PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-11-25 22:02:05 +01:00
Code Issues Releases Wiki Activity

Fix fingerprint comparison

Browse source
This commit is contained in:
Paul Schaub 2024-09-16 14:12:33 +02:00
parent 4ce25bbe8c
commit e514cf752d
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
5 changed files with 15 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPKeyRingExtensions.kt
View file

@ -60,7 +60,7 @@ fun PGPKeyRing.requirePublicKey(fingerprint: OpenPgpFingerprint): PGPPublicKey =
* subpacket to identify the [PGPPublicKey] via its key-ID. * subpacket to identify the [PGPPublicKey] via its key-ID.
*/ */
fun PGPKeyRing.getPublicKeyFor(signature: PGPSignature): PGPPublicKey? = fun PGPKeyRing.getPublicKeyFor(signature: PGPSignature): PGPPublicKey? =
signature.fingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID) signature.pgpFingerprint?.let { this.getPublicKey(it) } ?: this.getPublicKey(signature.keyID)
/** Return the [PGPPublicKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */ /** Return the [PGPPublicKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
fun PGPKeyRing.getPublicKeyFor(onePassSignature: PGPOnePassSignature): PGPPublicKey? = fun PGPKeyRing.getPublicKeyFor(onePassSignature: PGPOnePassSignature): PGPPublicKey? =

10
pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSecretKeyRingExtensions.kt
View file

@ -66,13 +66,13 @@ fun PGPSecretKeyRing.requireSecretKey(fingerprint: OpenPgpFingerprint): PGPSecre
* subpacket to identify the [PGPSecretKey] via its key-ID. * subpacket to identify the [PGPSecretKey] via its key-ID.
*/ */
fun PGPSecretKeyRing.getSecretKeyFor(signature: PGPSignature): PGPSecretKey? = fun PGPSecretKeyRing.getSecretKeyFor(signature: PGPSignature): PGPSecretKey? =
signature.fingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID) signature.pgpFingerprint?.let { this.getSecretKey(it) } ?: this.getSecretKey(signature.keyID)
/** Return the [PGPSecretKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */ /** Return the [PGPSecretKey] that matches the key-ID of the given [PGPOnePassSignature] packet. */
fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGPSecretKey? = fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGPSecretKey? =
when (onePassSignature.version) { when (onePassSignature.version) {
3 -> this.getSecretKey(onePassSignature.keyID) 3,
6 -> this.getSecretKey(onePassSignature.fingerprint) 6 -> this.getSecretKey(onePassSignature.keyIdentifier)
else -> else ->
throw NotImplementedError( throw NotImplementedError(
"Version ${onePassSignature.version} OPSs are not yet supported.") "Version ${onePassSignature.version} OPSs are not yet supported.")
@ -80,7 +80,7 @@ fun PGPSecretKeyRing.getSecretKeyFor(onePassSignature: PGPOnePassSignature): PGP
fun PGPSecretKeyRing.getSecretKeyFor(pkesk: PGPPublicKeyEncryptedData): PGPSecretKey? = fun PGPSecretKeyRing.getSecretKeyFor(pkesk: PGPPublicKeyEncryptedData): PGPSecretKey? =
when (pkesk.version) { when (pkesk.version) {
3 -> this.getSecretKey(pkesk.keyID) 3,
6 -> this.getSecretKey(pkesk.fingerprint) 6 -> this.getSecretKey(pkesk.keyIdentifier)
else -> throw NotImplementedError("Version ${pkesk.version} PKESKs are not yet supported.") else -> throw NotImplementedError("Version ${pkesk.version} PKESKs are not yet supported.")
} }

6
pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/extensions/PGPSignatureExtensions.kt
View file

@ -50,13 +50,13 @@ val PGPSignature.issuerKeyId: Long
SignatureSubpacketsUtil.getIssuerKeyIdAsLong(this)?.let { SignatureSubpacketsUtil.getIssuerKeyIdAsLong(this)?.let {
if (it != 0L) it else null if (it != 0L) it else null
} }
?: fingerprint?.keyId ?: 0L ?: pgpFingerprint?.keyId ?: 0L
} }
} }
/** Return true, if the signature was likely issued by a key with the given fingerprint. */ /** Return true, if the signature was likely issued by a key with the given fingerprint. */
fun PGPSignature.wasIssuedBy(fingerprint: OpenPgpFingerprint): Boolean = fun PGPSignature.wasIssuedBy(fingerprint: OpenPgpFingerprint): Boolean =
this.fingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId) this.pgpFingerprint?.let { it.keyId == fingerprint.keyId } ?: (keyID == fingerprint.keyId)
/** /**
* Return true, if the signature was likely issued by a key with the given fingerprint. * Return true, if the signature was likely issued by a key with the given fingerprint.
@ -94,7 +94,7 @@ fun PGPSignature?.toRevocationState() =
else if (isHardRevocation) RevocationState.hardRevoked() else if (isHardRevocation) RevocationState.hardRevoked()
else RevocationState.softRevoked(creationTime) else RevocationState.softRevoked(creationTime)
val PGPSignature.fingerprint: OpenPgpFingerprint? val PGPSignature.pgpFingerprint: OpenPgpFingerprint?
get() = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(this) get() = SignatureSubpacketsUtil.getIssuerFingerprintAsOpenPgpFingerprint(this)
val PGPSignature.publicKeyAlgorithm: PublicKeyAlgorithm val PGPSignature.publicKeyAlgorithm: PublicKeyAlgorithm

4
pgpainless-core/src/main/kotlin/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.kt
View file

@ -684,7 +684,7 @@ class OpenPgpMessageInputStream(
PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey -> PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
when (pkesk.version) { when (pkesk.version) {
3 -> pkesk.keyID == subkey.keyID 3 -> pkesk.keyID == subkey.keyID
6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint) 6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint)
else -> false else -> false
} }
} }
@ -696,7 +696,7 @@ class OpenPgpMessageInputStream(
PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey -> PGPainless.inspectKeyRing(it).decryptionSubkeys.any { subkey ->
when (pkesk.version) { when (pkesk.version) {
3 -> pkesk.keyID == subkey.keyID 3 -> pkesk.keyID == subkey.keyID
6 -> pkesk.fingerprint.contentEquals(subkey.fingerprint) 6 -> pkesk.keyIdentifier.fingerprint.contentEquals(subkey.fingerprint)
else -> false else -> false
} }
} }

8
pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
View file

@ -15,9 +15,9 @@ import org.bouncycastle.openpgp.PGPUserAttributeSubpacketVector
import org.pgpainless.algorithm.KeyFlag import org.pgpainless.algorithm.KeyFlag
import org.pgpainless.algorithm.SignatureSubpacket import org.pgpainless.algorithm.SignatureSubpacket
import org.pgpainless.algorithm.SignatureType import org.pgpainless.algorithm.SignatureType
import org.pgpainless.bouncycastle.extensions.fingerprint
import org.pgpainless.bouncycastle.extensions.isHardRevocation import org.pgpainless.bouncycastle.extensions.isHardRevocation
import org.pgpainless.bouncycastle.extensions.isOfType import org.pgpainless.bouncycastle.extensions.isOfType
import org.pgpainless.bouncycastle.extensions.pgpFingerprint
import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm import org.pgpainless.bouncycastle.extensions.publicKeyAlgorithm
import org.pgpainless.bouncycastle.extensions.signatureExpirationDate import org.pgpainless.bouncycastle.extensions.signatureExpirationDate
import org.pgpainless.bouncycastle.extensions.signatureHashAlgorithm import org.pgpainless.bouncycastle.extensions.signatureHashAlgorithm
@ -63,11 +63,11 @@ abstract class SignatureValidator {
} }
} }
if (signature.fingerprint != null && if (signature.pgpFingerprint != null &&
signature.fingerprint != signingKeyFingerprint) { signature.pgpFingerprint != signingKeyFingerprint) {
throw SignatureValidationException( throw SignatureValidationException(
"Signature was not created by" + "Signature was not created by" +
" $signingKeyFingerprint (signature fingerprint: ${signature.fingerprint})") " $signingKeyFingerprint (signature fingerprint: ${signature.pgpFingerprint})")
} }
} }