suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix parsing of messages with unsupported SKESK s2k type

Browse Source 
These messages should still be decrypt-able if they include at least one
supported ESK packet.
This commit is contained in:
larabr 2023-06-26 15:39:56 +02:00
parent 9ed1135d74
commit f5b5b73f07
2 changed files with 21 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
src/type/s2k.js
View File

@ -31,6 +31,7 @@
import defaultConfig from '../config'; import defaultConfig from '../config';
import crypto from '../crypto'; import crypto from '../crypto';
import enums from '../enums'; import enums from '../enums';
import { UnsupportedError } from '../packet/packet';
import util from '../util'; import util from '../util';
class S2K { class S2K {
@ -70,7 +71,11 @@ class S2K {
*/ */
read(bytes) { read(bytes) {
let i = 0; let i = 0;
this.type = enums.read(enums.s2k, bytes[i++]); try {
this.type = enums.read(enums.s2k, bytes[i++]);
} catch (err) {
throw new UnsupportedError('Unknown S2K type.');
}
this.algorithm = bytes[i++]; this.algorithm = bytes[i++];
switch (this.type) { switch (this.type) {
@ -98,15 +103,15 @@ class S2K {
this.type = 'gnu-dummy'; this.type = 'gnu-dummy';
// GnuPG extension mode 1001 -- don't write secret key at all // GnuPG extension mode 1001 -- don't write secret key at all
} else { } else {
throw new Error('Unknown s2k gnu protection mode.'); throw new UnsupportedError('Unknown s2k gnu protection mode.');
} }
} else { } else {
throw new Error('Unknown s2k type.'); throw new UnsupportedError('Unknown s2k type.');
} }
break; break;
default: default:
throw new Error('Unknown s2k type.'); throw new UnsupportedError('Unknown s2k type.'); // unreachable
} }
return i; return i;

12
test/general/packet.js
View File

@ -1032,6 +1032,18 @@ kePFjAnu9cpynKXu3usf8+FuBw2zLsg1Id1n7ttxoAte416KjBN9lFBt8mcu
).to.be.rejectedWith(/Unknown public key encryption algorithm/); ).to.be.rejectedWith(/Unknown public key encryption algorithm/);
}); });
it('Ignores unknown SKESK s2k only with `config.ignoreUnsupportedPackets` enabled', async function() {
const binaryMessage = util.hexToUint8Array('c1c0cc037c2faa4df93c37b2010c009bb74119f098efa43c7924b2effc7d32fc6d7bf7f6952d2cab1722d3192cfb9b90448592770dcbaed4ef377f73a110a7e208a87a74c18fc4088c60bb0f3abcba32551c8b0e69f3505a0717cfd998261f8ffd166a5e029c504ccd58c100abef7be78aef9650df36b9757ae864b20dda598feb9799128d959a525eee6e1dd7a609117cdc922ab98dce5ea89b498005d609e54e4ec8ff330c648c375a1f56618ebd34c15db928775b6d0ec50316796ea384ebc224737ba861e3b0254817d53d0c26b517eba9ba79f56a9cae4d75b34144f752bea81fd4fbbb17fd36c9c2c387ddb23356e928b5ba47ef7164b6e2ccfe80662321add5c23dc162dc09eda77f2f4c4b04c1d59061bf8625d8c9705fc377cc8b9f9e746e62b0b0d990dd20a3ff8478101efc3e4329e66ce2f3e915657bccf94a77a357055c22a68b23cc8f563e0baef17904c488ea885e8d0cff6b27fbf5e609c2334d1c26ea7445b58a3f9182cdbad8cfd540237b4b495a24fb9bf59a96600c547141c22b4e5adc8dfa292719efeca1c3500409170861616161616161614141414161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161616161d20101');
const parsed = await openpgp.PacketList.fromBinary(binaryMessage, allAllowedPackets, { ...openpgp.config, ignoreUnsupportedPackets: true });
expect(parsed.length).to.equal(3);
expect(parsed[1]).instanceOf(openpgp.UnparseablePacket);
expect(parsed[1].tag).to.equal(openpgp.enums.packet.symEncryptedSessionKey);
await expect(
openpgp.PacketList.fromBinary(binaryMessage, allAllowedPackets, { ...openpgp.config, ignoreUnsupportedPackets: false })
).to.be.rejectedWith(/Unknown S2K type/);
});
it('Throws on disallowed packet even with tolerant mode enabled', async function() { it('Throws on disallowed packet even with tolerant mode enabled', async function() {
const packets = new openpgp.PacketList(); const packets = new openpgp.PacketList();