mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-11-05 08:45:08 -05:00
Actually test canonicalize
This commit is contained in:
parent
e906fe5387
commit
4fbffd7bb4
@ -1,13 +1,16 @@
|
||||
package org.sufficientlysecure.keychain.testsupport;
|
||||
|
||||
import org.spongycastle.bcpg.CompressionAlgorithmTags;
|
||||
import org.spongycastle.bcpg.ContainedPacket;
|
||||
import org.spongycastle.bcpg.HashAlgorithmTags;
|
||||
import org.spongycastle.bcpg.MPInteger;
|
||||
import org.spongycastle.bcpg.PublicKeyAlgorithmTags;
|
||||
import org.spongycastle.bcpg.PublicKeyPacket;
|
||||
import org.spongycastle.bcpg.PublicSubkeyPacket;
|
||||
import org.spongycastle.bcpg.RSAPublicBCPGKey;
|
||||
import org.spongycastle.bcpg.SignaturePacket;
|
||||
import org.spongycastle.bcpg.SignatureSubpacket;
|
||||
import org.spongycastle.bcpg.SignatureSubpacketInputStream;
|
||||
import org.spongycastle.bcpg.SignatureSubpacketTags;
|
||||
import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
|
||||
import org.spongycastle.bcpg.UserIDPacket;
|
||||
@ -17,87 +20,126 @@ import org.spongycastle.bcpg.sig.KeyExpirationTime;
|
||||
import org.spongycastle.bcpg.sig.KeyFlags;
|
||||
import org.spongycastle.bcpg.sig.PreferredAlgorithms;
|
||||
import org.spongycastle.bcpg.sig.SignatureCreationTime;
|
||||
import org.spongycastle.openpgp.PGPException;
|
||||
import org.spongycastle.openpgp.PGPPublicKey;
|
||||
import org.spongycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.spongycastle.openpgp.PGPSignature;
|
||||
import org.spongycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.math.BigInteger;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Arrays;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
/**
|
||||
* Created by art on 05/07/14.
|
||||
* Helps create correct and incorrect keyrings for tests.
|
||||
*
|
||||
* The original "correct" keyring was generated by GnuPG.
|
||||
*/
|
||||
public class KeyringBuilder {
|
||||
|
||||
|
||||
private static final BigInteger modulus = new BigInteger(
|
||||
"cbab78d90d5f2cc0c54dd3c3953005a1" +
|
||||
"e6b521f1ffa5465a102648bf7b91ec72" +
|
||||
"f9c180759301587878caeb7333215620" +
|
||||
"9f81ca5b3b94309d96110f6972cfc56a" +
|
||||
"37fd6279f61d71f19b8f64b288e33829" +
|
||||
"9dce133520f5b9b4253e6f4ba31ca36a" +
|
||||
"fd87c2081b15f0b283e9350e370e181a" +
|
||||
"23d31379101f17a23ae9192250db6540" +
|
||||
"2e9cab2a275bc5867563227b197c8b13" +
|
||||
"6c832a94325b680e144ed864fb00b9b8" +
|
||||
"b07e13f37b40d5ac27dae63cd6a470a7" +
|
||||
"b40fa3c7479b5b43e634850cc680b177" +
|
||||
"8dd6b1b51856f36c3520f258f104db2f" +
|
||||
"96b31a53dd74f708ccfcefccbe420a90" +
|
||||
"1c37f1f477a6a4b15f5ecbbfd93311a6" +
|
||||
"47bcc3f5f81c59dfe7252e3cd3be6e27"
|
||||
private static final BigInteger PUBLIC_KEY_MODULUS = new BigInteger(
|
||||
"cbab78d90d5f2cc0c54dd3c3953005a1e6b521f1ffa5465a102648bf7b91ec72" +
|
||||
"f9c180759301587878caeb73332156209f81ca5b3b94309d96110f6972cfc56a" +
|
||||
"37fd6279f61d71f19b8f64b288e338299dce133520f5b9b4253e6f4ba31ca36a" +
|
||||
"fd87c2081b15f0b283e9350e370e181a23d31379101f17a23ae9192250db6540" +
|
||||
"2e9cab2a275bc5867563227b197c8b136c832a94325b680e144ed864fb00b9b8" +
|
||||
"b07e13f37b40d5ac27dae63cd6a470a7b40fa3c7479b5b43e634850cc680b177" +
|
||||
"8dd6b1b51856f36c3520f258f104db2f96b31a53dd74f708ccfcefccbe420a90" +
|
||||
"1c37f1f477a6a4b15f5ecbbfd93311a647bcc3f5f81c59dfe7252e3cd3be6e27"
|
||||
, 16
|
||||
);
|
||||
|
||||
private static final BigInteger exponent = new BigInteger("010001", 16);
|
||||
private static final BigInteger PUBLIC_SUBKEY_MODULUS = new BigInteger(
|
||||
"e8e2e2a33102649f19f8a07486fb076a1406ca888d72ae05d28f0ef372b5408e" +
|
||||
"45132c69f6e5cb6a79bb8aed84634196731393a82d53e0ddd42f28f92cc15850" +
|
||||
"8ce3b7ca1a9830502745aee774f86987993df984781f47c4a2910f95cf4c950c" +
|
||||
"c4c6cccdc134ad408a0c5418b5e360c9781a8434d366053ea6338b975fae88f9" +
|
||||
"383a10a90e7b2caa9ddb95708aa9d8a90246e29b04dbd6136613085c9a287315" +
|
||||
"c6e9c7ff4012defc1713875e3ff6073333a1c93d7cd75ebeaaf16b8b853d96ba" +
|
||||
"7003258779e8d2f70f1bc0bcd3ef91d7a9ccd8e225579b2d6fcae32799b0a6c0" +
|
||||
"e7305fc65dc4edc849c6130a0d669c90c193b1e746c812510f9d600a208be4a5"
|
||||
, 16
|
||||
);
|
||||
|
||||
public static UncachedKeyRing ring1() {
|
||||
return ringForModulus(new Date(1404566755000L), "OpenKeychain User (NOT A REAL KEY) <openkeychain@example.com>");
|
||||
private static final Date SIGNATURE_DATE = new Date(1404566755000L);
|
||||
|
||||
private static final BigInteger EXPONENT = BigInteger.valueOf(0x010001);
|
||||
|
||||
private static final String USER_ID_STRING = "OpenKeychain User (NOT A REAL KEY) <openkeychain@example.com>";
|
||||
|
||||
public static final BigInteger CORRECT_SIGNATURE = new BigInteger(
|
||||
"b065c071d3439d5610eb22e5b4df9e42ed78b8c94f487389e4fc98e8a75a043f" +
|
||||
"14bf57d591811e8e7db2d31967022d2ee64372829183ec51d0e20c42d7a1e519" +
|
||||
"e9fa22cd9db90f0fd7094fd093b78be2c0db62022193517404d749152c71edc6" +
|
||||
"fd48af3416038d8842608ecddebbb11c5823a4321d2029b8993cb017fa8e5ad7" +
|
||||
"8a9a618672d0217c4b34002f1a4a7625a514b6a86475e573cb87c64d7069658e" +
|
||||
"627f2617874007a28d525e0f87d93ca7b15ad10dbdf10251e542afb8f9b16cbf" +
|
||||
"7bebdb5fe7e867325a44e59cad0991cb239b1c859882e2ebb041b80e5cdc3b40" +
|
||||
"ed259a8a27d63869754c0881ccdcb50f0564fecdc6966be4a4b87a3507a9d9be"
|
||||
, 16
|
||||
);
|
||||
public static final BigInteger CORRECT_SUBKEY_SIGNATURE = new BigInteger(
|
||||
"9c40543e646cfa6d3d1863d91a4e8f1421d0616ddb3187505df75fbbb6c59dd5" +
|
||||
"3136b866f246a0320e793cb142c55c8e0e521d1e8d9ab864650f10690f5f1429" +
|
||||
"2eb8402a3b1f82c01079d12f5c57c43fce524a530e6f49f6f87d984e26db67a2" +
|
||||
"d469386dac87553c50147ebb6c2edd9248325405f737b815253beedaaba4f5c9" +
|
||||
"3acd5d07fe6522ceda1027932d849e3ec4d316422cd43ea6e506f643936ab0be" +
|
||||
"8246e546bb90d9a83613185047566864ffe894946477e939725171e0e15710b2" +
|
||||
"089f78752a9cb572f5907323f1b62f14cb07671aeb02e6d7178f185467624ec5" +
|
||||
"74e4a73c439a12edba200a4832106767366a1e6f63da0a42d593fa3914deee2b"
|
||||
, 16
|
||||
);
|
||||
public static final BigInteger KEY_ID = BigInteger.valueOf(0x15130BCF071AE6BFL);
|
||||
|
||||
public static UncachedKeyRing correctRing() {
|
||||
return convertToKeyring(correctKeyringPackets());
|
||||
}
|
||||
|
||||
public static UncachedKeyRing ring2() {
|
||||
return ringForModulus(new Date(1404566755000L), "OpenKeychain User (NOT A REAL KEY) <openkeychain@example.com>");
|
||||
public static UncachedKeyRing ringWithExtraIncorrectSignature() {
|
||||
List<ContainedPacket> packets = correctKeyringPackets();
|
||||
SignaturePacket incorrectSignaturePacket = createSignaturePacket(CORRECT_SIGNATURE.subtract(BigInteger.ONE));
|
||||
packets.add(2, incorrectSignaturePacket);
|
||||
return convertToKeyring(packets);
|
||||
}
|
||||
|
||||
private static UncachedKeyRing ringForModulus(Date date, String userIdString) {
|
||||
|
||||
private static UncachedKeyRing convertToKeyring(List<ContainedPacket> packets) {
|
||||
try {
|
||||
PGPPublicKey publicKey = createPgpPublicKey(modulus, date);
|
||||
UserIDPacket userId = createUserId(userIdString);
|
||||
SignaturePacket signaturePacket = createSignaturePacket(date);
|
||||
|
||||
byte[] publicKeyEncoded = publicKey.getEncoded();
|
||||
byte[] userIdEncoded = userId.getEncoded();
|
||||
byte[] signaturePacketEncoded = signaturePacket.getEncoded();
|
||||
byte[] encodedRing = TestDataUtil.concatAll(
|
||||
publicKeyEncoded,
|
||||
userIdEncoded,
|
||||
signaturePacketEncoded
|
||||
);
|
||||
|
||||
PGPPublicKeyRing pgpPublicKeyRing = new PGPPublicKeyRing(
|
||||
encodedRing, new BcKeyFingerprintCalculator());
|
||||
|
||||
return UncachedKeyRing.decodeFromData(pgpPublicKeyRing.getEncoded());
|
||||
|
||||
return UncachedKeyRing.decodeFromData(TestDataUtil.concatAll(packets));
|
||||
} catch (Exception e) {
|
||||
throw new RuntimeException(e);
|
||||
}
|
||||
}
|
||||
|
||||
private static SignaturePacket createSignaturePacket(Date date) {
|
||||
private static List<ContainedPacket> correctKeyringPackets() {
|
||||
PublicKeyPacket publicKey = createPgpPublicKey(PUBLIC_KEY_MODULUS);
|
||||
UserIDPacket userId = createUserId(USER_ID_STRING);
|
||||
SignaturePacket signaturePacket = createSignaturePacket(CORRECT_SIGNATURE);
|
||||
PublicKeyPacket subKey = createPgpPublicSubKey(PUBLIC_SUBKEY_MODULUS);
|
||||
SignaturePacket subKeySignaturePacket = createSubkeySignaturePacket();
|
||||
|
||||
return new ArrayList<ContainedPacket>(Arrays.asList(
|
||||
publicKey,
|
||||
userId,
|
||||
signaturePacket,
|
||||
subKey,
|
||||
subKeySignaturePacket
|
||||
));
|
||||
}
|
||||
|
||||
private static SignaturePacket createSignaturePacket(BigInteger signature) {
|
||||
MPInteger[] signatureArray = new MPInteger[]{
|
||||
new MPInteger(signature)
|
||||
};
|
||||
|
||||
int signatureType = PGPSignature.POSITIVE_CERTIFICATION;
|
||||
long keyID = 0x15130BCF071AE6BFL;
|
||||
int keyAlgorithm = SignaturePacket.RSA_GENERAL;
|
||||
int hashAlgorithm = HashAlgorithmTags.SHA1;
|
||||
|
||||
SignatureSubpacket[] hashedData = new SignatureSubpacket[]{
|
||||
new SignatureCreationTime(false, date),
|
||||
new SignatureCreationTime(false, SIGNATURE_DATE),
|
||||
new KeyFlags(false, KeyFlags.CERTIFY_OTHER + KeyFlags.SIGN_DATA),
|
||||
new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)),
|
||||
new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_SYM_ALGS, false, new int[]{
|
||||
@ -120,34 +162,58 @@ public class KeyringBuilder {
|
||||
CompressionAlgorithmTags.ZIP
|
||||
}),
|
||||
new Features(false, Features.FEATURE_MODIFICATION_DETECTION),
|
||||
// can't do keyserver prefs
|
||||
createPreferencesSignatureSubpacket()
|
||||
};
|
||||
SignatureSubpacket[] unhashedData = new SignatureSubpacket[]{
|
||||
new IssuerKeyID(false, new BigInteger("15130BCF071AE6BF", 16).toByteArray())
|
||||
new IssuerKeyID(false, KEY_ID.toByteArray())
|
||||
};
|
||||
byte[] fingerPrint = new BigInteger("522c", 16).toByteArray();
|
||||
|
||||
return new SignaturePacket(signatureType,
|
||||
KEY_ID.longValue(),
|
||||
keyAlgorithm,
|
||||
hashAlgorithm,
|
||||
hashedData,
|
||||
unhashedData,
|
||||
fingerPrint,
|
||||
signatureArray);
|
||||
}
|
||||
|
||||
/**
|
||||
* There is no Preferences subpacket in BouncyCastle, so we have
|
||||
* to create one manually.
|
||||
*/
|
||||
private static SignatureSubpacket createPreferencesSignatureSubpacket() {
|
||||
SignatureSubpacket prefs;
|
||||
try {
|
||||
prefs = new SignatureSubpacketInputStream(new ByteArrayInputStream(
|
||||
new byte[]{2, SignatureSubpacketTags.KEY_SERVER_PREFS, (byte) 0x80})
|
||||
).readPacket();
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
return prefs;
|
||||
}
|
||||
|
||||
private static SignaturePacket createSubkeySignaturePacket() {
|
||||
int signatureType = PGPSignature.SUBKEY_BINDING;
|
||||
int keyAlgorithm = SignaturePacket.RSA_GENERAL;
|
||||
int hashAlgorithm = HashAlgorithmTags.SHA1;
|
||||
|
||||
SignatureSubpacket[] hashedData = new SignatureSubpacket[]{
|
||||
new SignatureCreationTime(false, SIGNATURE_DATE),
|
||||
new KeyFlags(false, KeyFlags.ENCRYPT_COMMS + KeyFlags.ENCRYPT_STORAGE),
|
||||
new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)),
|
||||
};
|
||||
SignatureSubpacket[] unhashedData = new SignatureSubpacket[]{
|
||||
new IssuerKeyID(false, KEY_ID.toByteArray())
|
||||
};
|
||||
byte[] fingerPrint = new BigInteger("234a", 16).toByteArray();
|
||||
MPInteger[] signature = new MPInteger[]{
|
||||
new MPInteger(new BigInteger(
|
||||
"b065c071d3439d5610eb22e5b4df9e42" +
|
||||
"ed78b8c94f487389e4fc98e8a75a043f" +
|
||||
"14bf57d591811e8e7db2d31967022d2e" +
|
||||
"e64372829183ec51d0e20c42d7a1e519" +
|
||||
"e9fa22cd9db90f0fd7094fd093b78be2" +
|
||||
"c0db62022193517404d749152c71edc6" +
|
||||
"fd48af3416038d8842608ecddebbb11c" +
|
||||
"5823a4321d2029b8993cb017fa8e5ad7" +
|
||||
"8a9a618672d0217c4b34002f1a4a7625" +
|
||||
"a514b6a86475e573cb87c64d7069658e" +
|
||||
"627f2617874007a28d525e0f87d93ca7" +
|
||||
"b15ad10dbdf10251e542afb8f9b16cbf" +
|
||||
"7bebdb5fe7e867325a44e59cad0991cb" +
|
||||
"239b1c859882e2ebb041b80e5cdc3b40" +
|
||||
"ed259a8a27d63869754c0881ccdcb50f" +
|
||||
"0564fecdc6966be4a4b87a3507a9d9be", 16
|
||||
))
|
||||
new MPInteger(CORRECT_SUBKEY_SIGNATURE)
|
||||
};
|
||||
return new SignaturePacket(signatureType,
|
||||
keyID,
|
||||
KEY_ID.longValue(),
|
||||
keyAlgorithm,
|
||||
hashAlgorithm,
|
||||
hashedData,
|
||||
@ -156,10 +222,12 @@ public class KeyringBuilder {
|
||||
signature);
|
||||
}
|
||||
|
||||
private static PGPPublicKey createPgpPublicKey(BigInteger modulus, Date date) throws PGPException {
|
||||
PublicKeyPacket publicKeyPacket = new PublicKeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, date, new RSAPublicBCPGKey(modulus, exponent));
|
||||
return new PGPPublicKey(
|
||||
publicKeyPacket, new BcKeyFingerprintCalculator());
|
||||
private static PublicKeyPacket createPgpPublicKey(BigInteger modulus) {
|
||||
return new PublicKeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, SIGNATURE_DATE, new RSAPublicBCPGKey(modulus, EXPONENT));
|
||||
}
|
||||
|
||||
private static PublicKeyPacket createPgpPublicSubKey(BigInteger modulus) {
|
||||
return new PublicSubkeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, SIGNATURE_DATE, new RSAPublicBCPGKey(modulus, EXPONENT));
|
||||
}
|
||||
|
||||
private static UserIDPacket createUserId(String userId) {
|
||||
|
@ -1,8 +1,11 @@
|
||||
package org.sufficientlysecure.keychain.testsupport;
|
||||
|
||||
import org.spongycastle.bcpg.ContainedPacket;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.io.OutputStream;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
|
||||
@ -17,7 +20,7 @@ public class TestDataUtil {
|
||||
return output.toByteArray();
|
||||
}
|
||||
|
||||
private static void appendToOutput(InputStream input, ByteArrayOutputStream output) {
|
||||
public static void appendToOutput(InputStream input, OutputStream output) {
|
||||
byte[] buffer = new byte[8192];
|
||||
int bytesRead;
|
||||
try {
|
||||
@ -82,6 +85,20 @@ public class TestDataUtil {
|
||||
public boolean areEquals(T lhs, T rhs);
|
||||
}
|
||||
|
||||
|
||||
public static byte[] concatAll(java.util.List<ContainedPacket> packets) {
|
||||
byte[][] byteArrays = new byte[packets.size()][];
|
||||
try {
|
||||
for (int i = 0; i < packets.size(); i++) {
|
||||
byteArrays[i] = packets.get(i).getEncoded();
|
||||
}
|
||||
} catch (IOException ex) {
|
||||
throw new RuntimeException(ex);
|
||||
}
|
||||
|
||||
return concatAll(byteArrays);
|
||||
}
|
||||
|
||||
public static byte[] concatAll(byte[]... byteArrays) {
|
||||
if (byteArrays.length == 1) {
|
||||
return byteArrays[0];
|
||||
|
@ -6,30 +6,39 @@ import org.junit.runner.RunWith;
|
||||
import org.robolectric.*;
|
||||
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
|
||||
import org.sufficientlysecure.keychain.testsupport.*;
|
||||
import org.sufficientlysecure.keychain.testsupport.KeyringBuilder;
|
||||
import org.sufficientlysecure.keychain.testsupport.TestDataUtil;
|
||||
|
||||
import java.util.*;
|
||||
import java.io.*;
|
||||
import java.util.Collections;
|
||||
|
||||
@RunWith(RobolectricTestRunner.class)
|
||||
@org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19
|
||||
public class UncachedKeyringTest {
|
||||
|
||||
@Test
|
||||
public void testVerifySuccess() throws Exception {
|
||||
UncachedKeyRing expectedKeyRing = KeyringBuilder.ring2();
|
||||
UncachedKeyRing inputKeyRing = KeyringBuilder.ring1();
|
||||
public void testCanonicalizeNoChanges() throws Exception {
|
||||
UncachedKeyRing expectedKeyRing = KeyringBuilder.correctRing();
|
||||
UncachedKeyRing inputKeyRing = KeyringBuilder.correctRing();
|
||||
// Uncomment to dump the encoded key for manual inspection
|
||||
// inputKeyRing.getPublicKey().getPublicKey().encode(new FileOutputStream(new File("/tmp/key-encoded")));
|
||||
// TestDataUtil.appendToOutput(new ByteArrayInputStream(inputKeyRing.getEncoded()), new FileOutputStream(new File("/tmp/key-encoded")));
|
||||
new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, expectedKeyRing);
|
||||
}
|
||||
|
||||
|
||||
@Test
|
||||
public void testVerifyFromGpg() throws Exception {
|
||||
byte[] data = TestDataUtil.readAllFully(Collections.singleton( "/public-key-canonicalize.blob"));
|
||||
public void testCanonicalizeExtraIncorrectSignature() throws Exception {
|
||||
UncachedKeyRing expectedKeyRing = KeyringBuilder.correctRing();
|
||||
UncachedKeyRing inputKeyRing = KeyringBuilder.ringWithExtraIncorrectSignature();
|
||||
new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, expectedKeyRing);
|
||||
}
|
||||
|
||||
/**
|
||||
* Check the original GnuPG-generated public key is OK
|
||||
*/
|
||||
@Test
|
||||
public void testCanonicalizeOriginalGpg() throws Exception {
|
||||
byte[] data = TestDataUtil.readAllFully(Collections.singleton("/public-key-canonicalize.blob"));
|
||||
UncachedKeyRing inputKeyRing = UncachedKeyRing.decodeFromData(data);
|
||||
new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, KeyringBuilder.ring2());
|
||||
new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, KeyringBuilder.correctRing());
|
||||
}
|
||||
|
||||
|
||||
@ -38,8 +47,8 @@ public class UncachedKeyringTest {
|
||||
*/
|
||||
@Test
|
||||
public void testConcat() throws Exception {
|
||||
byte[] actual = TestDataUtil.concatAll(new byte[]{1}, new byte[]{2,-2}, new byte[]{5},new byte[]{3});
|
||||
byte[] expected = new byte[]{1,2,-2,5,3};
|
||||
byte[] actual = TestDataUtil.concatAll(new byte[]{1}, new byte[]{2, -2}, new byte[]{5}, new byte[]{3});
|
||||
byte[] expected = new byte[]{1, 2, -2, 5, 3};
|
||||
Assert.assertEquals(java.util.Arrays.toString(expected), java.util.Arrays.toString(actual));
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user