From c7efef60ac8b15895a6a45d990fdb659214bfde9 Mon Sep 17 00:00:00 2001 From: larabr <7375870+larabr@users.noreply.github.com> Date: Tue, 26 Sep 2023 15:30:44 +0200 Subject: [PATCH] Throw when parsing v6 keys using legacy curve25519 --- src/packet/public_key.js | 11 +++++++++++ test/general/signature.js | 30 ++++++++++++++---------------- 2 files changed, 25 insertions(+), 16 deletions(-) diff --git a/src/packet/public_key.js b/src/packet/public_key.js index af81f3a9..17732e07 100644 --- a/src/packet/public_key.js +++ b/src/packet/public_key.js @@ -124,6 +124,17 @@ class PublicKeyPacket { // - A series of values comprising the key material. const { read, publicParams } = crypto.parsePublicKeyParams(this.algorithm, bytes.subarray(pos)); + // The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures. + // Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs. + if ( + this.version === 6 && + publicParams.oid && ( + publicParams.oid.getName() === enums.curve.curve25519Legacy || + publicParams.oid.getName() === enums.curve.ed25519Legacy + ) + ) { + throw new Error('Legacy curve25519 cannot be used with v6 keys'); + } this.publicParams = publicParams; pos += read; diff --git a/test/general/signature.js b/test/general/signature.js index 5580fedd..63ce14ba 100644 --- a/test/general/signature.js +++ b/test/general/signature.js @@ -1089,25 +1089,23 @@ eSvSZutLuKKbidSYMLhWROPlwKc2GU2ws6PrLZAyCAel/lU= // signature with salt shorter than expected const armoredMessage = `-----BEGIN PGP MESSAGE----- -xEQGAQoWHgTCf3OkPcYPPB6GmoMeaOz1wYXbuSvHxW/PVbRIynPv5yU3YApt -KDJPb4mCbmxvCoKjGx6CMjDpDsVB+wDFAcsLdQBlEWcKaGVsbG/CmgYBFgoA -AAApBYJlEWcKIqEGc+/nJTdgCm0oMk9viYJubG8KgqMbHoIyMOkOxUH7AMUA -AAAA5GYeBMJ/c6Q9xg88Hoaagx5o7PXBhdu5K8fFb89VtEjKAQCW/XwAPo2V -ugvc1634oGA/74j7KonU2qdl0LvxVJuB2wEAtutHh3wry/SNkc+japCGO4u4 -XjIVmkzQNtymmOECUwI= +xDQGAQgbDpdDiCIrq6YZAf5vD3wFIucHRyMNlExatdj6sQcW2FA/vV5eZGCv +mBUS4Mqqki4ByxR1AGUddyNUaGlzIGlzIHNpZ25lZMKGBgEbCAAAACkFgmUd +dyMioQYi5wdHIw2UTFq12PqxBxbYUD+9Xl5kYK+YFRLgyqqSLgAAAADZ9w6X +Q4giK6umGQH+bw98BS96KSXxW39Ue6hNxbSoc5xOqYnTsD+75FYdR1U9fco/ +HDpH7axPa2euIDpwT60NedSjcTx7C9Sots4mTvjMwQQ= -----END PGP MESSAGE-----`; const key = await openpgp.readKey({ armoredKey: `-----BEGIN PGP PRIVATE KEY BLOCK----- -xVoGZRFjtxYAAAAtCSsGAQQB2kcPAQEHQJRcfAi8wlCCWAeBcvpRO6iL5YK8 -1e8BVcOkAGVXKDguAAEAxIUb1xswIKPfVEyOZkqSFukVOegoArxIeEuDaoK0 -feXCrQYfFgoAAAA6BYJlEWO3AwsJBwMVCAoCFgACmwMCHgEioQZz7+clN2AK -bSgyT2+Jgm5sbwqCoxsegjIw6Q7FQfsAxQAAAACBKyDA5Ih9cWlc9o5NUzmo -jSCtKhy54bBzfRX0t9Jha4BfZwD9FvmhOEpJAnYRDmBrEiaO4okM3D6eNZz9 -rmGZkLT9oJMBAI6UbwsjgWw42W85Kb57tfYdF/779TrLHcNRZLNV0p8NzQDC -nwYQFgoAAAAsBYJlEWO3AhkBIqEGc+/nJTdgCm0oMk9viYJubG8KgqMbHoIy -MOkOxUH7AMUAAAAAV2kgOkNvj/g+Q6hFcHcpRFekCUxOons+JgXE+lxuKnbt -l10BAO7pYlHAee5dxkzQI3WPiiYFt/OYrnr7fT5QadRZhAutAP9n5bvQaoLX -vfHp79dKJnU1qDnSTEshB7ytt9I3Ze+DAQ== +xUsGZR13GRsAAAAgcCI5M7vPn+9uD1ii8nnT/schP5BjXXTyr+q7EmSlcaoA +/OkLygFTbUdwt6hMlfcNyUmS058WSIHxaVtG4uSfyjbCmQYfGwgAAAA6BYJl +HXcZAwsJBwMVCAoCFgACmwMCHgEioQYi5wdHIw2UTFq12PqxBxbYUD+9Xl5k +YK+YFRLgyqqSLgAAAABCZxAAxl8ycoAAY74DEPZDnfSYLP+dqdM8QZ3b/Mp4 +fnzOcVI4RvaxAjp3GZVXxisSS36A2fUx2lpj38y1tIvnnlShfpuylTp73foT +DVf/bROnAM0AwosGEBsIAAAALAWCZR13GQIZASKhBiLnB0cjDZRMWrXY+rEH +FthQP71eXmRgr5gVEuDKqpIuAAAAAFEEEFrhrlN40SgxwpL3UaSWs6F5pD83 +AOtaXLA/e9gFPNgiLnuid3AqUaFa6JlhWf4N/Md6SMQJ5cC7ATxTJ2a3xAMY +5UsE6+HN099QVLx95CMP -----END PGP PRIVATE KEY BLOCK-----` }); const { signatures } = await openpgp.verify({