diff options
author | Justus Winter <justus@sequoia-pgp.org> | 2024-04-17 13:16:17 +0200 |
---|---|---|
committer | Justus Winter <justus@sequoia-pgp.org> | 2024-04-17 13:16:17 +0200 |
commit | a992b33cdfc878b11c62b58b389565176c92797c (patch) | |
tree | 90d3f7393f23c0bff8aea42d5b61af89ddd9016e | |
parent | 75c588658905a103469272cc317c76880f0ba30b (diff) |
openpgp: Require backsigs for auth and cert subkeys.justus/strict-backsigs
- Use KeyFlags::require_primary_key_binding. Aligns behavior and
signals intent. These are the places where we consume subkey
binding signatures and may want to check for the primary key
binding signature.
- Fixes #559.
-rw-r--r-- | openpgp/NEWS | 5 | ||||
-rw-r--r-- | openpgp/src/cert/bundle.rs | 4 | ||||
-rw-r--r-- | openpgp/src/packet/signature.rs | 5 | ||||
-rw-r--r-- | openpgp/src/policy.rs | 4 |
4 files changed, 14 insertions, 4 deletions
diff --git a/openpgp/NEWS b/openpgp/NEWS index 0c4aa90a..c7d1cb38 100644 --- a/openpgp/NEWS +++ b/openpgp/NEWS @@ -11,6 +11,11 @@ curve P-384. - The RustCrypto backend now supports ECDH and ECDSA over the NIST curve P-521. +** Notable changes + - Sequoia now rejects subkey binding signatures for + authentication-capable and certification-capable subkeys that + lack a primary key binding signature (backsig). Previously, we + only required backsigs for signing-capable subkeys. * Changes in 1.20.0 ** New functionality - S2K::Implicit diff --git a/openpgp/src/cert/bundle.rs b/openpgp/src/cert/bundle.rs index eaaca0ef..648c0c26 100644 --- a/openpgp/src/cert/bundle.rs +++ b/openpgp/src/cert/bundle.rs @@ -329,7 +329,9 @@ impl<C> ComponentBundle<C> { // The signature is good, but we may still need to verify the // back sig. if s.typ() == crate::types::SignatureType::SubkeyBinding && - s.key_flags().map(|kf| kf.for_signing()).unwrap_or(false) + s.key_flags() + .map(|kf| kf.require_primary_key_binding()) + .unwrap_or(false) { let mut n = 0; let mut one_good_backsig = false; diff --git a/openpgp/src/packet/signature.rs b/openpgp/src/packet/signature.rs index 510134fe..d21ab660 100644 --- a/openpgp/src/packet/signature.rs +++ b/openpgp/src/packet/signature.rs @@ -3027,7 +3027,10 @@ impl Signature { // The signature is good, but we may still need to verify the // back sig. - if self.key_flags().map(|kf| kf.for_signing()).unwrap_or(false) { + if self.key_flags() + .map(|kf| kf.require_primary_key_binding()) + .unwrap_or(false) + { let mut last_result = Err(Error::BadSignature( "Primary key binding signature missing".into()).into()); diff --git a/openpgp/src/policy.rs b/openpgp/src/policy.rs index 61467216..7664a913 100644 --- a/openpgp/src/policy.rs +++ b/openpgp/src/policy.rs @@ -2898,9 +2898,9 @@ mod test { let p = &mut P::new(); let t = crate::frozen_time(); - assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 4); + assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 3); p.reject_asymmetric_algo(AsymmetricAlgorithm::RSA1024); - assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 4); + assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 3); p.reject_asymmetric_algo(AsymmetricAlgorithm::RSA2048); assert_eq!(cert.with_policy(p, t).unwrap().keys().count(), 1); Ok(()) |