diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java index 065b76136..cc2eda3bc 100644 --- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java +++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java @@ -18,20 +18,24 @@ package org.sufficientlysecure.keychain.pgp; import org.junit.Assert; +import org.junit.Before; import org.junit.BeforeClass; import org.junit.Test; import org.junit.runner.RunWith; import org.robolectric.*; import org.robolectric.shadows.ShadowLog; +import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.jce.provider.BouncyCastleProvider; import org.spongycastle.openpgp.PGPEncryptedData; -import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify.NoSecretKeyException; -import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify.PassphraseCache; import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt.Builder; import org.sufficientlysecure.keychain.provider.ProviderHelper; +import org.sufficientlysecure.keychain.service.SaveKeyringParcel; +import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm; import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult; +import org.sufficientlysecure.keychain.service.results.EditKeyResult; import org.sufficientlysecure.keychain.service.results.SignEncryptResult; import org.sufficientlysecure.keychain.util.InputData; +import org.sufficientlysecure.keychain.util.ProgressScaler; import org.sufficientlysecure.keychain.util.TestingUtils; import java.io.ByteArrayInputStream; @@ -42,58 +46,229 @@ import java.security.Security; @org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19 public class PgpEncryptDecryptTest { - String mPassphrase = TestingUtils.genPassphrase(true); + static String mPassphrase = TestingUtils.genPassphrase(true); + + static UncachedKeyRing mStaticRing1, mStaticRing2; + static String mKeyPhrase1 = TestingUtils.genPassphrase(true); + static String mKeyPhrase2 = TestingUtils.genPassphrase(true); @BeforeClass public static void setUpOnce() throws Exception { Security.insertProviderAt(new BouncyCastleProvider(), 1); ShadowLog.stream = System.out; + + PgpKeyOperation op = new PgpKeyOperation(null); + + { + SaveKeyringParcel parcel = new SaveKeyringParcel(); + parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( + Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( + Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( + Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + parcel.mAddUserIds.add("bloom"); + parcel.mNewPassphrase = mKeyPhrase1; + + EditKeyResult result = op.createSecretKeyRing(parcel); + Assert.assertTrue("initial test key creation must succeed", result.success()); + Assert.assertNotNull("initial test key creation must succeed", result.getRing()); + + mStaticRing1 = result.getRing(); + } + + { + SaveKeyringParcel parcel = new SaveKeyringParcel(); + parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( + Algorithm.RSA, 1024, null, KeyFlags.CERTIFY_OTHER, 0L)); + parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( + Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L)); + parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd( + Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L)); + parcel.mAddUserIds.add("belle"); + parcel.mNewPassphrase = mKeyPhrase2; + + EditKeyResult result = op.createSecretKeyRing(parcel); + Assert.assertTrue("initial test key creation must succeed", result.success()); + Assert.assertNotNull("initial test key creation must succeed", result.getRing()); + + mStaticRing2 = result.getRing(); + } + + } + + @Before + public void setUp() { + ProviderHelper providerHelper = new ProviderHelper(Robolectric.application); + + providerHelper.saveSecretKeyRing(mStaticRing1, new ProgressScaler()); + providerHelper.saveSecretKeyRing(mStaticRing1, new ProgressScaler()); } @Test public void testSymmetricEncryptDecrypt() { - ByteArrayOutputStream out = new ByteArrayOutputStream(); + String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); + byte[] ciphertext; - { - ByteArrayInputStream in = new ByteArrayInputStream("dies ist ein plaintext ☭".getBytes()); + { // encrypt data with a given passphrase + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); InputData data = new InputData(in, in.available()); - Builder b = new PgpSignEncrypt.Builder(new ProviderHelper(Robolectric.application), data, out); + Builder b = new PgpSignEncrypt.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(mPassphrase, 0L), + data, out); b.setSymmetricPassphrase(mPassphrase); b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128); SignEncryptResult result = b.build().execute(); Assert.assertTrue("encryption must succeed", result.success()); + + ciphertext = out.toByteArray(); } - { - ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray()); - InputData data = new InputData(in, in.available()); + { // decryption with same passphrase should yield the same result - out.reset(); + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder( new ProviderHelper(Robolectric.application), - new DummyPassphraseCache(mPassphrase), data, out); + new DummyPassphraseCache(mPassphrase, 0L), data, out); b.setPassphrase(mPassphrase); DecryptVerifyResult result = b.build().execute(); Assert.assertTrue("decryption must succeed", result.success()); + Assert.assertArrayEquals("decrypted ciphertext should equal plaintext", + out.toByteArray(), plaintext.getBytes()); + Assert.assertNull("signature should be an error", result.getSignatureResult()); + } + { // decryption with a bad passphrase should fail + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(mPassphrase, 0L), data, out); + b.setPassphrase(mPassphrase + "x"); + DecryptVerifyResult result = b.build().execute(); + Assert.assertFalse("decryption must succeed", result.success()); + Assert.assertEquals("decrypted plaintext should be empty", 0, out.size()); + Assert.assertNull("signature should be an error", result.getSignatureResult()); + } + + { // decryption with an unset passphrase should fail + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(mPassphrase, 0L), data, out); + DecryptVerifyResult result = b.build().execute(); + Assert.assertFalse("decryption must succeed", result.success()); + Assert.assertEquals("decrypted plaintext should be empty", 0, out.size()); + Assert.assertNull("signature should be an error", result.getSignatureResult()); } } - static class DummyPassphraseCache implements PassphraseCache { + @Test + public void testAsymmetricEncryptDecrypt() { + + String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true); + byte[] ciphertext; + + { // encrypt data with a given passphrase + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes()); + + InputData data = new InputData(in, in.available()); + Builder b = new PgpSignEncrypt.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(mPassphrase, 0L), + data, out); + + b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() }); + b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128); + SignEncryptResult result = b.build().execute(); + Assert.assertTrue("encryption must succeed", result.success()); + + ciphertext = out.toByteArray(); + } + + { // decryption with provided passphrase should yield the same result + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(null, null), data, out); + b.setPassphrase(mKeyPhrase1); + DecryptVerifyResult result = b.build().execute(); + Assert.assertTrue("decryption with provided passphrase must succeed", result.success()); + Assert.assertArrayEquals("decrypted ciphertext with provided passphrase should equal plaintext", + out.toByteArray(), plaintext.getBytes()); + Assert.assertNull("signature be empty", result.getSignatureResult()); + } + + { // decryption with passphrase cached should succeed + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(mKeyPhrase1, null), data, out); + DecryptVerifyResult result = b.build().execute(); + Assert.assertTrue("decryption with cached passphrase must succeed", result.success()); + Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext", + out.toByteArray(), plaintext.getBytes()); + Assert.assertNull("signature should be empty", result.getSignatureResult()); + } + + { // decryption with no passphrase provided should return status pending + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + ByteArrayInputStream in = new ByteArrayInputStream(ciphertext); + InputData data = new InputData(in, in.available()); + + PgpDecryptVerify.Builder b = new PgpDecryptVerify.Builder( + new ProviderHelper(Robolectric.application), + new DummyPassphraseCache(null, null), data, out); + DecryptVerifyResult result = b.build().execute(); + Assert.assertFalse("decryption with no passphrase must return pending", result.success()); + Assert.assertTrue("decryption with no passphrase should return pending", result.isPending()); + Assert.assertEquals("decryption with no passphrase should return pending passphrase", + DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE, result.getResult()); + } + + } + + static class DummyPassphraseCache implements PassphraseCacheInterface { String mPassphrase; - public DummyPassphraseCache(String passphrase) { + Long mExpectedId; + public DummyPassphraseCache(String passphrase, Long expectedId) { mPassphrase = passphrase; + mExpectedId = expectedId; } @Override public String getCachedPassphrase(long masterKeyId) throws NoSecretKeyException { - Assert.assertEquals("requested passphrase must be for symmetric id", 0L, masterKeyId); + if (mExpectedId != null){ + Assert.assertEquals("requested passphrase must be for expected id", + (long) mExpectedId, masterKeyId); + } return mPassphrase; } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java index 1d8ca1b54..73e17f95e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java @@ -643,9 +643,6 @@ public class PgpDecryptVerify { return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); } } else { - // no integrity check - Log.d(Constants.TAG, "Encrypted data was not integrity protected! MDC packet is missing!"); - // If no valid signature is present: // Handle missing integrity protection like failed integrity protection! // The MDC packet can be stripped by an attacker!