List of usage examples for org.bouncycastle.bcpg S2K GNU_PROTECTION_MODE_DIVERT_TO_CARD
int GNU_PROTECTION_MODE_DIVERT_TO_CARD
To view the source code for org.bouncycastle.bcpg S2K GNU_PROTECTION_MODE_DIVERT_TO_CARD.
Click Source Link
From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java
License:Open Source License
/** This method returns the SecretKeyType for this secret key, testing for an empty * passphrase in the process.//w ww. j av a 2 s . c om * * This method can potentially take a LONG time (i.e. seconds), so it should only * ever be called by {@link ProviderHelper} for the purpose of caching its output * in the database. */ public SecretKeyType getSecretKeyTypeSuperExpensive() { S2K s2k = mSecretKey.getS2K(); if (s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K) { // divert to card is special if (s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD) { return SecretKeyType.DIVERT_TO_CARD; } // no matter the exact protection mode, it's some kind of dummy key return SecretKeyType.GNU_DUMMY; } try { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build("".toCharArray()); // If this doesn't throw mSecretKey.extractPrivateKey(keyDecryptor); // It means the passphrase is empty return SecretKeyType.PASSPHRASE_EMPTY; } catch (PGPException e) { HashMap<String, String> notation = getRing().getLocalNotationData(); if (notation.containsKey("unlock.pin@sufficientlysecure.org") && "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) { return SecretKeyType.PIN; } // Otherwise, it's just a regular ol' passphrase return SecretKeyType.PASSPHRASE; } }
From source file:org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey.java
License:Open Source License
/** * Returns true on right passphrase//from w w w .j a v a2 s . c o m */ public boolean unlock(final Passphrase passphrase) throws PgpGeneralException { // handle keys on OpenPGP cards like they were unlocked S2K s2k = mSecretKey.getS2K(); if (s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD) { mPrivateKeyState = PRIVATE_KEY_STATE_DIVERT_TO_CARD; return true; } // try to extract keys using the passphrase try { int keyEncryptionAlgorithm = mSecretKey.getKeyEncryptionAlgorithm(); if (keyEncryptionAlgorithm == SymmetricKeyAlgorithmTags.NULL) { mPrivateKey = mSecretKey.extractPrivateKey(null); mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED; return true; } byte[] sessionKey; sessionKey = passphrase.getCachedSessionKeyForParameters(keyEncryptionAlgorithm, s2k); if (sessionKey == null) { PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(passphrase.getCharArray()); // this operation is EXPENSIVE, so we cache its result in the passed Passphrase object! sessionKey = keyDecryptor.makeKeyFromPassPhrase(keyEncryptionAlgorithm, s2k); passphrase.addCachedSessionKeyForParameters(keyEncryptionAlgorithm, s2k, sessionKey); } PBESecretKeyDecryptor keyDecryptor = new SessionKeySecretKeyDecryptorBuilder() .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(sessionKey); mPrivateKey = mSecretKey.extractPrivateKey(keyDecryptor); mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED; } catch (PGPException e) { return false; } if (mPrivateKey == null) { throw new PgpGeneralException("error extracting key"); } return true; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
static PGPSignatureGenerator getSignatureGenerator(PGPSecretKey secretKey, CryptoInputParcel cryptoInput) { S2K s2k = secretKey.getS2K();/*from w w w. j a v a2 s . c o m*/ boolean isDivertToCard = s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD; return getSignatureGenerator(secretKey.getPublicKey(), cryptoInput, isDivertToCard); }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static boolean isDummy(PGPSecretKey secretKey) { S2K s2k = secretKey.getS2K();//from w w w.j av a 2 s. c om return s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() != S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperation.java
License:Open Source License
private static boolean isDivertToCard(PGPSecretKey secretKey) { S2K s2k = secretKey.getS2K();//from w w w . ja v a 2 s . c o m return s2k != null && s2k.getType() == S2K.GNU_DUMMY_S2K && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD; }
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testKeyToSecurityToken() throws Exception { // Special keyring for security token tests with 2048 bit RSA as a subkey SaveKeyringParcel parcelKey = new SaveKeyringParcel(); parcelKey.mAddSubKeys// w w w . j a v a2s . c om .add(new SaveKeyringParcel.SubkeyAdd(Algorithm.DSA, 2048, null, KeyFlags.CERTIFY_OTHER, 0L)); parcelKey.mAddSubKeys .add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, 2048, null, KeyFlags.SIGN_DATA, 0L)); parcelKey.mAddSubKeys .add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, 3072, null, KeyFlags.ENCRYPT_COMMS, 0L)); parcelKey.mAddUserIds.add("yubikey"); parcelKey.setNewUnlock(new ChangeUnlockParcel(passphrase)); PgpKeyOperation opSecurityToken = new PgpKeyOperation(null); PgpEditKeyResult resultSecurityToken = opSecurityToken.createSecretKeyRing(parcelKey); Assert.assertTrue("initial test key creation must succeed", resultSecurityToken.success()); Assert.assertNotNull("initial test key creation must succeed", resultSecurityToken.getRing()); UncachedKeyRing ringSecurityToken = resultSecurityToken.getRing(); SaveKeyringParcel parcelSecurityToken = new SaveKeyringParcel(); parcelSecurityToken.mMasterKeyId = ringSecurityToken.getMasterKeyId(); parcelSecurityToken.mFingerprint = ringSecurityToken.getFingerprint(); UncachedKeyRing modified; { // moveKeyToSecurityToken should fail with BAD_NFC_SIZE when presented with the RSA-3072 key long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 2); parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); assertModifyFailure("moveKeyToSecurityToken operation should fail on invalid key size", ringSecurityToken, parcelSecurityToken, cryptoInput, LogType.MSG_MF_ERROR_BAD_SECURITY_TOKEN_SIZE); } { // moveKeyToSecurityToken should fail with BAD_NFC_ALGO when presented with the DSA-1024 key long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 0); parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); assertModifyFailure("moveKeyToSecurityToken operation should fail on invalid key algorithm", ringSecurityToken, parcelSecurityToken, cryptoInput, LogType.MSG_MF_ERROR_BAD_SECURITY_TOKEN_ALGO); } long keyId = KeyringTestingHelper.getSubkeyId(ringSecurityToken, 1); { // moveKeyToSecurityToken should return a pending SECURITY_TOKEN_MOVE_KEY_TO_CARD result when presented with the RSA-2048 // key, and then make key divert-to-card when it gets a serial in the cryptoInputParcel. parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, false, true)); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(ringSecurityToken.getEncoded(), false, 0); PgpKeyOperation op = new PgpKeyOperation(null); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcelSecurityToken); Assert.assertTrue("moveKeyToSecurityToken operation should be pending", result.isPending()); Assert.assertEquals("required input should be RequiredInputType.SECURITY_TOKEN_MOVE_KEY_TO_CARD", result.getRequiredInputParcel().mType, RequiredInputType.SECURITY_TOKEN_MOVE_KEY_TO_CARD); // Create a cryptoInputParcel that matches what the SecurityTokenOperationActivity would return. byte[] keyIdBytes = new byte[8]; ByteBuffer buf = ByteBuffer.wrap(keyIdBytes); buf.putLong(keyId).rewind(); byte[] serial = new byte[] { 0x6a, 0x6f, 0x6c, 0x6f, 0x73, 0x77, 0x61, 0x67, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, }; CryptoInputParcel inputParcel = new CryptoInputParcel(); inputParcel.addCryptoData(keyIdBytes, serial); modified = applyModificationWithChecks(parcelSecurityToken, ringSecurityToken, onlyA, onlyB, inputParcel); Assert.assertEquals("one extra packet in modified", 1, onlyB.size()); Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket(); Assert.assertEquals("new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, ((SecretKeyPacket) p).getS2K().getType()); Assert.assertEquals("new packet should have GNU_DUMMY protection mode divert-to-card", S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD, ((SecretKeyPacket) p).getS2K().getProtectionMode()); Assert.assertArrayEquals("new packet should have correct serial number as iv", serial, ((SecretKeyPacket) p).getIV()); } { // editing a signing subkey requires a primary key binding sig -> pendinginput parcelSecurityToken.reset(); parcelSecurityToken.mChangeSubKeys.add(new SubkeyChange(keyId, true)); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0); PgpKeyOperation op = new PgpKeyOperation(null); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcelSecurityToken); Assert.assertTrue("moveKeyToSecurityToken operation should be pending", result.isPending()); Assert.assertEquals("required input should be RequiredInputType.SECURITY_TOKEN_SIGN", RequiredInputType.SECURITY_TOKEN_SIGN, result.getRequiredInputParcel().mType); } }