From 8f41f56ca13997d343ab2ef0e16143867cfc357c Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Fri, 13 Nov 2015 17:40:11 +0100 Subject: decrypt: add tests for skipping stripped and unsuitable decryption subkeys --- .../keychain/pgp/PgpEncryptDecryptTest.java | 51 ++++++++++++++++++++-- 1 file changed, 48 insertions(+), 3 deletions(-) (limited to 'OpenKeychain/src/test') diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index be233d0b3..d3c3f1df5 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -46,6 +46,7 @@ import org.spongycastle.bcpg.PacketTags; import org.spongycastle.bcpg.PublicKeyEncSessionPacket; import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.jce.provider.BouncyCastleProvider; +import org.spongycastle.openpgp.PGPKeyFlags; import org.sufficientlysecure.keychain.WorkaroundBuildConfig; import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType; @@ -56,6 +57,7 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper; import org.sufficientlysecure.keychain.service.SaveKeyringParcel; import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm; import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel; +import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType; import org.sufficientlysecure.keychain.support.KeyringTestingHelper; @@ -558,8 +560,10 @@ public class PgpEncryptDecryptTest { String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); + byte[] ciphertext; + long encKeyId1; + { // encrypt data with key - byte[] ciphertext; ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); @@ -589,7 +593,7 @@ public class PgpEncryptDecryptTest { Packet p; p = new BCPGInputStream(new ByteArrayInputStream(enc1.buf)).readPacket(); Assert.assertTrue("first packet must be session packet", p instanceof PublicKeyEncSessionPacket); - long encKeyId1 = ((PublicKeyEncSessionPacket) p).getKeyID(); + encKeyId1 = ((PublicKeyEncSessionPacket) p).getKeyID(); p = new BCPGInputStream(new ByteArrayInputStream(enc2.buf)).readPacket(); Assert.assertTrue("second packet must be session packet", p instanceof PublicKeyEncSessionPacket); @@ -604,6 +608,48 @@ public class PgpEncryptDecryptTest { } + { // strip first encrypted subkey, decryption should skip it + + SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint()); + parcel.mChangeSubKeys.add(new SubkeyChange(encKeyId1, true, false)); + UncachedKeyRing modified = PgpKeyOperationTest.applyModificationWithChecks(parcel, mStaticRing1, + new ArrayList(), new ArrayList(), + new CryptoInputParcel(new Date(), mKeyPhrase1)); + + ProviderHelper providerHelper = new ProviderHelper(RuntimeEnvironment.application); + providerHelper.saveSecretKeyRing(modified, new ProgressScaler()); + + PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(RuntimeEnvironment.application, + new ProviderHelper(RuntimeEnvironment.application), null); + PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel(ciphertext); + DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(mKeyPhrase1)); + + Assert.assertTrue("decryption must succeed", result.success()); + Assert.assertTrue("decryption must have skipped first key", + result.getLog().containsType(LogType.MSG_DC_ASKIP_UNAVAILABLE)); + } + + { // change flags of second encrypted subkey, decryption should skip it + + SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint()); + parcel.mChangeSubKeys.add(new SubkeyChange(encKeyId1, PGPKeyFlags.CAN_CERTIFY, null)); + UncachedKeyRing modified = PgpKeyOperationTest.applyModificationWithChecks(parcel, mStaticRing1, + new ArrayList(), new ArrayList(), + new CryptoInputParcel(new Date(), mKeyPhrase1)); + + ProviderHelper providerHelper = new ProviderHelper(RuntimeEnvironment.application); + providerHelper.saveSecretKeyRing(modified, new ProgressScaler()); + + PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(RuntimeEnvironment.application, + new ProviderHelper(RuntimeEnvironment.application), null); + PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel(ciphertext); + DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(mKeyPhrase1)); + + Assert.assertTrue("decryption must succeed", result.success()); + Assert.assertTrue("decryption must have skipped first key", + result.getLog().containsType(LogType.MSG_DC_ASKIP_BAD_FLAGS)); + } + { // revoke first encryption subkey of keyring in database SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint()); parcel.mRevokeSubKeys.add(KeyringTestingHelper.getSubkeyId(mStaticRing1, 2)); @@ -616,7 +662,6 @@ public class PgpEncryptDecryptTest { } { // encrypt to this keyring, make sure it's not encrypted to the revoked subkey - byte[] ciphertext; ByteArrayOutputStream out = new ByteArrayOutputStream(); ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); -- cgit v1.2.3