From d60fff202a6f675e6ef83166a4f6c94e01db36f3 Mon Sep 17 00:00:00 2001 From: Roman Zeyde Date: Sat, 9 Jul 2016 11:26:48 +0300 Subject: [PATCH] gpg: don't validate non-ECDSA signatures --- trezor_agent/gpg/decode.py | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/trezor_agent/gpg/decode.py b/trezor_agent/gpg/decode.py index 42c56ef..e7d2172 100644 --- a/trezor_agent/gpg/decode.py +++ b/trezor_agent/gpg/decode.py @@ -75,20 +75,6 @@ def _parse_ed25519_verifier(mpi): return _ed25519_verify, vk -def _create_rsa_verifier(n, e): - def verifier(signature, digest): - s, = signature - size = n.bit_length() - result = pow(s, e, n) % (2 ** 256) - digest = util.bytes2num(digest) - if result == digest: - log.debug('RSA-%d signature is OK', size) - return True - else: - raise ValueError('invalid RSA signature') - - return verifier - SUPPORTED_CURVES = { b'\x2A\x86\x48\xCE\x3D\x03\x01\x07': _parse_nist256p1_verifier, b'\x2B\x06\x01\x04\x01\xDA\x47\x0F\x01': _parse_ed25519_verifier, @@ -194,10 +180,9 @@ def _parse_pubkey(stream, packet_type='pubkey'): log.warning('ElGamal signatures are not verified') parse_mpis(stream, n=3) else: # assume RSA - log.debug('parsing RSA key') - n, e = parse_mpis(stream, n=2) - p['verifier'] = _create_rsa_verifier(n, e) - assert not stream.read() + log.warning('RSA signatures are not verified') + parse_mpis(stream, n=2) + assert not stream.read() # https://tools.ietf.org/html/rfc4880#section-12.2 packet_data = packet.getvalue() @@ -316,7 +301,7 @@ def load_public_key(pubkey_bytes, use_custom=False, ecdh=False): verify_digest(pubkey=pubkey, digest=digest, signature=signature['sig'], label='GPG public key') else: - log.warning('public key %s cannot be verified!', + log.warning('public key %s is not verified!', util.hexlify(pubkey['key_id'])) packet = pubkey