List of usage examples for org.bouncycastle.bcpg S2K GNU_DUMMY_S2K
int GNU_DUMMY_S2K
To view the source code for org.bouncycastle.bcpg S2K GNU_DUMMY_S2K.
Click Source Link
From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java
License:Open Source License
/** This method returns the SecretKeyType for this secret key, testing for an empty * passphrase in the process./* w ww .ja va 2s.c om*/ * * This method can potentially take a LONG time (i.e. seconds), so it should only * ever be called by {@link ProviderHelper} for the purpose of caching its output * in the database. */ public SecretKeyType getSecretKeyTypeSuperExpensive() { S2K s2k = mSecretKey.getS2K(); if (s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K) { // divert to card is special if (s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD) { return SecretKeyType.DIVERT_TO_CARD; } // no matter the exact protection mode, it's some kind of dummy key return SecretKeyType.GNU_DUMMY; } try { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); // If this doesn't throw mSecretKey.extractPrivateKey(keyDecryptor); // It means the passphrase is empty return SecretKeyType.PASSPHRASE_EMPTY; } catch (PGPException e) { HashMap<String, String> notation = getRing().getLocalNotationData(); if (notation.containsKey("unlock.pin@sufficientlysecure.org") && "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) { return SecretKeyType.PIN; } // Otherwise, it's just a regular ol' passphrase return SecretKeyType.PASSPHRASE; } }
From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java
License:Open Source License
/** * Returns true on right passphrase//from w w w .j a va 2 s. c o m */ public boolean unlock(final Passphrase passphrase) throws PgpGeneralException { // handle keys on OpenPGP cards like they were unlocked S2K s2k = mSecretKey.getS2K(); if (s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD) { mPrivateKeyState = PRIVATE_KEY_STATE_DIVERT_TO_CARD; return true; } // try to extract keys using the passphrase try { int keyEncryptionAlgorithm = mSecretKey.getKeyEncryptionAlgorithm(); if (keyEncryptionAlgorithm == SymmetricKeyAlgorithmTags.NULL) { mPrivateKey = mSecretKey.extractPrivateKey(null); mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED; return true; } byte[] sessionKey; sessionKey = passphrase.getCachedSessionKeyForParameters(keyEncryptionAlgorithm, s2k); if (sessionKey == null) { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray()); // this operation is EXPENSIVE, so we cache its result in the passed Passphrase object! sessionKey = keyDecryptor.makeKeyFromPassPhrase(keyEncryptionAlgorithm, s2k); passphrase.addCachedSessionKeyForParameters(keyEncryptionAlgorithm, s2k, sessionKey); } PBESecretKeyDecryptor keyDecryptor = new SessionKeySecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(sessionKey); mPrivateKey = mSecretKey.extractPrivateKey(keyDecryptor); mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED; } catch (PGPException e) { return false; } if (mPrivateKey == null) { throw new PgpGeneralException("error extracting key"); } return true; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
static PGPSignatureGenerator getSignatureGenerator(PGPSecretKey secretKey, CryptoInputParcel cryptoInput) { S2K s2k = secretKey.getS2K();/*from w ww .j a v a2 s.c o m*/ boolean isDivertToCard = s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD; return getSignatureGenerator(secretKey.getPublicKey(), cryptoInput, isDivertToCard); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static boolean isDummy(PGPSecretKey secretKey) { S2K s2k = secretKey.getS2K();//from w w w . j a v a2s . c o m return s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() != S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static boolean isDivertToCard(PGPSecretKey secretKey) { S2K s2k = secretKey.getS2K();/* w ww .jav a 2s . c o m*/ return s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testSubkeyStrip() throws Exception { long keyId = KeyringTestingHelper.getSubkeyId(ring, 1); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false)); applyModificationWithChecks(parcel, ring, onlyA, onlyB); Assert.assertEquals("one extra packet in original", 1, onlyA.size()); Assert.assertEquals("one extra packet in modified", 1, onlyB.size()); Assert.assertEquals("old packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyA.get(0).tag); Assert.assertEquals("new packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyB.get(0).tag); Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); Assert.assertEquals("new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, ((SecretSubkeyPacket) p).getS2K().getType()); Assert.assertEquals("new packet should have GNU_DUMMY protection mode 0x1", 0x1, ((SecretSubkeyPacket) p).getS2K().getProtectionMode()); Assert.assertEquals("new packet secret key data should have length zero", 0, ((SecretSubkeyPacket) p).getSecretKeyData().length); Assert.assertNull("new packet should have no iv data", ((SecretSubkeyPacket) p).getIV()); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testMasterStrip() throws Exception { long keyId = ring.getMasterKeyId(); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false)); applyModificationWithChecks(parcel, ring, onlyA, onlyB); Assert.assertEquals("one extra packet in original", 1, onlyA.size()); Assert.assertEquals("one extra packet in modified", 1, onlyB.size()); Assert.assertEquals("old packet must be secret key", PacketTags.SECRET_KEY, onlyA.get(0).tag); Assert.assertEquals("new packet must be secret key", PacketTags.SECRET_KEY, onlyB.get(0).tag); Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); Assert.assertEquals("new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, ((SecretKeyPacket) p).getS2K().getType()); Assert.assertEquals("new packet should have GNU_DUMMY protection mode 0x1", 0x1, ((SecretKeyPacket) p).getS2K().getProtectionMode()); Assert.assertEquals("new packet secret key data should have length zero", 0, ((SecretKeyPacket) p).getSecretKeyData().length); Assert.assertNull("new packet should have no iv data", ((SecretKeyPacket) p).getIV()); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testRestrictedStrip() throws Exception { long keyId = KeyringTestingHelper.getSubkeyId(ring, 1); UncachedKeyRing modified;/* w w w .j av a2 s .com*/ { // we should be able to change the stripped status of subkeys without passphrase parcel.reset(); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false)); modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, new CryptoInputParcel()); Assert.assertEquals("one extra packet in modified", 1, onlyB.size()); Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); Assert.assertEquals("new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, ((SecretKeyPacket) p).getS2K().getType()); Assert.assertEquals("new packet should have GNU_DUMMY protection mode stripped", S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY, ((SecretKeyPacket) p).getS2K().getProtectionMode()); } { // trying to edit a subkey with signing capability should fail parcel.reset(); parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true)); assertModifyFailure("subkey modification for signing-enabled but stripped subkey should fail", modified, parcel, LogType.MSG_MF_ERROR_SUB_STRIPPED); } }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testKeyToSecurityToken() throws Exception { // Special keyring for security token tests with 2048 bit RSA as a subkey SaveKeyringParcel parcelKey = new SaveKeyringParcel(); parcelKey.mAddSubKeys/*from ww w . j av a2 s . com*/ .add(new SaveKeyringParcel.SubkeyAdd(Algorithm.DSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcelKey.mAddSubKeys .add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcelKey.mAddSubKeys .add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, 3072, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcelKey.mAddUserIds.add("yubikey"); parcelKey.setNewUnlock(new ChangeUnlockParcel(passphrase)); PgpKeyOperation opSecurityToken = new PgpKeyOperation(null); PgpEditKeyResult resultSecurityToken = opSecurityToken.createSecretKeyRing(parcelKey); Assert.assertTrue("initial test key creation must succeed", resultSecurityToken.success()); Assert.assertNotNull("initial test key creation must succeed", resultSecurityToken.getRing()); UncachedKeyRing ringSecurityToken = resultSecurityToken.getRing(); SaveKeyringParcel parcelSecurityToken = new SaveKeyringParcel(); parcelSecurityToken.mMasterKeyId = ringSecurityToken.getMasterKeyId(); parcelSecurityToken.mFingerprint = ringSecurityToken.getFingerprint(); UncachedKeyRing modified; { // moveKeyToSecurityToken should fail with BAD_NFC_SIZE when presented with the RSA-3072 key long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 2); parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); assertModifyFailure("moveKeyToSecurityToken operation should fail on invalid key size", ringSecurityToken, parcelSecurityToken, cryptoInput, LogType.MSG_MF_ERROR_BAD_SECURITY_TOKEN_SIZE); } { // moveKeyToSecurityToken should fail with BAD_NFC_ALGO when presented with the DSA-1024 key long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 0); parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); assertModifyFailure("moveKeyToSecurityToken operation should fail on invalid key algorithm", ringSecurityToken, parcelSecurityToken, cryptoInput, LogType.MSG_MF_ERROR_BAD_SECURITY_TOKEN_ALGO); } long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 1); { // moveKeyToSecurityToken should return a pending SECURITY_TOKEN_MOVE_KEY_TO_CARD result when presented with the RSA-2048 // key, and then make key divert-to-card when it gets a serial in the cryptoInputParcel. parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ringSecurityToken.getEncoded(), false, 0); PgpKeyOperation op = new PgpKeyOperation(null); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcelSecurityToken); Assert.assertTrue("moveKeyToSecurityToken operation should be pending", result.isPending()); Assert.assertEquals("required input should be RequiredInputType.SECURITY_TOKEN_MOVE_KEY_TO_CARD", result.getRequiredInputParcel().mType, RequiredInputType.SECURITY_TOKEN_MOVE_KEY_TO_CARD); // Create a cryptoInputParcel that matches what the SecurityTokenOperationActivity would return. byte[] keyIdBytes = new byte[8]; ByteBuffer buf = ByteBuffer.wrap(keyIdBytes); buf.putLong(keyId).rewind(); byte[] serial = new byte[] { 0x6a, 0x6f, 0x6c, 0x6f, 0x73, 0x77, 0x61, 0x67, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; CryptoInputParcel inputParcel = new CryptoInputParcel(); inputParcel.addCryptoData(keyIdBytes, serial); modified = applyModificationWithChecks(parcelSecurityToken, ringSecurityToken, onlyA, onlyB, inputParcel); Assert.assertEquals("one extra packet in modified", 1, onlyB.size()); Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); Assert.assertEquals("new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, ((SecretKeyPacket) p).getS2K().getType()); Assert.assertEquals("new packet should have GNU_DUMMY protection mode divert-to-card", S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD, ((SecretKeyPacket) p).getS2K().getProtectionMode()); Assert.assertArrayEquals("new packet should have correct serial number as iv", serial, ((SecretKeyPacket) p).getIV()); } { // editing a signing subkey requires a primary key binding sig -> pendinginput parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, true)); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0); PgpKeyOperation op = new PgpKeyOperation(null); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcelSecurityToken); Assert.assertTrue("moveKeyToSecurityToken operation should be pending", result.isPending()); Assert.assertEquals("required input should be RequiredInputType.SECURITY_TOKEN_SIGN", RequiredInputType.SECURITY_TOKEN_SIGN, result.getRequiredInputParcel().mType); } }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringMergeTest.java
License:Open Source License
private UncachedKeyRing mergeWithChecks(UncachedKeyRing a, UncachedKeyRing b, UncachedKeyRing base) throws Exception { Assert.assertTrue("merging keyring must be secret type", a.isSecret()); Assert.assertTrue("merged keyring must be secret type", b.isSecret()); final UncachedKeyRing resultA; UncachedKeyRing resultB;/*from ww w.j a v a2 s.c om*/ { // sec + sec resultA = a.merge(b, log, 0); Assert.assertNotNull("merge must succeed as sec(a)+sec(b)", resultA); resultB = b.merge(a, log, 0); Assert.assertNotNull("merge must succeed as sec(b)+sec(a)", resultB); // check commutativity, if requested Assert.assertFalse("result of merge must be commutative", KeyringTestingHelper.diffKeyrings(resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); } final UncachedKeyRing pubA = a.extractPublicKeyRing(); final UncachedKeyRing pubB = b.extractPublicKeyRing(); { // sec + pub // this one is special, because GNU_DUMMY keys might be generated! resultB = a.merge(pubB, log, 0); Assert.assertNotNull("merge must succeed as sec(a)+pub(b)", resultA); // these MAY diff KeyringTestingHelper.diffKeyrings(resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB); Assert.assertEquals("sec(a)+pub(b): results must have equal number of packets", onlyA.size(), onlyB.size()); for (int i = 0; i < onlyA.size(); i++) { Assert.assertEquals("sec(a)+pub(c): old packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyA.get(i).tag); Assert.assertEquals("sec(a)+pub(c): new packet must be dummy secret subkey", PacketTags.SECRET_SUBKEY, onlyB.get(i).tag); SecretKeyPacket pA = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyA.get(i).buf)).readPacket(); SecretKeyPacket pB = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyB.get(i).buf)).readPacket(); Assert.assertArrayEquals("sec(a)+pub(c): both packets must have equal pubkey parts", pA.getPublicKeyPacket().getEncoded(), pB.getPublicKeyPacket().getEncoded()); Assert.assertEquals("sec(a)+pub(c): new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, pB.getS2K().getType()); Assert.assertEquals("sec(a)+pub(c): new packet should have GNU_DUMMY protection mode 0x1", 0x1, pB.getS2K().getProtectionMode()); Assert.assertEquals("sec(a)+pub(c): new packet secret key data should have length zero", 0, pB.getSecretKeyData().length); Assert.assertNull("sec(a)+pub(c): new packet should have no iv data", pB.getIV()); } } { // pub + sec, and pub + pub final UncachedKeyRing pubResult = resultA.extractPublicKeyRing(); resultB = pubA.merge(b, log, 0); Assert.assertNotNull("merge must succeed as pub(a)+sec(b)", resultA); Assert.assertFalse("result of pub(a)+sec(b) must be same as pub(sec(a)+sec(b))", KeyringTestingHelper.diffKeyrings(pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); resultB = pubA.merge(pubB, log, 0); Assert.assertNotNull("merge must succeed as pub(a)+pub(b)", resultA); Assert.assertFalse("result of pub(a)+pub(b) must be same as pub(sec(a)+sec(b))", KeyringTestingHelper.diffKeyrings(pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); } if (base != null) { // set up onlyA and onlyB to be a diff to the base Assert.assertTrue("merged keyring must differ from base", KeyringTestingHelper.diffKeyrings(base.getEncoded(), resultA.getEncoded(), onlyA, onlyB)); } return resultA; }