Vincent Breitmoser
GitHub
@@ -131,7 +131,8 @@ public class PgpSecurityConstants {
|
|||||||
CustomNamedCurves.getOID("secp256k1").getId(),
|
CustomNamedCurves.getOID("secp256k1").getId(),
|
||||||
TeleTrusTNamedCurves.getOID("brainpoolP256r1").getId(),
|
TeleTrusTNamedCurves.getOID("brainpoolP256r1").getId(),
|
||||||
TeleTrusTNamedCurves.getOID("brainpoolP384r1").getId(),
|
TeleTrusTNamedCurves.getOID("brainpoolP384r1").getId(),
|
||||||
TeleTrusTNamedCurves.getOID("brainpoolP512r1").getId()
|
TeleTrusTNamedCurves.getOID("brainpoolP512r1").getId(),
|
||||||
|
CustomNamedCurves.getOID("curve25519").getId()
|
||||||
));
|
));
|
||||||
|
|
||||||
static KeySecurityProblem checkForSecurityProblems(CanonicalizedPublicKey key) {
|
static KeySecurityProblem checkForSecurityProblems(CanonicalizedPublicKey key) {
|
||||||
|
|||||||
@@ -50,18 +50,6 @@ public class OpaqueKeyTest {
|
|||||||
assertTrue(log.containsType(LogType.MSG_KC_ERROR_MASTER_ALGO));
|
assertTrue(log.containsType(LogType.MSG_KC_ERROR_MASTER_ALGO));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Test
|
|
||||||
public void testOpaqueOidSubKey__canonicalize__shouldFail() throws Exception {
|
|
||||||
// key from GnuPG's test suite, sample msg generated using GnuPG v2.1.18
|
|
||||||
// TODO use for actual tests once eddsa is supported!
|
|
||||||
UncachedKeyRing ring = readRingFromResource("/test-keys/ed25519-cv25519-sample-1.asc");
|
|
||||||
|
|
||||||
OperationLog log = new OperationLog();
|
|
||||||
ring.canonicalize(log, 0);
|
|
||||||
|
|
||||||
assertTrue(log.containsType(LogType.MSG_KC_SUB_BAD));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void testOpaqueSubKey__canonicalize__shouldStrip() throws Exception {
|
public void testOpaqueSubKey__canonicalize__shouldStrip() throws Exception {
|
||||||
UncachedKeyRing ring = readRingFromResource("/test-keys/unknown-subkey.pub.asc");
|
UncachedKeyRing ring = readRingFromResource("/test-keys/unknown-subkey.pub.asc");
|
||||||
|
|||||||
@@ -0,0 +1,138 @@
|
|||||||
|
/*
|
||||||
|
* Copyright (C) 2017 Schürmann & Breitmoser GbR
|
||||||
|
*
|
||||||
|
* This program is free software: you can redistribute it and/or modify
|
||||||
|
* it under the terms of the GNU General Public License as published by
|
||||||
|
* the Free Software Foundation, either version 3 of the License, or
|
||||||
|
* (at your option) any later version.
|
||||||
|
*
|
||||||
|
* This program is distributed in the hope that it will be useful,
|
||||||
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
* GNU General Public License for more details.
|
||||||
|
*
|
||||||
|
* You should have received a copy of the GNU General Public License
|
||||||
|
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.sufficientlysecure.keychain.provider;
|
||||||
|
|
||||||
|
|
||||||
|
import java.io.ByteArrayOutputStream;
|
||||||
|
import java.io.InputStream;
|
||||||
|
|
||||||
|
import android.app.Application;
|
||||||
|
import android.support.annotation.NonNull;
|
||||||
|
|
||||||
|
import org.junit.Before;
|
||||||
|
import org.junit.BeforeClass;
|
||||||
|
import org.junit.Test;
|
||||||
|
import org.junit.runner.RunWith;
|
||||||
|
import org.openintents.openpgp.OpenPgpSignatureResult;
|
||||||
|
import org.robolectric.RuntimeEnvironment;
|
||||||
|
import org.robolectric.shadows.ShadowLog;
|
||||||
|
import org.robolectric.util.Util;
|
||||||
|
import org.sufficientlysecure.keychain.KeychainTestRunner;
|
||||||
|
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
|
||||||
|
import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
|
||||||
|
import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
|
||||||
|
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel;
|
||||||
|
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation;
|
||||||
|
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptData;
|
||||||
|
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
|
||||||
|
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
|
||||||
|
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||||
|
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
|
||||||
|
|
||||||
|
import static junit.framework.Assert.assertEquals;
|
||||||
|
import static junit.framework.Assert.assertFalse;
|
||||||
|
import static junit.framework.Assert.assertTrue;
|
||||||
|
import static org.junit.Assert.assertArrayEquals;
|
||||||
|
|
||||||
|
|
||||||
|
@SuppressWarnings("WeakerAccess")
|
||||||
|
@RunWith(KeychainTestRunner.class)
|
||||||
|
public class Cv25519Test {
|
||||||
|
public static final byte[] ENCRYPTED_PLAINTEXT = "hi\n".getBytes();
|
||||||
|
private KeyWritableRepository keyRepository;
|
||||||
|
private Application context;
|
||||||
|
|
||||||
|
|
||||||
|
@BeforeClass
|
||||||
|
public static void setUpOnce() throws Exception {
|
||||||
|
ShadowLog.stream = System.out;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Before
|
||||||
|
public void setUp() throws Exception {
|
||||||
|
context = RuntimeEnvironment.application;
|
||||||
|
keyRepository = KeyWritableRepository.create(context);
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testDecryptX25519() throws Exception {
|
||||||
|
loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc");
|
||||||
|
|
||||||
|
byte[] encryptedText = readBytesFromResource("/test-keys/cv25519-encrypted.asc");
|
||||||
|
DecryptVerifyResult result = simpleDecryptText(encryptedText);
|
||||||
|
|
||||||
|
assertArrayEquals(ENCRYPTED_PLAINTEXT, result.getOutputBytes());
|
||||||
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testEncryptX25519() throws Exception {
|
||||||
|
UncachedKeyRing uncachedKeyRing = loadSecretKeyringFromResource("/test-keys/cv25519-key.sec.asc");
|
||||||
|
|
||||||
|
PgpSignEncryptData data = PgpSignEncryptData.builder()
|
||||||
|
.setEncryptionMasterKeyIds(new long[] { uncachedKeyRing.getMasterKeyId() })
|
||||||
|
.build();
|
||||||
|
PgpSignEncryptInputParcel inputParcel = PgpSignEncryptInputParcel.createForBytes(
|
||||||
|
data, null, ENCRYPTED_PLAINTEXT);
|
||||||
|
|
||||||
|
PgpSignEncryptOperation op = new PgpSignEncryptOperation(context, keyRepository, null);
|
||||||
|
PgpSignEncryptResult result = op.execute(inputParcel, CryptoInputParcel.createCryptoInputParcel());
|
||||||
|
|
||||||
|
assertTrue(result.success());
|
||||||
|
|
||||||
|
DecryptVerifyResult decryptResult = simpleDecryptText(result.getOutputBytes());
|
||||||
|
|
||||||
|
assertTrue(decryptResult.success());
|
||||||
|
assertArrayEquals(ENCRYPTED_PLAINTEXT, decryptResult.getOutputBytes());
|
||||||
|
}
|
||||||
|
|
||||||
|
private UncachedKeyRing loadSecretKeyringFromResource(String name) throws Exception {
|
||||||
|
UncachedKeyRing ring = readRingFromResource(name);
|
||||||
|
SaveKeyringResult saveKeyringResult = keyRepository.saveSecretKeyRing(ring);
|
||||||
|
assertTrue(saveKeyringResult.success());
|
||||||
|
assertFalse(saveKeyringResult.getLog().containsWarnings());
|
||||||
|
return ring;
|
||||||
|
}
|
||||||
|
|
||||||
|
@NonNull
|
||||||
|
private DecryptVerifyResult simpleDecryptText(byte[] encryptedText) {
|
||||||
|
PgpDecryptVerifyInputParcel pgpDecryptVerifyInputParcel =
|
||||||
|
PgpDecryptVerifyInputParcel.builder().setInputBytes(encryptedText).build();
|
||||||
|
|
||||||
|
PgpDecryptVerifyOperation decryptVerifyOperation = new PgpDecryptVerifyOperation(context, keyRepository, null);
|
||||||
|
DecryptVerifyResult result = decryptVerifyOperation.execute(pgpDecryptVerifyInputParcel, CryptoInputParcel.createCryptoInputParcel());
|
||||||
|
|
||||||
|
assertTrue(result.success());
|
||||||
|
assertEquals(OpenPgpSignatureResult.RESULT_NO_SIGNATURE, result.getSignatureResult().getResult());
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
private byte[] readBytesFromResource(String name) throws Exception {
|
||||||
|
ByteArrayOutputStream baos = new ByteArrayOutputStream();
|
||||||
|
InputStream input = Cv25519Test.class.getResourceAsStream(name);
|
||||||
|
|
||||||
|
Util.copy(input, baos);
|
||||||
|
|
||||||
|
return baos.toByteArray();
|
||||||
|
}
|
||||||
|
|
||||||
|
UncachedKeyRing readRingFromResource(String name) throws Exception {
|
||||||
|
return UncachedKeyRing.fromStream(Cv25519Test.class.getResourceAsStream(name)).next();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@@ -0,0 +1,8 @@
|
|||||||
|
-----BEGIN PGP MESSAGE-----
|
||||||
|
|
||||||
|
hF4DJy6x5ZTOXfMSAQdAuUEh4g2wNp18u9jQk3K64tSNbpkLX2CJXzJiNeGV4TQw
|
||||||
|
k7OjaIka09odhhejsmD3nRg6LCKmUUJEJsE1iCExGTsOyw4wNbwABmoGcpcCV0me
|
||||||
|
0j4Bl7TlhKMWbtYOcSDn8rqHa4hJnMQZnIFt+L3qznmn8bIW6Y/4N3zmIMAUhSuE
|
||||||
|
6Kcc//vPlucognM99zQOHQ==
|
||||||
|
=iBYu
|
||||||
|
-----END PGP MESSAGE-----
|
||||||
@@ -0,0 +1,14 @@
|
|||||||
|
-----BEGIN PGP PRIVATE KEY BLOCK-----
|
||||||
|
|
||||||
|
lFgEWQURixYJKwYBBAHaRw8BAQdAIpQDhaf1xZgQNvvaQgWbO4z7opG27HbU9GO/
|
||||||
|
5xPTwwQAAQCpAW8unz7f9EVO4/bzZ6W+EGu5A2WQ2Wscpqa6IFmGUhAEtAtNci4g
|
||||||
|
Q3YyNTUxOYiQBBMWCAA4FiEEygk6J8zDABl0THee927KXOCa9BUFAlkFEYsCGwMF
|
||||||
|
CwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQ927KXOCa9BWxaQD/ZlBhwhm9x2+A
|
||||||
|
yxEKK90WmS0IAFf5UtWm/IGkvkzOHnsA/1y8WNwyveHOPP/5BKWaR/oxFh0w23mW
|
||||||
|
reNN428DxlgJnF0EWQURixIKKwYBBAGXVQEFAQEHQH/8G39ToD7jkPCTORsFiwl7
|
||||||
|
8Q2b/EBc0xi2yOeZlYxCAwEIBwAA/0WvwrkkrWbDTdBQj0qsVo+LizwVT3rkQQS3
|
||||||
|
lMdVHf2IEKGIeAQYFggAIBYhBMoJOifMwwAZdEx3nvduylzgmvQVBQJZBRGLAhsM
|
||||||
|
AAoJEPduylzgmvQVoPQA/R7P/kW99jFqmDDEZkFTHYDbHpjnyXOMjFg3hSs2BJZP
|
||||||
|
AQDl71K7mx2R/zsS2l0+dhktkD9l2Lmb75egpzy2il3vBA==
|
||||||
|
=T0w3
|
||||||
|
-----END PGP PRIVATE KEY BLOCK-----
|
||||||
2
extern/bouncycastle
vendored
2
extern/bouncycastle
vendored
Submodule extern/bouncycastle updated: ef1033a701...3872e5ebe1
Reference in New Issue
Block a user