Skip to content

[v6] Refuse to use keys without key flags, add config.allowMissingKeyFlags #1677

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
larabr merged 3 commits into from
Oct 23, 2023
Merged

[v6] Refuse to use keys without key flags, add config.allowMissingKeyFlags #1677

larabr merged 3 commits into from
Oct 23, 2023

Conversation

@larabr
Copy link
Collaborator

@larabr larabr commented Sep 11, 2023
edited
Loading

Key flags are needed to restrict key usage to specific purposes: https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29 . Some older keys (e.g. from OpenPGP.js v0) do not declare any key flags. In previous OpenPGP.js versions, we've allowed such keys to be used for any operation for which they were compatible. This behaviour has now changed, and these keys are not allowed to be used for any operation.

The setting config.allowMissingKeyFlags has been added to selectively revert to the past behaviour.

@larabr larabr requested a review from twiss September 11, 2023 15:33
larabr
larabr commented Sep 11, 2023
View reviewed changes
twiss
twiss reviewed Sep 11, 2023
View reviewed changes
@larabr larabr requested a review from twiss October 4, 2023 08:41
twiss
twiss approved these changes Oct 17, 2023
View reviewed changes
src/key/helper.js Outdated
Comment on lines 365 to 372
case enums.publicKey.ed25519: {
if (!signature.keyFlags && !config.allowMissingKeyFlags) {
throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');
}

return !signature.keyFlags ||
(signature.keyFlags[0] & enums.keyFlags.signData) !== 0;
}
Copy link
Member

@twiss twiss Oct 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for missing these last time (and being very nitpicky ^.^), but these brackets are also not necessary. They're only necessary if you need a block scope, e.g. if you're creating block-scoped variables.

Suggested change
case enums.publicKey.ed25519: {
if (!signature.keyFlags && !config.allowMissingKeyFlags) {
throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');
}
return !signature.keyFlags ||
(signature.keyFlags[0] & enums.keyFlags.signData) !== 0;
}
case enums.publicKey.ed25519:
if (!signature.keyFlags && !config.allowMissingKeyFlags) {
throw new Error('None of the key flags is set: consider passing `config.allowMissingKeyFlags`');
}
return !signature.keyFlags ||
(signature.keyFlags[0] & enums.keyFlags.signData) !== 0;

Copy link
Collaborator Author

@larabr larabr Oct 17, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I know they are not needed, but it's not a big deal to add them IMO -- I just find it confusing to have a lot of code without brackets.

Copy link
Member

@twiss twiss Oct 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Er, OK, but I think it's more important to have a consistent code style. JS cases normally don't have brackets, and most other code in the library doesn't have them, so we should only add them when needed.

Copy link
Collaborator Author

@larabr larabr Oct 19, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ok, but then I'll add a linting rule for this, so that it's automatically enforced

@larabr larabr mentioned this pull request Oct 17, 2023
Merged
20 tasks
@larabr larabr force-pushed the v6-reject-no-key-flags branch from 0c2a1be to 91fa87b Compare October 19, 2023 13:15
@larabr larabr force-pushed the v6-reject-no-key-flags branch 2 times, most recently from 3160172 to a28ae91 Compare October 23, 2023 15:50
larabr added 3 commits October 23, 2023 18:44
@larabr
Refuse to use keys without key flags, add config.allowMissingKeyFlags
4a234bb 
Key flags are needed to restrict key usage to specific purposes:
https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-10.html#section-5.2.3.29 .
Some older keys (e.g. from OpenPGP.js v1) do not declare any key flags.
In previous OpenPGP.js versions, we've allowed such keys to be used for any operation for which they were compatible.
This behaviour has now changed, and these keys are not allowed to be used for any operation.

The setting  `config.allowMissingKeyFlags` has been added to selectively revert to the past behaviour.
@larabr
Rename internal functions, filter key algos on decryption
551647b
@larabr
Lint: error on unnecessary switch-case braces
e69b1db 
Also fix some indent issues with armoring code detected after required ESLint update.

s
@larabr larabr force-pushed the v6-reject-no-key-flags branch from a28ae91 to e69b1db Compare October 23, 2023 16:46
@larabr larabr merged commit de9b4d5 into openpgpjs:v6 Oct 23, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twiss twiss twiss approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@larabr @twiss