1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-27 06:42:05 +01:00

getBitStrenght: Throw NoSuchAlgorithmException for unknown curves

This commit is contained in:
Paul Schaub 2021-08-15 15:34:35 +02:00
parent ccc62e090c
commit 20b3080e94
2 changed files with 16 additions and 8 deletions

View file

@ -17,6 +17,7 @@ package org.pgpainless.signature;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Date; import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
@ -567,11 +568,15 @@ public abstract class SignatureValidator {
@Override @Override
public void verify(PGPSignature signature) throws SignatureValidationException { public void verify(PGPSignature signature) throws SignatureValidationException {
PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm()); PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm());
try {
int bitStrength = BCUtil.getBitStrength(signingKey); int bitStrength = BCUtil.getBitStrength(signingKey);
if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) { if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
throw new SignatureValidationException("Signature was made using unacceptable key. " + throw new SignatureValidationException("Signature was made using unacceptable key. " +
algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy."); algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
} }
} catch (NoSuchAlgorithmException e) {
throw new SignatureValidationException("Cannot determine bit strength of signing key.", e);
}
} }
}; };
} }

View file

@ -15,6 +15,8 @@
*/ */
package org.pgpainless.util; package org.pgpainless.util;
import java.security.NoSuchAlgorithmException;
import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.bcpg.ECPublicBCPGKey; import org.bouncycastle.bcpg.ECPublicBCPGKey;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
@ -33,12 +35,13 @@ public final class BCUtil {
* @param key key * @param key key
* @return bit strength * @return bit strength
*/ */
public static int getBitStrength(PGPPublicKey key) { public static int getBitStrength(PGPPublicKey key) throws NoSuchAlgorithmException {
int bitStrength = key.getBitStrength(); int bitStrength = key.getBitStrength();
if (bitStrength == -1) { if (bitStrength == -1) {
// TODO: BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519) // BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519)
// Manually set the bit strength. // therefore we manually set the bit strength.
// see https://github.com/bcgit/bc-java/issues/972
ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID(); ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID();
if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) { if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) {
@ -48,7 +51,7 @@ public final class BCUtil {
// curvey25519 is 256 bits // curvey25519 is 256 bits
bitStrength = 256; bitStrength = 256;
} else { } else {
throw new RuntimeException("Unknown curve: " + oid.getId()); throw new NoSuchAlgorithmException("Unknown curve: " + oid.getId());
} }
} }