Explicitly pass formatted allowed packets to Packetlist.read

src/cleartext.js

@@ -23,6 +23,9 @@ import { Signature } from './signature';
 import { createVerificationObjects, createSignaturePackets } from './message';
 import defaultConfig from './config';
 
+// A Cleartext message can contain the following packets
+const allowedPackets = util.constructAllowedPackets([SignaturePacket]);
+
 /**
  * Class that represents an OpenPGP cleartext signed message.
  * See {@link https://tools.ietf.org/html/rfc4880#section-7}
@@ -127,7 +130,6 @@ export class CleartextMessage {
   }
 }
 
-
 /**
  * Reads an OpenPGP cleartext signed message and returns a CleartextMessage object
  * @param {Object} options
@@ -147,7 +149,7 @@ export async function readCleartextMessage({ cleartextMessage, config }) {
     throw new Error('No cleartext signed message.');
   }
   const packetlist = new PacketList();
-  await packetlist.read(input.data, { SignaturePacket }, undefined, config);
+  await packetlist.read(input.data, allowedPackets, undefined, config);
   verifyHeaders(input.headers, packetlist);
   const signature = new Signature(packetlist);
   return new CleartextMessage(input.text, signature);

src/key/factory.js

@@ -15,14 +15,34 @@
 // License along with this library; if not, write to the Free Software
 // Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 
-import { PacketList, UserIDPacket, SignaturePacket } from '../packet';
+import {
+  PacketList,
+  UserIDPacket,
+  SignaturePacket,
+  PublicKeyPacket,
+  PublicSubkeyPacket,
+  SecretKeyPacket,
+  SecretSubkeyPacket,
+  UserAttributePacket
+} from '../packet';
 import Key from './key';
 import * as helper from './helper';
 import enums from '../enums';
 import util from '../util';
 import defaultConfig from '../config';
 import { unarmor } from '../encoding/armor';
 
+// A Key can contain the following packets
+const allowedKeyPackets = util.constructAllowedPackets([
+  PublicKeyPacket,
+  PublicSubkeyPacket,
+  SecretKeyPacket,
+  SecretSubkeyPacket,
+  UserIDPacket,
+  UserAttributePacket,
+  SignaturePacket
+]);
+
 /**
  * Generates a new OpenPGP key. Supports RSA and ECC keys.
  * By default, primary and subkeys will be of same type.
@@ -256,7 +276,7 @@ export async function readKey({ armoredKey, binaryKey, config }) {
     input = binaryKey;
   }
   const packetlist = new PacketList();
-  await packetlist.read(input, helper.allowedKeyPackets, undefined, config);
+  await packetlist.read(input, allowedKeyPackets, undefined, config);
   return new Key(packetlist);
 }
 
@@ -285,7 +305,7 @@ export async function readKeys({ armoredKeys, binaryKeys, config }) {
   }
   const keys = [];
   const packetlist = new PacketList();
-  await packetlist.read(input, helper.allowedKeyPackets, undefined, config);
+  await packetlist.read(input, allowedKeyPackets, undefined, config);
   const keyIndex = packetlist.indexOfTag(enums.packet.publicKey, enums.packet.secretKey);
   if (keyIndex.length === 0) {
     throw new Error('No key packet found');

src/key/helper.js

@@ -9,25 +9,13 @@ import {
   PublicSubkeyPacket,
   SecretKeyPacket,
   SecretSubkeyPacket,
-  UserIDPacket,
-  UserAttributePacket,
   SignaturePacket
 } from '../packet';
 import enums from '../enums';
 import crypto from '../crypto';
 import util from '../util';
 import defaultConfig from '../config';
 
-export const allowedKeyPackets = {
-  PublicKeyPacket,
-  PublicSubkeyPacket,
-  SecretKeyPacket,
-  SecretSubkeyPacket,
-  UserIDPacket,
-  UserAttributePacket,
-  SignaturePacket
-};
-
 export async function generateSecretSubkey(options, config) {
   const secretSubkeyPacket = new SecretSubkeyPacket(options.date, config);
   secretSubkeyPacket.packets = null;

src/key/key.js

@@ -29,6 +29,9 @@ import User from './user';
 import SubKey from './subkey';
 import * as helper from './helper';
 
+// A key revocation certificate can contain the following packets
+const allowedRevocationPackets = util.constructAllowedPackets([SignaturePacket]);
+
 /**
  * Class that represents an OpenPGP key. Must contain a primary key.
  * Can contain additional subkeys, signatures, user ids, user attributes.
@@ -797,7 +800,7 @@ class Key {
   async applyRevocationCertificate(revocationCertificate, config = defaultConfig) {
     const input = await unarmor(revocationCertificate, config);
     const packetlist = new PacketList();
-    await packetlist.read(input.data, { SignaturePacket }, undefined, config);
+    await packetlist.read(input.data, allowedRevocationPackets, undefined, config);
     const revocationSignature = packetlist.findPacket(enums.packet.signature);
     if (!revocationSignature || revocationSignature.signatureType !== enums.signature.keyRevocation) {
       throw new Error('Could not find revocation signature packet');
@@ -950,3 +953,4 @@ class Key {
 });
 
 export default Key;
+

src/message.js

@@ -22,6 +22,8 @@ import defaultConfig from './config';
 import crypto from './crypto';
 import enums from './enums';
 import util from './util';
+import { Signature } from './signature';
+import { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';
 import {
   PacketList,
   LiteralDataPacket,
@@ -34,8 +36,23 @@ import {
   OnePassSignaturePacket,
   SignaturePacket
 } from './packet';
-import { Signature } from './signature';
-import { getPreferredHashAlgo, getPreferredAlgo, isAEADSupported, createSignaturePacket } from './key';
+
+// A Message can contain the following packets
+const allowedMessagePackets = util.constructAllowedPackets([
+  LiteralDataPacket,
+  CompressedDataPacket,
+  AEADEncryptedDataPacket,
+  SymEncryptedIntegrityProtectedDataPacket,
+  SymmetricallyEncryptedDataPacket,
+  PublicKeyEncryptedSessionKeyPacket,
+  SymEncryptedSessionKeyPacket,
+  OnePassSignaturePacket,
+  SignaturePacket
+]);
+// A SKESK packet can contain the following packets
+const allowedSymSessionKeyPackets = util.constructAllowedPackets([SymEncryptedSessionKeyPacket]);
+// A detached signature can contain the following packets
+const allowedDetachedSignaturePackets = util.constructAllowedPackets([SignaturePacket]);
 
 /**
  * Class that represents an OpenPGP message.
@@ -159,7 +176,7 @@ export class Message {
         let packets;
         if (i) {
           packets = new PacketList();
-          await packets.read(symESKeyPacketlist.write(), { SymEncryptedSessionKeyPacket });
+          await packets.read(symESKeyPacketlist.write(), allowedSymSessionKeyPackets);
         } else {
           packets = symESKeyPacketlist;
         }
@@ -610,7 +627,10 @@ export class Message {
    * @param {String|Uint8Array} detachedSignature - The detached ASCII-armored or Uint8Array PGP signature
    */
   async appendSignature(detachedSignature) {
-    await this.packets.read(util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data, { SignaturePacket });
+    await this.packets.read(
+      util.isUint8Array(detachedSignature) ? detachedSignature : (await unarmor(detachedSignature)).data,
+      allowedDetachedSignaturePackets
+    );
   }
 
   /**
@@ -853,18 +873,9 @@ export async function readMessage({ armoredMessage, binaryMessage, config }) {
     input = data;
   }
   const packetlist = new PacketList();
-  await packetlist.read(input, {
-    LiteralDataPacket,
-    CompressedDataPacket,
-    AEADEncryptedDataPacket,
-    SymEncryptedIntegrityProtectedDataPacket,
-    SymmetricallyEncryptedDataPacket,
-    PublicKeyEncryptedSessionKeyPacket,
-    SymEncryptedSessionKeyPacket,
-    OnePassSignaturePacket,
-    SignaturePacket
-  }, streamType, config);
+  await packetlist.read(input, allowedMessagePackets, streamType, config);
   const message = new Message(packetlist);
   message.fromStream = streamType;
   return message;
 }
+

src/packet/aead_encrypted_data.js

@@ -19,13 +19,20 @@ import stream from '@openpgp/web-stream-tools';
 import crypto from '../crypto';
 import enums from '../enums';
 import util from '../util';
-import {
+import defaultConfig from '../config';
+
+import LiteralDataPacket from './literal_data';
+import CompressedDataPacket from './compressed_data';
+import OnePassSignaturePacket from './one_pass_signature';
+import SignaturePacket from './signature';
+
+// An AEAD-encrypted Data packet can contain the following packet types
+const allowedPackets = util.constructAllowedPackets([
   LiteralDataPacket,
   CompressedDataPacket,
   OnePassSignaturePacket,
   SignaturePacket
-} from '../packet';
-import defaultConfig from '../config';
+]);
 
 const VERSION = 1; // A one-octet version number of the data packet.
 
@@ -37,8 +44,6 @@ const VERSION = 1; // A one-octet version number of the data packet.
  * AEAD Protected Data Packet
  */
 class AEADEncryptedDataPacket {
-  static tag = enums.packet.aeadEncryptedData;
-
   constructor() {
     this.version = VERSION;
     this.cipherAlgo = null;
@@ -85,12 +90,7 @@ class AEADEncryptedDataPacket {
    * @async
    */
   async decrypt(sessionKeyAlgorithm, key, streaming) {
-    await this.packets.read(await this.crypt('decrypt', key, stream.clone(this.encrypted), streaming), {
-      LiteralDataPacket,
-      CompressedDataPacket,
-      OnePassSignaturePacket,
-      SignaturePacket
-    }, streaming);
+    await this.packets.read(await this.crypt('decrypt', key, stream.clone(this.encrypted), streaming), allowedPackets, streaming);
   }
 
   /**
@@ -133,7 +133,7 @@ class AEADEncryptedDataPacket {
     const adataTagArray = new Uint8Array(adataBuffer);
     const adataView = new DataView(adataBuffer);
     const chunkIndexArray = new Uint8Array(adataBuffer, 5, 8);
-    adataArray.set([0xC0 | this.constructor.tag, this.version, this.cipherAlgo, this.aeadAlgo, this.chunkSizeByte], 0);
+    adataArray.set([0xC0 | AEADEncryptedDataPacket.tag, this.version, this.cipherAlgo, this.aeadAlgo, this.chunkSizeByte], 0);
     let chunkIndex = 0;
     let latestPromise = Promise.resolve();
     let cryptedBytes = 0;
@@ -190,5 +190,7 @@ class AEADEncryptedDataPacket {
     });
   }
 }
+// Static fields (explicit declaration not fully supported by Safari)
+AEADEncryptedDataPacket.tag = enums.packet.aeadEncryptedData;
 
 export default AEADEncryptedDataPacket;

src/packet/compressed_data.js

@@ -23,11 +23,17 @@ import stream from '@openpgp/web-stream-tools';
 import enums from '../enums';
 import util from '../util';
 import defaultConfig from '../config';
-import {
+
+import LiteralDataPacket from './literal_data';
+import OnePassSignaturePacket from './one_pass_signature';
+import SignaturePacket from './signature';
+
+// A Compressed Data packet can contain the following packet types
+const allowedPackets = util.constructAllowedPackets([
   LiteralDataPacket,
   OnePassSignaturePacket,
   SignaturePacket
-} from '../packet';
+]);
 
 /**
  * Implementation of the Compressed Data Packet (Tag 8)
@@ -38,8 +44,6 @@ import {
  * a Signature or One-Pass Signature packet, and contains a literal data packet.
  */
 class CompressedDataPacket {
-  static tag = enums.packet.compressedData;
-
   /**
    * @param {Object} [config] - Full configuration, defaults to openpgp.config
    */
@@ -108,11 +112,7 @@ class CompressedDataPacket {
       throw new Error(this.algorithm + ' decompression not supported');
     }
 
-    await this.packets.read(decompress_fns[this.algorithm](this.compressed), {
-      LiteralDataPacket,
-      OnePassSignaturePacket,
-      SignaturePacket
-    }, streaming);
+    await this.packets.read(decompress_fns[this.algorithm](this.compressed), allowedPackets, streaming);
   }
 
   /**
@@ -126,6 +126,8 @@ class CompressedDataPacket {
     this.compressed = compress_fns[this.algorithm](this.packets.write(), this.deflateLevel);
   }
 }
+// Static fields (explicit declaration not fully supported by Safari)
+CompressedDataPacket.tag = enums.packet.compressedData;
 
 export default CompressedDataPacket;
 
@@ -190,3 +192,4 @@ const decompress_fns = nodeZlib ? {
   zlib: /*#__PURE__*/ pako_zlib(Inflate),
   bzip2: /*#__PURE__*/ bzip2(BunzipDecode)
 };
+

src/packet/literal_data.js

@@ -27,8 +27,6 @@ import util from '../util';
  * further interpreted.
  */
 class LiteralDataPacket {
-  static tag = enums.packet.literalData;
-
   /**
    * @param {Date} date - The creation date of the literal package
    */
@@ -111,7 +109,6 @@ class LiteralDataPacket {
     return this.filename;
   }
 
-
   /**
    * Parsing function for a literal data packet (tag 11).
    *
@@ -161,5 +158,7 @@ class LiteralDataPacket {
     return util.concat([header, data]);
   }
 }
+// Static fields (explicit declaration not fully supported by Safari)
+LiteralDataPacket.tag = enums.packet.literalData;
 
 export default LiteralDataPacket;

src/packet/marker.js

@@ -31,8 +31,6 @@ import enums from '../enums';
  * Such a packet MUST be ignored when received.
  */
 class MarkerPacket {
-  static tag = enums.packet.marker;
-
   /**
    * Parsing function for a literal data packet (tag 10).
    *
@@ -54,5 +52,7 @@ class MarkerPacket {
     return false;
   }
 }
+// Static fields (explicit declaration not fully supported by Safari)
+MarkerPacket.tag = enums.packet.marker;
 
 export default MarkerPacket;

src/packet/one_pass_signature.js

@@ -32,8 +32,6 @@ import util from '../util';
  * can compute the entire signed message in one pass.
  */
 class OnePassSignaturePacket {
-  static tag = enums.packet.onePassSignature;
-
   constructor() {
     /** A one-octet version number.  The current version is 3. */
     this.version = null;
@@ -135,5 +133,7 @@ class OnePassSignaturePacket {
 OnePassSignaturePacket.prototype.hash = SignaturePacket.prototype.hash;
 OnePassSignaturePacket.prototype.toHash = SignaturePacket.prototype.toHash;
 OnePassSignaturePacket.prototype.toSign = SignaturePacket.prototype.toSign;
+// Static fields (explicit declaration not fully supported by Safari)
+OnePassSignaturePacket.tag = enums.packet.onePassSignature;
 
 export default OnePassSignaturePacket;