From 158263f2555eec0bb6e2b3738fa2edfbca71ae72 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sun, 17 May 2015 00:35:10 +0200 Subject: apply promote operation to specific subkeys present on yubikey only --- .../operations/PromoteKeyOperationTest.java | 41 ++++++++++++++++++++-- 1 file changed, 39 insertions(+), 2 deletions(-) (limited to 'OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain') diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java index 617b5762c..2ca904656 100644 --- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java +++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java @@ -41,6 +41,7 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper; import org.sufficientlysecure.keychain.service.SaveKeyringParcel; import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm; import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel; +import org.sufficientlysecure.keychain.support.KeyringTestingHelper; import org.sufficientlysecure.keychain.util.Passphrase; import org.sufficientlysecure.keychain.util.ProgressScaler; import org.sufficientlysecure.keychain.util.TestingUtils; @@ -104,7 +105,7 @@ public class PromoteKeyOperationTest { PromoteKeyOperation op = new PromoteKeyOperation(Robolectric.application, new ProviderHelper(Robolectric.application), null, null); - PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), null); + PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), null, null); Assert.assertTrue("promotion must succeed", result.success()); @@ -130,7 +131,7 @@ public class PromoteKeyOperationTest { byte[] aid = Hex.decode("D2760001240102000000012345670000"); - PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), aid); + PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), aid, null); Assert.assertTrue("promotion must succeed", result.success()); @@ -147,4 +148,40 @@ public class PromoteKeyOperationTest { } } + + @Test + public void testPromoteDivertSpecific() throws Exception { + PromoteKeyOperation op = new PromoteKeyOperation(Robolectric.application, + new ProviderHelper(Robolectric.application), null, null); + + byte[] aid = Hex.decode("D2760001240102000000012345670000"); + + // only promote the first, rest stays dummy + long keyId = KeyringTestingHelper.getSubkeyId(mStaticRing, 1); + + PromoteKeyResult result = op.execute(mStaticRing.getMasterKeyId(), aid, new long[] { + keyId + }); + + Assert.assertTrue("promotion must succeed", result.success()); + + { + CanonicalizedSecretKeyRing ring = new ProviderHelper(Robolectric.application) + .getCanonicalizedSecretKeyRing(mStaticRing.getMasterKeyId()); + + for (CanonicalizedSecretKey key : ring.secretKeyIterator()) { + if (key.getKeyId() == keyId) { + Assert.assertEquals("subkey must be divert-to-card", + SecretKeyType.DIVERT_TO_CARD, key.getSecretKeyType()); + Assert.assertArrayEquals("subkey must have correct iv", + aid, key.getIv()); + } else { + Assert.assertEquals("some subkeys must be gnu dummy", + SecretKeyType.GNU_DUMMY, key.getSecretKeyType()); + } + } + + } + } + } -- cgit v1.2.3 From 46cc7f8174d1bedabaafbab05e9461c1cfe72891 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Wed, 20 May 2015 12:46:31 +0200 Subject: tests: add attribute to PgpKeyOperationTest --- .../keychain/pgp/PgpKeyOperationTest.java | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) (limited to 'OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain') diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java index 54ccccc3d..056165e01 100644 --- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java +++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java @@ -99,6 +99,14 @@ public class PgpKeyOperationTest { parcel.mAddUserIds.add("twi"); parcel.mAddUserIds.add("pink"); + + { + int type = 42; + byte[] data = new byte[] { 0, 1, 2, 3, 4 }; + WrappedUserAttribute uat = WrappedUserAttribute.fromSubpacket(type, data); + parcel.mAddUserAttribute.add(uat); + } + parcel.mNewUnlock = new ChangeUnlockParcel(passphrase); PgpKeyOperation op = new PgpKeyOperation(null); @@ -231,6 +239,17 @@ public class PgpKeyOperationTest { Assert.assertEquals("number of user ids must be two", 2, ring.getPublicKey().getUnorderedUserIds().size()); + ArrayList attributes = + ring.getPublicKey().getUnorderedUserAttributes(); + Assert.assertEquals("number of user attributes must be one", + 1, attributes.size()); + Assert.assertEquals("user attribute must be correct type", + 42, attributes.get(0).getType()); + Assert.assertEquals("user attribute must have one subpacket", + 1, attributes.get(0).getSubpackets().length); + Assert.assertArrayEquals("user attribute must have correct data", + new byte[] { 0, 1, 2, 3, 4 }, attributes.get(0).getSubpackets()[0]); + List subkeys = KeyringTestingHelper.itToList(ring.getPublicKeys()); Assert.assertEquals("number of subkeys must be three", 3, subkeys.size()); -- cgit v1.2.3 From 5c8af1c5a5ad4be2bf3f2f657fe3fbd2f1fe8a24 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 28 May 2015 02:27:44 +0200 Subject: don't show allowed key list if no key exists, and some minor PgpDecryptVerify changes --- .../keychain/pgp/PgpEncryptDecryptTest.java | 29 +++++++++++++++++++--- 1 file changed, 25 insertions(+), 4 deletions(-) (limited to 'OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain') diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index dabfb008c..8cc5115e9 100644 --- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -29,6 +29,7 @@ import org.robolectric.shadows.ShadowLog; import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.jce.provider.BouncyCastleProvider; import org.spongycastle.openpgp.PGPEncryptedData; +import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult; import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData; @@ -214,7 +215,7 @@ public class PgpEncryptDecryptTest { String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); byte[] ciphertext; - { // encrypt data with a given passphrase + { // encrypt data with key ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); @@ -224,7 +225,7 @@ public class PgpEncryptDecryptTest { InputData data = new InputData(in, in.available()); PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel(); - b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() }); + b.setEncryptionMasterKeyIds(new long[] { mStaticRing1.getMasterKeyId() }); b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128); PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(), data, out); Assert.assertTrue("encryption must succeed", result.success()); @@ -334,7 +335,7 @@ public class PgpEncryptDecryptTest { out.toByteArray().length, metadata.getOriginalSize()); } - { // decryption with passphrase cached should succeed for the first key + { // decryption should succeed if key is allowed ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); @@ -350,12 +351,32 @@ public class PgpEncryptDecryptTest { b.setAllowedKeyIds(allowed); DecryptVerifyResult result = b.build().execute(new CryptoInputParcel()); - Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success()); + Assert.assertTrue("decryption with cached passphrase must succeed for allowed key", result.success()); Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext", out.toByteArray(), plaintext.getBytes()); + Assert.assertTrue("other key was skipped", result.getLog().containsType(LogType.MSG_DC_ASKIP_NOT_ALLOWED)); Assert.assertNull("signature should be empty", result.getSignatureResult()); } + { // decryption should fail if no key is allowed + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + // provide passphrase for the second, and check that the first is never asked for! + PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out, + mKeyPhrase2, mStaticRing2.getMasterKeyId(), null); + // no keys allowed! + b.setAllowedKeyIds(new HashSet()); + + DecryptVerifyResult result = b.build().execute(new CryptoInputParcel()); + Assert.assertFalse("decryption must fail if no key allowed", result.success()); + Assert.assertEquals("decryption must fail with key disllowed status", + DecryptVerifyResult.RESULT_KEY_DISALLOWED, result.getResult()); + + } + { // decryption with passphrase cached should succeed for the other key if first is gone // delete first key from database -- cgit v1.2.3