Put support for reading v5 packets behind a feature flag (#212)

lubux · web-flow · commit c25e074d11e5 · 2024-07-05T14:47:06.000+02:00
* Put v5 support behind a feature flag
diff --git a/openpgp/keys_v5_test.go b/openpgp/keys_v5_test.go
@@ -4,13 +4,18 @@ import (
 	"bytes"
 	"strings"
 	"testing"
+
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 
 var foreignKeys = []string{
 	v5PrivKey,
 }
 
 func TestReadPrivateForeignV5Key(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	for _, str := range foreignKeys {
 		kring, err := ReadArmoredKeyRing(strings.NewReader(str))
 		if err != nil {
@@ -21,6 +26,9 @@ func TestReadPrivateForeignV5Key(t *testing.T) {
 }
 
 func TestReadPrivateSerializeForeignV5Key(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	for _, str := range foreignKeys {
 		el, err := ReadArmoredKeyRing(strings.NewReader(str))
 		if err != nil {
diff --git a/openpgp/packet/config.go b/openpgp/packet/config.go
@@ -29,6 +29,15 @@ var (
 	}
 )
 
+// A global feature flag to indicate v5 support.
+// Can be set via a build tag, e.g.: `go build -tags v5 ./...`
+// If the build tag is missing config_v5.go will set it to true.
+//
+// Disables parsing of v5 keys and v5 signatures.
+// These are non-standard entities, which in the crypto-refresh have been superseded
+// by v6 keys, v6 signatures and SEIPDv2 encrypted data, respectively.
+var V5Disabled = false
+
 // Config collects a number of parameters along with sensible defaults.
 // A nil *Config is valid and results in all default values.
 type Config struct {
diff --git a/openpgp/packet/config_v5.go b/openpgp/packet/config_v5.go
@@ -0,0 +1,7 @@
+//go:build !v5
+
+package packet
+
+func init() {
+	V5Disabled = true
+}
diff --git a/openpgp/packet/private_key.go b/openpgp/packet/private_key.go
@@ -202,6 +202,10 @@ func (pk *PrivateKey) parse(r io.Reader) (err error) {
 	v5 := pk.PublicKey.Version == 5
 	v6 := pk.PublicKey.Version == 6
 
+	if V5Disabled && v5 {
+		return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+	}
+
 	var buf [1]byte
 	_, err = readFull(r, buf[:])
 	if err != nil {
diff --git a/openpgp/packet/public_key.go b/openpgp/packet/public_key.go
@@ -236,11 +236,16 @@ func (pk *PublicKey) parse(r io.Reader) (err error) {
 	if err != nil {
 		return
 	}
-	if buf[0] != 4 && buf[0] != 5 && buf[0] != 6 {
+
+	pk.Version = int(buf[0])
+	if pk.Version != 4 && pk.Version != 5 && pk.Version != 6 {
 		return errors.UnsupportedError("public key version " + strconv.Itoa(int(buf[0])))
 	}
 
-	pk.Version = int(buf[0])
+	if V5Disabled && pk.Version == 5 {
+		return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+	}
+
 	if pk.Version >= 5 {
 		// Read the four-octet scalar octet count
 		// The count is not used in this implementation
diff --git a/openpgp/packet/signature.go b/openpgp/packet/signature.go
@@ -149,11 +149,16 @@ func (sig *Signature) parse(r io.Reader) (err error) {
 	if err != nil {
 		return
 	}
-	if buf[0] != 4 && buf[0] != 5 && buf[0] != 6 {
+	sig.Version = int(buf[0])
+	if sig.Version != 4 && sig.Version != 5 && sig.Version != 6 {
 		err = errors.UnsupportedError("signature packet version " + strconv.Itoa(int(buf[0])))
 		return
 	}
-	sig.Version = int(buf[0])
+
+	if V5Disabled && sig.Version == 5 {
+		return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+	}
+
 	if sig.Version == 6 {
 		_, err = readFull(r, buf[:7])
 	} else {
diff --git a/openpgp/packet/symmetric_key_encrypted.go b/openpgp/packet/symmetric_key_encrypted.go
@@ -45,6 +45,10 @@ func (ske *SymmetricKeyEncrypted) parse(r io.Reader) error {
 		return errors.UnsupportedError("unknown SymmetricKeyEncrypted version")
 	}
 
+	if V5Disabled && ske.Version == 5 {
+		return errors.UnsupportedError("support for parsing v5 entities is disabled; build with `-tags v5` if needed")
+	}
+
 	if ske.Version > 5 {
 		// Scalar octet count
 		if _, err := readFull(r, buf[:]); err != nil {
diff --git a/openpgp/packet/symmetric_key_encrypted_data_test.go b/openpgp/packet/symmetric_key_encrypted_data_test.go
@@ -9,7 +9,12 @@ type packetSequence struct {
 	contents string
 }
 
-var keyAndIpePackets = []*packetSequence{symEncTestv6, aeadEaxRFC, aeadOcbRFC}
+func keyAndIpePackets() []*packetSequence {
+	if V5Disabled {
+		return []*packetSequence{symEncTestv6}
+	}
+	return []*packetSequence{symEncTestv6, aeadEaxRFC, aeadOcbRFC}
+}
 
 // https://www.ietf.org/archive/id/draft-koch-openpgp-2015-rfc4880bis-00.html#name-complete-aead-eax-encrypted-
 var aeadEaxRFC = &packetSequence{
diff --git a/openpgp/packet/symmetric_key_encrypted_test.go b/openpgp/packet/symmetric_key_encrypted_test.go
@@ -19,7 +19,7 @@ const maxPassLen = 64
 
 // Tests against RFC vectors
 func TestDecryptSymmetricKeyAndEncryptedDataPacket(t *testing.T) {
-	for _, testCase := range keyAndIpePackets {
+	for _, testCase := range keyAndIpePackets() {
 		// Key
 		buf := readerFromHex(testCase.packets)
 		packet, err := Read(buf)
diff --git a/openpgp/read_test.go b/openpgp/read_test.go
@@ -673,6 +673,9 @@ func TestSymmetricDecryptionArgon2(t *testing.T) {
 }
 
 func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	// Read key from file
 	armored, err := os.Open("test_data/aead-ocb-asym-key.asc")
 	if err != nil {
@@ -719,6 +722,9 @@ func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
 }
 
 func TestSymmetricAeadEaxOpenPGPJsMessage(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	key := []byte{79, 41, 206, 112, 224, 133, 140, 223, 27, 61, 227, 57, 114,
 		118, 64, 60, 177, 26, 42, 174, 151, 5, 186, 74, 226, 97, 214, 63, 114, 77,
 		215, 121}
@@ -890,6 +896,9 @@ func TestMessageWithoutMdc(t *testing.T) {
 }
 
 func TestReadV5Messages(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	key, err := ReadArmoredKeyRing(strings.NewReader(keyv5Test))
 	if err != nil {
 		t.Error(err)
diff --git a/openpgp/v2/keys_v5_test.go b/openpgp/v2/keys_v5_test.go
@@ -4,13 +4,18 @@ import (
 	"bytes"
 	"strings"
 	"testing"
+
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
 )
 
 var foreignKeys = []string{
 	v5PrivKey,
 }
 
 func TestReadPrivateForeignV5Key(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	for _, str := range foreignKeys {
 		kring, err := ReadArmoredKeyRing(strings.NewReader(str))
 		if err != nil {
@@ -21,6 +26,9 @@ func TestReadPrivateForeignV5Key(t *testing.T) {
 }
 
 func TestReadPrivateSerializeForeignV5Key(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	for _, str := range foreignKeys {
 		el, err := ReadArmoredKeyRing(strings.NewReader(str))
 		if err != nil {
diff --git a/openpgp/v2/read_test.go b/openpgp/v2/read_test.go
@@ -704,6 +704,9 @@ func TestSymmetricDecryptionArgon2(t *testing.T) {
 }
 
 func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	// Read key from file
 	armored, err := os.Open("../test_data/aead-ocb-asym-key.asc")
 	if err != nil {
@@ -750,6 +753,9 @@ func TestAsymmestricAeadOcbOpenPGPjsCompressedMessage(t *testing.T) {
 }
 
 func TestSymmetricAeadEaxOpenPGPJsMessage(t *testing.T) {
+	if packet.V5Disabled {
+		t.Skip()
+	}
 	key := []byte{79, 41, 206, 112, 224, 133, 140, 223, 27, 61, 227, 57, 114,
 		118, 64, 60, 177, 26, 42, 174, 151, 5, 186, 74, 226, 97, 214, 63, 114, 77,
 		215, 121}
