openpgp: Add tests for crashes in Nettle, see CVE-2021-3580.

author: Justus Winter <justus@sequoia-pgp.org> 2021-06-07 14:07:01 +0200
committer: Justus Winter <justus@sequoia-pgp.org> 2021-06-07 20:05:15 +0200
commit: f980bd2364745aecdca2ebd0d6db97401f047d49 (patch)
tree: 672e6a0f73c47da5476221a76c0f18961d02d3c1
parent: ea6720251f9f5b536ea723075c21fd3b7fcdb6fc (diff)
1 files changed, 64 insertions, 0 deletions
diff --git a/openpgp/src/packet/pkesk.rs b/openpgp/src/packet/pkesk.rs
index 0c5e567f..7f21639c 100644
--- a/openpgp/src/packet/pkesk.rs
+++ b/openpgp/src/packet/pkesk.rs
@@ -393,4 +393,68 @@ mod tests {
         let mut keypair = key.into_keypair().unwrap();
         pkesk.decrypt(&mut keypair, None).unwrap();
     }
+
+    /// Insufficient validation of RSA ciphertexts crash Nettle.
+    ///
+    /// See CVE-2021-3580.
+    #[test]
+    fn cve_2021_3580_ciphertext_too_long() -> Result<()> {
+        // Get (any) 2k RSA key.
+        let cert = Cert::from_bytes(
+            crate::tests::key("testy-private.pgp"))?;
+        let mut keypair = cert.primary_key().key().clone()
+            .parts_into_secret()?.into_keypair()?;
+
+        let pile = PacketPile::from_bytes(b"-----BEGIN PGP ARMORED FILE-----
+
+wcDNAwAAAAAAAAAAAQwGI5SkpcRMjkiOKx332kxv+2Xh4y1QTefPilKOPOlHYFa0
+rnnLaQVEACKJNQ38YuCFUvtpK4IN2grjlj71IP24+KDp3ZuVWnVTS6JcyE10Y9iq
+uGvKdS0C17XCze2LD4ouVOrUZHGXpeDT47w6DsHb/0UE85h56wpk2CzO1XFQzHxX
+HR2DDLqqeFVzTv0peYiQfLHl7kWXijTNEqmYhFCzxuICXzuClAAJM+fVIRfcm2tm
+2R4AxOQGv9DlWfZwbkpKfj/uuo0CAe21n4NT+NzdVgPlff/hna3yGgPe1B+vjq4e
+jfxHg+pvo/HTLkV+c2HAGbM1bCb/5TedGd1nAMSAIOu/J/WQp/l3HtEv63HaVPZJ
+JInJ6L/KyPwjm/ieZx5EWOLJgFRWGCrBGnb8T81lkFey7uZR5Xiq+9KoUhHQFw8N
+joc0YUVyhUBVFf4B0zVZRUfqZyJtJ07Sl5xppI12U1HQCTjn7Fp8BHMPKuBotYzv
+1Q4f00k6Txctw+LDRM17/w==
+=VtwB
+-----END PGP ARMORED FILE-----
+")?;
+        let pkg = pile.descendants().next();
+        if let Some(Packet::PKESK(ref pkesk)) = pkg {
+            // Boom goes the assertion.
+            let _ = pkesk.decrypt(&mut keypair, None);
+        } else {
+            panic!("message is not a PKESK packet");
+        }
+
+        Ok(())
+    }
+
+    /// Insufficient validation of RSA ciphertexts crash Nettle.
+    ///
+    /// See CVE-2021-3580.
+    #[test]
+    fn cve_2021_3580_zero_ciphertext() -> Result<()> {
+        // Get (any) 2k RSA key.
+        let cert = Cert::from_bytes(
+            crate::tests::key("testy-private.pgp"))?;
+        let mut keypair = cert.primary_key().key().clone()
+            .parts_into_secret()?.into_keypair()?;
+
+        let pile = PacketPile::from_bytes(b"-----BEGIN PGP ARMORED FILE-----
+
+wQwDAAAAAAAAAAABAAA=
+=H/1T
+-----END PGP ARMORED FILE-----
+")?;
+        let pkg = pile.descendants().next();
+        if let Some(Packet::PKESK(ref pkesk)) = pkg {
+            // Boom goes the memory safety.
+            let _ = pkesk.decrypt(&mut keypair, None);
+        } else {
+            panic!("message is not a PKESK packet");
+        }
+
+        Ok(())
+    }
 }
author	Justus Winter <justus@sequoia-pgp.org>	2021-06-07 14:07:01 +0200
committer	Justus Winter <justus@sequoia-pgp.org>	2021-06-07 20:05:15 +0200
commit	f980bd2364745aecdca2ebd0d6db97401f047d49 (patch)
tree	672e6a0f73c47da5476221a76c0f18961d02d3c1
parent	ea6720251f9f5b536ea723075c21fd3b7fcdb6fc (diff)