List of usage examples for org.bouncycastle.bcpg PacketTags SECRET_SUBKEY
int SECRET_SUBKEY
To view the source code for org.bouncycastle.bcpg PacketTags SECRET_SUBKEY.
Click Source Link
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testSubkeyStrip() throws Exception { long keyId = KeyringTestingHelper.getSubkeyId(ring, 1); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false)); applyModificationWithChecks(parcel, ring, onlyA, onlyB); Assert.assertEquals("one extra packet in original", 1, onlyA.size()); Assert.assertEquals("one extra packet in modified", 1, onlyB.size()); Assert.assertEquals("old packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyA.get(0).tag); Assert.assertEquals("new packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyB.get(0).tag); Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); Assert.assertEquals("new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, ((SecretSubkeyPacket) p).getS2K().getType()); Assert.assertEquals("new packet should have GNU_DUMMY protection mode 0x1", 0x1, ((SecretSubkeyPacket) p).getS2K().getProtectionMode()); Assert.assertEquals("new packet secret key data should have length zero", 0, ((SecretSubkeyPacket) p).getSecretKeyData().length); Assert.assertNull("new packet should have no iv data", ((SecretSubkeyPacket) p).getIV()); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testPassphraseChange() throws Exception { // change passphrase to empty parcel.setNewUnlock(new ChangeUnlockParcel(new Passphrase())); // note that canonicalization here necessarily strips the empty notation packet UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, cryptoInput); Assert.assertEquals("exactly three packets should have been modified (the secret keys)", 3, onlyB.size()); // remember secret key packet with no passphrase for later RawPacket sKeyNoPassphrase = onlyB.get(1); Assert.assertEquals("extracted packet should be a secret subkey", PacketTags.SECRET_SUBKEY, sKeyNoPassphrase.tag);// w w w . j av a 2s. co m // modify keyring, change to non-empty passphrase Passphrase otherPassphrase = TestingUtils.genPassphrase(true); CryptoInputParcel otherCryptoInput = new CryptoInputParcel(otherPassphrase); parcel.setNewUnlock(new ChangeUnlockParcel(otherPassphrase)); modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, new CryptoInputParcel(new Date(), new Passphrase())); Assert.assertEquals("exactly three packets should have been modified (the secret keys)", 3, onlyB.size()); { // quick check to make sure no two secret keys have the same IV HashSet<ByteBuffer> ivs = new HashSet<ByteBuffer>(); for (int i = 0; i < 3; i++) { SecretKeyPacket p = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyB.get(i).buf)).readPacket(); ByteBuffer iv = ByteBuffer.wrap(p.getIV()); Assert.assertFalse("no two secret keys should have the same s2k iv (slightly non-deterministic!)", ivs.contains(iv)); ivs.add(iv); } } RawPacket sKeyWithPassphrase = onlyB.get(1); Assert.assertEquals("extracted packet should be a secret subkey", PacketTags.SECRET_SUBKEY, sKeyNoPassphrase.tag); Passphrase otherPassphrase2 = TestingUtils.genPassphrase(true); parcel.setNewUnlock(new ChangeUnlockParcel(otherPassphrase2)); { // if we replace a secret key with one without passphrase modified = KeyringTestingHelper.removePacket(modified, sKeyNoPassphrase.position); modified = KeyringTestingHelper.injectPacket(modified, sKeyNoPassphrase.buf, sKeyNoPassphrase.position); // we should still be able to modify it (and change its passphrase) without errors PgpKeyOperation op = new PgpKeyOperation(null); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, otherCryptoInput, parcel); Assert.assertTrue("key modification must succeed", result.success()); Assert.assertFalse("log must not contain a warning", result.getLog().containsWarnings()); Assert.assertTrue("log must contain an empty passphrase retry notice", result.getLog().containsType(LogType.MSG_MF_PASSPHRASE_EMPTY_RETRY)); modified = result.getRing(); } { // if we add one subkey with a different passphrase, that should produce a warning but also work modified = KeyringTestingHelper.removePacket(modified, sKeyWithPassphrase.position); modified = KeyringTestingHelper.injectPacket(modified, sKeyWithPassphrase.buf, sKeyWithPassphrase.position); PgpKeyOperation op = new PgpKeyOperation(null); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(otherPassphrase2), parcel); Assert.assertTrue("key modification must succeed", result.success()); Assert.assertTrue("log must contain a failed passphrase change warning", result.getLog().containsType(LogType.MSG_MF_PASSPHRASE_FAIL)); } }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
/** Make sure the assumptions made about the generated ring packet structure are valid. */ @Test/*from w w w . ja va2 s .c om*/ public void testGeneratedRingStructure() throws Exception { Iterator<RawPacket> it = KeyringTestingHelper.parseKeyring(ring.getEncoded()); Assert.assertEquals("packet #0 should be secret key", PacketTags.SECRET_KEY, it.next().tag); Assert.assertEquals("packet #1 should be user id", PacketTags.USER_ID, it.next().tag); Assert.assertEquals("packet #2 should be signature", PacketTags.SIGNATURE, it.next().tag); Assert.assertEquals("packet #3 should be user id", PacketTags.USER_ID, it.next().tag); Assert.assertEquals("packet #4 should be signature", PacketTags.SIGNATURE, it.next().tag); Assert.assertEquals("packet #5 should be user id", PacketTags.USER_ATTRIBUTE, it.next().tag); Assert.assertEquals("packet #6 should be signature", PacketTags.SIGNATURE, it.next().tag); Assert.assertEquals("packet #7 should be secret subkey", PacketTags.SECRET_SUBKEY, it.next().tag); Assert.assertEquals("packet #8 should be signature", PacketTags.SIGNATURE, it.next().tag); Assert.assertEquals("packet #9 should be secret subkey", PacketTags.SECRET_SUBKEY, it.next().tag); Assert.assertEquals("packet #10 should be signature", PacketTags.SIGNATURE, it.next().tag); Assert.assertFalse("exactly 11 packets total", it.hasNext()); Assert.assertArrayEquals("created keyring should be constant through canonicalization", ring.getEncoded(), ring.canonicalize(log, 0).getEncoded()); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringCanonicalizeTest.java
License:Open Source License
@Test public void testSubkeyDestroy() throws Exception { // signature for second key (first subkey) UncachedKeyRing modified = KeyringTestingHelper.removePacket(ring, 8); // canonicalization should fail, because there are no valid uids left CanonicalizedKeyRing canonicalized = modified.canonicalize(log, 0); Assert.assertTrue(//from www . j a va2s . c o m "keyring with missing subkey binding sig should differ from intact one after canonicalization", KeyringTestingHelper.diffKeyrings(ring.getEncoded(), canonicalized.getEncoded(), onlyA, onlyB)); Assert.assertEquals("canonicalized keyring should have two extra packets", 2, onlyA.size()); Assert.assertEquals("canonicalized keyring should have no extra packets", 0, onlyB.size()); Assert.assertEquals("first missing packet should be the subkey", PacketTags.SECRET_SUBKEY, onlyA.get(0).tag); Assert.assertEquals("second missing packet should be subkey's signature", PacketTags.SIGNATURE, onlyA.get(1).tag); Assert.assertEquals("second missing packet should be next to subkey", onlyA.get(0).position + 1, onlyA.get(1).position); }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringMergeTest.java
License:Open Source License
private UncachedKeyRing mergeWithChecks(UncachedKeyRing a, UncachedKeyRing b, UncachedKeyRing base) throws Exception { Assert.assertTrue("merging keyring must be secret type", a.isSecret()); Assert.assertTrue("merged keyring must be secret type", b.isSecret()); final UncachedKeyRing resultA; UncachedKeyRing resultB;//from www . j a v a2s . c o m { // sec + sec resultA = a.merge(b, log, 0); Assert.assertNotNull("merge must succeed as sec(a)+sec(b)", resultA); resultB = b.merge(a, log, 0); Assert.assertNotNull("merge must succeed as sec(b)+sec(a)", resultB); // check commutativity, if requested Assert.assertFalse("result of merge must be commutative", KeyringTestingHelper.diffKeyrings(resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); } final UncachedKeyRing pubA = a.extractPublicKeyRing(); final UncachedKeyRing pubB = b.extractPublicKeyRing(); { // sec + pub // this one is special, because GNU_DUMMY keys might be generated! resultB = a.merge(pubB, log, 0); Assert.assertNotNull("merge must succeed as sec(a)+pub(b)", resultA); // these MAY diff KeyringTestingHelper.diffKeyrings(resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB); Assert.assertEquals("sec(a)+pub(b): results must have equal number of packets", onlyA.size(), onlyB.size()); for (int i = 0; i < onlyA.size(); i++) { Assert.assertEquals("sec(a)+pub(c): old packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyA.get(i).tag); Assert.assertEquals("sec(a)+pub(c): new packet must be dummy secret subkey", PacketTags.SECRET_SUBKEY, onlyB.get(i).tag); SecretKeyPacket pA = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyA.get(i).buf)).readPacket(); SecretKeyPacket pB = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyB.get(i).buf)).readPacket(); Assert.assertArrayEquals("sec(a)+pub(c): both packets must have equal pubkey parts", pA.getPublicKeyPacket().getEncoded(), pB.getPublicKeyPacket().getEncoded()); Assert.assertEquals("sec(a)+pub(c): new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, pB.getS2K().getType()); Assert.assertEquals("sec(a)+pub(c): new packet should have GNU_DUMMY protection mode 0x1", 0x1, pB.getS2K().getProtectionMode()); Assert.assertEquals("sec(a)+pub(c): new packet secret key data should have length zero", 0, pB.getSecretKeyData().length); Assert.assertNull("sec(a)+pub(c): new packet should have no iv data", pB.getIV()); } } { // pub + sec, and pub + pub final UncachedKeyRing pubResult = resultA.extractPublicKeyRing(); resultB = pubA.merge(b, log, 0); Assert.assertNotNull("merge must succeed as pub(a)+sec(b)", resultA); Assert.assertFalse("result of pub(a)+sec(b) must be same as pub(sec(a)+sec(b))", KeyringTestingHelper.diffKeyrings(pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); resultB = pubA.merge(pubB, log, 0); Assert.assertNotNull("merge must succeed as pub(a)+pub(b)", resultA); Assert.assertFalse("result of pub(a)+pub(b) must be same as pub(sec(a)+sec(b))", KeyringTestingHelper.diffKeyrings(pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); } if (base != null) { // set up onlyA and onlyB to be a diff to the base Assert.assertTrue("merged keyring must differ from base", KeyringTestingHelper.diffKeyrings(base.getEncoded(), resultA.getEncoded(), onlyA, onlyB)); } return resultA; }