From e514cf752dd69f0d57f02e37d8230016692f19ee Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Mon, 16 Sep 2024 14:12:33 +0200 Subject: [PATCH] Fix fingerprint comparison --- .../bouncycastle/extensions/PGPKeyRingExtensions.kt | 2 +- .../extensions/PGPSecretKeyRingExtensions.kt | 10 +++++----- .../bouncycastle/extensions/PGPSignatureExtensions.kt | 6 +++--- .../OpenPgpMessageInputStream.kt | 4 ++-- .../signature/consumer/SignatureValidator.kt | 8 ++++---- 5 files changed, 15 insertions(+), 15 deletions(-) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPKeyRingExtensions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPKeyRingExtensions.kt index 7126db66..6a57bac6 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPKeyRingExtensions.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPKeyRingExtensions.kt @@ -60,7 +60,7 @@ fun PGPKeyRing.requirePublicKey(fingerprint: OpenPgpFingerprint): PGPPublicKey = * subpacket to identify the [PGPPublicKey] via its key-ID. */ fun PGPKeyRing.getPublicKeyFor(signature: PGPSignature): PGPPublicKey? = - signature.fingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID) + signature.pgpFingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID) /** Return the [PGPPublicKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */ fun PGPKeyRing.getPublicKeyFor(onePassSignature: PGPOnePassSignature): PGPPublicKey? = diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt index ecdac8e9..e2a2b8a7 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt @@ -66,13 +66,13 @@ fun PGPSecretKeyRing.requireSecretKey(fingerprint: OpenPgpFingerprint): PGPSecre * subpacket to identify the [PGPSecretKey] via its key-ID. */ fun PGPSecretKeyRing.getSecretKeyFor(signature: PGPSignature): PGPSecretKey? = - signature.fingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID) + signature.pgpFingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID) /** Return the [PGPSecretKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */ fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGPSecretKey? = when (onePassSignature.version) { - 3 -> this.getSecretKey(onePassSignature.keyID) - 6 -> this.getSecretKey(onePassSignature.fingerprint) + 3, + 6 -> this.getSecretKey(onePassSignature.keyIdentifier) else -> throw NotImplementedError( "Version ${onePassSignature.version} OPSs are not yet supported.") @@ -80,7 +80,7 @@ fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGP fun PGPSecretKeyRing.getSecretKeyFor(pkesk: PGPPublicKeyEncryptedData): PGPSecretKey? = when (pkesk.version) { - 3 -> this.getSecretKey(pkesk.keyID) - 6 -> this.getSecretKey(pkesk.fingerprint) + 3, + 6 -> this.getSecretKey(pkesk.keyIdentifier) else -> throw NotImplementedError("Version ${pkesk.version} PKESKs are not yet supported.") } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSignatureExtensions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSignatureExtensions.kt index df40c461..a6350e5c 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSignatureExtensions.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSignatureExtensions.kt @@ -50,13 +50,13 @@ val PGPSignature.issuerKeyId: Long SignatureSubpacketsUtil.getIssuerKeyIdAsLong(this)?.let { if (it != 0L) it else null } - ?: fingerprint?.keyId ?: 0L + ?: pgpFingerprint?.keyId ?: 0L } } /** Return true, if the signature was likely issued by a key with the given fingerprint. */ fun PGPSignature.wasIssuedBy(fingerprint: OpenPgpFingerprint): Boolean = - this.fingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId) + this.pgpFingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId) /** * Return true, if the signature was likely issued by a key with the given fingerprint. @@ -94,7 +94,7 @@ fun PGPSignature?.toRevocationState() = else if (isHardRevocation) RevocationState.hardRevoked() else RevocationState.softRevoked(creationTime) -val PGPSignature.fingerprint: OpenPgpFingerprint? +val PGPSignature.pgpFingerprint: OpenPgpFingerprint? get() = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(this) val PGPSignature.publicKeyAlgorithm: PublicKeyAlgorithm diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt index 2b363a30..6349e51b 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt @@ -684,7 +684,7 @@ class OpenPgpMessageInputStream( PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey -> when (pkesk.version) { 3 -> pkesk.keyID == subkey.keyID - 6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint) + 6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint) else -> false } } @@ -696,7 +696,7 @@ class OpenPgpMessageInputStream( PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey -> when (pkesk.version) { 3 -> pkesk.keyID == subkey.keyID - 6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint) + 6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint) else -> false } } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt index e16ef158..e8d07876 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt @@ -15,9 +15,9 @@ import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector import org.pgpainless.algorithm.KeyFlag import org.pgpainless.algorithm.SignatureSubpacket import org.pgpainless.algorithm.SignatureType -import org.pgpainless.bouncycastle.extensions.fingerprint import org.pgpainless.bouncycastle.extensions.isHardRevocation import org.pgpainless.bouncycastle.extensions.isOfType +import org.pgpainless.bouncycastle.extensions.pgpFingerprint import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm import org.pgpainless.bouncycastle.extensions.signatureExpirationDate import org.pgpainless.bouncycastle.extensions.signatureHashAlgorithm @@ -63,11 +63,11 @@ abstract class SignatureValidator { } } - if (signature.fingerprint != null && - signature.fingerprint != signingKeyFingerprint) { + if (signature.pgpFingerprint != null && + signature.pgpFingerprint != signingKeyFingerprint) { throw SignatureValidationException( "Signature was not created by" + - " $signingKeyFingerprint (signature fingerprint: ${signature.fingerprint})") + " $signingKeyFingerprint (signature fingerprint: ${signature.pgpFingerprint})") } }