From dfce5449c2e8029039533c26ba15e5ac468eb8e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Sun, 4 Oct 2015 22:46:21 +0200 Subject: Raise min asymmetric key length for all ciphers to 2048 bit --- .../sufficientlysecure/keychain/operations/ExportTest.java | 12 ++++++------ .../keychain/operations/PromoteKeyOperationTest.java | 6 +++--- .../keychain/pgp/PgpEncryptDecryptTest.java | 6 +++--- .../sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java | 12 ++++++------ .../keychain/pgp/UncachedKeyringCanonicalizeTest.java | 4 ++-- .../keychain/pgp/UncachedKeyringMergeTest.java | 4 ++-- 6 files changed, 22 insertions(+), 22 deletions(-) (limited to 'OpenKeychain/src/test') diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/ExportTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/ExportTest.java index a659dc7da..ae7c13c76 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/ExportTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/ExportTest.java @@ -75,11 +75,11 @@ public class ExportTest { { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.DSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.ELGAMAL, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("snips"); parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1); @@ -93,11 +93,11 @@ public class ExportTest { { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.DSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.ELGAMAL, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("snails"); parcel.mNewUnlock = new ChangeUnlockParcel(null, new Passphrase("1234")); diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java index e6c8c0efe..717dfe508 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/PromoteKeyOperationTest.java @@ -74,11 +74,11 @@ public class PromoteKeyOperationTest { { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.DSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.ELGAMAL, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("derp"); parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1); diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index cc5ef8038..4710edcba 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -131,11 +131,11 @@ public class PgpEncryptDecryptTest { // insecure (1024 bit) RSA key SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("eve"); parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhraseInsecure); diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java index c0e28cd4b..a3b5ae9fa 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java @@ -82,8 +82,8 @@ public class PgpKeyOperationTest { UncachedKeyRing ring; PgpKeyOperation op; SaveKeyringParcel parcel; - ArrayList onlyA = new ArrayList(); - ArrayList onlyB = new ArrayList(); + ArrayList onlyA = new ArrayList<>(); + ArrayList onlyB = new ArrayList<>(); static CryptoInputParcel cryptoInput; @@ -94,11 +94,11 @@ public class PgpKeyOperationTest { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.DSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("twi"); parcel.mAddUserIds.add("pink"); @@ -153,7 +153,7 @@ public class PgpKeyOperationTest { parcel.mNewUnlock = new ChangeUnlockParcel(passphrase); assertFailure("creating ring with < 512 bytes keysize should fail", parcel, - LogType.MSG_CR_ERROR_KEYSIZE_512); + LogType.MSG_CR_ERROR_KEYSIZE_2048); } { @@ -391,7 +391,7 @@ public class PgpKeyOperationTest { parcel.mAddSubKeys.add(new SubkeyAdd( Algorithm.RSA, new Random().nextInt(512), null, KeyFlags.SIGN_DATA, 0L)); assertModifyFailure("creating a subkey with keysize < 512 should fail", ring, parcel, - LogType.MSG_CR_ERROR_KEYSIZE_512); + LogType.MSG_CR_ERROR_KEYSIZE_2048); } diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java index 5e552fecc..5a4e5aad2 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java @@ -89,8 +89,8 @@ public class UncachedKeyringCanonicalizeTest { static UncachedKeyRing staticRing; static int totalPackets; UncachedKeyRing ring; - ArrayList onlyA = new ArrayList(); - ArrayList onlyB = new ArrayList(); + ArrayList onlyA = new ArrayList<>(); + ArrayList onlyB = new ArrayList<>(); OperationResult.OperationLog log = new OperationResult.OperationLog(); PGPSignatureSubpacketGenerator subHashedPacketsGen; PGPSecretKey secretKey; diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java index 90189e377..dd0a537f6 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java @@ -87,8 +87,8 @@ public class UncachedKeyringMergeTest { static UncachedKeyRing staticRingA, staticRingB; UncachedKeyRing ringA, ringB; - ArrayList onlyA = new ArrayList(); - ArrayList onlyB = new ArrayList(); + ArrayList onlyA = new ArrayList<>(); + ArrayList onlyB = new ArrayList<>(); OperationResult.OperationLog log = new OperationResult.OperationLog(); PgpKeyOperation op; SaveKeyringParcel parcel; -- cgit v1.2.3 From dfc396a44cc84556ee190418a0a5bc5752b0f148 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Sun, 4 Oct 2015 23:37:03 +0200 Subject: Fix tests for min requirement of 2048 bits --- .../keychain/operations/CertifyOperationTest.java | 12 +++---- .../keychain/pgp/PgpEncryptDecryptTest.java | 38 +++++++++++----------- .../keychain/pgp/PgpKeyOperationTest.java | 28 ++++++++-------- .../pgp/UncachedKeyringCanonicalizeTest.java | 2 +- .../keychain/pgp/UncachedKeyringMergeTest.java | 2 +- 5 files changed, 41 insertions(+), 41 deletions(-) (limited to 'OpenKeychain/src/test') diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java index c1aa5a76f..1475deca9 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/CertifyOperationTest.java @@ -78,11 +78,11 @@ public class CertifyOperationTest { { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.DSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.ELGAMAL, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("derp"); parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1); @@ -96,11 +96,11 @@ public class CertifyOperationTest { { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.DSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.ELGAMAL, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("ditz"); byte[] uatdata = new byte[random.nextInt(150)+10]; diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index 4710edcba..9f2d4e015 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -77,7 +77,7 @@ public class PgpEncryptDecryptTest { static UncachedKeyRing mStaticRing1, mStaticRing2, mStaticRingInsecure; static Passphrase mKeyPhrase1 = TestingUtils.genPassphrase(true); static Passphrase mKeyPhrase2 = TestingUtils.genPassphrase(true); - static Passphrase mKeyPhraseInsecure = TestingUtils.genPassphrase(true); +// static Passphrase mKeyPhraseInsecure = TestingUtils.genPassphrase(true); static PrintStream oldShadowStream; @@ -127,24 +127,24 @@ public class PgpEncryptDecryptTest { mStaticRing2 = result.getRing(); } - { - // insecure (1024 bit) RSA key - SaveKeyringParcel parcel = new SaveKeyringParcel(); - parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); - parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); - parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); - parcel.mAddUserIds.add("eve"); - parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhraseInsecure); - - PgpEditKeyResult result = op.createSecretKeyRing(parcel); - Assert.assertTrue("initial test key creation must succeed", result.success()); - Assert.assertNotNull("initial test key creation must succeed", result.getRing()); - - mStaticRingInsecure = result.getRing(); - } +// { +// // insecure (1024 bit) RSA key +// SaveKeyringParcel parcel = new SaveKeyringParcel(); +// parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( +// Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); +// parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( +// Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); +// parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( +// Algorithm.RSA, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); +// parcel.mAddUserIds.add("eve"); +// parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhraseInsecure); +// +// PgpEditKeyResult result = op.createSecretKeyRing(parcel); +// Assert.assertTrue("initial test key creation must succeed", result.success()); +// Assert.assertNotNull("initial test key creation must succeed", result.getRing()); +// +// mStaticRingInsecure = result.getRing(); +// } } diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java index a3b5ae9fa..a62b4dbb2 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java @@ -94,11 +94,11 @@ public class PgpKeyOperationTest { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.DSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.DSA, 3072, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L)); + Algorithm.RSA, 3072, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcel.mAddUserIds.add("twi"); parcel.mAddUserIds.add("pink"); @@ -159,7 +159,7 @@ public class PgpKeyOperationTest { { parcel.reset(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.ELGAMAL, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.ELGAMAL, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddUserIds.add("shy"); parcel.mNewUnlock = new ChangeUnlockParcel(passphrase); @@ -170,7 +170,7 @@ public class PgpKeyOperationTest { { parcel.reset(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, null)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, null)); parcel.mAddUserIds.add("lotus"); parcel.mNewUnlock = new ChangeUnlockParcel(passphrase); @@ -181,7 +181,7 @@ public class PgpKeyOperationTest { { parcel.reset(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcel.mAddUserIds.add("shy"); parcel.mNewUnlock = new ChangeUnlockParcel(passphrase); @@ -192,7 +192,7 @@ public class PgpKeyOperationTest { { parcel.reset(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mNewUnlock = new ChangeUnlockParcel(passphrase); assertFailure("creating ring without user ids should fail", parcel, @@ -216,7 +216,7 @@ public class PgpKeyOperationTest { public void testMasterFlags() throws Exception { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, 0L)); + Algorithm.RSA, 4096, null, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, 0L)); parcel.mAddUserIds.add("luna"); ring = assertCreateSuccess("creating ring with master key flags must succeed", parcel); @@ -256,8 +256,8 @@ public class PgpKeyOperationTest { List subkeys = KeyringTestingHelper.itToList(ring.getPublicKeys()); Assert.assertEquals("number of subkeys must be three", 3, subkeys.size()); - Assert.assertTrue("key ring should have been created in the last 120 seconds", - ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*120))); + Assert.assertTrue("key ring should have been created in the last 360 seconds", + ring.getPublicKey().getCreationTime().after(new Date(new Date().getTime()-1000*360))); Assert.assertNull("key ring should not expire", ring.getPublicKey().getUnsafeExpiryTimeForTesting()); @@ -347,7 +347,7 @@ public class PgpKeyOperationTest { long expiry = new Date().getTime() / 1000 + 159; int flags = KeyFlags.SIGN_DATA; - int bits = 1024 + new Random().nextInt(8); + int bits = 2048 + new Random().nextInt(8); parcel.mAddSubKeys.add(new SubkeyAdd(Algorithm.RSA, bits, null, flags, expiry)); UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB); @@ -398,7 +398,7 @@ public class PgpKeyOperationTest { { parcel.reset(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, null)); + Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, null)); assertModifyFailure("creating master key with null expiry should fail", ring, parcel, LogType.MSG_MF_ERROR_NULL_EXPIRY); @@ -406,7 +406,7 @@ public class PgpKeyOperationTest { { // a past expiry should fail parcel.reset(); - parcel.mAddSubKeys.add(new SubkeyAdd(Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, + parcel.mAddSubKeys.add(new SubkeyAdd(Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, new Date().getTime()/1000-10)); assertModifyFailure("creating subkey with past expiry date should fail", ring, parcel, LogType.MSG_MF_ERROR_PAST_EXPIRY); @@ -837,7 +837,7 @@ public class PgpKeyOperationTest { UncachedKeyRing modified; - { // keytocard should fail with BAD_NFC_SIZE when presented with the RSA-1024 key + { // keytocard should fail with BAD_NFC_SIZE when presented with the RSA-3072 key long keyId = KeyringTestingHelper.getSubkeyId(ring, 2); parcel.reset(); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); @@ -846,7 +846,7 @@ public class PgpKeyOperationTest { parcel, cryptoInput, LogType.MSG_MF_ERROR_BAD_NFC_SIZE); } - { // keytocard should fail with BAD_NFC_ALGO when presented with the DSA-1024 key + { // keytocard should fail with BAD_NFC_ALGO when presented with the DSA-3072 key long keyId = KeyringTestingHelper.getSubkeyId(ring, 0); parcel.reset(); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java index 5a4e5aad2..a077f5398 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringCanonicalizeTest.java @@ -358,7 +358,7 @@ public class UncachedKeyringCanonicalizeTest { SaveKeyringParcel parcel = new SaveKeyringParcel(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcel.mAddUserIds.add("trix"); PgpKeyOperation op = new PgpKeyOperation(null); diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java index dd0a537f6..59397e642 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/UncachedKeyringMergeTest.java @@ -234,7 +234,7 @@ public class UncachedKeyringMergeTest { parcel.reset(); parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( - Algorithm.RSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); modifiedA = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Date(), new Passphrase()), parcel).getRing(); modifiedB = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(new Date(), new Passphrase()), parcel).getRing(); -- cgit v1.2.3 From ac28b6bbac979b14ff89943965ca63aaf2129a80 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 8 Oct 2015 18:36:55 +0200 Subject: test: add tests for detached and clearsign signatures --- .../keychain/pgp/PgpEncryptDecryptTest.java | 115 ++++++++++++++++++++- 1 file changed, 114 insertions(+), 1 deletion(-) (limited to 'OpenKeychain/src/test') diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index 9f2d4e015..4a6c8b058 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -27,6 +27,7 @@ import java.util.Date; import java.util.HashSet; import java.util.Iterator; +import org.apache.tools.ant.util.StringUtils; import org.junit.Assert; import org.junit.Before; import org.junit.BeforeClass; @@ -287,7 +288,7 @@ public class PgpEncryptDecryptTest { } @Test - public void testAsymmetricSign() { + public void testAsymmetricSignBinary() { String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); byte[] ciphertext; @@ -340,6 +341,118 @@ public class PgpEncryptDecryptTest { } + @Test + public void testAsymmetricSignCleartext() { + + String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); + byte[] ciphertext; + + { // encrypt data with key + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); + + PgpSignEncryptOperation op = new PgpSignEncryptOperation(RuntimeEnvironment.application, + new ProviderHelper(RuntimeEnvironment.application), null); + + InputData data = new InputData(in, in.available()); + PgpSignEncryptInputParcel input = new PgpSignEncryptInputParcel(); + + // only sign, as cleartext + input.setSignatureMasterKeyId(mStaticRing1.getMasterKeyId()); + input.setSignatureSubKeyId(KeyringTestingHelper.getSubkeyId(mStaticRing1, 1)); + input.setCleartextSignature(true); + input.setEnableAsciiArmorOutput(true); + input.setDetachedSignature(false); + + PgpSignEncryptResult result = op.execute(input, new CryptoInputParcel(mKeyPhrase1), data, out); + Assert.assertTrue("signing must succeed", result.success()); + + ciphertext = out.toByteArray(); + } + + Assert.assertTrue("clearsigned text must contain plaintext", new String(ciphertext).contains(plaintext)); + + { // verification should succeed + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerifyOperation op = operationWithFakePassphraseCache(null, null, null); + PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel(); + DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(), data, out); + + Assert.assertTrue("verification must succeed", result.success()); + Assert.assertArrayEquals("verification text should equal plaintext (save for a newline)", + (plaintext + StringUtils.LINE_SEP).getBytes(), out.toByteArray()); + Assert.assertEquals("decryptionResult should be RESULT_NOT_ENCRYPTED", + OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED, result.getDecryptionResult().getResult()); + Assert.assertEquals("signatureResult should be RESULT_VALID_CONFIRMED", + OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult()); + + OpenPgpMetadata metadata = result.getDecryptionMetadata(); + Assert.assertEquals("filesize must be correct", + out.toByteArray().length, metadata.getOriginalSize()); + + } + + } + + @Test + public void testAsymmetricSignDetached() { + + String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); + byte[] detachedSignature; + + { // encrypt data with key + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); + + PgpSignEncryptOperation op = new PgpSignEncryptOperation(RuntimeEnvironment.application, + new ProviderHelper(RuntimeEnvironment.application), null); + + InputData data = new InputData(in, in.available()); + PgpSignEncryptInputParcel input = new PgpSignEncryptInputParcel(); + + // only sign, as cleartext + input.setSignatureMasterKeyId(mStaticRing1.getMasterKeyId()); + input.setSignatureSubKeyId(KeyringTestingHelper.getSubkeyId(mStaticRing1, 1)); + input.setDetachedSignature(true); + + PgpSignEncryptResult result = op.execute(input, new CryptoInputParcel(mKeyPhrase1), data, out); + Assert.assertTrue("signing must succeed", result.success()); + + detachedSignature = result.getDetachedSignature(); + } + + { // verification should succeed + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerifyOperation op = operationWithFakePassphraseCache(null, null, null); + PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel(); + input.setDetachedSignature(detachedSignature); + DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(), data, out); + + Assert.assertTrue("verification must succeed", result.success()); + Assert.assertArrayEquals("verification text should equal plaintext (save for a newline)", + plaintext.getBytes(), out.toByteArray()); + Assert.assertEquals("decryptionResult should be RESULT_NOT_ENCRYPTED", + OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED, result.getDecryptionResult().getResult()); + Assert.assertEquals("signatureResult should be RESULT_VALID_CONFIRMED", + OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult()); + + // TODO should detached verify return any metadata? + // OpenPgpMetadata metadata = result.getDecryptionMetadata(); + // Assert.assertEquals("filesize must be correct", + // out.toByteArray().length, metadata.getOriginalSize()); + + } + + } + @Test public void testAsymmetricEncryptDecrypt() { -- cgit v1.2.3 From 81a462c2ac66dd0dc16019af2099c7dd96fe9f36 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 8 Oct 2015 19:54:50 +0200 Subject: pgpdecryptverify: get rid of duplicate code path for binary signature verification --- .../java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'OpenKeychain/src/test') diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index 4a6c8b058..84ebc5296 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -288,7 +288,7 @@ public class PgpEncryptDecryptTest { } @Test - public void testAsymmetricSignBinary() { + public void testAsymmetricSignLiteral() { String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); byte[] ciphertext; -- cgit v1.2.3 From 3bf653775b7fa668d11ea4a2369d90ad0c7f645d Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Thu, 8 Oct 2015 19:55:28 +0200 Subject: improve tests, get rid of some redundant checks --- .../keychain/pgp/PgpEncryptDecryptTest.java | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) (limited to 'OpenKeychain/src/test') diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index 84ebc5296..be233d0b3 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -344,7 +344,7 @@ public class PgpEncryptDecryptTest { @Test public void testAsymmetricSignCleartext() { - String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); + String plaintext = "dies ist ein\r\nplaintext\n ☭" + TestingUtils.genPassphrase(true); byte[] ciphertext; { // encrypt data with key @@ -370,7 +370,8 @@ public class PgpEncryptDecryptTest { ciphertext = out.toByteArray(); } - Assert.assertTrue("clearsigned text must contain plaintext", new String(ciphertext).contains(plaintext)); + Assert.assertTrue("clearsigned text must contain plaintext (ignoring newlines)", + new String(ciphertext).replace("\r\n", "").contains(plaintext.replace("\r", "").replace("\n", ""))); { // verification should succeed @@ -383,8 +384,10 @@ public class PgpEncryptDecryptTest { DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(), data, out); Assert.assertTrue("verification must succeed", result.success()); - Assert.assertArrayEquals("verification text should equal plaintext (save for a newline)", - (plaintext + StringUtils.LINE_SEP).getBytes(), out.toByteArray()); + + Assert.assertTrue("verification text should equal plaintext (ignoring newlines)", + new String(out.toByteArray()).replace(StringUtils.LINE_SEP, "") + .equals(plaintext.replace("\r", "").replace("\n", ""))); Assert.assertEquals("decryptionResult should be RESULT_NOT_ENCRYPTED", OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED, result.getDecryptionResult().getResult()); Assert.assertEquals("signatureResult should be RESULT_VALID_CONFIRMED", -- cgit v1.2.3