diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java index 66336c6f..7eb5a92f 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.java @@ -64,7 +64,6 @@ import org.pgpainless.signature.subpackets.SelfSignatureSubpackets; import org.pgpainless.signature.subpackets.SignatureSubpackets; import org.pgpainless.signature.subpackets.SignatureSubpacketsHelper; import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; -import org.pgpainless.util.BCUtil; import org.pgpainless.util.CollectionUtils; import org.pgpainless.util.Passphrase; import org.pgpainless.util.selection.userid.SelectUserId; @@ -278,7 +277,7 @@ public class SecretKeyRingEditor implements SecretKeyRingEditorInterface { // check key against public key algorithm policy PublicKeyAlgorithm publicKeyAlgorithm = PublicKeyAlgorithm.fromId(subkey.getPublicKey().getAlgorithm()); - int bitStrength = BCUtil.getBitStrength(subkey.getPublicKey()); + int bitStrength = subkey.getPublicKey().getBitStrength(); if (!PGPainless.getPolicy().getPublicKeyAlgorithmPolicy().isAcceptable(publicKeyAlgorithm, bitStrength)) { throw new IllegalArgumentException("Public key algorithm policy violation: " + publicKeyAlgorithm + " with bit strength " + bitStrength + " is not acceptable."); diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java index 3bd059a2..d0de0d46 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java @@ -4,7 +4,6 @@ package org.pgpainless.signature.consumer; -import java.security.NoSuchAlgorithmException; import java.util.Arrays; import java.util.Date; import java.util.Iterator; @@ -32,7 +31,6 @@ import org.pgpainless.key.OpenPgpFingerprint; import org.pgpainless.policy.Policy; import org.pgpainless.signature.SignatureUtils; import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil; -import org.pgpainless.util.BCUtil; import org.pgpainless.util.DateUtil; import org.pgpainless.util.NotationRegistry; @@ -171,15 +169,14 @@ public abstract class SignatureValidator { @Override public void verify(PGPSignature signature) throws SignatureValidationException { PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm()); - try { - int bitStrength = BCUtil.getBitStrength(signingKey); + int bitStrength = signingKey.getBitStrength(); + if (bitStrength == -1) { + throw new SignatureValidationException("Cannot determine bit strength of signing key."); + } if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) { throw new SignatureValidationException("Signature was made using unacceptable key. " + algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy."); } - } catch (NoSuchAlgorithmException e) { - throw new SignatureValidationException("Cannot determine bit strength of signing key.", e); - } } }; } diff --git a/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java b/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java index 25bd72e9..78e604c8 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java +++ b/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java @@ -4,50 +4,12 @@ package org.pgpainless.util; -import java.security.NoSuchAlgorithmException; - -import org.bouncycastle.asn1.ASN1ObjectIdentifier; -import org.bouncycastle.bcpg.ECPublicBCPGKey; -import org.bouncycastle.openpgp.PGPPublicKey; - public final class BCUtil { private BCUtil() { } - /** - * Utility method to get the bit strength of OpenPGP keys. - * Bouncycastle is lacking support for some keys (eg. EdDSA, X25519), so this method - * manually derives the bit strength from the keys curves OID. - * - * @param key key - * @return bit strength - */ - public static int getBitStrength(PGPPublicKey key) throws NoSuchAlgorithmException { - int bitStrength = key.getBitStrength(); - - if (bitStrength == -1) { - // BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519) - // therefore we manually set the bit strength. - // see https://github.com/bcgit/bc-java/issues/972 - - ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID(); - if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) { - // ed25519 is 256 bits - bitStrength = 256; - } else if (oid.getId().equals("1.3.6.1.4.1.3029.1.5.1")) { - // curvey25519 is 256 bits - bitStrength = 256; - } else { - throw new NoSuchAlgorithmException("Unknown curve: " + oid.getId()); - } - - } - return bitStrength; - } - - /** * A constant time equals comparison - does not terminate early if * test will fail. For best results always pass the expected value diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java index 8a8afe0e..969a0587 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/BrainpoolKeyGenerationTest.java @@ -29,9 +29,8 @@ import org.pgpainless.key.generation.type.rsa.RsaLength; import org.pgpainless.key.generation.type.xdh.XDHSpec; import org.pgpainless.key.info.KeyInfo; import org.pgpainless.key.util.UserId; -import org.pgpainless.util.BCUtil; -import org.pgpainless.util.TestAllImplementations; import org.pgpainless.util.Passphrase; +import org.pgpainless.util.TestAllImplementations; public class BrainpoolKeyGenerationTest { @@ -96,22 +95,22 @@ public class BrainpoolKeyGenerationTest { PGPSecretKey ecdsaPrim = iterator.next(); KeyInfo ecdsaInfo = new KeyInfo(ecdsaPrim); assertEquals(EllipticCurve._BRAINPOOLP384R1.getName(), ecdsaInfo.getCurveName()); - assertEquals(384, BCUtil.getBitStrength(ecdsaPrim.getPublicKey())); + assertEquals(384, ecdsaPrim.getPublicKey().getBitStrength()); PGPSecretKey eddsaSub = iterator.next(); KeyInfo eddsaInfo = new KeyInfo(eddsaSub); assertEquals(EdDSACurve._Ed25519.getName(), eddsaInfo.getCurveName()); - assertEquals(256, BCUtil.getBitStrength(eddsaSub.getPublicKey())); + assertEquals(256, eddsaSub.getPublicKey().getBitStrength()); PGPSecretKey xdhSub = iterator.next(); KeyInfo xdhInfo = new KeyInfo(xdhSub); assertEquals(XDHSpec._X25519.getCurveName(), xdhInfo.getCurveName()); - assertEquals(256, BCUtil.getBitStrength(xdhSub.getPublicKey())); + assertEquals(256, xdhSub.getPublicKey().getBitStrength()); PGPSecretKey rsaSub = iterator.next(); KeyInfo rsaInfo = new KeyInfo(rsaSub); assertThrows(IllegalArgumentException.class, rsaInfo::getCurveName, "RSA is not a curve-based encryption system"); - assertEquals(3072, BCUtil.getBitStrength(rsaSub.getPublicKey())); + assertEquals(3072, rsaSub.getPublicKey().getBitStrength()); } public PGPSecretKeyRing generateKey(KeySpec primaryKey, KeySpec subKey, String userId) throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException {