Ignore UAT, unsupported, malformed packets (closes hockeypuck#135, mi…

…ght address hockeypuck#198)
pgpkeys-eu · Nov 23, 2023 · d42e747 · d42e747
1 parent de01432
commit d42e747
Show file tree

Hide file tree

Showing 20 changed files with 48 additions and 715 deletions.
diff --git a/contrib/templates/index.html.tmpl b/contrib/templates/index.html.tmpl
@@ -20,10 +20,6 @@
 {{ range $sig := $uid.Signatures }}sig {{ if $sig.Revocation }}<span class="warn">revok </span>{{ else }} sig  {{ end }}<a href="/pks/lookup?op=get&search=0x{{ $sig.IssuerKeyID }}">{{ $sig.IssuerKeyID }}</a> {{ $sig.Creation }} {{ if $sig.Expiration  }}{{ $sig.Expiration }}{{ else }}{{ $spacer }}{{ end }} {{ $spacer }} <a href="/pks/lookup?op=vindex&search=0x{{ $sig.IssuerKeyID }}">{{ if eq $sig.IssuerKeyID $key.LongKeyID }}[selfsig]{{ else }}{{ $sig.IssuerKeyID }}{{ end }}</a>
 {{ end }}
 {{ end -}}
-{{ range $uat := $key.UserAttrs }}<strong>uat</strong> {{ range $photo := $uat.Photos }}<img src="{{ url $photo.DataURI }}">{{end}}
-{{ range $sig := $uat.Signatures }}sig {{ if $sig.Revocation }}<span class="warn">revok </span>{{ else }} sig  {{ end }}<a href="/pks/lookup?op=get&search=0x{{ $sig.IssuerKeyID }}">{{ $sig.IssuerKeyID }}</a> {{ $sig.Creation }} {{ if $sig.Expiration }}{{ $sig.Expiration }}{{ else }}{{ $spacer }}{{ end }} {{ $spacer }} <a href="/pks/lookup?op=vindex&search=0x{{ $sig.IssuerKeyID }}">{{ if eq $sig.IssuerKeyID $key.LongKeyID }}[selfsig]{{ else }}{{ $sig.IssuerKeyID }}{{ end }}</a>
-{{ end }}
-{{ end -}}
 {{ range $sub := $key.SubKeys }}<strong>sub</strong> ({{ $sub.Version }}){{ $sub.Algorithm.Name }}{{ $sub.BitLength }}/{{ if $fp }}{{ $sub.Fingerprint }}{{ else }}{{ $sub.LongKeyID }}{{ end }} {{ $sub.Creation }}
 {{ range $sig := $sub.Signatures }}sig {{ if $sig.Revocation }}<span class="warn">revok </span>{{ else }}sbind{{ end }} <a href="/pks/lookup?op=get&search=0x{{ $key.LongKeyID }}">{{ $key.LongKeyID }}</a> {{ $sig.Creation }} {{ $spacer }} {{ if $sig.Expiration }}{{ $sig.Expiration }}{{ else }}{{ $spacer }}{{ end }} <a href="/pks/lookup?op=vindex&search=0x{{ $key.LongKeyID }}">[]</a>
 {{ end }}

diff --git a/src/hockeypuck/hkp/handler.go b/src/hockeypuck/hkp/handler.go
@@ -354,11 +354,6 @@ func (h *Handler) get(w http.ResponseWriter, l *Lookup) {
 		return
 	}
 
-	// Drop malformed packets, since these break GPG imports.
-	for _, key := range keys {
-		openpgp.DropMalformed(key)
-	}
-
 	w.Header().Set("Content-Type", "application/pgp-keys")
 	if l.Options[OptionMachineReadable] {
 		w.Header().Set("Access-Control-Allow-Origin", "*")
@@ -521,16 +516,6 @@ func (h *Handler) Add(w http.ResponseWriter, r *http.Request, _ httprouter.Param
 		return
 	}
 	for _, key := range keys {
-		err := openpgp.DropMalformed(key)
-		if err != nil {
-			httpError(w, http.StatusInternalServerError, errors.WithStack(err))
-			return
-		}
-		err = openpgp.DropDuplicates(key)
-		if err != nil {
-			httpError(w, http.StatusInternalServerError, errors.WithStack(err))
-			return
-		}
 		err = openpgp.ValidSelfSigned(key, false)
 		if err != nil {
 			httpError(w, http.StatusInternalServerError, errors.WithStack(err))
@@ -599,16 +584,6 @@ func (h *Handler) Replace(w http.ResponseWriter, r *http.Request, _ httprouter.P
 		if signingFp != key.Fingerprint() {
 			continue
 		}
-		err := openpgp.DropMalformed(key)
-		if err != nil {
-			httpError(w, http.StatusInternalServerError, errors.WithStack(err))
-			return
-		}
-		err = openpgp.DropDuplicates(key)
-		if err != nil {
-			httpError(w, http.StatusInternalServerError, errors.WithStack(err))
-			return
-		}
 		err = openpgp.ValidSelfSigned(key, false)
 		if err != nil {
 			httpError(w, http.StatusInternalServerError, errors.WithStack(err))

diff --git a/src/hockeypuck/hkp/handler_test.go b/src/hockeypuck/hkp/handler_test.go
@@ -284,7 +284,6 @@ func (s *HandlerSuite) TestFetchWithBadSigs(c *gc.C) {
 	keys := openpgp.MustReadArmorKeys(bytes.NewBuffer(armor))
 	c.Assert(keys, gc.HasLen, 1)
 	c.Assert(keys[0].ShortID(), gc.Equals, tk.sid)
-	c.Assert(len(keys[0].Others), gc.Equals, 0)
 }
 
 func (s *HandlerSuite) SetupHashQueryTest(c *gc.C, unique bool, digests ...int) (*httptest.ResponseRecorder, *http.Request) {

diff --git a/src/hockeypuck/hkp/jsonhkp/jsonhkp.go b/src/hockeypuck/hkp/jsonhkp/jsonhkp.go
@@ -21,10 +21,7 @@
 package jsonhkp
 
 import (
-	"encoding/base64"
-	"fmt"
 	"io"
-	"net/url"
 	"time"
 
 	"github.com/pkg/errors"
@@ -40,9 +37,8 @@ type Packet struct {
 
 func NewPacket(from *openpgp.Packet) *Packet {
 	return &Packet{
-		Tag:    from.Tag,
-		Data:   from.Packet,
-		Parsed: from.Parsed,
+		Tag:  from.Tag,
+		Data: from.Packet,
 	}
 }
 
@@ -94,21 +90,17 @@ func newPublicKey(from *openpgp.PublicKey) *PublicKey {
 	for _, fromSig := range from.Signatures {
 		to.Signatures = append(to.Signatures, NewSignature(fromSig))
 	}
-	for _, fromPkt := range from.Others {
-		to.Unsupported = append(to.Unsupported, NewPacket(fromPkt))
-	}
 
 	return to
 }
 
 type PrimaryKey struct {
 	*PublicKey
 
-	MD5       string           `json:"md5"`
-	Length    int              `json:"length"`
-	SubKeys   []*SubKey        `json:"subKeys,omitempty"`
-	UserIDs   []*UserID        `json:"userIDs,omitempty"`
-	UserAttrs []*UserAttribute `json:"userAttrs,omitempty"`
+	MD5     string    `json:"md5"`
+	Length  int       `json:"length"`
+	SubKeys []*SubKey `json:"subKeys,omitempty"`
+	UserIDs []*UserID `json:"userIDs,omitempty"`
 }
 
 func NewPrimaryKeys(froms []*openpgp.PrimaryKey) []*PrimaryKey {
@@ -131,9 +123,6 @@ func NewPrimaryKey(from *openpgp.PrimaryKey) *PrimaryKey {
 	for _, fromUid := range from.UserIDs {
 		to.UserIDs = append(to.UserIDs, NewUserID(fromUid))
 	}
-	for _, fromUat := range from.UserAttributes {
-		to.UserAttrs = append(to.UserAttrs, NewUserAttribute(fromUat))
-	}
 	return to
 }
 
@@ -173,52 +162,9 @@ func NewUserID(from *openpgp.UserID) *UserID {
 	for _, fromSig := range from.Signatures {
 		to.Signatures = append(to.Signatures, NewSignature(fromSig))
 	}
-	for _, fromPkt := range from.Others {
-		to.Unsupported = append(to.Unsupported, NewPacket(fromPkt))
-	}
-	return to
-}
-
-type UserAttribute struct {
-	Photos      []*Photo     `json:"photos,omitempty"`
-	Packet      *Packet      `json:"packet,omitempty"`
-	Signatures  []*Signature `json:"signatures,omitempty"`
-	Unsupported []*Packet    `json:"unsupported,omitempty"`
-}
-
-func NewUserAttribute(from *openpgp.UserAttribute) *UserAttribute {
-	to := &UserAttribute{
-		Packet: NewPacket(&from.Packet),
-	}
-	for _, image := range from.Images {
-		to.Photos = append(to.Photos, NewPhoto(image))
-	}
-	for _, fromSig := range from.Signatures {
-		to.Signatures = append(to.Signatures, NewSignature(fromSig))
-	}
-	for _, fromPkt := range from.Others {
-		to.Unsupported = append(to.Unsupported, NewPacket(fromPkt))
-	}
 	return to
 }
 
-type Photo struct {
-	MIMEType string `json:"mimeType"`
-	Contents []byte `json:"contents"`
-}
-
-func NewPhoto(image []byte) *Photo {
-	return &Photo{
-		MIMEType: "image/jpeg", // The only image format currently supported, AFAIK
-		Contents: image,
-	}
-}
-
-func (p *Photo) DataURI() (*url.URL, error) {
-	return url.Parse(fmt.Sprintf(
-		"data:%s;base64,%s", p.MIMEType, base64.StdEncoding.EncodeToString(p.Contents)))
-}
-
 type Signature struct {
 	SigType      int     `json:"sigType"`
 	Revocation   bool    `json:"revocation,omitempty"`
@@ -275,9 +221,7 @@ func (pk *PublicKey) packets() []*Packet {
 	for _, s := range pk.Signatures {
 		packets = append(packets, s.packets()...)
 	}
-	for _, un := range pk.Unsupported {
-		packets = append(packets, un)
-	}
+	packets = append(packets, pk.Unsupported...)
 	return packets
 }
 
@@ -286,20 +230,7 @@ func (u *UserID) packets() []*Packet {
 	for _, s := range u.Signatures {
 		packets = append(packets, s.packets()...)
 	}
-	for _, un := range u.Unsupported {
-		packets = append(packets, un)
-	}
-	return packets
-}
-
-func (u *UserAttribute) packets() []*Packet {
-	packets := []*Packet{u.Packet}
-	for _, s := range u.Signatures {
-		packets = append(packets, s.packets()...)
-	}
-	for _, un := range u.Unsupported {
-		packets = append(packets, un)
-	}
+	packets = append(packets, u.Unsupported...)
 	return packets
 }
 
@@ -308,9 +239,6 @@ func (pk *PrimaryKey) packets() []*Packet {
 	for _, u := range pk.UserIDs {
 		packets = append(packets, u.packets()...)
 	}
-	for _, u := range pk.UserAttrs {
-		packets = append(packets, u.packets()...)
-	}
 	for _, s := range pk.SubKeys {
 		packets = append(packets, s.packets()...)
 	}

diff --git a/src/hockeypuck/hkp/sks/recon.go b/src/hockeypuck/hkp/sks/recon.go
@@ -458,14 +458,6 @@ func (r *Peer) upsertKeys(rcvr *recon.Recover, buf []byte) (*upsertResult, error
 	}
 	result := &upsertResult{}
 	for _, key := range keys {
-		err := openpgp.DropMalformed(key)
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
-		err = openpgp.DropDuplicates(key)
-		if err != nil {
-			return nil, errors.WithStack(err)
-		}
 		err = openpgp.ValidSelfSigned(key, false)
 		if err != nil {
 			return nil, errors.WithStack(err)

diff --git a/src/hockeypuck/openpgp/cmd/hashcmp/main.go b/src/hockeypuck/openpgp/cmd/hashcmp/main.go
@@ -47,14 +47,6 @@ func testKeyring(opkr *openpgp.OpaqueKeyring) (int, int, error) {
 		return 0, 0, errors.WithStack(err)
 	}
 
-	err = openpgp.DropMalformed(pk)
-	if err != nil {
-		return 0, 0, errors.WithStack(err)
-	}
-	err = openpgp.DropDuplicates(pk)
-	if err != nil {
-		return 0, 0, errors.WithStack(err)
-	}
 	err = openpgp.ValidSelfSigned(pk, false)
 	if err != nil {
 		return 0, 0, errors.WithStack(err)

diff --git a/src/hockeypuck/openpgp/io.go b/src/hockeypuck/openpgp/io.go
@@ -31,7 +31,6 @@ import (
 
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
-	pgperrors "github.com/ProtonMail/go-crypto/openpgp/errors"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 	"github.com/pkg/errors"
 
@@ -134,7 +133,6 @@ func (ok *OpaqueKeyring) Parse() (*PrimaryKey, error) {
 	var length int
 	for _, opkt := range ok.Packets {
 		length += len(opkt.Contents)
-		var badPacket *packet.OpaquePacket
 		if opkt.Tag == 6 { //packet.PacketTypePublicKey:
 			if pubkey != nil {
 				return nil, errors.Errorf("multiple public keys in keyring")
@@ -152,7 +150,6 @@ func (ok *OpaqueKeyring) Parse() (*PrimaryKey, error) {
 				subkey, err := ParseSubKey(opkt)
 				if err != nil {
 					log.Debugf("unreadable subkey packet in key 0x%s: %v", pubkey.KeyID(), err)
-					badPacket = opkt
 				} else {
 					pubkey.SubKeys = append(pubkey.SubKeys, subkey)
 					signablePacket = subkey
@@ -163,56 +160,23 @@ func (ok *OpaqueKeyring) Parse() (*PrimaryKey, error) {
 				uid, err := ParseUserID(opkt, pubkey.UUID)
 				if err != nil {
 					log.Debugf("unreadable user id packet in key 0x%s: %v", pubkey.KeyID(), err)
-					badPacket = opkt
 				} else {
 					pubkey.UserIDs = append(pubkey.UserIDs, uid)
 					signablePacket = uid
 				}
-			case 17: //packet.PacketTypeUserAttribute:
-				signablePacket = nil
-				uat, err := ParseUserAttribute(opkt, pubkey.UUID)
-				if err != nil {
-					log.Debugf("unreadable user attribute packet in key 0x%s: %v", pubkey.KeyID(), err)
-					badPacket = opkt
-				} else {
-					pubkey.UserAttributes = append(pubkey.UserAttributes, uat)
-					signablePacket = uat
-				}
 			case 2: //packet.PacketTypeSignature:
 				if signablePacket == nil {
 					log.Debugf("signature out of context")
-					badPacket = opkt
 				} else {
 					sig, err := ParseSignature(opkt, keyCreationTime, pubkey.UUID, signablePacket.uuid())
 					if err != nil {
 						log.Debugf("unreadable signature packet in key 0x%s: %v", pubkey.KeyID(), err)
-						badPacket = opkt
 					} else {
 						signablePacket.appendSignature(sig)
 					}
 				}
-			default:
-				badPacket = opkt
 			}
 
-			if badPacket != nil {
-				var badParent string
-				if signablePacket != nil {
-					badParent = signablePacket.uuid()
-				} else {
-					badParent = pubkey.uuid()
-				}
-				other, err := ParseOther(badPacket, badParent)
-				if err != nil {
-					return nil, errors.WithStack(err)
-				}
-				_, isStructuralError := badPacket.Reason.(pgperrors.StructuralError)
-				if badPacket.Reason == io.ErrUnexpectedEOF || isStructuralError {
-					log.Debugf("malformed packet in key 0x%s: %v", pubkey.KeyID(), badPacket.Reason)
-					other.Malformed = true
-				}
-				pubkey.Others = append(pubkey.Others, other)
-			}
 		} else if opkt.Tag == 2 { //packet.PacketTypeSignature:
 			return nil, ErrBareRevocation
 		}
@@ -334,9 +298,8 @@ PARSE:
 				currentFingerprint = ""
 				current.Packets = append(current.Packets, op)
 			}
-		case 13, 14, 17:
+		case 13, 14:
 			//packet.PacketTypeUserId,
-			//packet.PacketTypeUserAttribute,
 			//packet.PacketTypePublicSubKey,
 			if current != nil {
 				current.Packets = append(current.Packets, op)