Reject subkeys with predating binding signatures

2022-03-07 12:17:45 +01:00 · 2022-03-07 12:17:45 +01:00 · 9d160ef047
parent 5d3646cd36
commit 9d160ef047
4 changed files with 45 additions and 6 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java
@ -337,6 +337,7 @@ public final class SignaturePicker {
            try {
                SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature);
                SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature);
+                SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature);
                SignatureValidator.signatureIsAlreadyEffective(validationDate).verify(signature);
                // if the currently latest signature is not yet expired, check if the next candidate is not yet expired
                if (latestSubkeyBinding != null && !SignatureUtils.isSignatureExpired(latestSubkeyBinding, validationDate)) {
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java
@ -355,6 +355,10 @@ public abstract class SignatureValidator {
        };
    }

+    public static SignatureValidator signatureDoesNotPredateSignee(PGPPublicKey signee) {
+        return signatureDoesNotPredateKeyCreation(signee);
+    }
+
    /**
     * Verify that a signature has a hashed creation time subpacket.
     *
@ -379,6 +383,16 @@ public abstract class SignatureValidator {
     * @return validator
     */
    public static SignatureValidator signatureDoesNotPredateSigningKey(PGPPublicKey key) {
+        return signatureDoesNotPredateKeyCreation(key);
+    }
+
+    /**
+     * Verify that a signature does not predate the creation time of the given key.
+     *
+     * @param key key
+     * @return validator
+     */
+    public static SignatureValidator signatureDoesNotPredateKeyCreation(PGPPublicKey key) {
        return new SignatureValidator() {
            @Override
            public void verify(PGPSignature signature) throws SignatureValidationException {
@ -386,7 +400,7 @@ public abstract class SignatureValidator {
                Date signatureCreationTime = signature.getCreationTime();

                if (keyCreationTime.after(signatureCreationTime)) {
-                    throw new SignatureValidationException("Signature predates its signing key (key creation: " + keyCreationTime + ", signature creation: " + signatureCreationTime + ")");
+                    throw new SignatureValidationException("Signature predates key (key creation: " + keyCreationTime + ", signature creation: " + signatureCreationTime + ")");
                }
            }
        };
--- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java
@ -243,6 +243,7 @@ public final class SignatureVerifier {
            throws SignatureValidationException {
        SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature);
        SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature);
+        SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature);
        SignatureValidator.signatureIsEffective(validationDate).verify(signature);
        SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, validationDate).verify(signature);
        SignatureValidator.correctSubkeyBindingSignature(primaryKey, subkey).verify(signature);
@ -265,6 +266,7 @@ public final class SignatureVerifier {
    public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) throws SignatureValidationException {
        SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_REVOCATION).verify(signature);
        SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature);
+        SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature);
        SignatureValidator.signatureIsEffective(validationDate).verify(signature);
        SignatureValidator.correctSignatureOverKey(primaryKey, subkey).verify(signature);

@ -303,6 +305,7 @@ public final class SignatureVerifier {
            throws SignatureValidationException {
        SignatureValidator.signatureIsOfType(SignatureType.DIRECT_KEY).verify(signature);
        SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature);
+        SignatureValidator.signatureDoesNotPredateSignee(signedKey).verify(signature);
        SignatureValidator.signatureIsEffective(validationDate).verify(signature);
        SignatureValidator.correctSignatureOverKey(signingKey, signedKey).verify(signature);

--- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithCustomCreationDateTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithCustomCreationDateTest.java
@ -4,6 +4,14 @@

 package org.pgpainless.key.generation;

+import static org.junit.jupiter.api.Assertions.assertFalse;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.util.Calendar;
+import java.util.Date;
+import java.util.Iterator;
+
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPSecretKey;
@ -13,15 +21,11 @@ import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.KeyFlag;
 import org.pgpainless.key.generation.type.KeyType;
+import org.pgpainless.key.generation.type.ecc.EllipticCurve;
 import org.pgpainless.key.generation.type.eddsa.EdDSACurve;
 import org.pgpainless.key.generation.type.xdh.XDHSpec;
 import org.pgpainless.util.DateUtil;

-import java.security.InvalidAlgorithmParameterException;
-import java.security.NoSuchAlgorithmException;
-import java.util.Date;
-import java.util.Iterator;
-
 public class GenerateKeyWithCustomCreationDateTest {

    @Test
@ -43,4 +47,21 @@ public class GenerateKeyWithCustomCreationDateTest {
        // subkey has no creation date override, so it was generated "just now"
        JUtils.assertDateNotEquals(creationDate, subkey.getCreationTime());
    }
+
+    @Test
+    public void generateSubkeyWithFutureKeyCreationDate() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
+        Calendar calendar = Calendar.getInstance();
+        calendar.add(Calendar.YEAR, 20);
+        Date future = calendar.getTime();
+
+        PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing()
+                .addSubkey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._P384), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE).setKeyCreationDate(future))
+                .setPrimaryKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P384), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA))
+                .addUserId("Captain Future <cpt@futu.re>")
+                .build();
+
+        // Subkey has future key creation date, so its binding will predate the key -> no usable encryption key left
+        assertFalse(PGPainless.inspectKeyRing(secretKeys)
+                .isUsableForEncryption());
+    }
 }