List of usage examples for org.bouncycastle.bcpg SecretKeyPacket getIV
public byte[] getIV()
From source file:org.sufficientlysecure.keychain.pgp.PgpKeyOperationTest.java
License:Open Source License
@Test public void testPassphraseChange() throws Exception { // change passphrase to empty parcel.setNewUnlock(new ChangeUnlockParcel(new Passphrase())); // note that canonicalization here necessarily strips the empty notation packet UncachedKeyRing modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, cryptoInput); Assert.assertEquals("exactly three packets should have been modified (the secret keys)", 3, onlyB.size()); // remember secret key packet with no passphrase for later RawPacket sKeyNoPassphrase = onlyB.get(1); Assert.assertEquals("extracted packet should be a secret subkey", PacketTags.SECRET_SUBKEY, sKeyNoPassphrase.tag);/*from w w w . j av a 2s . co m*/ // modify keyring, change to non-empty passphrase Passphrase otherPassphrase = TestingUtils.genPassphrase(true); CryptoInputParcel otherCryptoInput = new CryptoInputParcel(otherPassphrase); parcel.setNewUnlock(new ChangeUnlockParcel(otherPassphrase)); modified = applyModificationWithChecks(parcel, modified, onlyA, onlyB, new CryptoInputParcel(new Date(), new Passphrase())); Assert.assertEquals("exactly three packets should have been modified (the secret keys)", 3, onlyB.size()); { // quick check to make sure no two secret keys have the same IV HashSet<ByteBuffer> ivs = new HashSet<ByteBuffer>(); for (int i = 0; i < 3; i++) { SecretKeyPacket p = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyB.get(i).buf)).readPacket(); ByteBuffer iv = ByteBuffer.wrap(p.getIV()); Assert.assertFalse("no two secret keys should have the same s2k iv (slightly non-deterministic!)", ivs.contains(iv)); ivs.add(iv); } } RawPacket sKeyWithPassphrase = onlyB.get(1); Assert.assertEquals("extracted packet should be a secret subkey", PacketTags.SECRET_SUBKEY, sKeyNoPassphrase.tag); Passphrase otherPassphrase2 = TestingUtils.genPassphrase(true); parcel.setNewUnlock(new ChangeUnlockParcel(otherPassphrase2)); { // if we replace a secret key with one without passphrase modified = KeyringTestingHelper.removePacket(modified, sKeyNoPassphrase.position); modified = KeyringTestingHelper.injectPacket(modified, sKeyNoPassphrase.buf, sKeyNoPassphrase.position); // we should still be able to modify it (and change its passphrase) without errors PgpKeyOperation op = new PgpKeyOperation(null); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, otherCryptoInput, parcel); Assert.assertTrue("key modification must succeed", result.success()); Assert.assertFalse("log must not contain a warning", result.getLog().containsWarnings()); Assert.assertTrue("log must contain an empty passphrase retry notice", result.getLog().containsType(LogType.MSG_MF_PASSPHRASE_EMPTY_RETRY)); modified = result.getRing(); } { // if we add one subkey with a different passphrase, that should produce a warning but also work modified = KeyringTestingHelper.removePacket(modified, sKeyWithPassphrase.position); modified = KeyringTestingHelper.injectPacket(modified, sKeyWithPassphrase.buf, sKeyWithPassphrase.position); PgpKeyOperation op = new PgpKeyOperation(null); CanonicalizedSecretKeyRing secretRing = new CanonicalizedSecretKeyRing(modified.getEncoded(), false, 0); PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, new CryptoInputParcel(otherPassphrase2), parcel); Assert.assertTrue("key modification must succeed", result.success()); Assert.assertTrue("log must contain a failed passphrase change warning", result.getLog().containsType(LogType.MSG_MF_PASSPHRASE_FAIL)); } }
From source file:org.sufficientlysecure.keychain.pgp.UncachedKeyringMergeTest.java
License:Open Source License
private UncachedKeyRing mergeWithChecks(UncachedKeyRing a, UncachedKeyRing b, UncachedKeyRing base) throws Exception { Assert.assertTrue("merging keyring must be secret type", a.isSecret()); Assert.assertTrue("merged keyring must be secret type", b.isSecret()); final UncachedKeyRing resultA; UncachedKeyRing resultB;/* w w w. java 2s .co m*/ { // sec + sec resultA = a.merge(b, log, 0); Assert.assertNotNull("merge must succeed as sec(a)+sec(b)", resultA); resultB = b.merge(a, log, 0); Assert.assertNotNull("merge must succeed as sec(b)+sec(a)", resultB); // check commutativity, if requested Assert.assertFalse("result of merge must be commutative", KeyringTestingHelper.diffKeyrings(resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); } final UncachedKeyRing pubA = a.extractPublicKeyRing(); final UncachedKeyRing pubB = b.extractPublicKeyRing(); { // sec + pub // this one is special, because GNU_DUMMY keys might be generated! resultB = a.merge(pubB, log, 0); Assert.assertNotNull("merge must succeed as sec(a)+pub(b)", resultA); // these MAY diff KeyringTestingHelper.diffKeyrings(resultA.getEncoded(), resultB.getEncoded(), onlyA, onlyB); Assert.assertEquals("sec(a)+pub(b): results must have equal number of packets", onlyA.size(), onlyB.size()); for (int i = 0; i < onlyA.size(); i++) { Assert.assertEquals("sec(a)+pub(c): old packet must be secret subkey", PacketTags.SECRET_SUBKEY, onlyA.get(i).tag); Assert.assertEquals("sec(a)+pub(c): new packet must be dummy secret subkey", PacketTags.SECRET_SUBKEY, onlyB.get(i).tag); SecretKeyPacket pA = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyA.get(i).buf)).readPacket(); SecretKeyPacket pB = (SecretKeyPacket) new BCPGInputStream( new ByteArrayInputStream(onlyB.get(i).buf)).readPacket(); Assert.assertArrayEquals("sec(a)+pub(c): both packets must have equal pubkey parts", pA.getPublicKeyPacket().getEncoded(), pB.getPublicKeyPacket().getEncoded()); Assert.assertEquals("sec(a)+pub(c): new packet should have GNU_DUMMY S2K type", S2K.GNU_DUMMY_S2K, pB.getS2K().getType()); Assert.assertEquals("sec(a)+pub(c): new packet should have GNU_DUMMY protection mode 0x1", 0x1, pB.getS2K().getProtectionMode()); Assert.assertEquals("sec(a)+pub(c): new packet secret key data should have length zero", 0, pB.getSecretKeyData().length); Assert.assertNull("sec(a)+pub(c): new packet should have no iv data", pB.getIV()); } } { // pub + sec, and pub + pub final UncachedKeyRing pubResult = resultA.extractPublicKeyRing(); resultB = pubA.merge(b, log, 0); Assert.assertNotNull("merge must succeed as pub(a)+sec(b)", resultA); Assert.assertFalse("result of pub(a)+sec(b) must be same as pub(sec(a)+sec(b))", KeyringTestingHelper.diffKeyrings(pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); resultB = pubA.merge(pubB, log, 0); Assert.assertNotNull("merge must succeed as pub(a)+pub(b)", resultA); Assert.assertFalse("result of pub(a)+pub(b) must be same as pub(sec(a)+sec(b))", KeyringTestingHelper.diffKeyrings(pubResult.getEncoded(), resultB.getEncoded(), onlyA, onlyB)); } if (base != null) { // set up onlyA and onlyB to be a diff to the base Assert.assertTrue("merged keyring must differ from base", KeyringTestingHelper.diffKeyrings(base.getEncoded(), resultA.getEncoded(), onlyA, onlyB)); } return resultA; }