PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-23 04:42:06 +01:00
Code Issues Releases Wiki Activity

getBitStrenght: Throw NoSuchAlgorithmException for unknown curves

Browse source
This commit is contained in:
Paul Schaub 2021-08-15 15:34:35 +02:00
parent ccc62e090c
commit 20b3080e94
2 changed files with 16 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
pgpainless-core/src/main/java/org/pgpainless/signature/SignatureValidator.java
View file

@ -17,6 +17,7 @@ package org.pgpainless.signature;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.security.NoSuchAlgorithmException;
import java.util.Arrays; import java.util.Arrays;
import java.util.Date; import java.util.Date;
import java.util.Iterator; import java.util.Iterator;
@ -567,10 +568,14 @@ public abstract class SignatureValidator {
@Override @Override
public void verify(PGPSignature signature) throws SignatureValidationException { public void verify(PGPSignature signature) throws SignatureValidationException {
PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm()); PublicKeyAlgorithm algorithm = PublicKeyAlgorithm.fromId(signingKey.getAlgorithm());
int bitStrength = BCUtil.getBitStrength(signingKey); try {
if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) { int bitStrength = BCUtil.getBitStrength(signingKey);
throw new SignatureValidationException("Signature was made using unacceptable key. " + if (!policy.getPublicKeyAlgorithmPolicy().isAcceptable(algorithm, bitStrength)) {
algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy."); throw new SignatureValidationException("Signature was made using unacceptable key. " +
algorithm + " (" + bitStrength + " bits) is not acceptable according to the public key algorithm policy.");
}
} catch (NoSuchAlgorithmException e) {
throw new SignatureValidationException("Cannot determine bit strength of signing key.", e);
} }
} }
}; };

11
pgpainless-core/src/main/java/org/pgpainless/util/BCUtil.java
View file

@ -15,6 +15,8 @@
*/ */
package org.pgpainless.util; package org.pgpainless.util;
import java.security.NoSuchAlgorithmException;
import org.bouncycastle.asn1.ASN1ObjectIdentifier; import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.bcpg.ECPublicBCPGKey; import org.bouncycastle.bcpg.ECPublicBCPGKey;
import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPPublicKey;
@ -33,12 +35,13 @@ public final class BCUtil {
* @param key key * @param key key
* @return bit strength * @return bit strength
*/ */
public static int getBitStrength(PGPPublicKey key) { public static int getBitStrength(PGPPublicKey key) throws NoSuchAlgorithmException {
int bitStrength = key.getBitStrength(); int bitStrength = key.getBitStrength();
if (bitStrength == -1) { if (bitStrength == -1) {
// TODO: BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519) // BC's PGPPublicKey.getBitStrength() does fail for some keys (EdDSA, X25519)
// Manually set the bit strength. // therefore we manually set the bit strength.
// see https://github.com/bcgit/bc-java/issues/972
ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID(); ASN1ObjectIdentifier oid = ((ECPublicBCPGKey) key.getPublicKeyPacket().getKey()).getCurveOID();
if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) { if (oid.getId().equals("1.3.6.1.4.1.11591.15.1")) {
@ -48,7 +51,7 @@ public final class BCUtil {
// curvey25519 is 256 bits // curvey25519 is 256 bits
bitStrength = 256; bitStrength = 256;
} else { } else {
throw new RuntimeException("Unknown curve: " + oid.getId()); throw new NoSuchAlgorithmException("Unknown curve: " + oid.getId());
} }
} }