When a curve is unknown, treat the EC point as an opaque MPI

SecurityInnovation · Jun 16, 2023 · df4a732 · df4a732
1 parent c32435f
commit df4a732
Show file tree

Hide file tree

Showing 2 changed files with 22 additions and 13 deletions.
diff --git a/pgpy/packet/fields.py b/pgpy/packet/fields.py
@@ -539,9 +539,12 @@ def verify(self, subj, sigbytes, hash_alg):
     def parse(self, packet):
         self.oid = EllipticCurveOID.parse(packet)
 
-        self.p = ECPoint(packet)
-        if self.p.format != ECPointFormat.Standard:
-            raise PGPIncompatibleECPointFormatError("Only Standard format is valid for ECDSA")
+        if isinstance(self.oid, EllipticCurveOID):
+            self.p = ECPoint(packet)
+            if self.p.format != ECPointFormat.Standard:
+                raise PGPIncompatibleECPointFormatError("Only Standard format is valid for ECDSA")
+        else:
+            self.p = MPI(packet)
 
 
 class EdDSAPub(PubKey):
@@ -583,9 +586,12 @@ def verify(self, subj, sigbytes, hash_alg):
     def parse(self, packet):
         self.oid = EllipticCurveOID.parse(packet)
 
-        self.p = ECPoint(packet)
-        if self.p.format != ECPointFormat.Native:
-            raise PGPIncompatibleECPointFormatError("Only Native format is valid for EdDSA")
+        if isinstance(self.oid, EllipticCurveOID):
+            self.p = ECPoint(packet)
+            if self.p.format != ECPointFormat.Native:
+                raise PGPIncompatibleECPointFormatError("Only Native format is valid for EdDSA")
+        else:
+            self.p = MPI(packet)
 
 
 class ECDHPub(PubKey):
@@ -649,12 +655,16 @@ def parse(self, packet):
         """
         self.oid = EllipticCurveOID.parse(packet)
 
-        self.p = ECPoint(packet)
-        if self.oid == EllipticCurveOID.Curve25519:
-            if self.p.format != ECPointFormat.Native:
-                raise PGPIncompatibleECPointFormatError("Only Native format is valid for Curve25519")
-        elif self.p.format != ECPointFormat.Standard:
-            raise PGPIncompatibleECPointFormatError("Only Standard format is valid for this curve")
+        if isinstance(self.oid, EllipticCurveOID):
+            self.p = ECPoint(packet)
+            if self.oid == EllipticCurveOID.Curve25519:
+                if self.p.format != ECPointFormat.Native:
+                    raise PGPIncompatibleECPointFormatError("Only Native format is valid for Curve25519")
+            elif self.p.format != ECPointFormat.Standard:
+                raise PGPIncompatibleECPointFormatError("Only Standard format is valid for this curve")
+        else:
+            self.p = MPI(packet)
+
         self.kdf.parse(packet)
 
 

diff --git a/tests/test_06_compatibility.py b/tests/test_06_compatibility.py
@@ -45,7 +45,6 @@ def test_cert_unknown_subkey_algo(self) -> None:
     @pytest.mark.parametrize('flavor', ['ecdsa', 'eddsa', 'ecdh'])
     def test_cert_unknown_curve(self, flavor:str) -> None:
         k:PGPKey
-        pytest.xfail(f'cannot handle certificates containing subkeys with unknown OIDs for {flavor}')
         (k, _) = PGPKey.from_file(f'tests/testdata/compatibility/bob_with_unknown_{flavor}_curve.pgp')
         assert k.check_soundness() == SecurityIssues.OK