diff options
| author | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-10-14 01:05:16 +0700 |
|---|---|---|
| committer | Peter Dettman <peter.dettman@bouncycastle.org> | 2021-10-14 01:05:16 +0700 |
| commit | 1b15bfc5d4b7e478887f5202c74e563382ffa2d9 (patch) | |
| tree | f4eedff7c22b12b5a9ad5b1ef474159505aa09f7 /crypto | |
| parent | Improve ASN.1 set special handling (diff) | |
| download | BouncyCastle.NET-ed25519-1b15bfc5d4b7e478887f5202c74e563382ffa2d9.tar.xz | |
Ignore PGP signatures with invalid version
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/BouncyCastle.Android.csproj | 1 | ||||
| -rw-r--r-- | crypto/BouncyCastle.csproj | 1 | ||||
| -rw-r--r-- | crypto/BouncyCastle.iOS.csproj | 1 | ||||
| -rw-r--r-- | crypto/crypto.csproj | 10 | ||||
| -rw-r--r-- | crypto/src/bcpg/BcpgInputStream.cs | 2 | ||||
| -rw-r--r-- | crypto/src/bcpg/SignaturePacket.cs | 5 | ||||
| -rw-r--r-- | crypto/src/bcpg/UnsupportedPacketVersionException.cs | 13 | ||||
| -rw-r--r-- | crypto/src/openpgp/PgpObjectFactory.cs | 8 | ||||
| -rw-r--r-- | crypto/test/UnitTests.csproj | 1 | ||||
| -rw-r--r-- | crypto/test/src/openpgp/test/PgpSignatureInvalidVersionIgnoredTest.cs | 111 | ||||
| -rw-r--r-- | crypto/test/src/openpgp/test/RegressionTest.cs | 1 |
11 files changed, 151 insertions, 3 deletions
diff --git a/crypto/BouncyCastle.Android.csproj b/crypto/BouncyCastle.Android.csproj index 5859a1bc8..fc7236b70 100644 --- a/crypto/BouncyCastle.Android.csproj +++ b/crypto/BouncyCastle.Android.csproj @@ -546,6 +546,7 @@ <Compile Include="src\bcpg\SymmetricKeyAlgorithmTags.cs" /> <Compile Include="src\bcpg\SymmetricKeyEncSessionPacket.cs" /> <Compile Include="src\bcpg\TrustPacket.cs" /> + <Compile Include="src\bcpg\UnsupportedPacketVersionException.cs" /> <Compile Include="src\bcpg\UserAttributePacket.cs" /> <Compile Include="src\bcpg\UserAttributeSubpacket.cs" /> <Compile Include="src\bcpg\UserAttributeSubpacketTags.cs" /> diff --git a/crypto/BouncyCastle.csproj b/crypto/BouncyCastle.csproj index 3a3dadd21..a7dee10ff 100644 --- a/crypto/BouncyCastle.csproj +++ b/crypto/BouncyCastle.csproj @@ -540,6 +540,7 @@ <Compile Include="src\bcpg\SymmetricKeyAlgorithmTags.cs" /> <Compile Include="src\bcpg\SymmetricKeyEncSessionPacket.cs" /> <Compile Include="src\bcpg\TrustPacket.cs" /> + <Compile Include="src\bcpg\UnsupportedPacketVersionException.cs" /> <Compile Include="src\bcpg\UserAttributePacket.cs" /> <Compile Include="src\bcpg\UserAttributeSubpacket.cs" /> <Compile Include="src\bcpg\UserAttributeSubpacketTags.cs" /> diff --git a/crypto/BouncyCastle.iOS.csproj b/crypto/BouncyCastle.iOS.csproj index d02d6b97b..5fbdb6d27 100644 --- a/crypto/BouncyCastle.iOS.csproj +++ b/crypto/BouncyCastle.iOS.csproj @@ -541,6 +541,7 @@ <Compile Include="src\bcpg\SymmetricKeyAlgorithmTags.cs" /> <Compile Include="src\bcpg\SymmetricKeyEncSessionPacket.cs" /> <Compile Include="src\bcpg\TrustPacket.cs" /> + <Compile Include="src\bcpg\UnsupportedPacketVersionException.cs" /> <Compile Include="src\bcpg\UserAttributePacket.cs" /> <Compile Include="src\bcpg\UserAttributeSubpacket.cs" /> <Compile Include="src\bcpg\UserAttributeSubpacketTags.cs" /> diff --git a/crypto/crypto.csproj b/crypto/crypto.csproj index c7f5d4c22..e06b37f9f 100644 --- a/crypto/crypto.csproj +++ b/crypto/crypto.csproj @@ -2589,6 +2589,11 @@ BuildAction = "Compile" /> <File + RelPath = "src\bcpg\UnsupportedPacketVersionException.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "src\bcpg\UserAttributePacket.cs" SubType = "Code" BuildAction = "Compile" @@ -14984,6 +14989,11 @@ BuildAction = "Compile" /> <File + RelPath = "test\src\openpgp\test\PgpSignatureInvalidVersionIgnoredTest.cs" + SubType = "Code" + BuildAction = "Compile" + /> + <File RelPath = "test\src\openpgp\test\PGPSignatureTest.cs" SubType = "Code" BuildAction = "Compile" diff --git a/crypto/src/bcpg/BcpgInputStream.cs b/crypto/src/bcpg/BcpgInputStream.cs index 3dba953ea..38b5382ad 100644 --- a/crypto/src/bcpg/BcpgInputStream.cs +++ b/crypto/src/bcpg/BcpgInputStream.cs @@ -196,7 +196,7 @@ namespace Org.BouncyCastle.Bcpg else { PartialInputStream pis = new PartialInputStream(this, partial, bodyLen); - objStream = new BcpgInputStream(pis); + objStream = new BcpgInputStream(new BufferedStream(pis)); } switch (tag) diff --git a/crypto/src/bcpg/SignaturePacket.cs b/crypto/src/bcpg/SignaturePacket.cs index 70138d584..9a664f902 100644 --- a/crypto/src/bcpg/SignaturePacket.cs +++ b/crypto/src/bcpg/SignaturePacket.cs @@ -5,6 +5,7 @@ using System.IO; using Org.BouncyCastle.Bcpg.Sig; using Org.BouncyCastle.Utilities; using Org.BouncyCastle.Utilities.Date; +using Org.BouncyCastle.Utilities.IO; namespace Org.BouncyCastle.Bcpg { @@ -121,7 +122,9 @@ namespace Org.BouncyCastle.Bcpg } else { - throw new Exception("unsupported version: " + version); + Streams.Drain(bcpgIn); + + throw new UnsupportedPacketVersionException("unsupported version: " + version); } fingerprint = new byte[2]; diff --git a/crypto/src/bcpg/UnsupportedPacketVersionException.cs b/crypto/src/bcpg/UnsupportedPacketVersionException.cs new file mode 100644 index 000000000..447d75286 --- /dev/null +++ b/crypto/src/bcpg/UnsupportedPacketVersionException.cs @@ -0,0 +1,13 @@ +using System; + +namespace Org.BouncyCastle.Bcpg +{ + public class UnsupportedPacketVersionException + : Exception + { + public UnsupportedPacketVersionException(string msg) + : base(msg) + { + } + } +} diff --git a/crypto/src/openpgp/PgpObjectFactory.cs b/crypto/src/openpgp/PgpObjectFactory.cs index 1f1c32c83..c67c7ccd1 100644 --- a/crypto/src/openpgp/PgpObjectFactory.cs +++ b/crypto/src/openpgp/PgpObjectFactory.cs @@ -50,6 +50,12 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp { l.Add(new PgpSignature(bcpgIn)); } + catch (UnsupportedPacketVersionException e) + { + // Signatures of unsupported version MUST BE ignored + // see: https://tests.sequoia-pgp.org/#Detached_signatures_with_unknown_packets + continue; + } catch (PgpException e) { throw new IOException("can't create signature object: " + e); @@ -61,7 +67,7 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp { sigs[i] = (PgpSignature)l[i]; } - return new PgpSignatureList(sigs); + return new PgpSignatureList(sigs); } case PacketTag.SecretKey: try diff --git a/crypto/test/UnitTests.csproj b/crypto/test/UnitTests.csproj index 64505fb15..1650a05fa 100644 --- a/crypto/test/UnitTests.csproj +++ b/crypto/test/UnitTests.csproj @@ -395,6 +395,7 @@ <Compile Include="src\openpgp\test\PGPPBETest.cs" /> <Compile Include="src\openpgp\test\PGPPacketTest.cs" /> <Compile Include="src\openpgp\test\PGPRSATest.cs" /> + <Compile Include="src\openpgp\test\PgpSignatureInvalidVersionIgnoredTest.cs" /> <Compile Include="src\openpgp\test\PGPSignatureTest.cs" /> <Compile Include="src\openpgp\test\PgpECDHTest.cs" /> <Compile Include="src\openpgp\test\PgpECDsaTest.cs" /> diff --git a/crypto/test/src/openpgp/test/PgpSignatureInvalidVersionIgnoredTest.cs b/crypto/test/src/openpgp/test/PgpSignatureInvalidVersionIgnoredTest.cs new file mode 100644 index 000000000..873ddf147 --- /dev/null +++ b/crypto/test/src/openpgp/test/PgpSignatureInvalidVersionIgnoredTest.cs @@ -0,0 +1,111 @@ +using System; +using System.Collections; +using System.IO; +using System.Text; + +using NUnit.Framework; + +using Org.BouncyCastle.Math; +using Org.BouncyCastle.Utilities.Test; + +namespace Org.BouncyCastle.Bcpg.OpenPgp.Tests +{ + [TestFixture] + public class PgpSignatureInvalidVersionIgnoredTest + : SimpleTest + { + // Signing Key ID + private static readonly long KEY_ID = new BigInteger("FBFCC82A015E7330", 16).LongValue; + + // Signature List consisting of Version 4 Signature and Version 23 (invalid version) Signature + private static readonly string SIG4SIG23 = "-----BEGIN PGP SIGNATURE-----\n" + + "\n" + + "wsE7BAABCgBvBYJgyf2fCRD7/MgqAV5zMEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u\n" + + "cy5zZXF1b2lhLXBncC5vcmdURSYEGurWv1IDN4trcpgfrHMZeGRdhG5jlQazr8tJ\n" + + "QRYhBNGmbhojsYLJmA94jPv8yCoBXnMwAADAYwv+NeSzVRrR/CGLMna43b0xCrOz\n" + + "tEYVp3hLzjCYWP1F5d7OdrpQWB3jzgMhjkH5ZnSm369A6D6eEoo05uP7lUNoex7s\n" + + "Bcksq4QF2t9y0YHwjhciVyPUw0rgzOIDpJ6jb/HqEgWB+EYz5qU3RFAk4tz+ghpw\n" + + "93x+EAI7QBnw+PRjgmJiXQvcq78W+h8aysAQCv/dNJc9W8gfCpwDY2VKTc0BW9VI\n" + + "R4KbeI2Rgx378JYjzJNP9ORgDTacBdQh3LiqJ8B4x7OeVGouGbWEVG6x+htQ9YMH\n" + + "uOY1CmcNzoMSRyk50JOeM0Xcge/9PLuQM+b4OQ3ZRN/BhUEg4P/VclXzkWeDKCvP\n" + + "cGEUrdFnyU1Lk2mYh1HTKS3gurTP9bdAyS9sdjXj9kv2fRM5N46rBRAffjwfW/LT\n" + + "VedvgRZ3RMCLrwPo90ID/xVU8PC9VmBR+WrqOijdsgnh7n940NR5hSyeWVeMwNFl\n" + + "Js043gKSIc5yNLS16mE/YzgosnUpIUsDlSR6D8M/wsE7FwABCgBvBYJgyf2fCRD7\n" + + "/MgqAV5zMEcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmdU\n" + + "RSYEGurWv1IDN4trcpgfrHMZeGRdhG5jlQazr8tJQRYhBNGmbhojsYLJmA94jPv8\n" + + "yCoBXnMwAADAYwv+NeSzVRrR/CGLMna43b0xCrOztEYVp3hLzjCYWP1F5d7OdrpQ\n" + + "WB3jzgMhjkH5ZnSm369A6D6eEoo05uP7lUNoex7sBcksq4QF2t9y0YHwjhciVyPU\n" + + "w0rgzOIDpJ6jb/HqEgWB+EYz5qU3RFAk4tz+ghpw93x+EAI7QBnw+PRjgmJiXQvc\n" + + "q78W+h8aysAQCv/dNJc9W8gfCpwDY2VKTc0BW9VIR4KbeI2Rgx378JYjzJNP9ORg\n" + + "DTacBdQh3LiqJ8B4x7OeVGouGbWEVG6x+htQ9YMHuOY1CmcNzoMSRyk50JOeM0Xc\n" + + "ge/9PLuQM+b4OQ3ZRN/BhUEg4P/VclXzkWeDKCvPcGEUrdFnyU1Lk2mYh1HTKS3g\n" + + "urTP9bdAyS9sdjXj9kv2fRM5N46rBRAffjwfW/LTVedvgRZ3RMCLrwPo90ID/xVU\n" + + "8PC9VmBR+WrqOijdsgnh7n940NR5hSyeWVeMwNFlJs043gKSIc5yNLS16mE/Yzgo\n" + + "snUpIUsDlSR6D8M/\n" + + "=Ptch\n" + + "-----END PGP SIGNATURE-----"; + + // Signature List consisting of Version 23 (invalid version) Signature and Version 4 Signature + private static readonly string SIG23SIG4 = "-----BEGIN PGP SIGNATURE-----\n" + + "\n" + + "wsE7FwABCgBvBYJgyf2fCRD7/MgqAV5zMEcUAAAAAAAeACBzYWx0QG5vdGF0aW9u\n" + + "cy5zZXF1b2lhLXBncC5vcmdURSYEGurWv1IDN4trcpgfrHMZeGRdhG5jlQazr8tJ\n" + + "QRYhBNGmbhojsYLJmA94jPv8yCoBXnMwAADAYwv+NeSzVRrR/CGLMna43b0xCrOz\n" + + "tEYVp3hLzjCYWP1F5d7OdrpQWB3jzgMhjkH5ZnSm369A6D6eEoo05uP7lUNoex7s\n" + + "Bcksq4QF2t9y0YHwjhciVyPUw0rgzOIDpJ6jb/HqEgWB+EYz5qU3RFAk4tz+ghpw\n" + + "93x+EAI7QBnw+PRjgmJiXQvcq78W+h8aysAQCv/dNJc9W8gfCpwDY2VKTc0BW9VI\n" + + "R4KbeI2Rgx378JYjzJNP9ORgDTacBdQh3LiqJ8B4x7OeVGouGbWEVG6x+htQ9YMH\n" + + "uOY1CmcNzoMSRyk50JOeM0Xcge/9PLuQM+b4OQ3ZRN/BhUEg4P/VclXzkWeDKCvP\n" + + "cGEUrdFnyU1Lk2mYh1HTKS3gurTP9bdAyS9sdjXj9kv2fRM5N46rBRAffjwfW/LT\n" + + "VedvgRZ3RMCLrwPo90ID/xVU8PC9VmBR+WrqOijdsgnh7n940NR5hSyeWVeMwNFl\n" + + "Js043gKSIc5yNLS16mE/YzgosnUpIUsDlSR6D8M/wsE7BAABCgBvBYJgyf2fCRD7\n" + + "/MgqAV5zMEcUAAAAAAAeACBzYWx0QG5vdGF0aW9ucy5zZXF1b2lhLXBncC5vcmdU\n" + + "RSYEGurWv1IDN4trcpgfrHMZeGRdhG5jlQazr8tJQRYhBNGmbhojsYLJmA94jPv8\n" + + "yCoBXnMwAADAYwv+NeSzVRrR/CGLMna43b0xCrOztEYVp3hLzjCYWP1F5d7OdrpQ\n" + + "WB3jzgMhjkH5ZnSm369A6D6eEoo05uP7lUNoex7sBcksq4QF2t9y0YHwjhciVyPU\n" + + "w0rgzOIDpJ6jb/HqEgWB+EYz5qU3RFAk4tz+ghpw93x+EAI7QBnw+PRjgmJiXQvc\n" + + "q78W+h8aysAQCv/dNJc9W8gfCpwDY2VKTc0BW9VIR4KbeI2Rgx378JYjzJNP9ORg\n" + + "DTacBdQh3LiqJ8B4x7OeVGouGbWEVG6x+htQ9YMHuOY1CmcNzoMSRyk50JOeM0Xc\n" + + "ge/9PLuQM+b4OQ3ZRN/BhUEg4P/VclXzkWeDKCvPcGEUrdFnyU1Lk2mYh1HTKS3g\n" + + "urTP9bdAyS9sdjXj9kv2fRM5N46rBRAffjwfW/LTVedvgRZ3RMCLrwPo90ID/xVU\n" + + "8PC9VmBR+WrqOijdsgnh7n940NR5hSyeWVeMwNFlJs043gKSIc5yNLS16mE/Yzgo\n" + + "snUpIUsDlSR6D8M/\n" + + "=o4rJ\n" + + "-----END PGP SIGNATURE-----"; + + public override string Name + { + get { return "PgpSignatureInvalidVersionIgnoredTest"; } + } + + public override void PerformTest() + { + AssertInvalidSignatureVersionIsIgnored(SIG4SIG23); + AssertInvalidSignatureVersionIsIgnored(SIG23SIG4); + } + + public static void Main(string[] args) + { + RunTest(new PgpSignatureInvalidVersionIgnoredTest()); + } + + [Test] + public void TestFunction() + { + string resultText = Perform().ToString(); + + Assert.AreEqual(Name + ": Okay", resultText); + } + + private void AssertInvalidSignatureVersionIsIgnored(string sig) + { + ArmoredInputStream armorIn = new ArmoredInputStream( + new MemoryStream(Encoding.UTF8.GetBytes(sig), false)); + PgpObjectFactory objectFactory = new PgpObjectFactory(armorIn); + PgpSignatureList signatures = (PgpSignatureList)objectFactory.NextPgpObject(); + IsEquals(1, signatures.Count); + PgpSignature signature = signatures[0]; + IsEquals(KEY_ID, signature.KeyId); + } + } +} diff --git a/crypto/test/src/openpgp/test/RegressionTest.cs b/crypto/test/src/openpgp/test/RegressionTest.cs index 3f5bcfcbd..a6a7edf5f 100644 --- a/crypto/test/src/openpgp/test/RegressionTest.cs +++ b/crypto/test/src/openpgp/test/RegressionTest.cs @@ -26,6 +26,7 @@ namespace Org.BouncyCastle.Bcpg.OpenPgp.Tests new PgpParsingTest(), new PgpPbeTest(), new PgpRsaTest(), + new PgpSignatureInvalidVersionIgnoredTest(), new PgpSignatureTest(), }; |