Do not sign/verify users with weak keys

openpgpjs · Mar 15, 2021 · 2f04938 · 2f04938
1 parent 851edee
commit 2f04938
Show file tree

Hide file tree

Showing 3 changed files with 106 additions and 71 deletions.
diff --git a/src/key/user.js b/src/key/user.js
@@ -120,7 +120,7 @@ class User {
       if (!key.getKeyIds().some(id => id.equals(keyid))) {
         return null;
       }
-      const signingKey = await key.getSigningKey(keyid, date, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRsaBits: 0 });
+      const signingKey = await key.getSigningKey(keyid, date, undefined, config);
       if (certificate.revoked || await that.isRevoked(primaryKey, certificate, signingKey.keyPacket, date, config)) {
         throw new Error('User certificate is revoked');
       }

diff --git a/test/general/key.js b/test/general/key.js
@@ -2421,78 +2421,106 @@ function versionSpecificTests() {
     let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
     const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
     await privateKey.decrypt('hello world');
-    publicKey = await publicKey.signPrimaryUser([privateKey]);
-    const signatures = await publicKey.verifyPrimaryUser([privateKey]);
-    const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    expect(signatures.length).to.equal(2);
-    expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[0].valid).to.be.null;
-    expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
-    expect(signatures[1].valid).to.be.true;
+
+    const { minRsaBits } = openpgp.config;
+    openpgp.config.minRsaBits = 1024;
+    try {
+      publicKey = await publicKey.signPrimaryUser([privateKey]);
+      const signatures = await publicKey.verifyPrimaryUser([privateKey]);
+      const publicSigningKey = await publicKey.getSigningKey();
+      const privateSigningKey = await privateKey.getSigningKey();
+      expect(signatures.length).to.equal(2);
+      expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[0].valid).to.be.null;
+      expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
+      expect(signatures[1].valid).to.be.true;
+    } finally {
+      openpgp.config.minRsaBits = minRsaBits;
+    }
   });
 
   it('Sign key and verify with wrong key - primary user', async function() {
     let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test });
     const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
     const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
     await privateKey.decrypt('hello world');
-    publicKey = await publicKey.signPrimaryUser([privateKey]);
-    const signatures = await publicKey.verifyPrimaryUser([wrongKey]);
-    const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    expect(signatures.length).to.equal(2);
-    expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[0].valid).to.be.null;
-    expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
-    expect(signatures[1].valid).to.be.null;
+
+    const { minRsaBits } = openpgp.config;
+    openpgp.config.minRsaBits = 1024;
+    try {
+      publicKey = await publicKey.signPrimaryUser([privateKey]);
+      const signatures = await publicKey.verifyPrimaryUser([wrongKey]);
+      const publicSigningKey = await publicKey.getSigningKey();
+      const privateSigningKey = await privateKey.getSigningKey();
+      expect(signatures.length).to.equal(2);
+      expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[0].valid).to.be.null;
+      expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
+      expect(signatures[1].valid).to.be.null;
+    } finally {
+      openpgp.config.minRsaBits = minRsaBits;
+    }
   });
 
   it('Sign and verify key - all users', async function() {
     let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
     const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
     await privateKey.decrypt('hello world');
-    publicKey = await publicKey.signAllUsers([privateKey]);
-    const signatures = await publicKey.verifyAllUsers([privateKey]);
-    const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    expect(signatures.length).to.equal(4);
-    expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid);
-    expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[0].valid).to.be.null;
-    expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid);
-    expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
-    expect(signatures[1].valid).to.be.true;
-    expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid);
-    expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[2].valid).to.be.null;
-    expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid);
-    expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
-    expect(signatures[3].valid).to.be.true;
+
+    const { minRsaBits } = openpgp.config;
+    openpgp.config.minRsaBits = 1024;
+    try {
+      publicKey = await publicKey.signAllUsers([privateKey]);
+      const signatures = await publicKey.verifyAllUsers([privateKey]);
+      const publicSigningKey = await publicKey.getSigningKey();
+      const privateSigningKey = await privateKey.getSigningKey();
+      expect(signatures.length).to.equal(4);
+      expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid);
+      expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[0].valid).to.be.null;
+      expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid);
+      expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
+      expect(signatures[1].valid).to.be.true;
+      expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid);
+      expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[2].valid).to.be.null;
+      expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid);
+      expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
+      expect(signatures[3].valid).to.be.true;
+    } finally {
+      openpgp.config.minRsaBits = minRsaBits;
+    }
   });
 
   it('Sign key and verify with wrong key - all users', async function() {
     let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key });
     const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa });
     const wrongKey = await openpgp.readKey({ armoredKey: wrong_key });
     await privateKey.decrypt('hello world');
-    publicKey = await publicKey.signAllUsers([privateKey]);
-    const signatures = await publicKey.verifyAllUsers([wrongKey]);
-    const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 });
-    expect(signatures.length).to.equal(4);
-    expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid);
-    expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[0].valid).to.be.null;
-    expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid);
-    expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
-    expect(signatures[1].valid).to.be.null;
-    expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid);
-    expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[2].valid).to.be.null;
-    expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid);
-    expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
-    expect(signatures[3].valid).to.be.null;
+
+    const { minRsaBits } = openpgp.config;
+    openpgp.config.minRsaBits = 1024;
+    try {
+      publicKey = await publicKey.signAllUsers([privateKey]);
+      const signatures = await publicKey.verifyAllUsers([wrongKey]);
+      const publicSigningKey = await publicKey.getSigningKey();
+      const privateSigningKey = await privateKey.getSigningKey();
+      expect(signatures.length).to.equal(4);
+      expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid);
+      expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[0].valid).to.be.null;
+      expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid);
+      expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
+      expect(signatures[1].valid).to.be.null;
+      expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid);
+      expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[2].valid).to.be.null;
+      expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid);
+      expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex());
+      expect(signatures[3].valid).to.be.null;
+    } finally {
+      openpgp.config.minRsaBits = minRsaBits;
+    }
   });
 
   it('Reformat key without passphrase', function() {
@@ -2782,23 +2810,30 @@ module.exports = () => describe('Key', function() {
   });
 
   it('Verify status of key with non-self revocation signature', async function() {
-    const pubKey = await openpgp.readKey({ armoredKey: key_with_revoked_third_party_cert });
-    const [selfCertification] = await pubKey.verifyPrimaryUser();
-    const publicSigningKey = await pubKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, rejectPublicKeyAlgorithms: new Set() });
-    expect(selfCertification.keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(selfCertification.valid).to.be.true;
-
-    const certifyingKey = await openpgp.readKey({ armoredKey: certifying_key });
-    const certifyingSigningKey = await certifyingKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, rejectPublicKeyAlgorithms: new Set() });
-    const signatures = await pubKey.verifyPrimaryUser([certifyingKey]);
-    expect(signatures.length).to.equal(2);
-    expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
-    expect(signatures[0].valid).to.be.null;
-    expect(signatures[1].keyid.toHex()).to.equal(certifyingSigningKey.getKeyId().toHex());
-    expect(signatures[1].valid).to.be.false;
-
-    const { user } = await pubKey.getPrimaryUser();
-    await expect(user.verifyCertificate(pubKey.primaryKey, user.otherCertifications[0], [certifyingKey], undefined, openpgp.config)).to.be.rejectedWith('User certificate is revoked');
+    const { rejectPublicKeyAlgorithms } = openpgp.config;
+    openpgp.config.rejectPublicKeyAlgorithms = new Set();
+
+    try {
+      const pubKey = await openpgp.readKey({ armoredKey: key_with_revoked_third_party_cert });
+      const [selfCertification] = await pubKey.verifyPrimaryUser();
+      const publicSigningKey = await pubKey.getSigningKey();
+      expect(selfCertification.keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(selfCertification.valid).to.be.true;
+
+      const certifyingKey = await openpgp.readKey({ armoredKey: certifying_key });
+      const certifyingSigningKey = await certifyingKey.getSigningKey();
+      const signatures = await pubKey.verifyPrimaryUser([certifyingKey]);
+      expect(signatures.length).to.equal(2);
+      expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex());
+      expect(signatures[0].valid).to.be.null;
+      expect(signatures[1].keyid.toHex()).to.equal(certifyingSigningKey.getKeyId().toHex());
+      expect(signatures[1].valid).to.be.false;
+
+      const { user } = await pubKey.getPrimaryUser();
+      await expect(user.verifyCertificate(pubKey.primaryKey, user.otherCertifications[0], [certifyingKey], undefined, openpgp.config)).to.be.rejectedWith('User certificate is revoked');
+    } finally {
+      openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms;
+    }
   });
 
   it('Verify certificate of key with future creation date', async function() {

diff --git a/test/general/signature.js b/test/general/signature.js
@@ -1630,7 +1630,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA
 
     const signedKey = await openpgp.readKey({ armoredKey: signedArmor });
     const signerKey = await openpgp.readKey({ armoredKey: priv_key_arm1 });
-    return signedKey.verifyPrimaryUser([signerKey]).then(signatures => {
+    return signedKey.verifyPrimaryUser([signerKey], undefined, undefined, { ...openpgp.config, rejectPublicKeyAlgorithms: new Set() }).then(signatures => {
       expect(signatures[0].valid).to.be.null;
       expect(signatures[0].keyid.toHex()).to.equal(signedKey.getKeyId().toHex());
       expect(signatures[1].valid).to.be.true;