Merge pull request #1278 from josecastillo/nfckeytocard

Support for moving RSA keys to Yubikey or NFC smart card
author: Vincent <valodim@mugenguild.com> 2015-05-15 12:42:42 +0200
committer: Vincent <valodim@mugenguild.com> 2015-05-15 12:42:42 +0200
commit: 5f6421e82b3875386818c4e7da89f79004695f4c (patch)
tree: a97b7a5d71134e46ed735ebe9c5338067f93746c /OpenKeychain-Test/src/test/java
parent: 5c44f8400970de5943fd6c5e804dfa394f3deb01 (diff)
parent: 2d3f745c36280fcd0e5c73820cc3e72f41feae2d (diff)
download: open-keychain-5f6421e82b3875386818c4e7da89f79004695f4c.tar.gz
open-keychain-5f6421e82b3875386818c4e7da89f79004695f4c.tar.bz2
open-keychain-5f6421e82b3875386818c4e7da89f79004695f4c.zip
1 files changed, 51 insertions, 8 deletions
diff --git a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
index 54ccccc3d..18210d91a 100644
--- a/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
+++ b/OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java
@@ -50,6 +50,7 @@ import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockPar
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
+import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.support.KeyringBuilder;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
@@ -95,7 +96,7 @@ public class PgpKeyOperationTest {
         parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
                 Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
         parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
-                Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
+                Algorithm.RSA, 2048, null, KeyFlags.ENCRYPT_COMMS, 0L));
 
         parcel.mAddUserIds.add("twi");
         parcel.mAddUserIds.add("pink");
@@ -735,7 +736,7 @@ public class PgpKeyOperationTest {
     public void testSubkeyStrip() throws Exception {
 
         long keyId = KeyringTestingHelper.getSubkeyId(ring, 1);
-        parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, null));
+        parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false));
         applyModificationWithChecks(parcel, ring, onlyA, onlyB);
 
         Assert.assertEquals("one extra packet in original", 1, onlyA.size());
@@ -761,7 +762,7 @@ public class PgpKeyOperationTest {
     public void testMasterStrip() throws Exception {
 
         long keyId = ring.getMasterKeyId();
-        parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, null));
+        parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false));
         applyModificationWithChecks(parcel, ring, onlyA, onlyB);
 
         Assert.assertEquals("one extra packet in original", 1, onlyA.size());
@@ -788,9 +789,9 @@ public class PgpKeyOperationTest {
         long keyId = KeyringTestingHelper.getSubkeyId(ring, 1);
         UncachedKeyRing modified;
 
-        { // we should be able to change the stripped/divert status of subkeys without passphrase
+        { // we should be able to change the stripped status of subkeys without passphrase
             parcel.reset();
-            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, null));
+            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, true, false));
             modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, new CryptoInputParcel());
             Assert.assertEquals("one extra packet in modified", 1, onlyB.size());
             Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
@@ -799,15 +800,57 @@ public class PgpKeyOperationTest {
             Assert.assertEquals("new packet should have GNU_DUMMY protection mode stripped",
                     S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY, ((SecretKeyPacket) p).getS2K().getProtectionMode());
         }
+    }
+
+    @Test
+    public void testKeyToCard() throws Exception {
+
+        UncachedKeyRing modified;
+
+        { // keytocard should fail with BAD_NFC_SIZE when presented with the RSA-1024 key
+            long keyId = KeyringTestingHelper.getSubkeyId(ring, 0);
+            parcel.reset();
+            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, true));
+
+            assertModifyFailure("keytocard operation should fail on invalid key size", ring,
+                    parcel, cryptoInput, LogType.MSG_MF_ERROR_BAD_NFC_SIZE);
+        }
 
-        { // and again, changing to divert-to-card
+        { // keytocard should fail with BAD_NFC_ALGO when presented with the DSA-1024 key
+            long keyId = KeyringTestingHelper.getSubkeyId(ring, 1);
             parcel.reset();
+            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, true));
+
+            assertModifyFailure("keytocard operation should fail on invalid key algorithm", ring,
+                    parcel, cryptoInput, LogType.MSG_MF_ERROR_BAD_NFC_ALGO);
+        }
+
+        { // keytocard should return a pending NFC_KEYTOCARD result when presented with the RSA-2048
+          // key, and then make key divert-to-card when it gets a serial in the cryptoInputParcel.
+            long keyId = KeyringTestingHelper.getSubkeyId(ring, 2);
+            parcel.reset();
+            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, true));
+
+            CanonicalizedSecretKeyRing secretRing =
+                    new CanonicalizedSecretKeyRing(ring.getEncoded(), false, 0);
+            PgpKeyOperation op = new PgpKeyOperation(null);
+            PgpEditKeyResult result = op.modifySecretKeyRing(secretRing, cryptoInput, parcel);
+            Assert.assertTrue("keytocard operation should be pending", result.isPending());
+            Assert.assertEquals("required input should be RequiredInputType.NFC_KEYTOCARD",
+                    result.getRequiredInputParcel().mType, RequiredInputType.NFC_KEYTOCARD);
+
+            // Create a cryptoInputParcel that matches what the NFCOperationActivity would return.
+            byte[] keyIdBytes = new byte[8];
+            ByteBuffer buf = ByteBuffer.wrap(keyIdBytes);
+            buf.putLong(keyId).rewind();
             byte[] serial = new byte[] {
                     0x6a, 0x6f, 0x6c, 0x6f, 0x73, 0x77, 0x61, 0x67,
                     0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
             };
-            parcel.mChangeSubKeys.add(new SubkeyChange(keyId, false, serial));
-            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, new CryptoInputParcel());
+            CryptoInputParcel inputParcel = new CryptoInputParcel();
+            inputParcel.addCryptoData(keyIdBytes, serial);
+
+            modified = applyModificationWithChecks(parcel, ring, onlyA, onlyB, inputParcel);
             Assert.assertEquals("one extra packet in modified", 1, onlyB.size());
             Packet p = new BCPGInputStream(new ByteArrayInputStream(onlyB.get(0).buf)).readPacket();
             Assert.assertEquals("new packet should have GNU_DUMMY S2K type",
author	Vincent <valodim@mugenguild.com>	2015-05-15 12:42:42 +0200
committer	Vincent <valodim@mugenguild.com>	2015-05-15 12:42:42 +0200
commit	5f6421e82b3875386818c4e7da89f79004695f4c (patch)
tree	a97b7a5d71134e46ed735ebe9c5338067f93746c /OpenKeychain-Test/src/test/java
parent	5c44f8400970de5943fd6c5e804dfa394f3deb01 (diff)
parent	2d3f745c36280fcd0e5c73820cc3e72f41feae2d (diff)
download	open-keychain-5f6421e82b3875386818c4e7da89f79004695f4c.tar.gz open-keychain-5f6421e82b3875386818c4e7da89f79004695f4c.tar.bz2 open-keychain-5f6421e82b3875386818c4e7da89f79004695f4c.zip