1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-01-12 05:06:23 +01:00

Fix NPEs and expose decryption keys

This commit is contained in:
Paul Schaub 2022-10-17 02:47:11 +02:00
parent fff69f89e0
commit de67461fb2
2 changed files with 40 additions and 10 deletions

View file

@ -7,6 +7,7 @@ package org.pgpainless.decryption_verification;
import org.pgpainless.algorithm.CompressionAlgorithm; import org.pgpainless.algorithm.CompressionAlgorithm;
import org.pgpainless.algorithm.StreamEncoding; import org.pgpainless.algorithm.StreamEncoding;
import org.pgpainless.algorithm.SymmetricKeyAlgorithm; import org.pgpainless.algorithm.SymmetricKeyAlgorithm;
import org.pgpainless.key.SubkeyIdentifier;
import org.pgpainless.util.SessionKey; import org.pgpainless.util.SessionKey;
import javax.annotation.Nonnull; import javax.annotation.Nonnull;
@ -182,6 +183,24 @@ public class MessageMetadata {
return (LiteralData) nested; return (LiteralData) nested;
} }
public SubkeyIdentifier getDecryptionKey() {
Iterator<SubkeyIdentifier> iterator = new LayerIterator<SubkeyIdentifier>(message) {
@Override
public boolean matches(Nested layer) {
return layer instanceof EncryptedData;
}
@Override
public SubkeyIdentifier getProperty(Layer last) {
return ((EncryptedData) last).decryptionKey;
}
};
if (iterator.hasNext()) {
return iterator.next();
}
return null;
}
public abstract static class Layer { public abstract static class Layer {
protected final List<SignatureVerification> verifiedDetachedSignatures = new ArrayList<>(); protected final List<SignatureVerification> verifiedDetachedSignatures = new ArrayList<>();
protected final List<SignatureVerification.Failure> rejectedDetachedSignatures = new ArrayList<>(); protected final List<SignatureVerification.Failure> rejectedDetachedSignatures = new ArrayList<>();
@ -309,6 +328,7 @@ public class MessageMetadata {
public static class EncryptedData extends Layer implements Nested { public static class EncryptedData extends Layer implements Nested {
protected final SymmetricKeyAlgorithm algorithm; protected final SymmetricKeyAlgorithm algorithm;
protected SubkeyIdentifier decryptionKey;
protected SessionKey sessionKey; protected SessionKey sessionKey;
protected List<Long> recipients; protected List<Long> recipients;

View file

@ -334,6 +334,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData( MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory))); SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
encryptedData.decryptionKey = new SubkeyIdentifier(decryptionKeys, decryptionKey.getKeyID());
encryptedData.sessionKey = sessionKey; encryptedData.sessionKey = sessionKey;
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options); IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
@ -361,6 +362,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData( MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory))); SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
encryptedData.decryptionKey = new SubkeyIdentifier(decryptionKeyCandidate.getA(), privateKey.getKeyID());
encryptedData.sessionKey = sessionKey; encryptedData.sessionKey = sessionKey;
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options); IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
@ -560,8 +562,6 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
final List<PGPSignature> correspondingSignatures; final List<PGPSignature> correspondingSignatures;
boolean isLiteral = true; boolean isLiteral = true;
final List<PGPSignature> verified = new ArrayList<>();
private Signatures(ConsumerOptions options) { private Signatures(ConsumerOptions options) {
this.options = options; this.options = options;
this.detachedSignatures = new ArrayList<>(); this.detachedSignatures = new ArrayList<>();
@ -580,24 +580,33 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
void addDetachedSignature(PGPSignature signature) { void addDetachedSignature(PGPSignature signature) {
long keyId = SignatureUtils.determineIssuerKeyId(signature); long keyId = SignatureUtils.determineIssuerKeyId(signature);
PGPPublicKeyRing certificate = findCertificate(keyId); PGPPublicKeyRing certificate = findCertificate(keyId);
initialize(signature, certificate, keyId);
this.detachedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId)); if (certificate != null) {
initialize(signature, certificate, keyId);
this.detachedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId));
}
} }
void addPrependedSignature(PGPSignature signature) { void addPrependedSignature(PGPSignature signature) {
long keyId = SignatureUtils.determineIssuerKeyId(signature); long keyId = SignatureUtils.determineIssuerKeyId(signature);
PGPPublicKeyRing certificate = findCertificate(keyId); PGPPublicKeyRing certificate = findCertificate(keyId);
initialize(signature, certificate, keyId);
this.prependedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId)); if (certificate != null) {
initialize(signature, certificate, keyId);
this.prependedSignatures.add(new DetachedOrPrependedSignature(signature, certificate, keyId));
}
} }
void addOnePassSignature(PGPOnePassSignature signature) { void addOnePassSignature(PGPOnePassSignature signature) {
PGPPublicKeyRing certificate = findCertificate(signature.getKeyID()); PGPPublicKeyRing certificate = findCertificate(signature.getKeyID());
OnePassSignature ops = new OnePassSignature(signature, certificate, signature.getKeyID());
ops.init(certificate);
onePassSignatures.add(ops);
literalOPS.add(ops); if (certificate != null) {
OnePassSignature ops = new OnePassSignature(signature, certificate, signature.getKeyID());
ops.init(certificate);
onePassSignatures.add(ops);
literalOPS.add(ops);
}
if (signature.isContaining()) { if (signature.isContaining()) {
enterNesting(); enterNesting();
} }
@ -898,6 +907,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
resultBuilder.setFileName(m.getFilename()); resultBuilder.setFileName(m.getFilename());
resultBuilder.setFileEncoding(m.getFormat()); resultBuilder.setFileEncoding(m.getFormat());
resultBuilder.setSessionKey(m.getSessionKey()); resultBuilder.setSessionKey(m.getSessionKey());
resultBuilder.setDecryptionKey(m.getDecryptionKey());
for (SignatureVerification accepted : m.getVerifiedDetachedSignatures()) { for (SignatureVerification accepted : m.getVerifiedDetachedSignatures()) {
resultBuilder.addVerifiedDetachedSignature(accepted); resultBuilder.addVerifiedDetachedSignature(accepted);