diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java index a861516a..e59e87fa 100644 --- a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java +++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/EncryptionKeySelectionStrategy.java @@ -18,6 +18,7 @@ package org.pgpainless.key.selection.key.impl; import javax.annotation.Nonnull; import org.bouncycastle.openpgp.PGPPublicKey; +import org.pgpainless.algorithm.KeyFlag; import org.pgpainless.key.selection.key.PublicKeySelectionStrategy; /** @@ -25,8 +26,11 @@ import org.pgpainless.key.selection.key.PublicKeySelectionStrategy; */ public class EncryptionKeySelectionStrategy extends PublicKeySelectionStrategy { + private static final HasKeyFlagSelectionStrategy.PublicKey HAS_ENCRYPT_COMMS_FLAG = + new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS); + @Override public boolean accept(@Nonnull PGPPublicKey key) { - return key.isEncryptionKey(); + return key.isEncryptionKey() && HAS_ENCRYPT_COMMS_FLAG.accept(key); } } diff --git a/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/HasKeyFlagSelectionStrategy.java b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/HasKeyFlagSelectionStrategy.java new file mode 100644 index 00000000..4a414140 --- /dev/null +++ b/pgpainless-core/src/main/java/org/pgpainless/key/selection/key/impl/HasKeyFlagSelectionStrategy.java @@ -0,0 +1,68 @@ +/* + * Copyright 2021 Paul Schaub. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.pgpainless.key.selection.key.impl; + +import java.util.Iterator; + +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPSecretKey; +import org.bouncycastle.openpgp.PGPSignature; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.key.selection.key.PublicKeySelectionStrategy; +import org.pgpainless.key.selection.key.SecretKeySelectionStrategy; + +public class HasKeyFlagSelectionStrategy { + + public static class PublicKey extends PublicKeySelectionStrategy { + + private final int keyFlagMask; + + public PublicKey(KeyFlag... flags) { + this(KeyFlag.toBitmask(flags)); + } + + public PublicKey(int mask) { + this.keyFlagMask = mask; + } + + @Override + public boolean accept(PGPPublicKey key) { + Iterator signatures = key.getSignatures(); + int flags = signatures.next().getHashedSubPackets().getKeyFlags(); + return (keyFlagMask & flags) == keyFlagMask; + } + } + + public static class SecretKey extends SecretKeySelectionStrategy { + + private final int keyFlagMask; + + public SecretKey(KeyFlag... flags) { + this(KeyFlag.toBitmask(flags)); + } + + public SecretKey(int mask) { + this.keyFlagMask = mask; + } + + @Override + public boolean accept(PGPSecretKey key) { + Iterator signatures = key.getPublicKey().getSignatures(); + int flags = signatures.next().getHashedSubPackets().getKeyFlags(); + return (keyFlagMask & flags) == keyFlagMask; + } + } +} diff --git a/pgpainless-core/src/test/java/org/pgpainless/key/selection/key/HasKeyFlagsSelectionStrategyTest.java b/pgpainless-core/src/test/java/org/pgpainless/key/selection/key/HasKeyFlagsSelectionStrategyTest.java new file mode 100644 index 00000000..0588c039 --- /dev/null +++ b/pgpainless-core/src/test/java/org/pgpainless/key/selection/key/HasKeyFlagsSelectionStrategyTest.java @@ -0,0 +1,108 @@ +/* + * Copyright 2021 Paul Schaub. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ +package org.pgpainless.key.selection.key; + +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; + +import java.security.InvalidAlgorithmParameterException; +import java.security.NoSuchAlgorithmException; +import java.util.Iterator; + +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPPublicKey; +import org.bouncycastle.openpgp.PGPSecretKey; +import org.bouncycastle.openpgp.PGPSecretKeyRing; +import org.junit.jupiter.api.Test; +import org.pgpainless.PGPainless; +import org.pgpainless.algorithm.KeyFlag; +import org.pgpainless.key.generation.KeySpec; +import org.pgpainless.key.generation.type.KeyType; +import org.pgpainless.key.generation.type.ecc.EllipticCurve; +import org.pgpainless.key.generation.type.eddsa.EdDSACurve; +import org.pgpainless.key.generation.type.xdh.XDHCurve; +import org.pgpainless.key.selection.key.impl.HasKeyFlagSelectionStrategy; + +public class HasKeyFlagsSelectionStrategyTest { + + @Test + public void testKeyFlagSelectors() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException, PGPException { + PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing() + .withSubKey(KeySpec.getBuilder(KeyType.ECDSA(EllipticCurve._P256)) + .withKeyFlags(KeyFlag.SIGN_DATA) + .withDefaultAlgorithms()) + .withSubKey(KeySpec.getBuilder(KeyType.XDH(XDHCurve._X25519)) + .withKeyFlags(KeyFlag.ENCRYPT_COMMS) + .withDefaultAlgorithms()) + .withMasterKey(KeySpec.getBuilder(KeyType.EDDSA(EdDSACurve._Ed25519)) + .withKeyFlags(KeyFlag.CERTIFY_OTHER, KeyFlag.AUTHENTICATION) + .withDefaultAlgorithms()) + .withPrimaryUserId("test@test.test") + .withoutPassphrase().build(); + + Iterator iterator = secretKeys.iterator(); + // CERTIFY_OTHER and AUTHENTICATION + PGPSecretKey s_primaryKey = iterator.next(); + // SIGN_DATA + PGPSecretKey s_signingKey = iterator.next(); + // ENCRYPT_COMMS + PGPSecretKey s_encryptionKey = iterator.next(); + + HasKeyFlagSelectionStrategy.SecretKey s_certifyOther = + new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.CERTIFY_OTHER); + HasKeyFlagSelectionStrategy.SecretKey s_encryptComms = + new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS); + HasKeyFlagSelectionStrategy.SecretKey s_encryptCommsEncryptStorage = + new HasKeyFlagSelectionStrategy.SecretKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE); + + assertTrue(s_certifyOther.accept(s_primaryKey)); + assertFalse(s_certifyOther.accept(s_encryptionKey)); + assertFalse(s_certifyOther.accept(s_signingKey)); + + assertTrue(s_encryptComms.accept(s_encryptionKey)); + assertFalse(s_encryptComms.accept(s_primaryKey)); + assertFalse(s_encryptComms.accept(s_signingKey)); + + assertFalse(s_encryptCommsEncryptStorage.accept(s_encryptionKey), + "Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE"); + assertFalse(s_encryptCommsEncryptStorage.accept(s_primaryKey)); + assertFalse(s_encryptCommsEncryptStorage.accept(s_signingKey)); + + PGPPublicKey p_primaryKey = s_primaryKey.getPublicKey(); + PGPPublicKey p_encryptionKey = s_encryptionKey.getPublicKey(); + PGPPublicKey p_signingKey = s_signingKey.getPublicKey(); + + HasKeyFlagSelectionStrategy.PublicKey p_certifyOther = + new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.CERTIFY_OTHER); + HasKeyFlagSelectionStrategy.PublicKey p_encryptComms = + new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS); + HasKeyFlagSelectionStrategy.PublicKey p_encryptCommsEncryptStorage = + new HasKeyFlagSelectionStrategy.PublicKey(KeyFlag.ENCRYPT_COMMS, KeyFlag.ENCRYPT_STORAGE); + + assertTrue(p_certifyOther.accept(p_primaryKey)); + assertFalse(p_certifyOther.accept(p_encryptionKey)); + assertFalse(p_certifyOther.accept(p_signingKey)); + + assertTrue(p_encryptComms.accept(p_encryptionKey)); + assertFalse(p_encryptComms.accept(p_primaryKey)); + assertFalse(p_encryptComms.accept(p_signingKey)); + + assertFalse(p_encryptCommsEncryptStorage.accept(p_encryptionKey), + "Must not accept the key, as it only carries ENCRYPT_COMMS, but not ENCRYPT_STORAGE"); + assertFalse(p_encryptCommsEncryptStorage.accept(p_primaryKey)); + assertFalse(p_encryptCommsEncryptStorage.accept(p_signingKey)); + } +}