Skip to content

fix(verify): reject non-ed25519 signing keys (closes #52)#8

Open
akuraposo wants to merge 1 commit into
permission-protocol:mainfrom
akuraposo:fix/reject-non-ed25519-keys
Open

fix(verify): reject non-ed25519 signing keys (closes #52)#8
akuraposo wants to merge 1 commit into
permission-protocol:mainfrom
akuraposo:fix/reject-non-ed25519-keys

Conversation

@akuraposo
Copy link
Copy Markdown

@akuraposo akuraposo commented Jun 4, 2026

Summary

Fixes #52: the local reference verifier in pp-cli was accepting signatures
made with non-Ed25519 keys while reporting signatureAlg: "ed25519" as
verified. This allowed algorithm/key-type confusion attacks — a receipt
signed with RSA, ECDSA, or Ed448 could pass verification as an Ed25519
receipt whenever the resolved key record matched signatureKeyId.

Affected code

src/keyResolver.ts parsed PEM or DER public keys without checking
KeyObject.asymmetricKeyType. Node's verify(null, ...) accepts RSA,
ECDSA, and Ed448 signatures through that same call path, so the only
gate was the receipt's signatureAlg label, not the actual key.

Fix

asPublicKey() now requires asymmetricKeyType === 'ed25519' and throws
a KEY_RESOLUTION_FAILED-shaped error for any other key type. The check
is applied in the shared key-loading path so both remote discovery and
offline key files fail closed.

Reproduction (before the fix)

  1. Load a known-valid receipt fixture (tests/fixtures/valid.json).
  2. Generate an RSA key pair.
  3. Keep the signed receipt field signatureAlg: "ed25519" unchanged.
  4. Change signatureKeyId to a matching RSA key record and sign the
    canonical bytes with the RSA private key.
  5. Resolve the RSA public key from a local data: key URL and call
    verifyReceipt().

Observed before the fix: verified: true (the receipt is reported as
Ed25519-verified even though it was signed with RSA).

I also reproduced successful verification with generated ECDSA P-256
and Ed448 key pairs. The patch fails closed for every parsed public key
whose asymmetricKeyType is not ed25519.

Validation

  • npm test -- --run — all 7 tests pass (5 pre-existing + 2 new
    regression tests for RSA and ECDSA P-256 keys)
  • npm run build — clean
  • git diff --check — clean

Bounty

Submitted for assessment under #36 as a distinct Ed25519
verification-flow flaw. Payout details can be provided privately after
validation.

fix(verify): reject non-ed25519 signing keys
b538a42 
The local reference verifier only checks the receipt's `signatureAlg`
label, but `resolvePublicKey` accepts any SPKI public key. Node's
`crypto.verify(null, ...)` accepts RSA, ECDSA, and Ed448 signatures
through the same call path, so a receipt signed with another algorithm
can pass verification as an Ed25519 receipt.

This patch adds an `asymmetricKeyType === 'ed25519'` check inside
`asPublicKey` so every key loaded from a file or remote discovery
endpoint is rejected up front if it is not an Ed25519 public key.

Closes #52

- Updated `keyResolver.ts` to fail closed on non-ed25519 keys
- Added regression tests for RSA and ECDSA P-256 keys
- All 7 existing tests still pass
@akuraposo
Copy link
Copy Markdown
Author

akuraposo commented Jun 4, 2026

FYI: I've opened a separate issue with a full bypass POC for the #36 challenge, demonstrating the algorithm-confusion flaw this PR fixes:

permission-protocol/deploy-gate#58

The POC forges an Authority Receipt that pp verify accepts (vulnerable v0.1.0) but rejects after this PR is applied. Same root cause as #52.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akuraposo