mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-01-10 12:17:59 +01:00
Reinstate integrity-protection and fix tests
Integrity Protection is now checked when reading from the stream, not only when closing.
This commit is contained in:
parent
654493dfcc
commit
fbcde13df3
3 changed files with 46 additions and 15 deletions
|
@ -272,13 +272,15 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
PGPPBEEncryptedData skesk = (PGPPBEEncryptedData) esk;
|
||||
InputStream decrypted = skesk.getDataStream(decryptorFactory);
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, skesk, options);
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(integrityProtected), options, encryptedData, policy);
|
||||
return true;
|
||||
} else if (esk instanceof PGPPublicKeyEncryptedData) {
|
||||
PGPPublicKeyEncryptedData pkesk = (PGPPublicKeyEncryptedData) esk;
|
||||
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(integrityProtected), options, encryptedData, policy);
|
||||
return true;
|
||||
} else {
|
||||
throw new RuntimeException("Unknown ESK class type: " + esk.getClass().getName());
|
||||
|
@ -302,7 +304,8 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
throwIfUnacceptable(sessionKey.getAlgorithm());
|
||||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(sessionKey.getAlgorithm());
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, skesk, options);
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(integrityProtected), options, encryptedData, policy);
|
||||
return true;
|
||||
} catch (UnacceptableAlgorithmException e) {
|
||||
throw e;
|
||||
|
@ -334,7 +337,8 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(integrityProtected), options, encryptedData, policy);
|
||||
return true;
|
||||
} catch (UnacceptableAlgorithmException e) {
|
||||
throw e;
|
||||
|
@ -359,7 +363,9 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
MessageMetadata.EncryptedData encryptedData = new MessageMetadata.EncryptedData(
|
||||
SymmetricKeyAlgorithm.requireFromId(pkesk.getSymmetricAlgorithm(decryptorFactory)));
|
||||
encryptedData.sessionKey = sessionKey;
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(decrypted), options, encryptedData, policy);
|
||||
|
||||
IntegrityProtectedInputStream integrityProtected = new IntegrityProtectedInputStream(decrypted, pkesk, options);
|
||||
nestedInputStream = new OpenPgpMessageInputStream(buffer(integrityProtected), options, encryptedData, policy);
|
||||
return true;
|
||||
} catch (PGPException e) {
|
||||
// hm :/
|
||||
|
@ -491,6 +497,7 @@ public class OpenPgpMessageInputStream extends DecryptionStream {
|
|||
|
||||
automaton.next(InputAlphabet.EndOfSequence);
|
||||
automaton.assertValid();
|
||||
packetInputStream.close();
|
||||
closed = true;
|
||||
}
|
||||
|
||||
|
|
|
@ -96,6 +96,12 @@ public class TeeBCPGInputStream {
|
|||
return markerPacket;
|
||||
}
|
||||
|
||||
|
||||
public void close() throws IOException {
|
||||
this.packetInputStream.close();
|
||||
this.delayedTee.close();
|
||||
}
|
||||
|
||||
public static class DelayedTeeInputStreamInputStream extends InputStream {
|
||||
|
||||
private int last = -1;
|
||||
|
@ -112,8 +118,12 @@ public class TeeBCPGInputStream {
|
|||
if (last != -1) {
|
||||
outputStream.write(last);
|
||||
}
|
||||
last = inputStream.read();
|
||||
return last;
|
||||
try {
|
||||
last = inputStream.read();
|
||||
return last;
|
||||
} catch (IOException e) {
|
||||
return -1;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -127,5 +137,11 @@ public class TeeBCPGInputStream {
|
|||
}
|
||||
last = -1;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void close() throws IOException {
|
||||
inputStream.close();
|
||||
outputStream.close();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -238,8 +238,10 @@ public class ModificationDetectionTests {
|
|||
);
|
||||
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
assertThrows(ModificationDetectionException.class, decryptionStream::close);
|
||||
assertThrows(ModificationDetectionException.class, () -> {
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
decryptionStream.close();
|
||||
});
|
||||
}
|
||||
|
||||
@TestTemplate
|
||||
|
@ -269,8 +271,10 @@ public class ModificationDetectionTests {
|
|||
);
|
||||
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
assertThrows(ModificationDetectionException.class, decryptionStream::close);
|
||||
assertThrows(ModificationDetectionException.class, () -> {
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
decryptionStream.close();
|
||||
});
|
||||
}
|
||||
|
||||
@TestTemplate
|
||||
|
@ -313,8 +317,10 @@ public class ModificationDetectionTests {
|
|||
);
|
||||
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
assertThrows(ModificationDetectionException.class, decryptionStream::close);
|
||||
assertThrows(ModificationDetectionException.class, () -> {
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
decryptionStream.close();
|
||||
});
|
||||
}
|
||||
|
||||
@TestTemplate
|
||||
|
@ -344,8 +350,10 @@ public class ModificationDetectionTests {
|
|||
);
|
||||
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
assertThrows(ModificationDetectionException.class, decryptionStream::close);
|
||||
assertThrows(ModificationDetectionException.class, () -> {
|
||||
Streams.pipeAll(decryptionStream, out);
|
||||
decryptionStream.close();
|
||||
});
|
||||
}
|
||||
|
||||
@TestTemplate
|
||||
|
|
Loading…
Reference in a new issue