getBitStrenght: Throw NoSuchAlgorithmException for unknown curves

2021-08-15 15:34:35 +02:00 · 2021-08-15 15:34:35 +02:00 · 20b3080e94
parent ccc62e090c
commit 20b3080e94
2 changed files with 16 additions and 8 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
@ -17,6 +17,7 @@ package org.pgpainless.signature;

 import java.io.IOException;
 import java.io.InputStream;
+import java.security.NoSuchAlgorithmException;
 import java.util.Arrays;
 import java.util.Date;
 import java.util.Iterator;
@ -567,10 +568,14 @@ public abstract class SignatureValidator {
            @Override
            public void verify(PGPSignature signature) throws SignatureValidationException {
                PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm());
-                int bitStrength = BCUtil.getBitStrength(signingKey);
-                if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
-                    throw new SignatureValidationException("Signature was made using unacceptable key. " +
-                            algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
+                try {
+                    int bitStrength = BCUtil.getBitStrength(signingKey);
+                    if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
+                        throw new SignatureValidationException("Signature was made using unacceptable key. " +
+                                algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
+                    }
+                } catch (NoSuchAlgorithmException e) {
+                    throw new SignatureValidationException("Cannot determine bit strength of signing key.", e);
                }
            }
        };
--- a/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java
@ -15,6 +15,8 @@
 */
 package org.pgpainless.util;

+import java.security.NoSuchAlgorithmException;
+
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.bcpg.ECPublicBCPGKey;
 import org.bouncycastle.openpgp.PGPPublicKey;
@ -33,12 +35,13 @@ public final class BCUtil {
     * @param key key
     * @return bit strength
     */
-    public static int getBitStrength(PGPPublicKey key) {
+    public static int getBitStrength(PGPPublicKey key) throws NoSuchAlgorithmException {
        int bitStrength = key.getBitStrength();

        if (bitStrength == -1) {
-            // TODO: BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519)
-            //  Manually set the bit strength.
+            // BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519)
+            // therefore we manually set the bit strength.
+            // see https://github.com/bcgit/bc-java/issues/972

            ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID();
            if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) {
@ -48,7 +51,7 @@ public final class BCUtil {
                // curvey25519 is 256 bits
                bitStrength = 256;
            } else {
-                throw new RuntimeException("Unknown curve: " + oid.getId());
+                throw new NoSuchAlgorithmException("Unknown curve: " + oid.getId());
            }

        }