cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #2252 from open-keychain/refactor-securitytoken-ops

Browse Source 
Refactor SecurityToken ops
This commit is contained in:
Vincent Breitmoser
2018-01-14 23:39:10 +01:00
committed by GitHub
parent 510d7aa796 d956485463
commit c39aa99fc7
26 changed files with 1822 additions and 1131 deletions
Download Patch File Download Diff File Expand all files Collapse all files

99
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnectionCompatTest.java Normal file
View File

@@ -0,0 +1,99 @@
/*
* Copyright (C) 2018 Schürmann & Breitmoser GbR
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.sufficientlysecure.keychain.KeychainTestRunner;
import static junit.framework.Assert.assertEquals;
@RunWith(KeychainTestRunner.class)
@Ignore("Only for reference right now")
public class SecurityTokenConnectionCompatTest {
private byte[] encryptedSessionKey;
private OpenPgpCommandApduFactory openPgpCommandApduFactory;
@Before
public void setUp() throws Exception {
encryptedSessionKey = Hex.decode("07ff7b9ff36f70da1fe7a6b59168c24a7e5b48a938c4f970de46524a06ebf4a9175a9737cf2e6f30957110b31db70e9a2992401b1d5e99389f976356f4e3a28ff537362e7ce14b81200e21d4f0e77d46bd89f3a54ca06062289148a59387488ac01d30d2baf58e6b35e32434720473604a9f7d5083ca6d40e4a2dadedd68033a4d4bbdb06d075d6980c0c0ca19078dcdfb9d8cbcb34f28d0b968b6e09eda0e1d3ab6b251eb09f9fb9d9abfeaf9010001733b9015e9e4b6c9df61bbc76041f439d1273e41f5d0e8414a2b8d6d4c7e86f30b94cfba308b38de53d694a8ca15382301ace806c8237641b03525b3e3e8cbb017e251265229bcbb0da5d5aeb4eafbad9779");
openPgpCommandApduFactory = new OpenPgpCommandApduFactory();
}
/* we have a report of breaking compatibility on some earlier version.
this test checks what was sent in that version to what we send now.
// see https://github.com/open-keychain/open-keychain/issues/2049
// see https://github.com/open-keychain/open-keychain/commit/ee8cd3862f65de580ed949bc838628610e22cd98
*/
@Test
public void testPrePostEquals() {
List<String> preApdus = decryptPre_ee8cd38();
List<String> postApdus = decryptNow();
assertEquals(preApdus, postApdus);
}
public List<String> decryptPre_ee8cd38() {
final int MAX_APDU_DATAFIELD_SIZE = 254;
int offset = 1; // Skip first byte
List<String> apduData = new ArrayList<>();
// Transmit
while (offset < encryptedSessionKey.length) {
boolean isLastCommand = offset + MAX_APDU_DATAFIELD_SIZE < encryptedSessionKey.length;
String cla = isLastCommand ? "10" : "00";
int len = Math.min(MAX_APDU_DATAFIELD_SIZE, encryptedSessionKey.length - offset);
apduData.add(cla + "2a8086" + Hex.toHexString(new byte[]{(byte) len})
+ Hex.toHexString(encryptedSessionKey, offset, len));
offset += MAX_APDU_DATAFIELD_SIZE;
}
return apduData;
}
public List<String> decryptNow() {
int mpiLength = ((((encryptedSessionKey[0] & 0xff) << 8) + (encryptedSessionKey[1] & 0xff)) + 7) / 8;
byte[] psoDecipherPayload = new byte[mpiLength + 1];
psoDecipherPayload[0] = (byte) 0x00;
System.arraycopy(encryptedSessionKey, 2, psoDecipherPayload, 1, mpiLength);
CommandApdu command = openPgpCommandApduFactory.createDecipherCommand(psoDecipherPayload);
List<CommandApdu> chainedApdus = openPgpCommandApduFactory.createChainedApdus(command);
List<String> apduData = new ArrayList<>();
for (CommandApdu chainCommand : chainedApdus) {
apduData.add(Hex.toHexString(chainCommand.toBytes()));
}
return apduData;
}
}

88
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenConnectionTest.java
View File

@@ -1,7 +1,6 @@
package org.sufficientlysecure.keychain.securitytoken;
import java.io.IOException;
import java.util.LinkedList;
import org.bouncycastle.util.encoders.Hex;
@@ -13,10 +12,6 @@ import org.mockito.stubbing.Answer;
import org.robolectric.RuntimeEnvironment;
import org.robolectric.shadows.ShadowLog;
import org.sufficientlysecure.keychain.KeychainTestRunner;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TokenType;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenInfo.TransportType;
import org.sufficientlysecure.keychain.util.Passphrase;
@@ -90,7 +85,7 @@ public class SecurityTokenConnectionTest {
public void test_getTokenInfo() throws Exception {
SecurityTokenConnection securityTokenConnection =
new SecurityTokenConnection(transport, new Passphrase("123456"), new OpenPgpCommandApduFactory());
OpenPgpCapabilities openPgpCapabilities = new OpenPgpCapabilities(
OpenPgpCapabilities openPgpCapabilities = OpenPgpCapabilities.fromBytes(
Hex.decode(
"6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03" +
@@ -106,86 +101,11 @@ public class SecurityTokenConnectionTest {
expect("00ca5f5000", "9000");
securityTokenConnection.getTokenInfo();
securityTokenConnection.readTokenInfo();
verifyDialog();
}
@Test
public void testPutKey() throws Exception {
/*
Security.insertProviderAt(new BouncyCastleProvider(), 1);
ShadowLog.stream = System.out;
SaveKeyringParcel.Builder builder = SaveKeyringParcel.buildNewKeyringParcel();
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(
Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, 0L));
builder.addUserId("gnuk");
builder.setNewUnlock(ChangeUnlockParcel.createUnLockParcelForNewKey(new Passphrase()));
PgpKeyOperation op = new PgpKeyOperation(null);
PgpEditKeyResult result = op.createSecretKeyRing(builder.build());
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
*/
UncachedKeyRing staticRing = readRingFromResource("/test-keys/token-import-rsa.sec");
CanonicalizedSecretKeyRing canRing = (CanonicalizedSecretKeyRing) staticRing.canonicalize(new OperationLog(), 0);
CanonicalizedSecretKey signKey = canRing.getSecretKey();
signKey.unlock(null);
SecurityTokenConnection securityTokenConnection =
new SecurityTokenConnection(transport, new Passphrase("123456"), new OpenPgpCommandApduFactory());
OpenPgpCapabilities openPgpCapabilities = new OpenPgpCapabilities(
Hex.decode(
"6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03" +
"0303c53c4ec5fee25c4e89654d58cad8492510a89d3c3d8468da7b24e15bfc624c6a792794f15b759" +
"9915f703aab55ed25424d60b17026b7b06c6ad4b9be30a3c63c000000000000000000000000000000" +
"000000000000000000000000000000000000000000000000000000000000000000000000000000000" +
"000000000cd0c59cd0f2a59cd0af059cd0c95"
));
securityTokenConnection.setConnectionCapabilities(openPgpCapabilities);
securityTokenConnection.determineTokenType();
expect("00200083083132333435363738", "9000");
expect("10db3fffff4d8203a2b6007f48159103928180938180948180958180968180978201005f48820383010001be5e36a094" +
"58313f9594f3f76a972989dfa1d4a416f7f461c8a4ccf9b9de8ee59447e44b4a4833a00c655ae5516214a72efa5c140" +
"fd7d429d9b15805c77c881e6ad10711b4614d2183497a5a6d36ed221146301ce6ccf42581004c313d533d14c57abc32" +
"886419665b67091d652aa6cb074da682135115657d90752fb9d2e69fffd7580adddf1d7822d9d40220401056674b933" +
"efeb3bc51eafe2c5a5162ec2b466591b689d9af07004bb81a509c7601043a2da871f5989e4e338b901afb9ba8f2b8bc" +
"18ac3300e750bda2a0886459363542bb5b59cab2ed93", "9000");
expect("10db3fffff4388c486b602a3f6a63164afe55139ad9f4ed230421b4039b09f5c0b7c609ba9927f1f7c4db7c3895bbe8e" +
"58787ddae295468d034a0c29964b80f3551d308722de7ac698e840eb68c81c75d140ac347e35d8167bd9ac175610f81" +
"1f049061b72ebc491d89610fc6ba1344c8d03e2871181f0408f87779149a1b1835705b407baf28c30e94da82c8e15b8" +
"45f2473deee6987f29a2d25232361818fd83283a09592345ac56d9a56408ef5b19065d6d5252aeff1469c85686c61c4" +
"e62b541461320dbbb532d4a28e2d5a6da2c3e7c4d100204efd33b92a2ed85e2f2576eb6ee9a58415ea446ccad86dff4" +
"97a45917080bbea1c0406647e1b16ba623b3f7913f14", "9000");
expect("10db3fffff538db405cb9f108add09f9b3557b7d45b49c8d6cf7c69cb582ce3e3674b9a58b71ed49d2c7a2027955ba0a" +
"be596a11add7bfb5d2a08bd6ed9cdf2e0fc5b8e4396ecc8c801715569d89912f2a4336b5f75a9a04ae8ca460c6266c7" +
"830213f724c5957dc44054699fa1a9adc2c48472ede53a7b77ea3353ccf75394f1e65100eb49ccbdc603de36f2f11ce" +
"ce6e36a2587d4338466917d28edf0e75a8706748ddf64af3d3b4f129f991be3ffb024c13038806fb6d32f0dc20adb28" +
"8fc190985dc9d0a976e108dcecffdf94b97a0de2f94ff6c8996fa6aaeeb97cc9d466fa8f92e2dd179c24b46bd165a68" +
"efbdce4e397e841e44ffa48991fa23abbd6ff4d0c387", "9000");
expect("00db3fffa9a048a9ca323b4867c504d61af02048b4af787b0994fd71b9bc39dda6a4f3b610297c8b35affde21a53ec49" +
"54c6b1da6403a7cb627555686acc779ca19fb14d7ec2ca3655571f36587e025bdc0ce053193a7c4be1db17e9ba5788e" +
"db43f81f02ef07cc7c1d967e8435fba00e986ab30fa69746857fc082b5b797d5eea3c6fb1be4a1a12bba89d4ca8c204" +
"e2702d93e9316b6176726121dd29c8a8b75ec19e1deb09e4cc3b95b054541d", "9000");
securityTokenConnection.putKey(KeyType.SIGN, signKey, new Passphrase("123456"), new Passphrase("12345678"));
verifyDialog();
}
private void debugTransceive() throws IOException {
}
private void expect(String commandApdu, String responseApdu) {
expect(CommandApdu.fromBytes(Hex.decode(commandApdu)), ResponseApdu.fromBytes(Hex.decode(responseApdu)));
}
@@ -199,8 +119,4 @@ public class SecurityTokenConnectionTest {
assertTrue(expectCommands.isEmpty());
assertTrue(expectReplies.isEmpty());
}
UncachedKeyRing readRingFromResource(String name) throws Exception {
return UncachedKeyRing.fromStream(SecurityTokenConnectionTest.class.getResourceAsStream(name)).next();
}
}

2
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/SecurityTokenUtilsTest.java
View File

@@ -208,7 +208,7 @@ public class SecurityTokenUtilsTest extends Mockito {
"00000000000000000000000000000000000000cd0c5741e8695741e8695741e8" +
"69");
OpenPgpCapabilities caps = new OpenPgpCapabilities(data);
OpenPgpCapabilities caps = OpenPgpCapabilities.fromBytes(data);
Assert.assertEquals(caps.isHasSM(), true);
}

85
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/operations/PsoDecryptTokenOpTest.java Normal file
View File

@@ -0,0 +1,85 @@
/*
* Copyright (C) 2018 Schürmann & Breitmoser GbR
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken.operations;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.sufficientlysecure.keychain.KeychainTestRunner;
import org.sufficientlysecure.keychain.securitytoken.CommandApdu;
import org.sufficientlysecure.keychain.securitytoken.OpenPgpCapabilities;
import org.sufficientlysecure.keychain.securitytoken.OpenPgpCommandApduFactory;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
import org.sufficientlysecure.keychain.securitytoken.operations.PsoDecryptTokenOp;
import static org.junit.Assert.*;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
@RunWith(KeychainTestRunner.class)
public class PsoDecryptTokenOpTest {
private static final byte[] RSA_ENC_SESSIONKEY_MPI = Hex.decode(
"07ff7b9ff36f70da1fe7a6b59168c24a7e5b48a938c4f970de46524a06ebf4a9175a9737cf2e6f30957110b31db7" +
"0e9a2992401b1d5e99389f976356f4e3a28ff537362e7ce14b81200e21d4f0e77d46bd89f3a54ca06062289148a5938748" +
"8ac01d30d2baf58e6b35e32434720473604a9f7d5083ca6d40e4a2dadedd68033a4d4bbdb06d075d6980c0c0ca19078dcd" +
"fb9d8cbcb34f28d0b968b6e09eda0e1d3ab6b251eb09f9fb9d9abfeaf9010001733b9015e9e4b6c9df61bbc76041f439d1" +
"273e41f5d0e8414a2b8d6d4c7e86f30b94cfba308b38de53d694a8ca15382301ace806c8237641b03525b3e3e8cbb017e2" +
"51265229bcbb0da5d5aeb4eafbad9779");
private SecurityTokenConnection securityTokenConnection;
private OpenPgpCommandApduFactory commandFactory;
private PsoDecryptTokenOp useCase;
private CommandApdu dummyCommandApdu = mock(CommandApdu.class);
@Before
public void setUp() throws Exception {
securityTokenConnection = mock(SecurityTokenConnection.class);
commandFactory = mock(OpenPgpCommandApduFactory.class);
when(securityTokenConnection.getCommandFactory()).thenReturn(commandFactory);
useCase = PsoDecryptTokenOp.create(securityTokenConnection);
}
@Test
public void testRsaDecrypt() throws Exception {
OpenPgpCapabilities openPgpCapabilities = OpenPgpCapabilities.fromBytes(
Hex.decode("6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03" +
"0303c53c4ec5fee25c4e89654d58cad8492510a89d3c3d8468da7b24e15bfc624c6a792794f15b759" +
"9915f703aab55ed25424d60b17026b7b06c6ad4b9be30a3c63c000000000000000000000000000000" +
"000000000000000000000000000000000000000000000000000000000000000000000000000000000" +
"000000000cd0c59cd0f2a59cd0af059cd0c95"
));
when(securityTokenConnection.getOpenPgpCapabilities()).thenReturn(openPgpCapabilities);
ResponseApdu dummyResponseApdu = ResponseApdu.fromBytes(Hex.decode("010203049000"));
when(commandFactory.createDecipherCommand(any(byte[].class))).thenReturn(dummyCommandApdu);
when(securityTokenConnection.communicate(dummyCommandApdu)).thenReturn(dummyResponseApdu);
byte[] response = useCase.verifyAndDecryptSessionKey(RSA_ENC_SESSIONKEY_MPI, null);
assertArrayEquals(Hex.decode("01020304"), response);
}
}

94
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/operations/ResetAndWipeTokenOpTest.java Normal file
View File

@@ -0,0 +1,94 @@
/*
* Copyright (C) 2018 Schürmann & Breitmoser GbR
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken.operations;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.sufficientlysecure.keychain.KeychainTestRunner;
import org.sufficientlysecure.keychain.securitytoken.CommandApdu;
import org.sufficientlysecure.keychain.securitytoken.OpenPgpCapabilities;
import org.sufficientlysecure.keychain.securitytoken.OpenPgpCommandApduFactory;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
import static org.junit.Assert.*;
import static org.mockito.Matchers.any;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@SuppressWarnings("WeakerAccess")
@RunWith(KeychainTestRunner.class)
public class ResetAndWipeTokenOpTest {
static final ResponseApdu RESPONSE_APDU_SUCCESS = ResponseApdu.fromBytes(Hex.decode("9000"));
static final ResponseApdu RESPONSE_APDU_BAD_PW = ResponseApdu.fromBytes(Hex.decode("63C0"));
SecurityTokenConnection securityTokenConnection;
OpenPgpCommandApduFactory commandFactory;
ResetAndWipeTokenOp useCase;
@Before
public void setUp() throws Exception {
securityTokenConnection = mock(SecurityTokenConnection.class);
commandFactory = mock(OpenPgpCommandApduFactory.class);
when(securityTokenConnection.getCommandFactory()).thenReturn(commandFactory);
useCase = ResetAndWipeTokenOp.create(securityTokenConnection);
}
@Test
public void resetAndWipeToken() throws Exception {
OpenPgpCapabilities openPgpCapabilities = OpenPgpCapabilities.fromBytes(
Hex.decode("6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03" +
"0303c53c4ec5fee25c4e89654d58cad8492510a89d3c3d8468da7b24e15bfc624c6a792794f15b759" +
"9915f703aab55ed25424d60b17026b7b06c6ad4b9be30a3c63c000000000000000000000000000000" +
"000000000000000000000000000000000000000000000000000000000000000000000000000000000" +
"000000000cd0c59cd0f2a59cd0af059cd0c95"
));
when(securityTokenConnection.getOpenPgpCapabilities()).thenReturn(openPgpCapabilities);
CommandApdu verifyPw1Apdu = mock(CommandApdu.class);
CommandApdu verifyPw3Apdu = mock(CommandApdu.class);
when(commandFactory.createVerifyPw1ForSignatureCommand(any(byte[].class))).thenReturn(verifyPw1Apdu);
when(commandFactory.createVerifyPw3Command(any(byte[].class))).thenReturn(verifyPw3Apdu);
when(securityTokenConnection.communicate(verifyPw1Apdu)).thenReturn(RESPONSE_APDU_BAD_PW);
when(securityTokenConnection.communicate(verifyPw3Apdu)).thenReturn(RESPONSE_APDU_BAD_PW);
CommandApdu reactivate1Apdu = mock(CommandApdu.class);
CommandApdu reactivate2Apdu = mock(CommandApdu.class);
when(commandFactory.createReactivate1Command()).thenReturn(reactivate1Apdu);
when(commandFactory.createReactivate2Command()).thenReturn(reactivate2Apdu);
when(securityTokenConnection.communicate(reactivate1Apdu)).thenReturn(RESPONSE_APDU_SUCCESS);
when(securityTokenConnection.communicate(reactivate2Apdu)).thenReturn(RESPONSE_APDU_SUCCESS);
useCase.resetAndWipeToken();
verify(securityTokenConnection).communicate(reactivate1Apdu);
verify(securityTokenConnection).communicate(reactivate2Apdu);
verify(securityTokenConnection).refreshConnectionCapabilities();
}
}

144
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenChangeKeyTokenOpTest.java Normal file
View File

@@ -0,0 +1,144 @@
/*
* Copyright (C) 2018 Schürmann & Breitmoser GbR
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.securitytoken.operations;
import org.bouncycastle.util.encoders.Hex;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.AdditionalMatchers;
import org.robolectric.shadows.ShadowLog;
import org.sufficientlysecure.keychain.KeychainTestRunner;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.securitytoken.CommandApdu;
import org.sufficientlysecure.keychain.securitytoken.KeyType;
import org.sufficientlysecure.keychain.securitytoken.OpenPgpCapabilities;
import org.sufficientlysecure.keychain.securitytoken.OpenPgpCommandApduFactory;
import org.sufficientlysecure.keychain.securitytoken.ResponseApdu;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenConnection;
import org.sufficientlysecure.keychain.util.Passphrase;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.when;
@SuppressWarnings("WeakerAccess")
@RunWith(KeychainTestRunner.class)
public class SecurityTokenChangeKeyTokenOpTest {
SecurityTokenChangeKeyTokenOp useCase;
OpenPgpCommandApduFactory commandFactory;
SecurityTokenConnection securityTokenConnection;
CommandApdu dummyCommandApdu = mock(CommandApdu.class);
@Before
public void setUp() throws Exception {
ShadowLog.stream = System.out;
securityTokenConnection = mock(SecurityTokenConnection.class);
commandFactory = mock(OpenPgpCommandApduFactory.class);
when(securityTokenConnection.getCommandFactory()).thenReturn(commandFactory);
useCase = SecurityTokenChangeKeyTokenOp.create(securityTokenConnection);
}
@Test
public void testPutKey() throws Exception {
OpenPgpCapabilities openPgpCapabilities = OpenPgpCapabilities.fromBytes(
Hex.decode("6e81de4f10d27600012401020000060364311500005f520f0073000080000000000000000000007381b7c00af" +
"00000ff04c000ff00ffc106010800001103c206010800001103c306010800001103c407007f7f7f03" +
"0303c53c4ec5fee25c4e89654d58cad8492510a89d3c3d8468da7b24e15bfc624c6a792794f15b759" +
"9915f703aab55ed25424d60b17026b7b06c6ad4b9be30a3c63c000000000000000000000000000000" +
"000000000000000000000000000000000000000000000000000000000000000000000000000000000" +
"000000000cd0c59cd0f2a59cd0af059cd0c95"
));
when(securityTokenConnection.getOpenPgpCapabilities()).thenReturn(openPgpCapabilities);
/*
Security.insertProviderAt(new BouncyCastleProvider(), 1);
ShadowLog.stream = System.out;
SaveKeyringParcel.Builder builder = SaveKeyringParcel.buildNewKeyringParcel();
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(
Algorithm.RSA, 2048, null, KeyFlags.CERTIFY_OTHER | KeyFlags.SIGN_DATA, 0L));
builder.addUserId("gnuk");
builder.setNewUnlock(ChangeUnlockParcel.createUnLockParcelForNewKey(new Passphrase()));
PgpKeyOperation op = new PgpKeyOperation(null);
PgpEditKeyResult result = op.createSecretKeyRing(builder.build());
Assert.assertTrue("initial test key creation must succeed", result.success());
Assert.assertNotNull("initial test key creation must succeed", result.getRing());
*/
UncachedKeyRing staticRing = readRingFromResource("/test-keys/token-import-rsa.sec");
CanonicalizedSecretKeyRing canRing = (CanonicalizedSecretKeyRing) staticRing.canonicalize(new OperationLog(), 0);
CanonicalizedSecretKey signKey = canRing.getSecretKey();
signKey.unlock(null);
byte[] expectedKeyData = Hex.decode(
"4d8203a2b6007f48159103928180938180948180958180968180978201005f48820383010001be5e36a09458313f95" +
"94f3f76a972989dfa1d4a416f7f461c8a4ccf9b9de8ee59447e44b4a4833a00c655ae5516214a72efa5c140fd7d4" +
"29d9b15805c77c881e6ad10711b4614d2183497a5a6d36ed221146301ce6ccf42581004c313d533d14c57abc3288" +
"6419665b67091d652aa6cb074da682135115657d90752fb9d2e69fffd7580adddf1d7822d9d40220401056674b93" +
"3efeb3bc51eafe2c5a5162ec2b466591b689d9af07004bb81a509c7601043a2da871f5989e4e338b901afb9ba8f2" +
"b8bc18ac3300e750bda2a0886459363542bb5b59cab2ed934388c486b602a3f6a63164afe55139ad9f4ed230421b" +
"4039b09f5c0b7c609ba9927f1f7c4db7c3895bbe8e58787ddae295468d034a0c29964b80f3551d308722de7ac698" +
"e840eb68c81c75d140ac347e35d8167bd9ac175610f811f049061b72ebc491d89610fc6ba1344c8d03e2871181f0" +
"408f87779149a1b1835705b407baf28c30e94da82c8e15b845f2473deee6987f29a2d25232361818fd83283a0959" +
"2345ac56d9a56408ef5b19065d6d5252aeff1469c85686c61c4e62b541461320dbbb532d4a28e2d5a6da2c3e7c4d" +
"100204efd33b92a2ed85e2f2576eb6ee9a58415ea446ccad86dff497a45917080bbea1c0406647e1b16ba623b3f7" +
"913f14538db405cb9f108add09f9b3557b7d45b49c8d6cf7c69cb582ce3e3674b9a58b71ed49d2c7a2027955ba0a" +
"be596a11add7bfb5d2a08bd6ed9cdf2e0fc5b8e4396ecc8c801715569d89912f2a4336b5f75a9a04ae8ca460c626" +
"6c7830213f724c5957dc44054699fa1a9adc2c48472ede53a7b77ea3353ccf75394f1e65100eb49ccbdc603de36f" +
"2f11cece6e36a2587d4338466917d28edf0e75a8706748ddf64af3d3b4f129f991be3ffb024c13038806fb6d32f0" +
"dc20adb288fc190985dc9d0a976e108dcecffdf94b97a0de2f94ff6c8996fa6aaeeb97cc9d466fa8f92e2dd179c2" +
"4b46bd165a68efbdce4e397e841e44ffa48991fa23abbd6ff4d0c387a048a9ca323b4867c504d61af02048b4af78" +
"7b0994fd71b9bc39dda6a4f3b610297c8b35affde21a53ec4954c6b1da6403a7cb627555686acc779ca19fb14d7e" +
"c2ca3655571f36587e025bdc0ce053193a7c4be1db17e9ba5788edb43f81f02ef07cc7c1d967e8435fba00e986ab" +
"30fa69746857fc082b5b797d5eea3c6fb1be4a1a12bba89d4ca8c204e2702d93e9316b6176726121dd29c8a8b75e" +
"c19e1deb09e4cc3b95b054541d");
ResponseApdu dummyResponseApdu = ResponseApdu.fromBytes(Hex.decode("9000"));
when(commandFactory.createPutKeyCommand(AdditionalMatchers.aryEq(expectedKeyData))).thenReturn(dummyCommandApdu);
when(securityTokenConnection.communicate(dummyCommandApdu)).thenReturn(dummyResponseApdu);
Passphrase adminPin = new Passphrase("12345678");
useCase.putKey(KeyType.SIGN, signKey, new Passphrase("123456"), adminPin);
verify(securityTokenConnection).verifyAdminPin(adminPin);
verify(securityTokenConnection).communicate(dummyCommandApdu);
}
UncachedKeyRing readRingFromResource(String name) throws Exception {
return UncachedKeyRing.fromStream(SecurityTokenChangeKeyTokenOpTest.class.getResourceAsStream(name)).next();
}
}