mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-24 19:06:24 +01:00
Prevent adding NULL to symmetric algorithm preference when generating key
Fixes #301
This commit is contained in:
parent
32e1f1234b
commit
ba191a1d0f
2 changed files with 19 additions and 0 deletions
|
@ -64,6 +64,11 @@ public class KeySpecBuilder implements KeySpecBuilderInterface {
|
||||||
@Override
|
@Override
|
||||||
public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(
|
public KeySpecBuilder overridePreferredSymmetricKeyAlgorithms(
|
||||||
@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) {
|
@Nonnull SymmetricKeyAlgorithm... preferredSymmetricKeyAlgorithms) {
|
||||||
|
for (SymmetricKeyAlgorithm algo : preferredSymmetricKeyAlgorithms) {
|
||||||
|
if (algo == SymmetricKeyAlgorithm.NULL) {
|
||||||
|
throw new IllegalArgumentException("NULL (unencrypted) is an invalid symmetric key algorithm preference.");
|
||||||
|
}
|
||||||
|
}
|
||||||
this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms));
|
this.preferredSymmetricAlgorithms = new LinkedHashSet<>(Arrays.asList(preferredSymmetricKeyAlgorithms));
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,20 +9,34 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||||
import org.junit.jupiter.api.Test;
|
import org.junit.jupiter.api.Test;
|
||||||
import org.pgpainless.PGPainless;
|
import org.pgpainless.PGPainless;
|
||||||
|
import org.pgpainless.algorithm.KeyFlag;
|
||||||
|
import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
|
||||||
import org.pgpainless.encryption_signing.EncryptionOptions;
|
import org.pgpainless.encryption_signing.EncryptionOptions;
|
||||||
import org.pgpainless.encryption_signing.EncryptionResult;
|
import org.pgpainless.encryption_signing.EncryptionResult;
|
||||||
import org.pgpainless.encryption_signing.EncryptionStream;
|
import org.pgpainless.encryption_signing.EncryptionStream;
|
||||||
import org.pgpainless.encryption_signing.ProducerOptions;
|
import org.pgpainless.encryption_signing.ProducerOptions;
|
||||||
|
import org.pgpainless.key.generation.type.KeyType;
|
||||||
|
import org.pgpainless.key.generation.type.rsa.RsaLength;
|
||||||
|
|
||||||
import java.io.ByteArrayOutputStream;
|
import java.io.ByteArrayOutputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.nio.charset.StandardCharsets;
|
import java.nio.charset.StandardCharsets;
|
||||||
|
|
||||||
import static org.junit.jupiter.api.Assertions.assertEquals;
|
import static org.junit.jupiter.api.Assertions.assertEquals;
|
||||||
|
import static org.junit.jupiter.api.Assertions.assertThrows;
|
||||||
import static org.junit.jupiter.api.Assertions.assertTrue;
|
import static org.junit.jupiter.api.Assertions.assertTrue;
|
||||||
|
|
||||||
public class StupidAlgorithmPreferenceEncryptionTest {
|
public class StupidAlgorithmPreferenceEncryptionTest {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testPreventUnencryptedAlgorithmPreferenceDuringKeyGeneration() {
|
||||||
|
KeySpecBuilder specBuilder = KeySpec.getBuilder(KeyType.RSA(RsaLength._4096), KeyFlag.CERTIFY_OTHER);
|
||||||
|
assertThrows(IllegalArgumentException.class, () ->
|
||||||
|
specBuilder.overridePreferredSymmetricKeyAlgorithms(
|
||||||
|
SymmetricKeyAlgorithm.AES_256, SymmetricKeyAlgorithm.AES_192,
|
||||||
|
SymmetricKeyAlgorithm.AES_128, SymmetricKeyAlgorithm.NULL));
|
||||||
|
}
|
||||||
|
|
||||||
// RSA key with symmetric algorithm preference "NULL" (unencrypted).
|
// RSA key with symmetric algorithm preference "NULL" (unencrypted).
|
||||||
private static final String STUPID_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
|
private static final String STUPID_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
|
||||||
"Version: PGPainless\n" +
|
"Version: PGPainless\n" +
|
||||||
|
|
Loading…
Reference in a new issue