From fa9a298bfa6a34e388e4f10285821fc784c3d99a Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Wed, 14 Feb 2018 02:32:19 +0100 Subject: [PATCH 1/5] no longer test cv25519 as opaque key --- .../keychain/pgp/OpaqueKeyTest.java | 12 ------------ 1 file changed, 12 deletions(-) diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java index 9e25841fb..fae6b87d1 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java @@ -50,18 +50,6 @@ public class OpaqueKeyTest { assertTrue(log.containsType(LogType.MSG_KC_ERROR_MASTER_ALGO)); } - @Test - public void testOpaqueOidSubKey__canonicalize__shouldFail() throws Exception { - // key from GnuPG's test suite, sample msg generated using GnuPG v2.1.18 - // TODO use for actual tests once eddsa is supported! - UncachedKeyRing ring = readRingFromResource("/test-keys/ed25519-cv25519-sample-1.asc"); - - OperationLog log = new OperationLog(); - ring.canonicalize(log, 0); - - assertTrue(log.containsType(LogType.MSG_KC_SUB_BAD)); - } - @Test public void testOpaqueSubKey__canonicalize__shouldStrip() throws Exception { UncachedKeyRing ring = readRingFromResource("/test-keys/unknown-subkey.pub.asc"); From cb58f75f68e4c4c4984838e61157f53745c3616d Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Sun, 30 Apr 2017 18:14:58 +0200 Subject: [PATCH 2/5] Add test for cv25519 decryption --- .../keychain/provider/Cv25519Test.java | 105 ++++++++++++++++++ .../resources/test-keys/cv25519-encrypted.asc | 8 ++ .../resources/test-keys/cv25519-key.sec.asc | 14 +++ 3 files changed, 127 insertions(+) create mode 100644 OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java create mode 100644 OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc create mode 100644 OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java new file mode 100644 index 000000000..fa0726e6f --- /dev/null +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java @@ -0,0 +1,105 @@ +/* + * Copyright (C) 2017 Schürmann & Breitmoser GbR + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ + +package org.sufficientlysecure.keychain.provider; + + +import java.io.ByteArrayOutputStream; +import java.io.InputStream; + +import android.app.Application; + +import org.junit.Before; +import org.junit.BeforeClass; +import org.junit.Test; +import org.junit.runner.RunWith; +import org.openintents.openpgp.OpenPgpSignatureResult; +import org.robolectric.RuntimeEnvironment; +import org.robolectric.shadows.ShadowLog; +import org.robolectric.util.Util; +import org.sufficientlysecure.keychain.KeychainTestRunner; +import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult; +import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel; +import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation; +import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; +import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; + +import static junit.framework.Assert.assertEquals; +import static junit.framework.Assert.assertFalse; +import static junit.framework.Assert.assertTrue; +import static org.junit.Assert.assertArrayEquals; + + +@SuppressWarnings("WeakerAccess") +@RunWith(KeychainTestRunner.class) +public class Cv25519Test { + public static final String ENCRYPTED_PLAINTEXT = "hi\n"; + private KeyWritableRepository keyRepository; + private Application context; + + + @BeforeClass + public static void setUpOnce() throws Exception { + ShadowLog.stream = System.out; + } + + @Before + public void setUp() throws Exception { + context = RuntimeEnvironment.application; + keyRepository = KeyWritableRepository.create(context); + + } + + @Test + public void testDecryptX25519() throws Exception { + loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc"); + + byte[] encryptedText = readBytesFromResource("/test-keys/cv25519-encrypted.asc"); + PgpDecryptVerifyInputParcel pgpDecryptVerifyInputParcel = + PgpDecryptVerifyInputParcel.builder().setInputBytes(encryptedText).build(); + + PgpDecryptVerifyOperation decryptVerifyOperation = new PgpDecryptVerifyOperation(context, keyRepository, null); + DecryptVerifyResult result = decryptVerifyOperation.execute(pgpDecryptVerifyInputParcel, CryptoInputParcel.createCryptoInputParcel()); + + assertTrue(result.success()); + assertEquals(OpenPgpSignatureResult.RESULT_NO_SIGNATURE, result.getSignatureResult().getResult()); + assertArrayEquals(ENCRYPTED_PLAINTEXT.getBytes(), result.getOutputBytes()); + } + + private UncachedKeyRing loadSecretKeyringFromResource(String name) throws Exception { + UncachedKeyRing ring = readRingFromResource(name); + SaveKeyringResult saveKeyringResult = keyRepository.saveSecretKeyRing(ring); + assertTrue(saveKeyringResult.success()); + assertFalse(saveKeyringResult.getLog().containsWarnings()); + return ring; + } + + private byte[] readBytesFromResource(String name) throws Exception { + ByteArrayOutputStream baos = new ByteArrayOutputStream(); + InputStream input = Cv25519Test.class.getResourceAsStream(name); + + Util.copy(input, baos); + + return baos.toByteArray(); + } + + UncachedKeyRing readRingFromResource(String name) throws Exception { + return UncachedKeyRing.fromStream(Cv25519Test.class.getResourceAsStream(name)).next(); + } + +} \ No newline at end of file diff --git a/OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc b/OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc new file mode 100644 index 000000000..6907c57ed --- /dev/null +++ b/OpenKeychain/src/test/resources/test-keys/cv25519-encrypted.asc @@ -0,0 +1,8 @@ +-----BEGIN PGP MESSAGE----- + +hF4DJy6x5ZTOXfMSAQdAuUEh4g2wNp18u9jQk3K64tSNbpkLX2CJXzJiNeGV4TQw +k7OjaIka09odhhejsmD3nRg6LCKmUUJEJsE1iCExGTsOyw4wNbwABmoGcpcCV0me +0j4Bl7TlhKMWbtYOcSDn8rqHa4hJnMQZnIFt+L3qznmn8bIW6Y/4N3zmIMAUhSuE +6Kcc//vPlucognM99zQOHQ== +=iBYu +-----END PGP MESSAGE----- \ No newline at end of file diff --git a/OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc b/OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc new file mode 100644 index 000000000..22860a38b --- /dev/null +++ b/OpenKeychain/src/test/resources/test-keys/cv25519-key.sec.asc @@ -0,0 +1,14 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- + +lFgEWQURixYJKwYBBAHaRw8BAQdAIpQDhaf1xZgQNvvaQgWbO4z7opG27HbU9GO/ +5xPTwwQAAQCpAW8unz7f9EVO4/bzZ6W+EGu5A2WQ2Wscpqa6IFmGUhAEtAtNci4g +Q3YyNTUxOYiQBBMWCAA4FiEEygk6J8zDABl0THee927KXOCa9BUFAlkFEYsCGwMF +CwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ927KXOCa9BWxaQD/ZlBhwhm9x2+A +yxEKK90WmS0IAFf5UtWm/IGkvkzOHnsA/1y8WNwyveHOPP/5BKWaR/oxFh0w23mW +reNN428DxlgJnF0EWQURixIKKwYBBAGXVQEFAQEHQH/8G39ToD7jkPCTORsFiwl7 +8Q2b/EBc0xi2yOeZlYxCAwEIBwAA/0WvwrkkrWbDTdBQj0qsVo+LizwVT3rkQQS3 +lMdVHf2IEKGIeAQYFggAIBYhBMoJOifMwwAZdEx3nvduylzgmvQVBQJZBRGLAhsM +AAoJEPduylzgmvQVoPQA/R7P/kW99jFqmDDEZkFTHYDbHpjnyXOMjFg3hSs2BJZP +AQDl71K7mx2R/zsS2l0+dhktkD9l2Lmb75egpzy2il3vBA== +=T0w3 +-----END PGP PRIVATE KEY BLOCK----- \ No newline at end of file From 9a9c4408ce126b7e6e4fc184c3bceb319cc7115c Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Wed, 14 Feb 2018 02:33:23 +0100 Subject: [PATCH 3/5] Add test for cv25519 encryption --- .../keychain/provider/Cv25519Test.java | 47 ++++++++++++++++--- 1 file changed, 40 insertions(+), 7 deletions(-) diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java index fa0726e6f..c87acdcb0 100644 --- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java +++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/Cv25519Test.java @@ -22,6 +22,7 @@ import java.io.ByteArrayOutputStream; import java.io.InputStream; import android.app.Application; +import android.support.annotation.NonNull; import org.junit.Before; import org.junit.BeforeClass; @@ -33,9 +34,13 @@ import org.robolectric.shadows.ShadowLog; import org.robolectric.util.Util; import org.sufficientlysecure.keychain.KeychainTestRunner; import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult; import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult; import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel; import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation; +import org.sufficientlysecure.keychain.pgp.PgpSignEncryptData; +import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel; +import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation; import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; @@ -48,7 +53,7 @@ import static org.junit.Assert.assertArrayEquals; @SuppressWarnings("WeakerAccess") @RunWith(KeychainTestRunner.class) public class Cv25519Test { - public static final String ENCRYPTED_PLAINTEXT = "hi\n"; + public static final byte[] ENCRYPTED_PLAINTEXT = "hi\n".getBytes(); private KeyWritableRepository keyRepository; private Application context; @@ -70,15 +75,30 @@ public class Cv25519Test { loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc"); byte[] encryptedText = readBytesFromResource("/test-keys/cv25519-encrypted.asc"); - PgpDecryptVerifyInputParcel pgpDecryptVerifyInputParcel = - PgpDecryptVerifyInputParcel.builder().setInputBytes(encryptedText).build(); + DecryptVerifyResult result = simpleDecryptText(encryptedText); - PgpDecryptVerifyOperation decryptVerifyOperation = new PgpDecryptVerifyOperation(context, keyRepository, null); - DecryptVerifyResult result = decryptVerifyOperation.execute(pgpDecryptVerifyInputParcel, CryptoInputParcel.createCryptoInputParcel()); + assertArrayEquals(ENCRYPTED_PLAINTEXT, result.getOutputBytes()); + } + + @Test + public void testEncryptX25519() throws Exception { + UncachedKeyRing uncachedKeyRing = loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc"); + + PgpSignEncryptData data = PgpSignEncryptData.builder() + .setEncryptionMasterKeyIds(new long[] { uncachedKeyRing.getMasterKeyId() }) + .build(); + PgpSignEncryptInputParcel inputParcel = PgpSignEncryptInputParcel.createForBytes( + data, null, ENCRYPTED_PLAINTEXT); + + PgpSignEncryptOperation op = new PgpSignEncryptOperation(context, keyRepository, null); + PgpSignEncryptResult result = op.execute(inputParcel, CryptoInputParcel.createCryptoInputParcel()); assertTrue(result.success()); - assertEquals(OpenPgpSignatureResult.RESULT_NO_SIGNATURE, result.getSignatureResult().getResult()); - assertArrayEquals(ENCRYPTED_PLAINTEXT.getBytes(), result.getOutputBytes()); + + DecryptVerifyResult decryptResult = simpleDecryptText(result.getOutputBytes()); + + assertTrue(decryptResult.success()); + assertArrayEquals(ENCRYPTED_PLAINTEXT, decryptResult.getOutputBytes()); } private UncachedKeyRing loadSecretKeyringFromResource(String name) throws Exception { @@ -89,6 +109,19 @@ public class Cv25519Test { return ring; } + @NonNull + private DecryptVerifyResult simpleDecryptText(byte[] encryptedText) { + PgpDecryptVerifyInputParcel pgpDecryptVerifyInputParcel = + PgpDecryptVerifyInputParcel.builder().setInputBytes(encryptedText).build(); + + PgpDecryptVerifyOperation decryptVerifyOperation = new PgpDecryptVerifyOperation(context, keyRepository, null); + DecryptVerifyResult result = decryptVerifyOperation.execute(pgpDecryptVerifyInputParcel, CryptoInputParcel.createCryptoInputParcel()); + + assertTrue(result.success()); + assertEquals(OpenPgpSignatureResult.RESULT_NO_SIGNATURE, result.getSignatureResult().getResult()); + return result; + } + private byte[] readBytesFromResource(String name) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); InputStream input = Cv25519Test.class.getResourceAsStream(name); From 02010dab712a52f5246807884eabc6a001b66310 Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Wed, 14 Feb 2018 02:33:36 +0100 Subject: [PATCH 4/5] add cv25519 to whitelisted curves --- .../sufficientlysecure/keychain/pgp/PgpSecurityConstants.java | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java index db8bf0e2f..6c0f40c77 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java @@ -131,7 +131,8 @@ public class PgpSecurityConstants { CustomNamedCurves.getOID("secp256k1").getId(), TeleTrusTNamedCurves.getOID("brainpoolP256r1").getId(), TeleTrusTNamedCurves.getOID("brainpoolP384r1").getId(), - TeleTrusTNamedCurves.getOID("brainpoolP512r1").getId() + TeleTrusTNamedCurves.getOID("brainpoolP512r1").getId(), + CustomNamedCurves.getOID("curve25519").getId() )); static KeySecurityProblem checkForSecurityProblems(CanonicalizedPublicKey key) { From 8c91679e792a6523cd527f3444f43a8f9fac2cee Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Wed, 14 Feb 2018 02:47:22 +0100 Subject: [PATCH 5/5] support cv25519 in bouncycastle --- extern/bouncycastle | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/extern/bouncycastle b/extern/bouncycastle index ef1033a70..3872e5ebe 160000 --- a/extern/bouncycastle +++ b/extern/bouncycastle @@ -1 +1 @@ -Subproject commit ef1033a701769af4ad4b0c81efcb4730989509b3 +Subproject commit 3872e5ebe104985f85ebe3ab59bdd72939477913