From 2f04938fc09672f56f498a2a3ff7d902c9971777 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Fri, 12 Mar 2021 15:14:39 +0100 Subject: [PATCH] Do not sign/verify users with weak keys --- src/key/user.js | 2 +- test/general/key.js | 173 +++++++++++++++++++++++--------------- test/general/signature.js | 2 +- 3 files changed, 106 insertions(+), 71 deletions(-) diff --git a/src/key/user.js b/src/key/user.js index 92d4281642..80e429c62d 100644 --- a/src/key/user.js +++ b/src/key/user.js @@ -120,7 +120,7 @@ class User { if (!key.getKeyIds().some(id => id.equals(keyid))) { return null; } - const signingKey = await key.getSigningKey(keyid, date, undefined, { ...config, rejectPublicKeyAlgorithms: new Set(), minRsaBits: 0 }); + const signingKey = await key.getSigningKey(keyid, date, undefined, config); if (certificate.revoked || await that.isRevoked(primaryKey, certificate, signingKey.keyPacket, date, config)) { throw new Error('User certificate is revoked'); } diff --git a/test/general/key.js b/test/general/key.js index 9cb6923b0e..bbfbfae9d9 100644 --- a/test/general/key.js +++ b/test/general/key.js @@ -2421,15 +2421,22 @@ function versionSpecificTests() { let publicKey = await openpgp.readKey({ armoredKey: pub_sig_test }); const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); await privateKey.decrypt('hello world'); - publicKey = await publicKey.signPrimaryUser([privateKey]); - const signatures = await publicKey.verifyPrimaryUser([privateKey]); - const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - expect(signatures.length).to.equal(2); - expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[0].valid).to.be.null; - expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); - expect(signatures[1].valid).to.be.true; + + const { minRsaBits } = openpgp.config; + openpgp.config.minRsaBits = 1024; + try { + publicKey = await publicKey.signPrimaryUser([privateKey]); + const signatures = await publicKey.verifyPrimaryUser([privateKey]); + const publicSigningKey = await publicKey.getSigningKey(); + const privateSigningKey = await privateKey.getSigningKey(); + expect(signatures.length).to.equal(2); + expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[0].valid).to.be.null; + expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); + expect(signatures[1].valid).to.be.true; + } finally { + openpgp.config.minRsaBits = minRsaBits; + } }); it('Sign key and verify with wrong key - primary user', async function() { @@ -2437,38 +2444,52 @@ function versionSpecificTests() { const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); const wrongKey = await openpgp.readKey({ armoredKey: wrong_key }); await privateKey.decrypt('hello world'); - publicKey = await publicKey.signPrimaryUser([privateKey]); - const signatures = await publicKey.verifyPrimaryUser([wrongKey]); - const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - expect(signatures.length).to.equal(2); - expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[0].valid).to.be.null; - expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); - expect(signatures[1].valid).to.be.null; + + const { minRsaBits } = openpgp.config; + openpgp.config.minRsaBits = 1024; + try { + publicKey = await publicKey.signPrimaryUser([privateKey]); + const signatures = await publicKey.verifyPrimaryUser([wrongKey]); + const publicSigningKey = await publicKey.getSigningKey(); + const privateSigningKey = await privateKey.getSigningKey(); + expect(signatures.length).to.equal(2); + expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[0].valid).to.be.null; + expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); + expect(signatures[1].valid).to.be.null; + } finally { + openpgp.config.minRsaBits = minRsaBits; + } }); it('Sign and verify key - all users', async function() { let publicKey = await openpgp.readKey({ armoredKey: multi_uid_key }); const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); await privateKey.decrypt('hello world'); - publicKey = await publicKey.signAllUsers([privateKey]); - const signatures = await publicKey.verifyAllUsers([privateKey]); - const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - expect(signatures.length).to.equal(4); - expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid); - expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[0].valid).to.be.null; - expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid); - expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); - expect(signatures[1].valid).to.be.true; - expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid); - expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[2].valid).to.be.null; - expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid); - expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); - expect(signatures[3].valid).to.be.true; + + const { minRsaBits } = openpgp.config; + openpgp.config.minRsaBits = 1024; + try { + publicKey = await publicKey.signAllUsers([privateKey]); + const signatures = await publicKey.verifyAllUsers([privateKey]); + const publicSigningKey = await publicKey.getSigningKey(); + const privateSigningKey = await privateKey.getSigningKey(); + expect(signatures.length).to.equal(4); + expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid); + expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[0].valid).to.be.null; + expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid); + expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); + expect(signatures[1].valid).to.be.true; + expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid); + expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[2].valid).to.be.null; + expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid); + expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); + expect(signatures[3].valid).to.be.true; + } finally { + openpgp.config.minRsaBits = minRsaBits; + } }); it('Sign key and verify with wrong key - all users', async function() { @@ -2476,23 +2497,30 @@ function versionSpecificTests() { const privateKey = await openpgp.readKey({ armoredKey: priv_key_rsa }); const wrongKey = await openpgp.readKey({ armoredKey: wrong_key }); await privateKey.decrypt('hello world'); - publicKey = await publicKey.signAllUsers([privateKey]); - const signatures = await publicKey.verifyAllUsers([wrongKey]); - const publicSigningKey = await publicKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - const privateSigningKey = await privateKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, minRsaBits: 1024 }); - expect(signatures.length).to.equal(4); - expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid); - expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[0].valid).to.be.null; - expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid); - expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); - expect(signatures[1].valid).to.be.null; - expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid); - expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[2].valid).to.be.null; - expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid); - expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); - expect(signatures[3].valid).to.be.null; + + const { minRsaBits } = openpgp.config; + openpgp.config.minRsaBits = 1024; + try { + publicKey = await publicKey.signAllUsers([privateKey]); + const signatures = await publicKey.verifyAllUsers([wrongKey]); + const publicSigningKey = await publicKey.getSigningKey(); + const privateSigningKey = await privateKey.getSigningKey(); + expect(signatures.length).to.equal(4); + expect(signatures[0].userid).to.equal(publicKey.users[0].userId.userid); + expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[0].valid).to.be.null; + expect(signatures[1].userid).to.equal(publicKey.users[0].userId.userid); + expect(signatures[1].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); + expect(signatures[1].valid).to.be.null; + expect(signatures[2].userid).to.equal(publicKey.users[1].userId.userid); + expect(signatures[2].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[2].valid).to.be.null; + expect(signatures[3].userid).to.equal(publicKey.users[1].userId.userid); + expect(signatures[3].keyid.toHex()).to.equal(privateSigningKey.getKeyId().toHex()); + expect(signatures[3].valid).to.be.null; + } finally { + openpgp.config.minRsaBits = minRsaBits; + } }); it('Reformat key without passphrase', function() { @@ -2782,23 +2810,30 @@ module.exports = () => describe('Key', function() { }); it('Verify status of key with non-self revocation signature', async function() { - const pubKey = await openpgp.readKey({ armoredKey: key_with_revoked_third_party_cert }); - const [selfCertification] = await pubKey.verifyPrimaryUser(); - const publicSigningKey = await pubKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, rejectPublicKeyAlgorithms: new Set() }); - expect(selfCertification.keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(selfCertification.valid).to.be.true; - - const certifyingKey = await openpgp.readKey({ armoredKey: certifying_key }); - const certifyingSigningKey = await certifyingKey.getSigningKey(undefined, undefined, undefined, { ...openpgp.config, rejectPublicKeyAlgorithms: new Set() }); - const signatures = await pubKey.verifyPrimaryUser([certifyingKey]); - expect(signatures.length).to.equal(2); - expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); - expect(signatures[0].valid).to.be.null; - expect(signatures[1].keyid.toHex()).to.equal(certifyingSigningKey.getKeyId().toHex()); - expect(signatures[1].valid).to.be.false; - - const { user } = await pubKey.getPrimaryUser(); - await expect(user.verifyCertificate(pubKey.primaryKey, user.otherCertifications[0], [certifyingKey], undefined, openpgp.config)).to.be.rejectedWith('User certificate is revoked'); + const { rejectPublicKeyAlgorithms } = openpgp.config; + openpgp.config.rejectPublicKeyAlgorithms = new Set(); + + try { + const pubKey = await openpgp.readKey({ armoredKey: key_with_revoked_third_party_cert }); + const [selfCertification] = await pubKey.verifyPrimaryUser(); + const publicSigningKey = await pubKey.getSigningKey(); + expect(selfCertification.keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(selfCertification.valid).to.be.true; + + const certifyingKey = await openpgp.readKey({ armoredKey: certifying_key }); + const certifyingSigningKey = await certifyingKey.getSigningKey(); + const signatures = await pubKey.verifyPrimaryUser([certifyingKey]); + expect(signatures.length).to.equal(2); + expect(signatures[0].keyid.toHex()).to.equal(publicSigningKey.getKeyId().toHex()); + expect(signatures[0].valid).to.be.null; + expect(signatures[1].keyid.toHex()).to.equal(certifyingSigningKey.getKeyId().toHex()); + expect(signatures[1].valid).to.be.false; + + const { user } = await pubKey.getPrimaryUser(); + await expect(user.verifyCertificate(pubKey.primaryKey, user.otherCertifications[0], [certifyingKey], undefined, openpgp.config)).to.be.rejectedWith('User certificate is revoked'); + } finally { + openpgp.config.rejectPublicKeyAlgorithms = rejectPublicKeyAlgorithms; + } }); it('Verify certificate of key with future creation date', async function() { diff --git a/test/general/signature.js b/test/general/signature.js index dcb7302cf0..7fbf34495e 100644 --- a/test/general/signature.js +++ b/test/general/signature.js @@ -1630,7 +1630,7 @@ hkJiXopCSWKSlQInL1devkJJUWJmTmZeugJYlpdLAagQJM0JpsCqIQZwKgAA const signedKey = await openpgp.readKey({ armoredKey: signedArmor }); const signerKey = await openpgp.readKey({ armoredKey: priv_key_arm1 }); - return signedKey.verifyPrimaryUser([signerKey]).then(signatures => { + return signedKey.verifyPrimaryUser([signerKey], undefined, undefined, { ...openpgp.config, rejectPublicKeyAlgorithms: new Set() }).then(signatures => { expect(signatures[0].valid).to.be.null; expect(signatures[0].keyid.toHex()).to.equal(signedKey.getKeyId().toHex()); expect(signatures[1].valid).to.be.true;