Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Implement OpenPGP v6 & LibrePGP v5 signature verification #1725

Closed
wants to merge 18 commits into from
+1,179 −104
Closed

Implement OpenPGP v6 & LibrePGP v5 signature verification #1725

Changes from 1 commit
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
3042c09
Reuse constants for fingerprint calculation
vanitasvitae Jun 12, 2024
b8d87a4
Implement fingerprint calculator support for LibrePGP v5 keys
vanitasvitae Jun 12, 2024
91b208b
Fix test for v5 fingerprint calculation
vanitasvitae Jun 19, 2024
6dcc2df
Introduce PublicKeyPacket.LIBREPGP_5
vanitasvitae Jun 30, 2024
c3f90fc
Implement v6 signature verification
vanitasvitae Jun 30, 2024
5a55aad
Add test for v6 signature verification
vanitasvitae Jun 30, 2024
202a982
Add PGPV6SignatureTest to RegressionTests
vanitasvitae Jun 30, 2024
94cc3a4
Fix salt length in signature test vectors
vanitasvitae Jul 1, 2024
204cb7c
PGPSignature: Sanitize hash length when verifying
vanitasvitae Jul 1, 2024
b1b1b3a
PGPOnePassSignature: check salt size
vanitasvitae Jul 1, 2024
18152f9
Add tests for mismatched salt sizes
vanitasvitae Jul 1, 2024
13af45d
PGPOnePassSignature: When verifying against signature: Compare salt v…
vanitasvitae Jul 2, 2024
e9b9c58
Fix v5 signature verification
vanitasvitae Jul 6, 2024
e788829
Merge branch 'v5FingerprintCalculation' into verifyV6Sigs
vanitasvitae Jul 6, 2024
00ef011
Add PGPV5KeyTest to RegressionTests
vanitasvitae Jul 6, 2024
2b97d68
Add test key using Ed448, X448 for signature verification test
vanitasvitae Jul 8, 2024
82d73b8
PGPSignature: Use proper method to update signature with salt
vanitasvitae Jul 9, 2024
4ed8a88
Document new PGPSignatureGenerator constructor
vanitasvitae Jul 12, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
PGPOnePassSignature: check salt size
@vanitasvitae
vanitasvitae committed Jul 1, 2024
commit b1b1b3a8e3e117e46d355e332b702c234c5f0d2c
18 changes: 18 additions & 0 deletions pg/src/main/java/org/bouncycastle/openpgp/PGPOnePassSignature.java
View file
Original file line number Diff line number Diff line change
@@ -6,6 +6,7 @@

import org.bouncycastle.bcpg.BCPGInputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.bcpg.HashUtils;
import org.bouncycastle.bcpg.OnePassSignaturePacket;
import org.bouncycastle.bcpg.Packet;
import org.bouncycastle.bcpg.SignaturePacket;
@@ -65,9 +66,26 @@ public void init(PGPContentVerifierBuilderProvider verifierBuilderProvider, PGPP
lastb = 0;
sigOut = verifier.getOutputStream();

checkSaltSize();
updateWithSalt();
}

private void checkSaltSize()
throws PGPException
{
if (getVersion() != SignaturePacket.VERSION_6)
{
return;
}

int expectedSaltSize = HashUtils.getV6SignatureSaltSizeInBytes(getHashAlgorithm());
if (expectedSaltSize != getSalt().length)
{
throw new PGPException("RFC9580 defines the salt size for " + PGPUtil.getDigestName(getHashAlgorithm()) +
" as " + expectedSaltSize + " octets, but signature has " + getSalt().length + " octets.");
}
}

private void updateWithSalt()
throws PGPException
{