From 4f0493bce7a071c3e95d733bc7263d7381edc7cf Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sat, 9 Jan 2021 20:40:10 +0100 Subject: [PATCH] Test that the encryptionStreamBuilder will not encrypt to keys with missing flags --- ...ncryptCommsStorageFlagsDifferentiated.java | 61 +++++++++++++++++++ .../weird_keys/TestTwoSubkeysEncryption.java | 2 +- 2 files changed, 62 insertions(+), 1 deletion(-) create mode 100644 pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java diff --git a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java new file mode 100644 index 00000000..d24ca9c2 --- /dev/null +++ b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestEncryptCommsStorageFlagsDifferentiated.java @@ -0,0 +1,61 @@ +/* + * Copyright 2021 Paul Schaub. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.pgpainless.weird_keys; + +import static org.junit.jupiter.api.Assertions.assertThrows; + +import java.io.ByteArrayOutputStream; +import java.io.IOException; +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKeyRing; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.junit.jupiter.api.Test; +import org.pgpainless.PGPainless; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.encryption_signing.EncryptionBuilderInterface; +import org.pgpainless.encryption_signing.EncryptionStream; +import org.pgpainless.key.generation.KeySpec; +import org.pgpainless.key.generation.type.KeyType; +import org.pgpainless.key.generation.type.rsa.RsaLength; +import org.pgpainless.key.util.KeyRingUtils; + +public class TestEncryptCommsStorageFlagsDifferentiated { + + @Test + public void testThatEncryptionDifferentiatesBetweenPurposeKeyFlags() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException, IOException { + PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() + .withMasterKey(KeySpec.getBuilder(KeyType.RSA(RsaLength._3072)) + .withKeyFlags(KeyFlag.CERTIFY_OTHER, + KeyFlag.SIGN_DATA, + KeyFlag.ENCRYPT_STORAGE // no ENCRYPT_COMMS + ) + .withDefaultAlgorithms()) + .withPrimaryUserId("cannot@encrypt.comms") + .withoutPassphrase() + .build(); + PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(secretKeys); + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + EncryptionBuilderInterface.ToRecipients builder = PGPainless.encryptAndOrSign(EncryptionStream.Purpose.COMMUNICATIONS) + .onOutputStream(out); + + // since the key does not carry the flag ENCRYPT_COMMS, it cannot be used by the stream. + assertThrows(IllegalStateException.class, () -> builder.toRecipients(publicKeys)); + } +} diff --git a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java index 14026346..0d978838 100644 --- a/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java +++ b/pgpainless-core/src/test/java/org/pgpainless/weird_keys/TestTwoSubkeysEncryption.java @@ -55,7 +55,7 @@ public class TestTwoSubkeysEncryption { PGPSecretKeyRing twoSuitableSubkeysKeyRing = WeirdKeys.getTwoCryptSubkeysKey(); PGPPublicKeyRing publicKeys = KeyRingUtils.publicKeyRingFrom(twoSuitableSubkeysKeyRing); ByteArrayOutputStream out = new ByteArrayOutputStream(); - EncryptionStream encryptionStream = PGPainless.encryptAndOrSign() + EncryptionStream encryptionStream = PGPainless.encryptAndOrSign(EncryptionStream.Purpose.STORAGE) .onOutputStream(out) .toRecipients(publicKeys) .usingSecureAlgorithms()