Flag to allow signing key decryption (#251)

lubux · web-flow · commit 5521d835096c · 2024-11-25T10:40:08.000+01:00
Adds a flag InsecureAllowDecryptionWithSigningKeys that allows to use keys for decryption 
that are marked as signing keys only.
diff --git a/openpgp/packet/config.go b/openpgp/packet/config.go
@@ -139,6 +139,11 @@ type Config struct {
 	// might be no other way than to tolerate the missing MDC. Setting this flag, allows this
 	// mode of operation. It should be considered a measure of last resort.
 	InsecureAllowUnauthenticatedMessages bool
+	// InsecureAllowDecryptionWithSigningKeys allows decryption with keys marked as signing keys in the v2 API.
+	// This setting is potentially insecure, but it is needed as some libraries
+	// ignored key flags when selecting a key for encryption.
+	// Not relevant for the v1 API, as all keys were allowed in decryption.
+	InsecureAllowDecryptionWithSigningKeys bool
 	// KnownNotations is a map of Notation Data names to bools, which controls
 	// the notation names that are allowed to be present in critical Notation Data
 	// signature subpackets.
@@ -291,6 +296,13 @@ func (c *Config) AllowUnauthenticatedMessages() bool {
 	return c.InsecureAllowUnauthenticatedMessages
 }
 
+func (c *Config) AllowDecryptionWithSigningKeys() bool {
+	if c == nil {
+		return false
+	}
+	return c.InsecureAllowDecryptionWithSigningKeys
+}
+
 func (c *Config) KnownNotation(notationName string) bool {
 	if c == nil {
 		return false
diff --git a/openpgp/v2/keys.go b/openpgp/v2/keys.go
@@ -164,12 +164,12 @@ func (e *Entity) DecryptionKeys(id uint64, date time.Time, config *packet.Config
 	for _, subkey := range e.Subkeys {
 		subkeySelfSig, err := subkey.LatestValidBindingSignature(date, config)
 		if err == nil &&
-			isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo) &&
+			(config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&
 			(id == 0 || subkey.PublicKey.KeyId == id) {
 			keys = append(keys, Key{subkey.Primary, primarySelfSignature, subkey.PublicKey, subkey.PrivateKey, subkeySelfSig})
 		}
 	}
-	if isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {
+	if config.AllowDecryptionWithSigningKeys() || isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {
 		keys = append(keys, Key{e, primarySelfSignature, e.PrimaryKey, e.PrivateKey, primarySelfSignature})
 	}
 	return
diff --git a/openpgp/v2/read_test.go b/openpgp/v2/read_test.go
@@ -1023,3 +1023,41 @@ func testMalformedMessage(t *testing.T, keyring EntityList, message string) {
 		return
 	}
 }
+
+func TestReadMessageWithSignOnly(t *testing.T) {
+	config := packet.Config{
+		InsecureAllowDecryptionWithSigningKeys: true,
+	}
+	key, err := ReadArmoredKeyRing(strings.NewReader(rsaSignOnly))
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	// Success
+	msgReader, err := armor.Decode(strings.NewReader(armoredMessageRsaSignOnly))
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	md, err := ReadMessage(msgReader.Body, key, nil, &config)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	_, err = io.ReadAll(md.UnverifiedBody)
+	if err != nil {
+		t.Error(err)
+		return
+	}
+
+	// Fail
+	msgReader, err = armor.Decode(strings.NewReader(armoredMessageRsaSignOnly))
+	if err != nil {
+		t.Error(err)
+		return
+	}
+	md, err = ReadMessage(msgReader.Body, key, nil, nil)
+	if err == nil {
+		t.Fatal("Should not decrypt")
+	}
+}
diff --git a/openpgp/v2/read_write_test_data.go b/openpgp/v2/read_write_test_data.go
@@ -740,3 +740,51 @@ NVniEke6hM3CNBXYPAMhQBMWhCulcoz+0lxi8L34rMN+Dsbma96psdUrn7uLaB91
 xqAY9Bwizt4FWgXuLm1a4+So4V9j1TRCXd12Uc2l2RNmgDE=
 =miES
 -----END PGP PRIVATE KEY BLOCK-----`
+
+const rsaSignOnly = `-----BEGIN PGP PRIVATE KEY BLOCK-----
+
+xcLYBF9Gl+MBCACc09O3gjyO0B1ledGxGFSUpPmhhJzkxKoY1WDX8VlASCHz
+bAA/BytgYBXHTe7N+N3yJ6uiN3DIQ2j5uGWk/h5jyIOsRuzQxJ40n8AdK/71
+SGDCG1X5l1h9vmVTJxkQ3pcOxqRg55EEuJWKN1v7B1hIPxhaM5hgH/7s+PNn
+lQddckQJqYkpm9Hy6EI7f9oHrOtWJWZoCHkWZVld7+9ZVPi34ex5ofYOuvNL
+AIKZCc7lAiUiDJYQ+hIJRoYwLYhjIshpYoHgNeG4snlupNO32BiwDbHFDjeu
+eoBLQ0rxZV7B664ceCmIl+VRht9G20hfGoTjAiop5tyrN1ZeL4EaI+aTABEB
+AAEAB/oCKTQnftvHwrkBVlyzSN6tfXylF2551Q3n4CZGg3efI/9PCa9wF58+
+WApqmgsUqcNbVnDfl2T58ow05FLMxnFFNnHJq8ltfnXl+gG6c7iy94p79SQE
+AGCOL7xNassXrDAQZhqWkCdiLK3b6r9F8Y3URb/AYbWH2BkFkS0oWQDav+Tw
+lABt5vG2L5QtnShdqi8CCitcHGEKHocPHp0yAQlp3oAMq09YubgrzESDJ7Pe
+l93cT35NlyimAZ6IYk/gumX0/6spqcw7205KfG6P84WlMp3WmE0IUWtiOp+7
+rjMjDki0WeVKtuLbHBhOwKvxcILWz+0vQf3uu6aXOKQ3JlsVBADHoXa6QjrT
+RmKD9ch65Pkd+EZiKhe+pqqIArVj4QsVBEnaggR59SD8uXhtpyBnvOp3xpof
+Vut3SKWl/jmH7vKansFbHOo8xLUyVctu7lCL2/v85FcRJxfPK00MBic+z/vf
+mWOAY1VBoi5I9qi6o8vVHA5BJ/xw2uV9VpxfiLG0vwQAyRxHmoZl/OxaZUsm
+J9eDYV9xyYumkTCYvHPk9X+ehS+XeYh24z1q9a/1jEnSR3A5XE67UCLaspiA
++Px7nSU1+ftJ9bC2bnRR0Upop+3UkPeCBVp4tYAhsNnPXhSWC0gCgeGU7EmW
+DechFg29LId35LXKgmXls9u5yDy2w978Hy0D/jbKZaxNMMwlx/XCFCoBEcXS
+DBzg7GHNXdillJqy215j46lfVqOCB3IiffNKjHua2l6fQc0BoiWIZnElMnIa
+faEBBSpOVqKhktDFacHa5xChjqXZVyw68qc0I36xkCfcwvYCpNKKkXv90r8A
+tRI6gpBLeMJvkL3VkmKd6AZymxFxRGjNEkJvYiA8aW5mb0Bib2IuY29tPsLA
+jQQQAQgAIAUCX0aX4wYLCQcIAwIEFQgKAgQWAgEAAhkBAhsDAh4BACEJEAr9
+x5ZY6oZmFiEEm+B7p+lshgEOwGGZCv3HlljqhmaUWgf/efmGSpOKIGQ3Kh32
+HUqn/4ARvUmqMtZz4xUA9P3GAPY8XwJf00jSQlAo4//3aA1eEOJFHCr2qzCk
+/4gIoZEScTTZp4itfL/Fer3UX+bV/VeTNgZGi+MRylSDQxLRQNpRgu+FmRAi
+E6fr8D8GMvEcGb0jTRgWGj1EVtfOHfDg+EyPrtw+Z8u/bErUJ+Fnxz+KOGSN
+SBQVAOflUYFoQhUNgZiq1s8WFD55sfes3UdBwsmHquDtYGo9dvWLJXxTEF8q
+QCyKHYdk25ShIlNpRUqOH3CHqY/38z7QeV7INwtZaQvoES08RlD6ZMtczYLj
+BZou86lozq7ISvRg1RSIWZ0ZRA==
+=A9Ts
+-----END PGP PRIVATE KEY BLOCK-----
+`
+
+const armoredMessageRsaSignOnly = `-----BEGIN PGP MESSAGE-----
+
+wcBMAwr9x5ZY6oZmAQf+Lxghg4keIFpEq8a65gFkIfW+chHTDPlfI8xnx6U9
+HdsICX3Oye5V0ToCVKkEWDxfN1yCfXiYalSNo7ScRZKR7C+j02/pC+FfR6AJ
+2cvdFoGIrLaXdjXXc/oXbsCCZA4C1DhQqpdORo2qGF0Q6Sm8659B0CfOgYSL
+fBfKQ5VJngUT5JG8Uek3YuXBufPNhzdmXLHyB2Y2CwKkldi2vo4YNAukDhrR
+2TojxdNoouhnMm+gloCE1n8huY1vw5F78/uiHen0tmHQ0dxtfk8cc1burgl/
+zUdJ3Sg6Eu+OC2ae5II63iB5fG+lCwZtfuepWnePDv8RDKNHCVP/LoBNpGOZ
+U9I6AUkZWdcsueib9ghKDDy+HbUbf2kCJWUnuyeOCKqQifDb8bsLmdQY4Wb6
+EBeLgD8oZHVsH3NLjPakPw==
+=STqy
+-----END PGP MESSAGE-----`

Original file line number	Diff line number	Diff line change
`@@ -164,12 +164,12 @@ func (e Entity) DecryptionKeys(id uint64, date time.Time, config packet.Config`
`164`	`164`	`for _, subkey := range e.Subkeys {`
`165`	`165`	`subkeySelfSig, err := subkey.LatestValidBindingSignature(date, config)`
`166`	`166`	`if err == nil &&`
`167`		`- isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo) &&`
	`167`	`+ (config.AllowDecryptionWithSigningKeys() \|\| isValidEncryptionKey(subkeySelfSig, subkey.PublicKey.PubKeyAlgo)) &&`
`168`	`168`	`(id == 0 \|\| subkey.PublicKey.KeyId == id) {`
`169`	`169`	`keys = append(keys, Key{subkey.Primary, primarySelfSignature, subkey.PublicKey, subkey.PrivateKey, subkeySelfSig})`
`170`	`170`	`}`
`171`	`171`	`}`
`172`		`- if isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {`
	`172`	`+ if config.AllowDecryptionWithSigningKeys() \|\| isValidEncryptionKey(primarySelfSignature, e.PrimaryKey.PubKeyAlgo) {`
`173`	`173`	`keys = append(keys, Key{e, primarySelfSignature, e.PrimaryKey, e.PrivateKey, primarySelfSignature})`
`174`	`174`	`}`
`175`	`175`	`return`