
||||
expect(sig.valid).to.be.true;
|
||||
});
|
||||
|
||||
it('Verify cleartext signed message with two signatures with openpgp.verify', async function() {
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user