1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-22 19:08:00 +01:00

Add feature-related utilities and tests

This commit is contained in:
Paul Schaub 2021-10-04 13:32:04 +02:00
parent 7113dd1d7e
commit bccf384dbf
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
3 changed files with 216 additions and 0 deletions

View file

@ -15,6 +15,8 @@
*/
package org.pgpainless.algorithm;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
@ -34,6 +36,8 @@ public enum Feature {
* RFC-4880 §5.14: Modification Detection Code Packet</a>
*/
MODIFICATION_DETECTION(Features.FEATURE_MODIFICATION_DETECTION),
AEAD_ENCRYPTED_DATA(Features.FEATURE_AEAD_ENCRYPTED_DATA),
VERSION_5_PUBLIC_KEY(Features.FEATURE_VERSION_5_PUBLIC_KEY)
;
private static final Map<Byte, Feature> MAP = new ConcurrentHashMap<>();
@ -57,4 +61,34 @@ public enum Feature {
public byte getFeatureId() {
return featureId;
}
/**
* Convert a bitmask into a list of {@link KeyFlag KeyFlags}.
*
* @param bitmask bitmask
* @return list of key flags encoded by the bitmask
*/
public static List<Feature> fromBitmask(int bitmask) {
List<Feature> features = new ArrayList<>();
for (Feature f : Feature.values()) {
if ((bitmask & f.featureId) != 0) {
features.add(f);
}
}
return features;
}
/**
* Encode a list of {@link KeyFlag KeyFlags} into a bitmask.
*
* @param features list of flags
* @return bitmask
*/
public static byte toBitmask(Feature... features) {
byte mask = 0;
for (Feature f : features) {
mask |= f.featureId;
}
return mask;
}
}

View file

@ -49,6 +49,7 @@ import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.PGPSignatureSubpacketVector;
import org.bouncycastle.util.encoders.Hex;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.KeyFlag;
import org.pgpainless.algorithm.SignatureSubpacket;
@ -356,6 +357,22 @@ public final class SignatureSubpacketsUtil {
return hashed(signature, SignatureSubpacket.features);
}
/**
* Parse out the features subpacket of a signature.
* If the signature has no features subpacket, return null.
* Otherwise, return the features as a feature set.
*
* @param signature signature
* @return features as set
*/
public static @Nullable Set<Feature> parseFeatures(PGPSignature signature) {
Features features = getFeatures(signature);
if (features == null) {
return null;
}
return new LinkedHashSet<>(Feature.fromBitmask(features.getData()[0]));
}
/**
* Return the signature target subpacket from the signature.
* We search for this subpacket in the hashed and unhashed area (in this order).

View file

@ -0,0 +1,165 @@
/*
* Copyright 2021 Paul Schaub.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.pgpainless.signature;
import static org.junit.jupiter.api.Assertions.assertEquals;
import static org.junit.jupiter.api.Assertions.assertFalse;
import static org.junit.jupiter.api.Assertions.assertNotNull;
import static org.junit.jupiter.api.Assertions.assertNull;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.junit.jupiter.api.Assertions.assertTrue;
import java.io.IOException;
import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.time.temporal.ChronoUnit;
import java.util.Arrays;
import java.util.Date;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.Set;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.bouncycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.junit.jupiter.api.Test;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.Feature;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.TestKeys;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.policy.Policy;
import org.pgpainless.signature.subpackets.SignatureSubpacketsUtil;
public class SignatureSubpacketsUtilTest {
@Test
public void test() throws PGPException, InvalidAlgorithmParameterException, NoSuchAlgorithmException {
PGPSecretKeyRing secretKeys = PGPainless.generateKeyRing()
.modernKeyRing("Expire", null);
Date expiration = Date.from(new Date().toInstant().plus(365, ChronoUnit.DAYS));
secretKeys = PGPainless.modifyKeyRing(secretKeys)
.setExpirationDate(expiration, SecretKeyRingProtector.unprotectedKeys())
.done();
PGPSignature expirationSig = SignaturePicker.pickCurrentUserIdCertificationSignature(secretKeys, "Expire", Policy.getInstance(), new Date());
PGPPublicKey notTheRightKey = PGPainless.inspectKeyRing(secretKeys).getSigningSubkeys().get(0);
assertThrows(IllegalArgumentException.class, () ->
SignatureSubpacketsUtil.getKeyExpirationTimeAsDate(expirationSig, notTheRightKey));
}
@Test
public void testGetRevocable() throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
PGPSignature withoutRevocable = generator.generateCertification(secretKeys.getPublicKey());
assertNull(SignatureSubpacketsUtil.getRevocable(withoutRevocable));
generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
PGPSignatureSubpacketGenerator hashed = new PGPSignatureSubpacketGenerator();
hashed.setRevocable(true, true);
generator.setHashedSubpackets(hashed.generate());
PGPSignature withRevocable = generator.generateCertification(secretKeys.getPublicKey());
assertNotNull(SignatureSubpacketsUtil.getRevocable(withRevocable));
}
@Test
public void testParsePreferredCompressionAlgorithms() throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
PGPSignatureSubpacketGenerator hashed = new PGPSignatureSubpacketGenerator();
Set<CompressionAlgorithm> compressionAlgorithmSet = new LinkedHashSet<>(Arrays.asList(CompressionAlgorithm.BZIP2, CompressionAlgorithm.ZIP));
int[] ids = new int[compressionAlgorithmSet.size()];
Iterator<CompressionAlgorithm> it = compressionAlgorithmSet.iterator();
for (int i = 0; i < ids.length; i++) {
ids[i] = it.next().getAlgorithmId();
}
hashed.setPreferredCompressionAlgorithms(true, ids);
generator.setHashedSubpackets(hashed.generate());
PGPSignature signature = generator.generateCertification(secretKeys.getPublicKey());
Set<CompressionAlgorithm> parsed = SignatureSubpacketsUtil.parsePreferredCompressionAlgorithms(signature);
assertEquals(compressionAlgorithmSet, parsed);
}
@Test
public void testParseKeyFlagsOfNullIsNull() {
assertNull(SignatureSubpacketsUtil.parseKeyFlags(null));
}
@Test
public void testParseKeyFlagsOfNullSubpacketIsNull() throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
PGPSignature withoutKeyFlags = generator.generateCertification(secretKeys.getPublicKey());
assertNull(SignatureSubpacketsUtil.parseKeyFlags(withoutKeyFlags));
}
@Test
public void testParseFeaturesIsNullForNullSubpacket() throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
PGPSignature withoutKeyFlags = generator.generateCertification(secretKeys.getPublicKey());
assertNull(SignatureSubpacketsUtil.parseFeatures(withoutKeyFlags));
}
@Test
public void testParseFeatures() throws PGPException, IOException {
PGPSecretKeyRing secretKeys = TestKeys.getEmilSecretKeyRing();
PGPPrivateKey certKey = UnlockSecretKey.unlockSecretKey(secretKeys.getSecretKey(), SecretKeyRingProtector.unprotectedKeys());
PGPSignatureGenerator generator = getSignatureGenerator(certKey, SignatureType.CASUAL_CERTIFICATION);
PGPSignatureSubpacketGenerator hashed = new PGPSignatureSubpacketGenerator();
hashed.setFeature(true, Feature.toBitmask(Feature.MODIFICATION_DETECTION, Feature.AEAD_ENCRYPTED_DATA));
generator.setHashedSubpackets(hashed.generate());
PGPSignature signature = generator.generateCertification(secretKeys.getPublicKey());
Set<Feature> featureSet = SignatureSubpacketsUtil.parseFeatures(signature);
assertEquals(2, featureSet.size());
assertTrue(featureSet.contains(Feature.MODIFICATION_DETECTION));
assertTrue(featureSet.contains(Feature.AEAD_ENCRYPTED_DATA));
assertFalse(featureSet.contains(Feature.VERSION_5_PUBLIC_KEY));
}
private PGPSignatureGenerator getSignatureGenerator(PGPPrivateKey signingKey,
SignatureType signatureType) throws PGPException {
PGPSignatureGenerator signatureGenerator = new PGPSignatureGenerator(
ImplementationFactory.getInstance().getPGPContentSignerBuilder(
signingKey.getPublicKeyPacket().getAlgorithm(),
HashAlgorithm.SHA512.getAlgorithmId()));
signatureGenerator.init(signatureType.getCode(), signingKey);
return signatureGenerator;
}
}