PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-08 19:27:57 +01:00
Code Issues Releases Wiki Activity

Accept certification signatures using SHA-1 before 2023-02-01

Browse source 
This commit introduces a dedicated SignatureHashAlgorithmPolicy for certification signatures.
The default configuration will accept SHA-1 on sigs created before 2023-02-01.
This commit is contained in:
Paul Schaub 2024-01-04 18:20:09 +01:00
parent 5053221e93
commit de9a161252
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
8 changed files with 74 additions and 32 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/negotiation/HashAlgorithmNegotiator.kt
View file

@ -34,7 +34,7 @@ interface HashAlgorithmNegotiator {
*/ */
@JvmStatic @JvmStatic
fun negotiateSignatureHashAlgorithm(policy: Policy): HashAlgorithmNegotiator { fun negotiateSignatureHashAlgorithm(policy: Policy): HashAlgorithmNegotiator {
return negotiateByPolicy(policy.signatureHashAlgorithmPolicy) return negotiateByPolicy(policy.dataSignatureHashAlgorithmPolicy)
} }
/** /**

3
pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
View file

@ -216,7 +216,8 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
} }
private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder { private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder {
val hashAlgorithm = PGPainless.getPolicy().signatureHashAlgorithmPolicy.defaultHashAlgorithm val hashAlgorithm =
PGPainless.getPolicy().certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm
return ImplementationFactory.getInstance() return ImplementationFactory.getInstance()
.getPGPContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId) .getPGPContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
} }

32
pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
View file

@ -10,8 +10,9 @@ import org.pgpainless.util.DateUtil
import org.pgpainless.util.NotationRegistry import org.pgpainless.util.NotationRegistry
class Policy( class Policy(
var signatureHashAlgorithmPolicy: HashAlgorithmPolicy, var certificationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
var revocationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy, var revocationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
var dataSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
var symmetricKeyEncryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy, var symmetricKeyEncryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy,
var symmetricKeyDecryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy, var symmetricKeyDecryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy,
var compressionAlgorithmPolicy: CompressionAlgorithmPolicy, var compressionAlgorithmPolicy: CompressionAlgorithmPolicy,
@ -21,8 +22,9 @@ class Policy(
constructor() : constructor() :
this( this(
HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy(), HashAlgorithmPolicy.smartCertificationSignatureHashAlgorithmPolicy(),
HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy(), HashAlgorithmPolicy.smartCertificationSignatureHashAlgorithmPolicy(),
HashAlgorithmPolicy.smartDataSignatureHashAlgorithmPolicy(),
SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022(), SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022(),
SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022(), SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022(),
CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy(), CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy(),
@ -89,6 +91,30 @@ class Policy(
fun defaultHashAlgorithm() = defaultHashAlgorithm fun defaultHashAlgorithm() = defaultHashAlgorithm
companion object { companion object {
// https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
// signature data which is not attacker-controlled is acceptable before 2023-02-01
@JvmStatic
fun smartCertificationSignatureHashAlgorithmPolicy() =
HashAlgorithmPolicy(
HashAlgorithm.SHA512,
buildMap {
put(HashAlgorithm.SHA3_512, null)
put(HashAlgorithm.SHA3_512, null)
put(HashAlgorithm.SHA3_256, null)
put(HashAlgorithm.SHA512, null)
put(HashAlgorithm.SHA384, null)
put(HashAlgorithm.SHA256, null)
put(HashAlgorithm.SHA224, null)
put(
HashAlgorithm.RIPEMD160,
DateUtil.parseUTCDate("2023-02-01 00:00:00 UTC"))
put(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2023-02-01 00:00:00 UTC"))
put(HashAlgorithm.MD5, DateUtil.parseUTCDate("1997-02-01 00:00:00 UTC"))
})
@JvmStatic
fun smartDataSignatureHashAlgorithmPolicy() = smartSignatureHashAlgorithmPolicy()
@JvmStatic @JvmStatic
fun smartSignatureHashAlgorithmPolicy() = fun smartSignatureHashAlgorithmPolicy() =
HashAlgorithmPolicy( HashAlgorithmPolicy(

12
pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
View file

@ -235,12 +235,18 @@ abstract class SignatureValidator {
signature: PGPSignature, signature: PGPSignature,
policy: Policy policy: Policy
): Policy.HashAlgorithmPolicy { ): Policy.HashAlgorithmPolicy {
val type = SignatureType.requireFromCode(signature.signatureType) return when (SignatureType.requireFromCode(signature.signatureType)) {
return when (type) {
SignatureType.CERTIFICATION_REVOCATION, SignatureType.CERTIFICATION_REVOCATION,
SignatureType.KEY_REVOCATION, SignatureType.KEY_REVOCATION,
SignatureType.SUBKEY_REVOCATION -> policy.revocationSignatureHashAlgorithmPolicy SignatureType.SUBKEY_REVOCATION -> policy.revocationSignatureHashAlgorithmPolicy
else -> policy.signatureHashAlgorithmPolicy SignatureType.GENERIC_CERTIFICATION,
SignatureType.NO_CERTIFICATION,
SignatureType.CASUAL_CERTIFICATION,
SignatureType.POSITIVE_CERTIFICATION,
SignatureType.DIRECT_KEY,
SignatureType.SUBKEY_BINDING,
SignatureType.PRIMARYKEY_BINDING -> policy.certificationSignatureHashAlgorithmPolicy
else -> policy.dataSignatureHashAlgorithmPolicy
} }
} }

4
pgpainless-core/src/test/java/org/pgpainless/encryption_signing/SigningTest.java
View file

@ -207,7 +207,7 @@ public class SigningTest {
SubkeyIdentifier signingKey = sigs.keySet().iterator().next(); SubkeyIdentifier signingKey = sigs.keySet().iterator().next();
PGPSignature signature = sigs.get(signingKey).iterator().next(); PGPSignature signature = sigs.get(signingKey).iterator().next();
assertEquals(PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(), assertEquals(PGPainless.getPolicy().getDataSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(),
signature.getHashAlgorithm()); signature.getHashAlgorithm());
} }
@ -237,7 +237,7 @@ public class SigningTest {
SubkeyIdentifier signingKey = sigs.keySet().iterator().next(); SubkeyIdentifier signingKey = sigs.keySet().iterator().next();
PGPSignature signature = sigs.get(signingKey).iterator().next(); PGPSignature signature = sigs.get(signingKey).iterator().next();
assertEquals(PGPainless.getPolicy().getSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(), assertEquals(PGPainless.getPolicy().getDataSignatureHashAlgorithmPolicy().defaultHashAlgorithm().getAlgorithmId(),
signature.getHashAlgorithm()); signature.getHashAlgorithm());
} }

11
pgpainless-core/src/test/java/org/pgpainless/example/ManagePolicy.java
View file

@ -43,7 +43,10 @@ public class ManagePolicy {
@AfterEach @AfterEach
public void resetPolicy() { public void resetPolicy() {
// Policy for hash algorithms in non-revocation signatures // Policy for hash algorithms in non-revocation signatures
PGPainless.getPolicy().setSignatureHashAlgorithmPolicy( PGPainless.getPolicy().setCertificationSignatureHashAlgorithmPolicy(
Policy.HashAlgorithmPolicy.static2022SignatureHashAlgorithmPolicy());
// Policy for hash algorithms in data signatures
PGPainless.getPolicy().setDataSignatureHashAlgorithmPolicy(
Policy.HashAlgorithmPolicy.static2022SignatureHashAlgorithmPolicy()); Policy.HashAlgorithmPolicy.static2022SignatureHashAlgorithmPolicy());
// Policy for hash algorithms in revocation signatures // Policy for hash algorithms in revocation signatures
PGPainless.getPolicy().setRevocationSignatureHashAlgorithmPolicy( PGPainless.getPolicy().setRevocationSignatureHashAlgorithmPolicy(
@ -83,7 +86,7 @@ public class ManagePolicy {
// Get PGPainless' policy singleton // Get PGPainless' policy singleton
Policy policy = PGPainless.getPolicy(); Policy policy = PGPainless.getPolicy();
Policy.HashAlgorithmPolicy sigHashAlgoPolicy = policy.getSignatureHashAlgorithmPolicy(); Policy.HashAlgorithmPolicy sigHashAlgoPolicy = policy.getDataSignatureHashAlgorithmPolicy();
assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA512)); assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA512));
// Per default, non-revocation signatures using SHA-1 are rejected // Per default, non-revocation signatures using SHA-1 are rejected
assertFalse(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA1)); assertFalse(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA1));
@ -95,9 +98,9 @@ public class ManagePolicy {
// List of acceptable hash algorithms // List of acceptable hash algorithms
Arrays.asList(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256, HashAlgorithm.SHA224, HashAlgorithm.SHA1)); Arrays.asList(HashAlgorithm.SHA512, HashAlgorithm.SHA384, HashAlgorithm.SHA256, HashAlgorithm.SHA224, HashAlgorithm.SHA1));
// Set the hash algo policy as policy for non-revocation signatures // Set the hash algo policy as policy for non-revocation signatures
policy.setSignatureHashAlgorithmPolicy(customPolicy); policy.setDataSignatureHashAlgorithmPolicy(customPolicy);
sigHashAlgoPolicy = policy.getSignatureHashAlgorithmPolicy(); sigHashAlgoPolicy = policy.getDataSignatureHashAlgorithmPolicy();
assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA512)); assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA512));
// SHA-1 is now acceptable as well // SHA-1 is now acceptable as well
assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA1)); assertTrue(sigHashAlgoPolicy.isAcceptable(HashAlgorithm.SHA1));

10
pgpainless-core/src/test/java/org/pgpainless/policy/PolicySetterTest.java
View file

@ -16,9 +16,15 @@ import org.pgpainless.algorithm.PublicKeyAlgorithm;
public class PolicySetterTest { public class PolicySetterTest {
@Test @Test
public void testSetSignatureHashAlgorithmPolicy_NullFails() { public void testSetCertificationSignatureHashAlgorithmPolicy_NullFails() {
Policy policy = Policy.getInstance(); Policy policy = Policy.getInstance();
assertThrows(NullPointerException.class, () -> policy.setSignatureHashAlgorithmPolicy(null)); assertThrows(NullPointerException.class, () -> policy.setCertificationSignatureHashAlgorithmPolicy(null));
}
@Test
public void testSetDataSignatureHashAlgorithmPolicy_NullFails() {
Policy policy = Policy.getInstance();
assertThrows(NullPointerException.class, () -> policy.setDataSignatureHashAlgorithmPolicy(null));
} }
@Test @Test

32
pgpainless-core/src/test/java/org/pgpainless/policy/PolicyTest.java
View file

@ -44,7 +44,7 @@ public class PolicyTest {
sigHashAlgoMap.put(HashAlgorithm.SHA256, null); sigHashAlgoMap.put(HashAlgorithm.SHA256, null);
sigHashAlgoMap.put(HashAlgorithm.SHA224, null); sigHashAlgoMap.put(HashAlgorithm.SHA224, null);
sigHashAlgoMap.put(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2013-02-01 00:00:00 UTC")); sigHashAlgoMap.put(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2013-02-01 00:00:00 UTC"));
policy.setSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512, sigHashAlgoMap)); policy.setCertificationSignatureHashAlgorithmPolicy(new Policy.HashAlgorithmPolicy(HashAlgorithm.SHA512, sigHashAlgoMap));
Map<HashAlgorithm, Date> revHashAlgoMap = new HashMap<>(); Map<HashAlgorithm, Date> revHashAlgoMap = new HashMap<>();
revHashAlgoMap.put(HashAlgorithm.SHA512, null); revHashAlgoMap.put(HashAlgorithm.SHA512, null);
@ -107,40 +107,40 @@ public class PolicyTest {
@Test @Test
public void testAcceptableSignatureHashAlgorithm() { public void testAcceptableSignatureHashAlgorithm() {
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512)); assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512));
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512.getAlgorithmId())); assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA512.getAlgorithmId()));
// Usage date before termination date -> acceptable // Usage date before termination date -> acceptable
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC"))); assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC"))); assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
} }
@Test @Test
public void testUnacceptableSignatureHashAlgorithm() { public void testUnacceptableSignatureHashAlgorithm() {
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1)); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1));
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId())); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId()));
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC"))); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC"))); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
} }
@Test @Test
public void testDefaultSignatureHashAlgorithm() { public void testDefaultSignatureHashAlgorithm() {
assertEquals(HashAlgorithm.SHA512, policy.getSignatureHashAlgorithmPolicy().defaultHashAlgorithm()); assertEquals(HashAlgorithm.SHA512, policy.getCertificationSignatureHashAlgorithmPolicy().defaultHashAlgorithm());
} }
@Test @Test
public void testAcceptableRevocationSignatureHashAlgorithm() { public void testAcceptableRevocationSignatureHashAlgorithm() {
assertTrue(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA384)); assertTrue(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA384));
assertTrue(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA384.getAlgorithmId())); assertTrue(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA384.getAlgorithmId()));
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC"))); assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
assertTrue(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC"))); assertTrue(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2000-01-01 00:00:00 UTC")));
} }
@Test @Test
public void testUnacceptableRevocationSignatureHashAlgorithm() { public void testUnacceptableRevocationSignatureHashAlgorithm() {
assertFalse(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.RIPEMD160)); assertFalse(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.RIPEMD160));
assertFalse(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.RIPEMD160.getAlgorithmId())); assertFalse(policy.getRevocationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.RIPEMD160.getAlgorithmId()));
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC"))); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC"))); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(HashAlgorithm.SHA1.getAlgorithmId(), DateUtil.parseUTCDate("2020-01-01 00:00:00 UTC")));
} }
@Test @Test
@ -181,8 +181,8 @@ public class PolicyTest {
@Test @Test
public void testUnknownSignatureHashAlgorithmIsNotAcceptable() { public void testUnknownSignatureHashAlgorithmIsNotAcceptable() {
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(-1)); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(-1));
assertFalse(policy.getSignatureHashAlgorithmPolicy().isAcceptable(-1, new Date())); assertFalse(policy.getCertificationSignatureHashAlgorithmPolicy().isAcceptable(-1, new Date()));
} }
@Test @Test