From f41412a5a20877f2fd8bf19cc9b0446286d0d629 Mon Sep 17 00:00:00 2001
From: larabr <7375870+larabr@users.noreply.github.com>
Date: Wed, 3 Mar 2021 18:03:45 +0100
Subject: [PATCH] Check critical notations during signature verification
 instead of parsing (#1259)

---
 src/packet/signature.js   | 20 ++++++-------
 test/general/signature.js | 63 +++++++--------------------------------
 2 files changed, 20 insertions(+), 63 deletions(-)

diff --git a/src/packet/signature.js b/src/packet/signature.js
index 2180aebf..e406d474 100644
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@@ -89,10 +89,9 @@ class SignaturePacket {
   /**
    * parsing function for a signature packet (tag 2).
    * @param {String} bytes - Payload of a tag 2 packet
-   * @param {Object} [config] - Full configuration, defaults to openpgp.config
    * @returns {SignaturePacket} Object representation.
    */
-  read(bytes, config = defaultConfig) {
+  read(bytes) {
     let i = 0;
     this.version = bytes[i++];
 
@@ -105,7 +104,7 @@ class SignaturePacket {
     this.hashAlgorithm = bytes[i++];
 
     // hashed subpackets
-    i += this.read_sub_packets(bytes.subarray(i, bytes.length), true, config);
+    i += this.read_sub_packets(bytes.subarray(i, bytes.length), true);
 
     // A V4 signature hashes the packet body
     // starting from its first field, the version number, through the end
@@ -116,7 +115,7 @@ class SignaturePacket {
     this.signatureData = bytes.subarray(0, i);
 
     // unhashed subpackets
-    i += this.read_sub_packets(bytes.subarray(i, bytes.length), false, config);
+    i += this.read_sub_packets(bytes.subarray(i, bytes.length), false);
 
     // Two-octet field holding left 16 bits of signed hash value.
     this.signedHashValue = bytes.subarray(i, i + 2);
@@ -331,7 +330,7 @@ class SignaturePacket {
 
   // V4 signature sub packets
 
-  read_sub_packet(bytes, trusted = true, config) {
+  read_sub_packet(bytes, trusted = true) {
     let mypos = 0;
 
     const read_array = (prop, bytes) => {
@@ -434,15 +433,11 @@ class SignaturePacket {
         const name = util.uint8ArrayToStr(bytes.subarray(mypos, mypos + m));
         const value = bytes.subarray(mypos + m, mypos + m + n);
 
-        this.rawNotations.push({ name, humanReadable, value });
+        this.rawNotations.push({ name, humanReadable, value, critical });
 
         if (humanReadable) {
           this.notations[name] = util.uint8ArrayToStr(value);
         }
-
-        if (critical && (config.knownNotations.indexOf(name) === -1)) {
-          throw new Error("Unknown critical notation: " + name);
-        }
         break;
       }
       case 21:
@@ -705,6 +700,11 @@ class SignaturePacket {
       [enums.signature.binary, enums.signature.text].includes(this.signatureType)) {
       throw new Error('Insecure message hash algorithm: ' + enums.read(enums.hash, hashAlgorithm).toUpperCase());
     }
+    this.rawNotations.forEach(({ name, critical }) => {
+      if (critical && (config.knownNotations.indexOf(name) < 0)) {
+        throw new Error(`Unknown critical notation: ${name}`);
+      }
+    });
     if (this.revocationKeyClass !== null) {
       throw new Error('This key is intended to be revoked with an authorized key, which OpenPGP.js does not support.');
     }
diff --git a/test/general/signature.js b/test/general/signature.js
index b0f893c7..d6306527 100644
--- a/test/general/signature.js
+++ b/test/general/signature.js
@@ -917,32 +917,6 @@ hUhMKMuiM3pRwdIyDOItkUWQmjEEw7/XmhgInkXsCw==
     expect(notation.humanReadable).to.equal(false);
   });
 
-  it('Checks for critical bit in non-human-readable notations', async function() {
-    try {
-      await openpgp.readSignature({
-        config: { tolerant: false },
-        armoredSignature: `-----BEGIN PGP SIGNATURE-----
-
-wsEfBAABCABJBYJfKDH0K5QAAAAAAB0ABXVua25vd25AdGVzdHMuc2VxdW9pYS1w
-Z3Aub3JndmFsdWUWIQTRpm4aI7GCyZgPeIz7/MgqAV5zMAAKCRD7/MgqAV5zMLBK
-C/9Vdte8yq8QFp7Bo3mWWXiUDJ2vOdEpJs9PB12hN97wewjFKWvKcWRHofBrK+0v
-P4/sixMjqSXB75iz/lzCbPjkmgmaGKN6Smq6Pj5kIdpWIdtfjNoa+OEn1emrxpY1
-dT0Pe7r8w3Y/JmfK1ZoFfiq5YBP+rsjmAXf6BQ9RH+kMUsOgOVCjqzI5vPibTD91
-Aefm7XS35Wlj/O/zFXR9tiZyE/dKIujohB3bsV6sAmYzPxZVuZCYaj+6afRlAuWg
-IYs+aFmldMg4p1t1Ab/bRHbBxIlzhtbNE6IyOfc17mgOcjQzVJBc/EaxD7S3KjU2
-4aFmOaLyWDrvAJu1Ror2b+zekEiq90CnCtAUiAq6/qbWlGCGX4zFKWyHousDJcEB
-1n0xDkFUhndisMZanaU3S1hwzawMnpHi1RHI2a/etPPk0Ryrzo2rFi8ZdAHLWY6o
-4ymAWpppg47NhCwuYh/EG5G1P4ccxksRj1GX2r5HxH8ZeAQWWdviINErgrUONWHy
-bwM=
-=0x2S
------END PGP SIGNATURE-----`
-      });
-      throw new Error('openpgp.readSignature should throw but it did not.');
-    } catch (e) {
-      expect(e.message).to.equal('Unknown critical notation: unknown@tests.sequoia-pgp.org');
-    }
-  });
-
   it('Verify V4 signature. Hash: SHA1. PK: RSA. Signature Type: 0x00 (binary document)', async function() {
     const { rejectMessageHashAlgorithms } = openpgp.config;
     Object.assign(openpgp.config, { rejectMessageHashAlgorithms: new Set([openpgp.enums.hash.md5, openpgp.enums.hash.ripemd]) });
@@ -1046,36 +1020,19 @@ bwM=
   });
 
   it('Verify fails with signed message with critical notations', async function() {
-    let testFailed = true;
-    try {
-      openpgp.config.tolerant = false;
-      const sMsg = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
-      const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
-      const verified = await sMsg.verify([pub_key]);
-      await verified[0].verified;
-      testFailed = false;
-    } catch (e) {
-      expect(e.message).to.equal('Unknown critical notation: test@example.com');
-    } finally {
-      openpgp.config.tolerant = true;
-    }
-    // fail the test if execution does not throw an exception
-    expect(testFailed).to.be.true;
+    const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
+    const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
+    const { signatures: [sig] } = await openpgp.verify({ message, publicKeys: key });
+    expect(sig.valid).to.be.false;
+    expect(sig.error).to.match(/Unknown critical notation: test@example.com/);
   });
 
   it('Verify succeeds with known signed message with critical notations', async function() {
-    openpgp.config.tolerant = false;
-    openpgp.config.knownNotations.push('test@example.com');
-    try {
-      const sMsg = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
-      const pub_key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
-      const verified = await sMsg.verify([pub_key]);
-      openpgp.stream.pipe(sMsg.getLiteralData(), new openpgp.stream.WritableStream());
-      expect(await verified[0].verified).to.be.true;
-    } finally {
-      openpgp.config.knownNotations.pop();
-      openpgp.config.tolerant = true;
-    }
+    const config = { knownNotations: ['test@example.com'] };
+    const message = await openpgp.readMessage({ armoredMessage: signature_with_critical_notation });
+    const key = await openpgp.readKey({ armoredKey: pub_key_arm2 });
+    const { signatures: [sig] } = await openpgp.verify({ message, publicKeys: key, config });
+    expect(sig.valid).to.be.true;
   });
 
   it('Verify cleartext signed message with two signatures with openpgp.verify', async function() {