Disallow generating and parsing v4 keys of type ML-DSA

As per spec: https://openpgp-pqc.github.io/draft-openpgp-pqc/draft-ietf-openpgp-pqc.html#section-5.3.2-1
ProtonMail · Sep 13, 2024 · 2654b58 · 2654b58
1 parent fb00782
commit 2654b58
Show file tree

Hide file tree

Showing 4 changed files with 20 additions and 2 deletions.
diff --git a/src/packet/public_key.js b/src/packet/public_key.js
@@ -138,6 +138,10 @@ class PublicKeyPacket {
       ) {
         throw new Error('Legacy curve25519 cannot be used with v6 keys');
       }
+      // The composite ML-DSA + EdDSA schemes MUST be used only with v6 keys
+      if (this.version !== 6 && this.algorithm === enums.publicKey.pqc_mldsa_ed25519) {
+        throw new Error('Unexpected key version for ML-DSA + EdDSA key');
+      }
       this.publicParams = publicParams;
       pos += read;
 

diff --git a/src/packet/secret_key.js b/src/packet/secret_key.js
@@ -532,6 +532,9 @@ class SecretKeyPacket extends PublicKeyPacket {
     )) {
       throw new Error(`Cannot generate v6 keys of type 'ecc' with curve ${curve}. Generate a key of type 'curve25519' instead`);
     }
+    if (this.version !== 6 && this.algorithm === enums.publicKey.pqc_mldsa_ed25519) {
+      throw new Error(`Cannot generate v${this.version} signing keys of type 'pqc'. Generate a v6 key instead`);
+    }
     const { privateParams, publicParams } = await crypto.generateParams(this.algorithm, bits, curve, symmetric);
     this.privateParams = privateParams;
     this.publicParams = publicParams;

diff --git a/test/crypto/validate.js b/test/crypto/validate.js
@@ -81,7 +81,7 @@ async function cloneKeyPacket(key) {
 }
 
 async function generatePrivateKeyObject(options) {
-  const config = { rejectCurves: new Set() };
+  const config = { rejectCurves: new Set(), ...options.config };
   const { privateKey } = await openpgp.generateKey({ ...options, userIDs: [{ name: 'Test', email: '[email protected]' }], format: 'object', config });
   return privateKey;
 }
@@ -318,7 +318,7 @@ export default () => {
     let pqcSigningKey;
     let pqcEncryptionSubkey;
     before(async () => {
-      pqcSigningKey = await generatePrivateKeyObject({ type: 'pqc' });
+      pqcSigningKey = await generatePrivateKeyObject({ type: 'pqc', config: { v6Keys: true } });
       pqcEncryptionSubkey = pqcSigningKey.subkeys[0];
     });
 

diff --git a/test/general/key.js b/test/general/key.js
@@ -4525,6 +4525,17 @@ I8kWVkXU6vFOi+HWvv/ira7ofJu16NnoUkhclkUrk0mXubZvyl4GBg==
       expect(v6Key.subkeys).to.have.length(1);
     });
 
+    it('should throw when trying to add a ML-DSA PQC key to a v4 key', async function() {
+      const v4Key = await openpgp.decryptKey({
+        privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),
+        passphrase: 'hello world'
+      });
+      expect(v4Key.keyPacket.version).to.equal(4);
+      expect(v4Key.subkeys).to.have.length(1);
+      await expect(v4Key.addSubkey({ type: 'pqc', sign: true })).to.be.rejectedWith(/Cannot generate v4 signing keys of type 'pqc'/);
+      expect(v4Key.subkeys).to.have.length(1);
+    });
+
     it('should throw when trying to encrypt a subkey separately from key', async function() {
       const privateKey = await openpgp.decryptKey({
         privateKey: await openpgp.readKey({ armoredKey: priv_key_rsa }),