decrypt: add tests for skipping stripped and unsuitable decryption subkeys

OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java

@@ -46,6 +46,7 @@ import org.spongycastle.bcpg.PacketTags;
 import org.spongycastle.bcpg.PublicKeyEncSessionPacket;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.jce.provider.BouncyCastleProvider;
+import org.spongycastle.openpgp.PGPKeyFlags;
 import org.sufficientlysecure.keychain.WorkaroundBuildConfig;
 import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
@@ -56,6 +57,7 @@ import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
@@ -558,8 +560,10 @@ public class PgpEncryptDecryptTest {
 
         String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true);
 
+        byte[] ciphertext;
+        long encKeyId1;
+
         { // encrypt data with key
-            byte[] ciphertext;
 
             ByteArrayOutputStream out = new ByteArrayOutputStream();
             ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());
@@ -589,7 +593,7 @@ public class PgpEncryptDecryptTest {
             Packet p;
             p = new BCPGInputStream(new ByteArrayInputStream(enc1.buf)).readPacket();
             Assert.assertTrue("first packet must be session packet", p instanceof PublicKeyEncSessionPacket);
-            long encKeyId1 = ((PublicKeyEncSessionPacket) p).getKeyID();
+            encKeyId1 = ((PublicKeyEncSessionPacket) p).getKeyID();
 
             p = new BCPGInputStream(new ByteArrayInputStream(enc2.buf)).readPacket();
             Assert.assertTrue("second packet must be session packet", p instanceof PublicKeyEncSessionPacket);
@@ -604,6 +608,48 @@ public class PgpEncryptDecryptTest {
 
         }
 
+        { // strip first encrypted subkey, decryption should skip it
+
+            SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint());
+            parcel.mChangeSubKeys.add(new SubkeyChange(encKeyId1, true, false));
+            UncachedKeyRing modified = PgpKeyOperationTest.applyModificationWithChecks(parcel, mStaticRing1,
+                    new ArrayList<RawPacket>(), new ArrayList<RawPacket>(),
+                    new CryptoInputParcel(new Date(), mKeyPhrase1));
+
+            ProviderHelper providerHelper = new ProviderHelper(RuntimeEnvironment.application);
+            providerHelper.saveSecretKeyRing(modified, new ProgressScaler());
+
+            PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(RuntimeEnvironment.application,
+                    new ProviderHelper(RuntimeEnvironment.application), null);
+            PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel(ciphertext);
+            DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(mKeyPhrase1));
+
+            Assert.assertTrue("decryption must succeed", result.success());
+            Assert.assertTrue("decryption must have skipped first key",
+                    result.getLog().containsType(LogType.MSG_DC_ASKIP_UNAVAILABLE));
+        }
+
+        { // change flags of second encrypted subkey, decryption should skip it
+
+            SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint());
+            parcel.mChangeSubKeys.add(new SubkeyChange(encKeyId1, PGPKeyFlags.CAN_CERTIFY, null));
+            UncachedKeyRing modified = PgpKeyOperationTest.applyModificationWithChecks(parcel, mStaticRing1,
+                    new ArrayList<RawPacket>(), new ArrayList<RawPacket>(),
+                    new CryptoInputParcel(new Date(), mKeyPhrase1));
+
+            ProviderHelper providerHelper = new ProviderHelper(RuntimeEnvironment.application);
+            providerHelper.saveSecretKeyRing(modified, new ProgressScaler());
+
+            PgpDecryptVerifyOperation op = new PgpDecryptVerifyOperation(RuntimeEnvironment.application,
+                    new ProviderHelper(RuntimeEnvironment.application), null);
+            PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel(ciphertext);
+            DecryptVerifyResult result = op.execute(input, new CryptoInputParcel(mKeyPhrase1));
+
+            Assert.assertTrue("decryption must succeed", result.success());
+            Assert.assertTrue("decryption must have skipped first key",
+                    result.getLog().containsType(LogType.MSG_DC_ASKIP_BAD_FLAGS));
+        }
+
         { // revoke first encryption subkey of keyring in database
             SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint());
             parcel.mRevokeSubKeys.add(KeyringTestingHelper.getSubkeyId(mStaticRing1, 2));
@@ -616,7 +662,6 @@ public class PgpEncryptDecryptTest {
         }
 
         { // encrypt to this keyring, make sure it's not encrypted to the revoked subkey
-            byte[] ciphertext;
 
             ByteArrayOutputStream out = new ByteArrayOutputStream();
             ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());