mirror of
https://github.com/pgpainless/pgpainless.git
synced 2024-12-22 19:08:00 +01:00
Accept certification signatures using SHA-1 before 2023-02-01
This commit introduces a dedicated SignatureHashAlgorithmPolicy for certification signatures. The default configuration will accept SHA-1 on sigs created before 2023-02-01.
This commit is contained in:
parent
5053221e93
commit
de9a161252
8 changed files with 74 additions and 32 deletions
|
@ -34,7 +34,7 @@ interface HashAlgorithmNegotiator {
|
|||
*/
|
||||
@JvmStatic
|
||||
fun negotiateSignatureHashAlgorithm(policy: Policy): HashAlgorithmNegotiator {
|
||||
return negotiateByPolicy(policy.signatureHashAlgorithmPolicy)
|
||||
return negotiateByPolicy(policy.dataSignatureHashAlgorithmPolicy)
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
|
@ -216,7 +216,8 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
|
|||
}
|
||||
|
||||
private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder {
|
||||
val hashAlgorithm = PGPainless.getPolicy().signatureHashAlgorithmPolicy.defaultHashAlgorithm
|
||||
val hashAlgorithm =
|
||||
PGPainless.getPolicy().certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm
|
||||
return ImplementationFactory.getInstance()
|
||||
.getPGPContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
|
||||
}
|
||||
|
|
|
@ -10,8 +10,9 @@ import org.pgpainless.util.DateUtil
|
|||
import org.pgpainless.util.NotationRegistry
|
||||
|
||||
class Policy(
|
||||
var signatureHashAlgorithmPolicy: HashAlgorithmPolicy,
|
||||
var certificationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
|
||||
var revocationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
|
||||
var dataSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
|
||||
var symmetricKeyEncryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy,
|
||||
var symmetricKeyDecryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy,
|
||||
var compressionAlgorithmPolicy: CompressionAlgorithmPolicy,
|
||||
|
@ -21,8 +22,9 @@ class Policy(
|
|||
|
||||
constructor() :
|
||||
this(
|
||||
HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy(),
|
||||
HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy(),
|
||||
HashAlgorithmPolicy.smartCertificationSignatureHashAlgorithmPolicy(),
|
||||
HashAlgorithmPolicy.smartCertificationSignatureHashAlgorithmPolicy(),
|
||||
HashAlgorithmPolicy.smartDataSignatureHashAlgorithmPolicy(),
|
||||
SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022(),
|
||||
SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022(),
|
||||
CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy(),
|
||||
|
@ -89,6 +91,30 @@ class Policy(
|
|||
fun defaultHashAlgorithm() = defaultHashAlgorithm
|
||||
|
||||
companion object {
|
||||
// https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
|
||||
// signature data which is not attacker-controlled is acceptable before 2023-02-01
|
||||
@JvmStatic
|
||||
fun smartCertificationSignatureHashAlgorithmPolicy() =
|
||||
HashAlgorithmPolicy(
|
||||
HashAlgorithm.SHA512,
|
||||
buildMap {
|
||||
put(HashAlgorithm.SHA3_512, null)
|
||||
put(HashAlgorithm.SHA3_512, null)
|
||||
put(HashAlgorithm.SHA3_256, null)
|
||||
put(HashAlgorithm.SHA512, null)
|
||||
put(HashAlgorithm.SHA384, null)
|
||||
put(HashAlgorithm.SHA256, null)
|
||||
put(HashAlgorithm.SHA224, null)
|
||||
put(
|
||||
HashAlgorithm.RIPEMD160,
|
||||
DateUtil.parseUTCDate("2023-02-01 00:00:00 UTC"))
|
||||
put(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2023-02-01 00:00:00 UTC"))
|
||||
put(HashAlgorithm.MD5, DateUtil.parseUTCDate("1997-02-01 00:00:00 UTC"))
|
||||
})
|
||||
|
||||
@JvmStatic
|
||||
fun smartDataSignatureHashAlgorithmPolicy() = smartSignatureHashAlgorithmPolicy()
|
||||
|
||||
@JvmStatic
|
||||
fun smartSignatureHashAlgorithmPolicy() =
|
||||
HashAlgorithmPolicy(
|
||||
|
|
|
@ -235,12 +235,18 @@ abstract class SignatureValidator {
|
|||
signature: PGPSignature,
|
||||
policy: Policy
|
||||
): Policy.HashAlgorithmPolicy {
|
||||
val type = SignatureType.requireFromCode(signature.signatureType)
|
||||
return when (type) {
|
||||
return when (SignatureType.requireFromCode(signature.signatureType)) {
|
||||
SignatureType.CERTIFICATION_REVOCATION,
|
||||
SignatureType.KEY_REVOCATION,
|
||||
SignatureType.SUBKEY_REVOCATION -> policy.revocationSignatureHashAlgorithmPolicy
|
||||
else -> policy.signatureHashAlgorithmPolicy
|
||||
SignatureType.GENERIC_CERTIFICATION,
|
||||
SignatureType.NO_CERTIFICATION,
|
||||
SignatureType.CASUAL_CERTIFICATION,
|
||||
SignatureType.POSITIVE_CERTIFICATION,
|
||||
SignatureType.DIRECT_KEY,
|
||||
SignatureType.SUBKEY_BINDING,
|
||||
SignatureType.PRIMARYKEY_BINDING -> policy.certificationSignatureHashAlgorithmPolicy
|
||||
else -> policy.dataSignatureHashAlgorithmPolicy
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -207,7 +207,7 @@ public class SigningTest {
|
|||
SubkeyIdentifier signingKey = sigs.keySet().iterator().next();
|
||||
PGPSignature signature = sigs.get(signingKey).iterator().next();
|
||||
|
||||
assertEquals(PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(),
|
||||
assertEquals(PGPainless.getPolicy().getDataSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(),
|
||||
signature.getHashAlgorithm());
|
||||
}
|
||||
|
||||
|
@ -237,7 +237,7 @@ public class SigningTest {
|
|||
SubkeyIdentifier signingKey = sigs.keySet().iterator().next();
|
||||
PGPSignature signature = sigs.get(signingKey).iterator().next();
|
||||
|
||||
assertEquals(PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(),
|
||||
assertEquals(PGPainless.getPolicy().getDataSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(),
|
||||
signature.getHashAlgorithm());
|
||||
}
|
||||
|
||||
|
|
|
@ -43,7 +43,10 @@ public class ManagePolicy {
|
|||
@AfterEach
|
||||
public void resetPolicy() {
|
||||
// Policy for hash algorithms in non-revocation signatures
|
||||
PGPainless.getPolicy().setSignatureHashAlgorithmPolicy(
|
||||
PGPainless.getPolicy().setCertificationSignatureHashAlgorithmPolicy(
|
||||
Policy.HashAlgorithmPolicy.static2022SignatureHashAlgorithmPolicy());
|
||||
// Policy for hash algorithms in data signatures
|
||||
PGPainless.getPolicy().setDataSignatureHashAlgorithmPolicy(
|
||||
Policy.HashAlgorithmPolicy.static2022SignatureHashAlgorithmPolicy());
|
||||
// Policy for hash algorithms in revocation signatures
|
||||
PGPainless.getPolicy().setRevocationSignatureHashAlgorithmPolicy(
|
||||
|
@ -83,7 +86,7 @@ public class ManagePolicy {
|
|||
// Get PGPainless' policy singleton
|
||||
Policy policy = PGPainless.getPolicy();
|
||||
|
||||
Policy.HashAlgorithmPolicy sigHashAlgoPolicy = policy.getSignatureHashAlgorithmPolicy();
|
||||
Policy.HashAlgorithmPolicy sigHashAlgoPolicy = policy.getDataSignatureHashAlgorithmPolicy();
|
||||
assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA512));
|
||||
// Per default, non-revocation signatures using SHA-1 are rejected
|
||||
assertFalse(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA1));
|
||||
|
@ -95,9 +98,9 @@ public class ManagePolicy {
|
|||
// List of acceptable hash algorithms
|
||||
Arrays.asList(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256, HashAlgorithm.SHA224, HashAlgorithm.SHA1));
|
||||
// Set the hash algo policy as policy for non-revocation signatures
|
||||
policy.setSignatureHashAlgorithmPolicy(customPolicy);
|
||||
policy.setDataSignatureHashAlgorithmPolicy(customPolicy);
|
||||
|
||||
sigHashAlgoPolicy = policy.getSignatureHashAlgorithmPolicy();
|
||||
sigHashAlgoPolicy = policy.getDataSignatureHashAlgorithmPolicy();
|
||||
assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA512));
|
||||
// SHA-1 is now acceptable as well
|
||||
assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA1));
|
||||
|
|
|
@ -16,9 +16,15 @@ import org.pgpainless.algorithm.PublicKeyAlgorithm;
|
|||
public class PolicySetterTest {
|
||||
|
||||
@Test
|
||||
public void testSetSignatureHashAlgorithmPolicy_NullFails() {
|
||||
public void testSetCertificationSignatureHashAlgorithmPolicy_NullFails() {
|
||||
Policy policy = Policy.getInstance();
|
||||
assertThrows(NullPointerException.class, () -> policy.setSignatureHashAlgorithmPolicy(null));
|
||||
assertThrows(NullPointerException.class, () -> policy.setCertificationSignatureHashAlgorithmPolicy(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSetDataSignatureHashAlgorithmPolicy_NullFails() {
|
||||
Policy policy = Policy.getInstance();
|
||||
assertThrows(NullPointerException.class, () -> policy.setDataSignatureHashAlgorithmPolicy(null));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
|
@ -44,7 +44,7 @@ public class PolicyTest {
|
|||
sigHashAlgoMap.put(HashAlgorithm.SHA256, null);
|
||||
sigHashAlgoMap.put(HashAlgorithm.SHA224, null);
|
||||
sigHashAlgoMap.put(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2013-02-01 00:00:00 UTC"));
|
||||
policy.setSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512, sigHashAlgoMap));
|
||||
policy.setCertificationSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512, sigHashAlgoMap));
|
||||
|
||||
Map<HashAlgorithm, Date> revHashAlgoMap = new HashMap<>();
|
||||
revHashAlgoMap.put(HashAlgorithm.SHA512, null);
|
||||
|
@ -107,40 +107,40 @@ public class PolicyTest {
|
|||
|
||||
@Test
|
||||
public void testAcceptableSignatureHashAlgorithm() {
|
||||
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512));
|
||||
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512.getAlgorithmId()));
|
||||
assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512));
|
||||
assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512.getAlgorithmId()));
|
||||
// Usage date before termination date -> acceptable
|
||||
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUnacceptableSignatureHashAlgorithm() {
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1));
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId()));
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId()));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testDefaultSignatureHashAlgorithm() {
|
||||
assertEquals(HashAlgorithm.SHA512, policy.getSignatureHashAlgorithmPolicy().defaultHashAlgorithm());
|
||||
assertEquals(HashAlgorithm.SHA512, policy.getCertificationSignatureHashAlgorithmPolicy().defaultHashAlgorithm());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testAcceptableRevocationSignatureHashAlgorithm() {
|
||||
assertTrue(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA384));
|
||||
assertTrue(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA384.getAlgorithmId()));
|
||||
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testUnacceptableRevocationSignatureHashAlgorithm() {
|
||||
assertFalse(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.RIPEMD160));
|
||||
assertFalse(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.RIPEMD160.getAlgorithmId()));
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
@ -181,8 +181,8 @@ public class PolicyTest {
|
|||
|
||||
@Test
|
||||
public void testUnknownSignatureHashAlgorithmIsNotAcceptable() {
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(-1));
|
||||
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(-1, new Date()));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(-1));
|
||||
assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(-1, new Date()));
|
||||
}
|
||||
|
||||
@Test
|
||||
|
|
Loading…
Reference in a new issue