PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-09-10 10:49:39 +02:00
Code Issues Releases Wiki Activity

Even more fuzzing

Browse source
This commit is contained in:
Paul Schaub 2025-07-09 14:09:47 +02:00
parent 05cea3e5a9
commit 002bd87136
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
33 changed files with 509 additions and 365 deletions
Download patch file Download diff file Expand all files Collapse all files

44
pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
View file

@ -139,7 +139,11 @@ class OpenPgpMessageInputStream(
// Comsume packets, potentially stepping into nested layers
layer@ while (run {
packet = pIn.nextPacketTag()
packet = try {
pIn.nextPacketTag()
} catch (e: NoSuchElementException) {
throw MalformedOpenPgpMessageException(e.message)
}
packet
} != null) {
@ -206,12 +210,25 @@ class OpenPgpMessageInputStream(
syntaxVerifier.next(InputSymbol.LITERAL_DATA)
val literalData = packetInputStream!!.readLiteralData()
val streamEncoding = try {
StreamEncoding.requireFromCode(literalData.format)
} catch (e: NoSuchElementException) {
throw PGPException("Invalid stream encoding format encountered: ${literalData.format}; ${e.message}")
}
val fileName = try {
literalData.fileName
} catch (e: IllegalArgumentException) {
// Non UTF8
throw PGPException("Cannot decode literal data filename: ${e.message}")
}
// Extract Metadata
layerMetadata.child =
LiteralData(
literalData.fileName,
fileName,
literalData.modificationTime,
StreamEncoding.requireFromCode(literalData.format))
streamEncoding)
nestedInputStream = literalData.inputStream
}
@ -221,10 +238,16 @@ class OpenPgpMessageInputStream(
signatures.enterNesting()
val compressedData = packetInputStream!!.readCompressedData()
val compAlg = try {
CompressionAlgorithm.requireFromId(compressedData.algorithm)
} catch (e: NoSuchElementException) {
throw PGPException(e.message)
}
// Extract Metadata
val compressionLayer =
CompressedData(
CompressionAlgorithm.requireFromId(compressedData.algorithm),
compAlg,
layerMetadata.depth + 1)
LOGGER.debug(
@ -324,6 +347,11 @@ class OpenPgpMessageInputStream(
"Symmetrically Encrypted Data Packet at depth ${layerMetadata.depth} encountered.")
syntaxVerifier.next(InputSymbol.ENCRYPTED_DATA)
val encDataList = packetInputStream!!.readEncryptedDataList()
if (encDataList.isEmpty) {
LOGGER.debug(
"Missing encrypted session key packet.")
return false
}
if (!encDataList.isIntegrityProtected && !encDataList.get(0).isAEAD) {
LOGGER.warn("Symmetrically Encrypted Data Packet is not integrity-protected.")
if (!options.isIgnoreMDCErrors()) {
@ -546,7 +574,13 @@ class OpenPgpMessageInputStream(
pkesk: PGPPublicKeyEncryptedData
): Boolean {
try {
val decrypted = pkesk.getDataStream(decryptorFactory)
val decrypted = try {
pkesk.getDataStream(decryptorFactory)
} catch (e: ClassCastException) {
throw PGPException(e.message)
} catch (e: IllegalArgumentException) {
throw PGPException(e.message)
}
val sessionKey = SessionKey(pkesk.getSessionKey(decryptorFactory))
throwIfUnacceptable(sessionKey.algorithm)

8
pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/TeeBCPGInputStream.kt
View file

@ -17,6 +17,7 @@ import org.bouncycastle.openpgp.PGPOnePassSignature
import org.bouncycastle.openpgp.PGPPadding
import org.bouncycastle.openpgp.PGPSignature
import org.pgpainless.algorithm.OpenPgpPacket
import org.pgpainless.exception.MalformedOpenPgpMessageException
/**
* Since we need to update signatures with data from the underlying stream, this class is used to
@ -61,7 +62,12 @@ class TeeBCPGInputStream(inputStream: BCPGInputStream, outputStream: OutputStrea
fun readEncryptedDataList(): PGPEncryptedDataList {
delayedTee.squeeze()
return PGPEncryptedDataList(packetInputStream)
return try {
PGPEncryptedDataList(packetInputStream)
} catch (e: IllegalArgumentException) {
// Mismatched SKESK / SEIPD version
throw MalformedOpenPgpMessageException(e.message)
}
}
fun readOnePassSignature(): PGPOnePassSignature {