Skip to content

Commit

Permalink
Put support for reading v5 packets behind a feature flag (#212)
Browse files Browse the repository at this point in the history
* Put v5 support behind a feature flag
  • Loading branch information
lubux authored Jul 5, 2024
1 parent 3df78a3 commit c25e074
Show file tree
Hide file tree
Showing 12 changed files with 76 additions and 6 deletions.
8 changes: 8 additions & 0 deletions openpgp/keys_v5_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,18 @@ import (
"bytes"
"strings"
"testing"

"github.com/ProtonMail/go-crypto/openpgp/packet"
)

var foreignKeys = []string{
v5PrivKey,
}

func TestReadPrivateForeignV5Key(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
for _, str := range foreignKeys {
kring, err := ReadArmoredKeyRing(strings.NewReader(str))
if err != nil {
Expand All @@ -21,6 +26,9 @@ func TestReadPrivateForeignV5Key(t *testing.T) {
}

func TestReadPrivateSerializeForeignV5Key(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
for _, str := range foreignKeys {
el, err := ReadArmoredKeyRing(strings.NewReader(str))
if err != nil {
Expand Down
9 changes: 9 additions & 0 deletions openpgp/packet/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -29,6 +29,15 @@ var (
}
)

// A global feature flag to indicate v5 support.
// Can be set via a build tag, e.g.: `go build -tags v5 ./...`
// If the build tag is missing config_v5.go will set it to true.
//
// Disables parsing of v5 keys and v5 signatures.
// These are non-standard entities, which in the crypto-refresh have been superseded
// by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively.
var V5Disabled = false

// Config collects a number of parameters along with sensible defaults.
// A nil *Config is valid and results in all default values.
type Config struct {
Expand Down
7 changes: 7 additions & 0 deletions openpgp/packet/config_v5.go
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
//go:build !v5

package packet

func init() {
V5Disabled = true
}
4 changes: 4 additions & 0 deletions openpgp/packet/private_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -202,6 +202,10 @@ func (pk *PrivateKey) parse(r io.Reader) (err error) {
v5 := pk.PublicKey.Version == 5
v6 := pk.PublicKey.Version == 6

if V5Disabled && v5 {
return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
}

var buf [1]byte
_, err = readFull(r, buf[:])
if err != nil {
Expand Down
9 changes: 7 additions & 2 deletions openpgp/packet/public_key.go
Original file line number Diff line number Diff line change
Expand Up @@ -236,11 +236,16 @@ func (pk *PublicKey) parse(r io.Reader) (err error) {
if err != nil {
return
}
if buf[0] != 4 && buf[0] != 5 && buf[0] != 6 {

pk.Version = int(buf[0])
if pk.Version != 4 && pk.Version != 5 && pk.Version != 6 {
return errors.UnsupportedError("public key version " + strconv.Itoa(int(buf[0])))
}

pk.Version = int(buf[0])
if V5Disabled && pk.Version == 5 {
return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
}

if pk.Version >= 5 {
// Read the four-octet scalar octet count
// The count is not used in this implementation
Expand Down
9 changes: 7 additions & 2 deletions openpgp/packet/signature.go
Original file line number Diff line number Diff line change
Expand Up @@ -149,11 +149,16 @@ func (sig *Signature) parse(r io.Reader) (err error) {
if err != nil {
return
}
if buf[0] != 4 && buf[0] != 5 && buf[0] != 6 {
sig.Version = int(buf[0])
if sig.Version != 4 && sig.Version != 5 && sig.Version != 6 {
err = errors.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0])))
return
}
sig.Version = int(buf[0])

if V5Disabled && sig.Version == 5 {
return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
}

if sig.Version == 6 {
_, err = readFull(r, buf[:7])
} else {
Expand Down
4 changes: 4 additions & 0 deletions openpgp/packet/symmetric_key_encrypted.go
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,10 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
return errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
}

if V5Disabled && ske.Version == 5 {
return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
}

if ske.Version > 5 {
// Scalar octet count
if _, err := readFull(r, buf[:]); err != nil {
Expand Down
7 changes: 6 additions & 1 deletion openpgp/packet/symmetric_key_encrypted_data_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,12 @@ type packetSequence struct {
contents string
}

var keyAndIpePackets = []*packetSequence{symEncTestv6, aeadEaxRFC, aeadOcbRFC}
func keyAndIpePackets() []*packetSequence {
if V5Disabled {
return []*packetSequence{symEncTestv6}
}
return []*packetSequence{symEncTestv6, aeadEaxRFC, aeadOcbRFC}
}

// https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-complete-aead-eax-encrypted-
var aeadEaxRFC = &packetSequence{
Expand Down
2 changes: 1 addition & 1 deletion openpgp/packet/symmetric_key_encrypted_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@ const maxPassLen = 64

// Tests against RFC vectors
func TestDecryptSymmetricKeyAndEncryptedDataPacket(t *testing.T) {
for _, testCase := range keyAndIpePackets {
for _, testCase := range keyAndIpePackets() {
// Key
buf := readerFromHex(testCase.packets)
packet, err := Read(buf)
Expand Down
9 changes: 9 additions & 0 deletions openpgp/read_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -673,6 +673,9 @@ func TestSymmetricDecryptionArgon2(t *testing.T) {
}

func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
// Read key from file
armored, err := os.Open("test_data/aead-ocb-asym-key.asc")
if err != nil {
Expand Down Expand Up @@ -719,6 +722,9 @@ func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
}

func TestSymmetricAeadEaxOpenPGPJsMessage(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
key := []byte{79, 41, 206, 112, 224, 133, 140, 223, 27, 61, 227, 57, 114,
118, 64, 60, 177, 26, 42, 174, 151, 5, 186, 74, 226, 97, 214, 63, 114, 77,
215, 121}
Expand Down Expand Up @@ -890,6 +896,9 @@ func TestMessageWithoutMdc(t *testing.T) {
}

func TestReadV5Messages(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
key, err := ReadArmoredKeyRing(strings.NewReader(keyv5Test))
if err != nil {
t.Error(err)
Expand Down
8 changes: 8 additions & 0 deletions openpgp/v2/keys_v5_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -4,13 +4,18 @@ import (
"bytes"
"strings"
"testing"

"github.com/ProtonMail/go-crypto/openpgp/packet"
)

var foreignKeys = []string{
v5PrivKey,
}

func TestReadPrivateForeignV5Key(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
for _, str := range foreignKeys {
kring, err := ReadArmoredKeyRing(strings.NewReader(str))
if err != nil {
Expand All @@ -21,6 +26,9 @@ func TestReadPrivateForeignV5Key(t *testing.T) {
}

func TestReadPrivateSerializeForeignV5Key(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
for _, str := range foreignKeys {
el, err := ReadArmoredKeyRing(strings.NewReader(str))
if err != nil {
Expand Down
6 changes: 6 additions & 0 deletions openpgp/v2/read_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -704,6 +704,9 @@ func TestSymmetricDecryptionArgon2(t *testing.T) {
}

func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
// Read key from file
armored, err := os.Open("../test_data/aead-ocb-asym-key.asc")
if err != nil {
Expand Down Expand Up @@ -750,6 +753,9 @@ func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
}

func TestSymmetricAeadEaxOpenPGPJsMessage(t *testing.T) {
if packet.V5Disabled {
t.Skip()
}
key := []byte{79, 41, 206, 112, 224, 133, 140, 223, 27, 61, 227, 57, 114,
118, 64, 60, 177, 26, 42, 174, 151, 5, 186, 74, 226, 97, 214, 63, 114, 77,
215, 121}
Expand Down

0 comments on commit c25e074

Please sign in to comment.