Fix key generation: use primary key for subkey binding signature. On signing all signature subpacket data

is written to the hashed subpacket data section. This allows to set e.g. key flags on certification signatures.
2013-11-26 10:35:41 +01:00 · 2013-11-26 10:35:41 +01:00 · 66c428da7e
commit 66c428da7e
parent 22ad0d3505
9 changed files with 570 additions and 144 deletions
--- a/resources/openpgp.js
+++ b/resources/openpgp.js
--- a/src/enums.js
+++ b/src/enums.js
@ -216,13 +216,12 @@ var enums = {
    trust_signature: 5,
    regular_expression: 6,
    revocable: 7,
-    reserved: 8,
    key_expiration_time: 9,
    placeholder_backwards_compatibility: 10,
    preferred_symmetric_algorithms: 11,
    revocation_key: 12,
    issuer: 16,
-    notification_data: 20,
+    notation_data: 20,
    preferred_hash_algorithms: 21,
    preferred_compression_algorithms: 22,
    key_server_preferences: 23,
@ -237,6 +236,25 @@ var enums = {
    embedded_signature: 32
  },

+  keyFlags: {
+    // 0x01 - This key may be used to certify other keys.
+    certify_keys: 1,
+    // 0x02 - This key may be used to sign data.
+    sign_data: 2,
+    // 0x04 - This key may be used to encrypt communications.
+    encrypt_communication: 4,
+    // 0x08 - This key may be used to encrypt storage.
+    encrypt_storage: 8,
+    // 0x10 - The private component of this key may have been split
+    //        by a secret-sharing mechanism.
+    split_private_key: 16,
+    // 0x20 - This key may be used for authentication.
+    authentication: 32,
+    // 0x80 - The private component of this key may be in the
+    //        possession of more than one person.
+    shared_private_key: 128
+  },
+
  armor: {
    multipart_section: 0,
    multipart_last: 1,
--- a/src/key.js
+++ b/src/key.js
@ -135,6 +135,37 @@ var config = require('./config');
    return privateKeyPackets.length ? true : false;
  }

+  /**
+   * Returns key as public key
+   * @return {key} public key
+   */
+  this.toPublic = function() {
+    for (var i = 0; i < this.packets.length; i++) {
+      if (this.packets[i].tag == enums.packet.secret_key) {
+        var bytes = this.packets[i].writePublicKey();
+        var pubKeyPacket = new packet.public_key();
+        pubKeyPacket.read(bytes);
+        this.packets[i] = pubKeyPacket;
+      }
+      if (this.packets[i].tag == enums.packet.secret_subkey) {
+        var bytes = this.packets[i].writePublicKey();
+        var pubSubkeyPacket = new packet.public_subkey();
+        pubSubkeyPacket.read(bytes);
+        this.packets[i] = pubSubkeyPacket;
+      }
+    }
+    return this;
+  }
+
+  /**
+   * Returns ASCII armored text of key
+   * @return {String} ASCII armor
+   */
+  this.armor = function() {
+    var type = this.isPublic() ? enums.armor.public_key : enums.armor.private_key;
+    return armor.encode(type, this.packets.write());
+  }
+
  /**
   * Returns first key packet that is available for signing
   * @return {public_subkey|secret_subkey|packet_secret_key|packet_public_key|null}
--- a/src/openpgp.js
+++ b/src/openpgp.js
@ -118,11 +118,11 @@ function _openpgp() {
    dataToSign.userid = userIdPacket;
    dataToSign.key = secretKeyPacket;
    var signaturePacket = new packet.signature();
-    signaturePacket.issuerKeyId = secretKeyPacket.getKeyId().write();
    signaturePacket.signatureType = enums.signature.cert_generic;
    signaturePacket.publicKeyAlgorithm = keyType;
    //TODO we should load preferred hash from config, or as input to this function
    signaturePacket.hashAlgorithm = enums.hash.sha256;
+    signaturePacket.keyFlags = [enums.keyFlags.certify_keys | enums.keyFlags.sign_data];
    signaturePacket.sign(secretKeyPacket, dataToSign);

    var secretSubkeyPacket = new packet.secret_subkey();
@ -134,12 +134,12 @@ function _openpgp() {
    dataToSign.key = secretKeyPacket;
    dataToSign.bind = secretSubkeyPacket;
    var subkeySignaturePacket = new packet.signature();
-    subkeySignaturePacket.issuerKeyId = secretSubkeyPacket.getKeyId().write();
    subkeySignaturePacket.signatureType = enums.signature.subkey_binding;
    subkeySignaturePacket.publicKeyAlgorithm = keyType;
    //TODO we should load preferred hash from config, or as input to this function
    subkeySignaturePacket.hashAlgorithm = enums.hash.sha256;
-    subkeySignaturePacket.sign(secretSubkeyPacket, dataToSign);
+    subkeySignaturePacket.keyFlags = [enums.keyFlags.encrypt_communication | enums.keyFlags.encrypt_storage];
+    subkeySignaturePacket.sign(secretKeyPacket, dataToSign);

    packetlist.push(secretKeyPacket);
    packetlist.push(userIdPacket);
--- a/src/packet/secret_key.js
+++ b/src/packet/secret_key.js
@ -102,9 +102,6 @@ function packet_secret_key() {
  /**
   * Internal parser for private keys as specified in RFC 4880 section 5.5.3
   * @param {String} bytes Input string to read the packet from
-   * @param {Integer} position Start position for the parser
-   * @param {Integer} len Length of the packet or remaining length of bytes
-   * @return {Object} This object with attributes set by the parser
   */
  this.read = function(bytes) {
    // - A Public-Key or Public-Subkey packet, as described above.
@ -135,19 +132,9 @@ function packet_secret_key() {

  };

-  /*
-     * Creates an OpenPGP key packet for the given key. much 
-	 * TODO in regards to s2k, subkeys.
-     * @param {Integer} keyType Follows the OpenPGP algorithm standard, 
-	 * IE 1 corresponds to RSA.
-     * @param {RSA.keyObject} key
-     * @param passphrase
-     * @param s2kHash
-     * @param symmetricEncryptionAlgorithm
-     * @param timePacket
-     * @return {Object} {body: [string]OpenPGP packet body contents, 
-		header: [string] OpenPGP packet header, string: [string] header+body}
-     */
+  /** Creates an OpenPGP key packet for the given key.
+    * @return {String} A string of bytes containing the secret key OpenPGP packet
+    */
  this.write = function() {
    var bytes = this.writePublicKey();

@ -259,7 +246,7 @@ function packet_secret_key() {
    return true;
  };

-  this.generate = function(bits, passphrase) {
+  this.generate = function(bits) {
    this.mpi = crypto.generateMpi(this.algorithm, bits);
    this.isDecrypted = true;
  };
--- a/src/packet/signature.js
+++ b/src/packet/signature.js
@ -19,7 +19,8 @@ var util = require('../util'),
  packet = require('./packet.js'),
  enums = require('../enums.js'),
  crypto = require('../crypto'),
-  type_mpi = require('../type/mpi.js');
+  type_mpi = require('../type/mpi.js'),
+  type_keyid = require('../type/keyid.js');

 /**
 * @class
@ -40,7 +41,7 @@ module.exports = function packet_signature() {
  this.signedHashValue = null;
  this.mpi = null;

-  this.created = null;
+  this.created = new Date();
  this.signatureExpirationTime = null;
  this.signatureNeverExpires = null;
  this.exportable = null;
@ -54,8 +55,8 @@ module.exports = function packet_signature() {
  this.revocationKeyClass = null;
  this.revocationKeyAlgorithm = null;
  this.revocationKeyFingerprint = null;
-  this.issuerKeyId = null;
-  this.notation = {};
+  this.issuerKeyId = new type_keyid();
+  this.notation = null;
  this.preferredHashAlgorithms = null;
  this.preferredCompressionAlgorithms = null;
  this.keyServerPreferences = null;
@ -66,6 +67,7 @@ module.exports = function packet_signature() {
  this.signersUserId = null;
  this.reasonForRevocationFlag = null;
  this.reasonForRevocationString = null;
+  this.features = null;
  this.signatureTargetPublicKeyAlgorithm = null;
  this.signatureTargetHashAlgorithm = null;
  this.signatureTargetHash = null;
@ -105,7 +107,7 @@ module.exports = function packet_signature() {
        this.signatureData = bytes.substring(position, i);

        // Eight-octet Key ID of signer.
-        this.issuerKeyId = bytes.substring(i, i + 8);
+        this.issuerKeyId.read(bytes.substring(i, i + 8));
        i += 8;

        // One-octet public-key algorithm.
@ -193,15 +195,10 @@ module.exports = function packet_signature() {
    result += String.fromCharCode(publicKeyAlgorithm);
    result += String.fromCharCode(hashAlgorithm);

-    //Calculate subpackets
-    var creationTimeSubpacket = write_sub_packet(enums.signatureSubpacket.signature_creation_time,
-      util.writeDate(new Date()));
+    this.issuerKeyId = key.getKeyId();

-    var issuerSubpacket = write_sub_packet(enums.signatureSubpacket.issuer, key.getKeyId().write());
-
-    // Add subpackets here
-    result += util.writeNumber(creationTimeSubpacket.length + issuerSubpacket.length, 2);
-    result += creationTimeSubpacket + issuerSubpacket;
+    // Add hashed subpackets
+    result += this.write_all_sub_packets();

    this.signatureData = result;

@ -218,6 +215,116 @@ module.exports = function packet_signature() {
      publicKeyAlgorithm, key.mpi, toHash);
  };

+  /**
+   * Creates string of bytes with all subpacket data
+   * @return {String} a string-representation of a all subpacket data
+   */
+  this.write_all_sub_packets = function() {
+    var sub = enums.signatureSubpacket;
+    var result = '';
+    var bytes = '';
+    if (this.created !== null) {
+      result += write_sub_packet(sub.signature_creation_time, util.writeDate(this.created));
+    }
+    if (this.signatureExpirationTime !== null) {
+      result += write_sub_packet(sub.signature_expiration_time, util.writeDate(this.signatureExpirationTime));
+    }
+    if (this.exportable !== null) {
+      result += write_sub_packet(sub.exportable_certification, String.fromCharCode(this.exportable ? 1 : 0));
+    }
+    if (this.trustLevel !== null) {
+      bytes = String.fromCharCode(this.trustLevel) + String.fromCharCode(this.trustAmount);
+      result += write_sub_packet(sub.trust_signature, bytes);
+    }
+    if (this.regularExpression !== null) {
+      result += write_sub_packet(sub.regular_expression, this.regularExpression);
+    }
+    if (this.revocable !== null) {
+      result += write_sub_packet(sub.revocable, String.fromCharCode(this.revocable ? 1 : 0));
+    }
+    if (this.keyExpirationTime !== null) {
+      result += write_sub_packet(sub.key_expiration_time, util.writeDate(this.keyExpirationTime));
+    }
+    if (this.preferredSymmetricAlgorithms !== null) {
+      bytes = util.bin2str(this.preferredSymmetricAlgorithms);
+      result += write_sub_packet(sub.preferred_symmetric_algorithms, bytes);
+    }
+    if (this.revocationKeyClass !== null) {
+      bytes = String.fromCharCode(this.revocationKeyClass);
+      bytes += String.fromCharCode(this.revocationKeyAlgorithm);
+      bytes += this.revocationKeyFingerprint;
+      result += write_sub_packet(sub.revocation_key, bytes);
+    }
+    if (!this.issuerKeyId.isNull()) {
+      result += write_sub_packet(sub.issuer, this.issuerKeyId.write());
+    }
+    if (this.notation !== null) {
+      for (var name in this.notation) {
+        if (this.notation.hasOwnProperty(name)) {
+          var value = this.notation[name];
+          bytes = String.fromCharCode(0x80);
+          bytes += String.fromCharCode(0);
+          bytes += String.fromCharCode(0);
+          bytes += String.fromCharCode(0);
+          // 2 octets of name length
+          bytes += util.writeNumber(name.length, 2);
+          // 2 octets of value length
+          bytes += util.writeNumber(value.length, 2);
+          bytes += name + value;
+          result += write_sub_packet(sub.notation_data, bytes);
+        }
+      }
+    } 
+    if (this.preferredHashAlgorithms !== null) {
+      bytes = util.bin2str(this.preferredHashAlgorithms);
+      result += write_sub_packet(sub.preferred_hash_algorithms, bytes);
+    }
+    if (this.preferredCompressionAlgorithms !== null) {
+      bytes = util.bin2str(this.preferredCompressionAlgorithms);
+      result += write_sub_packet(sub.preferred_hash_algorithms, bytes);
+    }
+    if (this.keyServerPreferences !== null) {
+      bytes = util.bin2str(this.keyServerPreferences);
+      result += write_sub_packet(sub.key_server_preferences, bytes);
+    }
+    if (this.preferredKeyServer !== null) {
+      result += write_sub_packet(sub.preferred_key_server, this.preferredKeyServer);
+    }
+    if (this.isPrimaryUserID !== null) {
+      result += write_sub_packet(sub.primary_user_id, String.fromCharCode(this.isPrimaryUserID ? 1 : 0));
+    }
+    if (this.policyURI !== null) {
+      result += write_sub_packet(sub.policy_uri, this.policyURI); 
+    }
+    if (this.keyFlags !== null) {
+      bytes = util.bin2str(this.keyFlags);
+      result += write_sub_packet(sub.key_flags, bytes);
+    }
+    if (this.signersUserId !== null) {
+      result += write_sub_packet(sub.signers_user_id, this.signersUserId); 
+    }
+    if (this.reasonForRevocationFlag !== null) {
+      bytes = String.fromCharCode(this.reasonForRevocationFlag);
+      bytes += this.reasonForRevocationString;
+      result += write_sub_packet(sub.reason_for_revocation, bytes);
+    }
+    if (this.features !== null) {
+      bytes = util.bin2str(this.features);
+      result += write_sub_packet(sub.features, bytes);
+    }
+    if (this.signatureTargetPublicKeyAlgorithm !== null) {
+      bytes = String.fromCharCode(this.signatureTargetPublicKeyAlgorithm);
+      bytes += String.fromCharCode(this.signatureTargetHashAlgorithm);
+      bytes += this.signatureTargetHash;
+      result += write_sub_packet(sub.signature_target, bytes);
+    }
+    if (this.embeddedSignature !== null) {
+      result += write_sub_packet(sub.embedded_signature, this.embeddedSignature.write());
+    }
+    result = util.writeNumber(result.length, 2) + result;
+    return result;
+  };
+
  /**
   * creates a string representation of a sub signature packet (See RFC 4880 5.2.3.1)
   * @param {Integer} type subpacket signature type. Signature types as described 
@ -309,7 +416,7 @@ module.exports = function packet_signature() {

      case 16:
        // Issuer
-        this.issuerKeyId = bytes.substr(mypos, 8);
+        this.issuerKeyId.read(bytes.substr(mypos));
        break;

      case 20:
@ -319,14 +426,15 @@ module.exports = function packet_signature() {

          // We extract key/value tuple from the byte stream.
          mypos += 4;
-          var m = util.writeNumber(bytes.substr(mypos, 2));
+          var m = util.readNumber(bytes.substr(mypos, 2));
          mypos += 2
-          var n = util.writeNumber(bytes.substr(mypos, 2));
+          var n = util.readNumber(bytes.substr(mypos, 2));
          mypos += 2

          var name = bytes.substr(mypos, m),
            value = bytes.substr(mypos + m, n);

+          this.notation = this.notation || {};
          this.notation[name] = value;
        } else throw new Error("Unsupported notation flag.");
        break;
@ -450,7 +558,7 @@ module.exports = function packet_signature() {
        return this.toSign(t.key, data);
      case t.timestamp:
        return '';
-      case t.thrid_party:
+      case t.third_party:
        throw new Error('Not implemented');
        break;
      default:
--- a/src/type/keyid.js
+++ b/src/type/keyid.js
@ -27,13 +27,7 @@ var util = require('../util');
 */
 function keyid() {

-  // initialize keyid with 0x0000000000000000
-  var strArray = [];
-  var zero = String.fromCharCode(0);
-  for (var i = 0; i < 8; i++) {
-    strArray[i] = zero;
-  }
-  this.bytes = strArray.join('');
+  this.bytes = '';


  /**
@ -58,6 +52,10 @@ function keyid() {
  this.equals = function(keyid) {
    return this.bytes == keyid.bytes;
  }
+
+  this.isNull = function() {
+    return this.bytes === '';
+  }
 }

 keyid.mapToHex = function(keyid) {
--- a/test/general/openpgp.basic.js
+++ b/test/general/openpgp.basic.js
@ -5,7 +5,7 @@ unit.register("Key generation/encryption/decryption", function() {
  var result = [];
  var testHelper = function(passphrase, userid, message) {
    var key = openpgp.generateKeyPair(openpgp.enums.publicKey.rsa_encrypt_sign, 512, 
-                                      userid, message, passphrase);
+                                      userid, passphrase);

    var info = '\npassphrase: ' + passphrase + '\n'
        + 'userid: ' + userid + '\n'
--- a/test/test-bundle.js
+++ b/test/test-bundle.js