Mirroristas/openpgpjs
2
0
Fork 0
mirror of https://github.com/openpgpjs/openpgpjs.git synced 2025-06-07 22:56:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Prevent generating v6 keys using legacy curve25519

Browse Source
This commit is contained in:
larabr 2023-09-26 15:31:24 +02:00
parent c7efef60ac
commit d6d8576700
2 changed files with 28 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/packet/secret_key.js
View File

@ -487,6 +487,14 @@ class SecretKeyPacket extends PublicKeyPacket {
} }
async generate(bits, curve) { async generate(bits, curve) {
// The deprecated OIDs for Ed25519Legacy and Curve25519Legacy are used in legacy version 4 keys and signatures.
// Implementations MUST NOT accept or generate v6 key material using the deprecated OIDs.
if (this.version === 6 && (
(this.algorithm === enums.publicKey.ecdh && curve === enums.curve.curve25519Legacy) ||
this.algorithm === enums.publicKey.eddsaLegacy
)) {
throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);
}
const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve); const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve);
this.privateParams = privateParams; this.privateParams = privateParams;
this.publicParams = publicParams; this.publicParams = publicParams;

20
test/general/key.js
View File

@ -4314,6 +4314,26 @@ XvmoLueOOShu01X/kaylMqaT8w==
expect(newKey.subkeys[0].getAlgorithmInfo().curve).to.equal('secp256k1'); expect(newKey.subkeys[0].getAlgorithmInfo().curve).to.equal('secp256k1');
}); });
it('should throw when trying to add a curve25519Legacy key to a v6 key', async function() {
const v6Key = await openpgp.readKey({ armoredKey: `-----BEGIN PGP PRIVATE KEY BLOCK-----
xUsGY4d/4xsAAAAg+U2nu0jWCmHlZ3BqZYfQMxmZu52JGggkLq2EVD34laMA
GXKBexK+cH6NX1hs5hNhIB00TrJmosgv3mg1ditlsLfCsQYfGwoAAABCBYJj
h3/jAwsJBwUVCg4IDAIWAAKbAwIeCSIhBssYbE8GCaaX5NUt+mxyKwwfHifB
ilZwj2Ul7Ce62azJBScJAgcCAAAAAK0oIBA+LX0ifsDm185Ecds2v8lwgyU2
kCcUmKfvBXbAf6rhRYWzuQOwEn7E/aLwIwRaLsdry0+VcallHhSu4RN6HWaE
QsiPlR4zxP/TP7mhfVEe7XWPxtnMUMtf15OyA51YBMdLBmOHf+MZAAAAIIaT
JINn+eUBXbki+PSAld2nhJh/LVmFsS+60WyvXkQ1AE1gCk95TUR3XFeibg/u
/tVY6a//1q0NWC1X+yui3O24wpsGGBsKAAAALAWCY4d/4wKbDCIhBssYbE8G
CaaX5NUt+mxyKwwfHifBilZwj2Ul7Ce62azJAAAAAAQBIKbpGG2dWTX8j+Vj
FM21J0hqWlEg+bdiojWnKfA5AQpWUWtnNwDEM0g12vYxoWM8Y81W+bHBw805
I8kWVkXU6vFOi+HWvv/ira7ofJu16NnoUkhclkUrk0mXubZvyl4GBg==
-----END PGP PRIVATE KEY BLOCK-----` });
expect(v6Key.subkeys).to.have.length(1);
await expect(v6Key.addSubkey({ type: 'ecc' })).to.be.rejectedWith(/Cannot generate v6 keys of type 'ecc' with curve curve25519/);
expect(v6Key.subkeys).to.have.length(1);
});
it('should throw when trying to encrypt a subkey separately from key', async function() { it('should throw when trying to encrypt a subkey separately from key', async function() {
const privateKey = await openpgp.decryptKey({ const privateKey = await openpgp.decryptKey({
privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }), privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),