Check partial packet length edge cases.

[ni4]

Description

Following cases should be checked:

• partial packet length for key/signature packets (must not be allowed to load).
• largest possible partial packet length (1Gb), cut down to reasonable size of course.
• 0-size last chunk length (is allowed).
• less then 512 byte size first chunk (should not be allowed).
• possibly other cases, see rfc4880-bis

This would require to modify some existing packet data and attempt to parse those via FFI calls. Separate test file should be added to rnp_tests suite.

[rrrooommmaaa]

I can take this one (since I've already dealt with partial packets)

[ronaldtse]

@rrrooommmaaa feel free to take it!

[rrrooommmaaa]

@ni4 Regarding "less then 512 byte size first chunk (should not be allowed)" Turns out that both GPG and RNP allow smaller first chunk (I tested with 256 bytes).

[ni4]

@rrrooommmaaa nice found, however not sure what to do with it at the moment. In RFC it is stated as MUST, so such message will not be compliant with RFC 4880. Probably at the moment just issue a warning, and add test which makes sure that we do not produce first chunk of such length (when, for instance, data is read from stdin so input size is not known in advance). @ronaldtse @dewyatt what do you think about this case?

[rrrooommmaaa]

As far as I know, in protocol implementations, MUST means that such data must not be produced, but it can be still consumed as this is normal practice to allow wider range of input than output.

[ni4]

@rrrooommmaaa Yeah, code should be flexible on processing data and strict on producing. However, in security case, data which doesn't conform to standard may be the sign of some sort of attack.