From 3af6ab1b85b7f8cd554fcb6e848e205b3038d3a2 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 29 Oct 2022 14:09:41 +0200 Subject: [PATCH] Rename GnuPGDummyExtension + GnuPGDummyKeyUtil --- ...xtension.java => GnuPGDummyExtension.java} | 4 +-- ...mmyKeyUtil.java => GnuPGDummyKeyUtil.java} | 31 ++++++++++++------- .../HardwareSecurityTest.java | 10 +++--- ...ilTest.java => GnuPGDummyKeyUtilTest.java} | 18 +++++------ 4 files changed, 36 insertions(+), 27 deletions(-) rename pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/{GNUExtension.java => GnuPGDummyExtension.java} (88%) rename pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/{GnuDummyKeyUtil.java => GnuPGDummyKeyUtil.java} (81%) rename pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/{GnuDummyKeyUtilTest.java => GnuPGDummyKeyUtilTest.java} (93%) diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GNUExtension.java b/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyExtension.java similarity index 88% rename from pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GNUExtension.java rename to pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyExtension.java index e829bd7b..9f75bf7e 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GNUExtension.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyExtension.java @@ -6,7 +6,7 @@ package org.pgpainless.key.gnu_dummy_s2k; import org.bouncycastle.bcpg.S2K; -public enum GNUExtension { +public enum GnuPGDummyExtension { /** * Do not store the secret part at all. @@ -21,7 +21,7 @@ public enum GNUExtension { private final int id; - GNUExtension(int id) { + GnuPGDummyExtension(int id) { this.id = id; } diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuDummyKeyUtil.java b/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyKeyUtil.java similarity index 81% rename from pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuDummyKeyUtil.java rename to pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyKeyUtil.java index 7817a676..3a913894 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuDummyKeyUtil.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyKeyUtil.java @@ -17,11 +17,15 @@ import java.util.Collection; import java.util.List; /** - * This class can be used to remove private keys from secret keys. + * This class can be used to remove private keys from secret software-keys by replacing them with + * stub secret keys in the style of GnuPGs proprietary extensions. + * + * @see + * GnuPGs doc/DETAILS - GNU extensions to the S2K algorithm */ -public final class GnuDummyKeyUtil { +public final class GnuPGDummyKeyUtil { - private GnuDummyKeyUtil() { + private GnuPGDummyKeyUtil() { } @@ -45,18 +49,18 @@ public final class GnuDummyKeyUtil { /** * Remove all private keys that match the given {@link KeyFilter} from the key ring and replace them with - * GNU_DUMMY keys with S2K protection mode {@link GNUExtension#NO_PRIVATE_KEY}. + * GNU_DUMMY keys with S2K protection mode {@link GnuPGDummyExtension#NO_PRIVATE_KEY}. * * @param filter filter to select keys for removal * @return modified key ring */ public PGPSecretKeyRing removePrivateKeys(KeyFilter filter) { - return replacePrivateKeys(GNUExtension.NO_PRIVATE_KEY, null, filter); + return replacePrivateKeys(GnuPGDummyExtension.NO_PRIVATE_KEY, null, filter); } /** * Remove all private keys that match the given {@link KeyFilter} from the key ring and replace them with - * GNU_DUMMY keys with S2K protection mode {@link GNUExtension#DIVERT_TO_CARD}. + * GNU_DUMMY keys with S2K protection mode {@link GnuPGDummyExtension#DIVERT_TO_CARD}. * This method will set the serial number of the card to 0x00000000000000000000000000000000. * * NOTE: This method does not actually move any keys to a card. @@ -70,7 +74,7 @@ public final class GnuDummyKeyUtil { /** * Remove all private keys that match the given {@link KeyFilter} from the key ring and replace them with - * GNU_DUMMY keys with S2K protection mode {@link GNUExtension#DIVERT_TO_CARD}. + * GNU_DUMMY keys with S2K protection mode {@link GnuPGDummyExtension#DIVERT_TO_CARD}. * This method will include the card serial number into the encoded dummy key. * * NOTE: This method does not actually move any keys to a card. @@ -83,10 +87,10 @@ public final class GnuDummyKeyUtil { if (cardSerialNumber != null && cardSerialNumber.length > 16) { throw new IllegalArgumentException("Card serial number length cannot exceed 16 bytes."); } - return replacePrivateKeys(GNUExtension.DIVERT_TO_CARD, cardSerialNumber, filter); + return replacePrivateKeys(GnuPGDummyExtension.DIVERT_TO_CARD, cardSerialNumber, filter); } - private PGPSecretKeyRing replacePrivateKeys(GNUExtension extension, byte[] serial, KeyFilter filter) { + private PGPSecretKeyRing replacePrivateKeys(GnuPGDummyExtension extension, byte[] serial, KeyFilter filter) { byte[] encodedSerial = serial != null ? encodeSerial(serial) : null; S2K s2k = extensionToS2K(extension); @@ -122,12 +126,16 @@ public final class GnuDummyKeyUtil { return encoded; } - private S2K extensionToS2K(@Nonnull GNUExtension extension) { - return S2K.gnuDummyS2K(extension == GNUExtension.DIVERT_TO_CARD ? + private S2K extensionToS2K(@Nonnull GnuPGDummyExtension extension) { + return S2K.gnuDummyS2K(extension == GnuPGDummyExtension.DIVERT_TO_CARD ? S2K.GNUDummyParams.divertToCard() : S2K.GNUDummyParams.noPrivateKey()); } } + /** + * Filter for selecting keys. + */ + @FunctionalInterface public interface KeyFilter { /** @@ -140,6 +148,7 @@ public final class GnuDummyKeyUtil { /** * Select any key. + * * @return filter */ static KeyFilter any() { diff --git a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/HardwareSecurityTest.java b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/HardwareSecurityTest.java index f1606cec..a2160edf 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/HardwareSecurityTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/decryption_verification/HardwareSecurityTest.java @@ -17,7 +17,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRing; import org.junit.jupiter.api.Test; import org.pgpainless.PGPainless; import org.pgpainless.key.SubkeyIdentifier; -import org.pgpainless.key.gnu_dummy_s2k.GnuDummyKeyUtil; +import org.pgpainless.key.gnu_dummy_s2k.GnuPGDummyKeyUtil; import org.pgpainless.key.util.KeyIdUtil; public class HardwareSecurityTest { @@ -53,8 +53,8 @@ public class HardwareSecurityTest { assertTrue(HardwareSecurity.getIdsOfHardwareBackedKeys(secretKeys).isEmpty()); long encryptionKeyId = KeyIdUtil.fromLongKeyId("0AAD8F5891262F50"); - PGPSecretKeyRing withHardwareBackedEncryptionKey = GnuDummyKeyUtil.modify(secretKeys) - .divertPrivateKeysToCard(GnuDummyKeyUtil.KeyFilter.only(encryptionKeyId)); + PGPSecretKeyRing withHardwareBackedEncryptionKey = GnuPGDummyKeyUtil.modify(secretKeys) + .divertPrivateKeysToCard(GnuPGDummyKeyUtil.KeyFilter.only(encryptionKeyId)); Set hardwareBackedKeys = HardwareSecurity .getIdsOfHardwareBackedKeys(withHardwareBackedEncryptionKey); @@ -67,8 +67,8 @@ public class HardwareSecurityTest { PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(KEY); assertTrue(HardwareSecurity.getIdsOfHardwareBackedKeys(secretKeys).isEmpty()); - PGPSecretKeyRing withHardwareBackedEncryptionKey = GnuDummyKeyUtil.modify(secretKeys) - .divertPrivateKeysToCard(GnuDummyKeyUtil.KeyFilter.any()); + PGPSecretKeyRing withHardwareBackedEncryptionKey = GnuPGDummyKeyUtil.modify(secretKeys) + .divertPrivateKeysToCard(GnuPGDummyKeyUtil.KeyFilter.any()); Set expected = new HashSet<>(); for (PGPSecretKey key : secretKeys) { expected.add(new SubkeyIdentifier(secretKeys, key.getKeyID())); diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/GnuDummyKeyUtilTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyKeyUtilTest.java similarity index 93% rename from pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/GnuDummyKeyUtilTest.java rename to pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyKeyUtilTest.java index 99966903..1fc3b892 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/GnuDummyKeyUtilTest.java +++ b/pgpainless-core/src/test/java/org/pgpainless/key/gnu_dummy_s2k/GnuPGDummyKeyUtilTest.java @@ -17,7 +17,7 @@ import java.io.IOException; import static org.junit.jupiter.api.Assertions.assertArrayEquals; import static org.junit.jupiter.api.Assertions.assertEquals; -public class GnuDummyKeyUtilTest { +public class GnuPGDummyKeyUtilTest { // normal, non-hw-backed key private static final String FULL_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" + "Version: PGPainless\n" + @@ -153,8 +153,8 @@ public class GnuDummyKeyUtilTest { PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(FULL_KEY); PGPSecretKeyRing expected = PGPainless.readKeyRing().secretKeyRing(ALL_KEYS_ON_CARD); - PGPSecretKeyRing onCard = GnuDummyKeyUtil.modify(secretKeys) - .divertPrivateKeysToCard(GnuDummyKeyUtil.KeyFilter.any(), cardSerial); + PGPSecretKeyRing onCard = GnuPGDummyKeyUtil.modify(secretKeys) + .divertPrivateKeysToCard(GnuPGDummyKeyUtil.KeyFilter.any(), cardSerial); for (PGPSecretKey key : onCard) { assertEquals(SecretKeyPacket.USAGE_SHA1, key.getS2KUsage()); @@ -170,8 +170,8 @@ public class GnuDummyKeyUtilTest { PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(FULL_KEY); PGPSecretKeyRing expected = PGPainless.readKeyRing().secretKeyRing(PRIMARY_KEY_ON_CARD); - PGPSecretKeyRing onCard = GnuDummyKeyUtil.modify(secretKeys) - .divertPrivateKeysToCard(GnuDummyKeyUtil.KeyFilter.only(primaryKeyId), cardSerial); + PGPSecretKeyRing onCard = GnuPGDummyKeyUtil.modify(secretKeys) + .divertPrivateKeysToCard(GnuPGDummyKeyUtil.KeyFilter.only(primaryKeyId), cardSerial); assertArrayEquals(expected.getEncoded(), onCard.getEncoded()); } @@ -181,8 +181,8 @@ public class GnuDummyKeyUtilTest { PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(FULL_KEY); PGPSecretKeyRing expected = PGPainless.readKeyRing().secretKeyRing(ENCRYPTION_KEY_ON_CARD); - PGPSecretKeyRing onCard = GnuDummyKeyUtil.modify(secretKeys) - .divertPrivateKeysToCard(GnuDummyKeyUtil.KeyFilter.only(encryptionKeyId), cardSerial); + PGPSecretKeyRing onCard = GnuPGDummyKeyUtil.modify(secretKeys) + .divertPrivateKeysToCard(GnuPGDummyKeyUtil.KeyFilter.only(encryptionKeyId), cardSerial); assertArrayEquals(expected.getEncoded(), onCard.getEncoded()); } @@ -192,8 +192,8 @@ public class GnuDummyKeyUtilTest { PGPSecretKeyRing secretKeys = PGPainless.readKeyRing().secretKeyRing(FULL_KEY); PGPSecretKeyRing expected = PGPainless.readKeyRing().secretKeyRing(SIGNATURE_KEY_ON_CARD); - PGPSecretKeyRing onCard = GnuDummyKeyUtil.modify(secretKeys) - .divertPrivateKeysToCard(GnuDummyKeyUtil.KeyFilter.only(signatureKeyId), cardSerial); + PGPSecretKeyRing onCard = GnuPGDummyKeyUtil.modify(secretKeys) + .divertPrivateKeysToCard(GnuPGDummyKeyUtil.KeyFilter.only(signatureKeyId), cardSerial); assertArrayEquals(expected.getEncoded(), onCard.getEncoded()); }