From 9d160ef0476f7d6a0dc3c6830c26ab7d52e7d5a1 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 7 Mar 2022 12:17:45 +0100 Subject: [PATCH] Reject subkeys with predating binding signatures --- .../signature/consumer/SignaturePicker.java | 1 + .../consumer/SignatureValidator.java | 16 +++++++++- .../signature/consumer/SignatureVerifier.java | 3 ++ ...GenerateKeyWithCustomCreationDateTest.java | 31 ++++++++++++++++--- 4 files changed, 45 insertions(+), 6 deletions(-) diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java index ee6dfc89..5ab81099 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignaturePicker.java @@ -337,6 +337,7 @@ public final class SignaturePicker { try { SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); + SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature); SignatureValidator.signatureIsAlreadyEffective(validationDate).verify(signature); // if the currently latest signature is not yet expired, check if the next candidate is not yet expired if (latestSubkeyBinding != null && !SignatureUtils.isSignatureExpired(latestSubkeyBinding, validationDate)) { diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java index d0de0d46..a8f1ec5b 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureValidator.java @@ -355,6 +355,10 @@ public abstract class SignatureValidator { }; } + public static SignatureValidator signatureDoesNotPredateSignee(PGPPublicKey signee) { + return signatureDoesNotPredateKeyCreation(signee); + } + /** * Verify that a signature has a hashed creation time subpacket. * @@ -379,6 +383,16 @@ public abstract class SignatureValidator { * @return validator */ public static SignatureValidator signatureDoesNotPredateSigningKey(PGPPublicKey key) { + return signatureDoesNotPredateKeyCreation(key); + } + + /** + * Verify that a signature does not predate the creation time of the given key. + * + * @param key key + * @return validator + */ + public static SignatureValidator signatureDoesNotPredateKeyCreation(PGPPublicKey key) { return new SignatureValidator() { @Override public void verify(PGPSignature signature) throws SignatureValidationException { @@ -386,7 +400,7 @@ public abstract class SignatureValidator { Date signatureCreationTime = signature.getCreationTime(); if (keyCreationTime.after(signatureCreationTime)) { - throw new SignatureValidationException("Signature predates its signing key (key creation: " + keyCreationTime + ", signature creation: " + signatureCreationTime + ")"); + throw new SignatureValidationException("Signature predates key (key creation: " + keyCreationTime + ", signature creation: " + signatureCreationTime + ")"); } } }; diff --git a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java index b0db7c9b..1cfff7db 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java +++ b/pgpainless-core/src/main/java/org/pgpainless/signature/consumer/SignatureVerifier.java @@ -243,6 +243,7 @@ public final class SignatureVerifier { throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_BINDING).verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); + SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature); SignatureValidator.signatureIsEffective(validationDate).verify(signature); SignatureValidator.hasValidPrimaryKeyBindingSignatureIfRequired(primaryKey, subkey, policy, validationDate).verify(signature); SignatureValidator.correctSubkeyBindingSignature(primaryKey, subkey).verify(signature); @@ -265,6 +266,7 @@ public final class SignatureVerifier { public static boolean verifySubkeyBindingRevocation(PGPSignature signature, PGPPublicKey primaryKey, PGPPublicKey subkey, Policy policy, Date validationDate) throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.SUBKEY_REVOCATION).verify(signature); SignatureValidator.signatureStructureIsAcceptable(primaryKey, policy).verify(signature); + SignatureValidator.signatureDoesNotPredateSignee(subkey).verify(signature); SignatureValidator.signatureIsEffective(validationDate).verify(signature); SignatureValidator.correctSignatureOverKey(primaryKey, subkey).verify(signature); @@ -303,6 +305,7 @@ public final class SignatureVerifier { throws SignatureValidationException { SignatureValidator.signatureIsOfType(SignatureType.DIRECT_KEY).verify(signature); SignatureValidator.signatureStructureIsAcceptable(signingKey, policy).verify(signature); + SignatureValidator.signatureDoesNotPredateSignee(signedKey).verify(signature); SignatureValidator.signatureIsEffective(validationDate).verify(signature); SignatureValidator.correctSignatureOverKey(signingKey, signedKey).verify(signature); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithCustomCreationDateTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithCustomCreationDateTest.java index e77602dd..d2697b82 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithCustomCreationDateTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/generation/GenerateKeyWithCustomCreationDateTest.java @@ -4,6 +4,14 @@ package org.pgpainless.key.generation; +import static org.junit.jupiter.api.Assertions.assertFalse; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.util.Calendar; +import java.util.Date; +import java.util.Iterator; + import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPPublicKey; import org.bouncycastle.openpgp.PGPSecretKey; @@ -13,15 +21,11 @@ import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.key.generation.type.KeyType; +import org.pgpainless.key.generation.type.ecc.EllipticCurve; import org.pgpainless.key.generation.type.eddsa.EdDSACurve; import org.pgpainless.key.generation.type.xdh.XDHSpec; import org.pgpainless.util.DateUtil; -import java.security.InvalidAlgorithmParameterException; -import java.security.NoSuchAlgorithmException; -import java.util.Date; -import java.util.Iterator; - public class GenerateKeyWithCustomCreationDateTest { @Test @@ -43,4 +47,21 @@ public class GenerateKeyWithCustomCreationDateTest { // subkey has no creation date override, so it was generated "just now" JUtils.assertDateNotEquals(creationDate, subkey.getCreationTime()); } + + @Test + public void generateSubkeyWithFutureKeyCreationDate() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException { + Calendar calendar = Calendar.getInstance(); + calendar.add(Calendar.YEAR, 20); + Date future = calendar.getTime(); + + PGPSecretKeyRing secretKeys = PGPainless.buildKeyRing() + .addSubkey(KeySpec.getBuilder(KeyType.ECDH(EllipticCurve._P384), KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE).setKeyCreationDate(future)) + .setPrimaryKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P384), KeyFlag.CERTIFY_OTHER, KeyFlag.SIGN_DATA)) + .addUserId("Captain Future ") + .build(); + + // Subkey has future key creation date, so its binding will predate the key -> no usable encryption key left + assertFalse(PGPainless.inspectKeyRing(secretKeys) + .isUsableForEncryption()); + } }