Accept certification signatures using SHA-1 before 2023-02-01

This commit introduces a dedicated SignatureHashAlgorithmPolicy for certification signatures. The default configuration will accept SHA-1 on sigs created before 2023-02-01.
2025-12-09 13:51:10 +01:00 · 2024-01-04 18:20:09 +01:00 · 2024-01-04 18:20:09 +01:00 · de9a161252
commit de9a161252
parent 5053221e93
8 changed files with 74 additions and 32 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/negotiation/HashAlgorithmNegotiator.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/negotiation/HashAlgorithmNegotiator.kt
@ -34,7 +34,7 @@ interface HashAlgorithmNegotiator {
         */
        @JvmStatic
        fun negotiateSignatureHashAlgorithm(policy: Policy): HashAlgorithmNegotiator {
-            return negotiateByPolicy(policy.signatureHashAlgorithmPolicy)
+            return negotiateByPolicy(policy.dataSignatureHashAlgorithmPolicy)
        }

        /**
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -216,7 +216,8 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
    }

    private fun buildContentSigner(certKey: PGPKeyPair): PGPContentSignerBuilder {
-        val hashAlgorithm = PGPainless.getPolicy().signatureHashAlgorithmPolicy.defaultHashAlgorithm
+        val hashAlgorithm =
+            PGPainless.getPolicy().certificationSignatureHashAlgorithmPolicy.defaultHashAlgorithm
        return ImplementationFactory.getInstance()
            .getPGPContentSignerBuilder(certKey.publicKey.algorithm, hashAlgorithm.algorithmId)
    }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/policy/Policy.kt
@ -10,8 +10,9 @@ import org.pgpainless.util.DateUtil
 import org.pgpainless.util.NotationRegistry

 class Policy(
-    var signatureHashAlgorithmPolicy: HashAlgorithmPolicy,
+    var certificationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
    var revocationSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
+    var dataSignatureHashAlgorithmPolicy: HashAlgorithmPolicy,
    var symmetricKeyEncryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy,
    var symmetricKeyDecryptionAlgorithmPolicy: SymmetricKeyAlgorithmPolicy,
    var compressionAlgorithmPolicy: CompressionAlgorithmPolicy,
@ -21,8 +22,9 @@ class Policy(

    constructor() :
        this(
-            HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy(),
-            HashAlgorithmPolicy.smartSignatureHashAlgorithmPolicy(),
+            HashAlgorithmPolicy.smartCertificationSignatureHashAlgorithmPolicy(),
+            HashAlgorithmPolicy.smartCertificationSignatureHashAlgorithmPolicy(),
+            HashAlgorithmPolicy.smartDataSignatureHashAlgorithmPolicy(),
            SymmetricKeyAlgorithmPolicy.symmetricKeyEncryptionPolicy2022(),
            SymmetricKeyAlgorithmPolicy.symmetricKeyDecryptionPolicy2022(),
            CompressionAlgorithmPolicy.anyCompressionAlgorithmPolicy(),
@ -89,6 +91,30 @@ class Policy(
        fun defaultHashAlgorithm() = defaultHashAlgorithm

        companion object {
+            // https://sequoia-pgp.org/blog/2023/02/01/202302-happy-sha1-day/
+            // signature data which is not attacker-controlled is acceptable before 2023-02-01
+            @JvmStatic
+            fun smartCertificationSignatureHashAlgorithmPolicy() =
+                HashAlgorithmPolicy(
+                    HashAlgorithm.SHA512,
+                    buildMap {
+                        put(HashAlgorithm.SHA3_512, null)
+                        put(HashAlgorithm.SHA3_512, null)
+                        put(HashAlgorithm.SHA3_256, null)
+                        put(HashAlgorithm.SHA512, null)
+                        put(HashAlgorithm.SHA384, null)
+                        put(HashAlgorithm.SHA256, null)
+                        put(HashAlgorithm.SHA224, null)
+                        put(
+                            HashAlgorithm.RIPEMD160,
+                            DateUtil.parseUTCDate("2023-02-01 00:00:00 UTC"))
+                        put(HashAlgorithm.SHA1, DateUtil.parseUTCDate("2023-02-01 00:00:00 UTC"))
+                        put(HashAlgorithm.MD5, DateUtil.parseUTCDate("1997-02-01 00:00:00 UTC"))
+                    })
+
+            @JvmStatic
+            fun smartDataSignatureHashAlgorithmPolicy() = smartSignatureHashAlgorithmPolicy()
+
            @JvmStatic
            fun smartSignatureHashAlgorithmPolicy() =
                HashAlgorithmPolicy(
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/consumer/SignatureValidator.kt
@ -235,12 +235,18 @@ abstract class SignatureValidator {
            signature: PGPSignature,
            policy: Policy
        ): Policy.HashAlgorithmPolicy {
-            val type = SignatureType.requireFromCode(signature.signatureType)
-            return when (type) {
+            return when (SignatureType.requireFromCode(signature.signatureType)) {
                SignatureType.CERTIFICATION_REVOCATION,
                SignatureType.KEY_REVOCATION,
                SignatureType.SUBKEY_REVOCATION -> policy.revocationSignatureHashAlgorithmPolicy
-                else -> policy.signatureHashAlgorithmPolicy
+                SignatureType.GENERIC_CERTIFICATION,
+                SignatureType.NO_CERTIFICATION,
+                SignatureType.CASUAL_CERTIFICATION,
+                SignatureType.POSITIVE_CERTIFICATION,
+                SignatureType.DIRECT_KEY,
+                SignatureType.SUBKEY_BINDING,
+                SignatureType.PRIMARYKEY_BINDING -> policy.certificationSignatureHashAlgorithmPolicy
+                else -> policy.dataSignatureHashAlgorithmPolicy
            }
        }