From 4fbffd7bb481a44a57a94c1af5e9be80094d815f Mon Sep 17 00:00:00 2001 From: Art O Cathain Date: Sun, 6 Jul 2014 17:46:43 +0100 Subject: Actually test canonicalize --- .../keychain/testsupport/KeyringBuilder.java | 216 ++++++++++++++------- .../keychain/testsupport/TestDataUtil.java | 19 +- .../src/test/java/tests/UncachedKeyringTest.java | 33 ++-- 3 files changed, 181 insertions(+), 87 deletions(-) (limited to 'OpenKeychain/src') diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringBuilder.java index dfa70d506..f618d8de9 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/KeyringBuilder.java @@ -1,13 +1,16 @@ package org.sufficientlysecure.keychain.testsupport; import org.spongycastle.bcpg.CompressionAlgorithmTags; +import org.spongycastle.bcpg.ContainedPacket; import org.spongycastle.bcpg.HashAlgorithmTags; import org.spongycastle.bcpg.MPInteger; import org.spongycastle.bcpg.PublicKeyAlgorithmTags; import org.spongycastle.bcpg.PublicKeyPacket; +import org.spongycastle.bcpg.PublicSubkeyPacket; import org.spongycastle.bcpg.RSAPublicBCPGKey; import org.spongycastle.bcpg.SignaturePacket; import org.spongycastle.bcpg.SignatureSubpacket; +import org.spongycastle.bcpg.SignatureSubpacketInputStream; import org.spongycastle.bcpg.SignatureSubpacketTags; import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags; import org.spongycastle.bcpg.UserIDPacket; @@ -17,87 +20,126 @@ import org.spongycastle.bcpg.sig.KeyExpirationTime; import org.spongycastle.bcpg.sig.KeyFlags; import org.spongycastle.bcpg.sig.PreferredAlgorithms; import org.spongycastle.bcpg.sig.SignatureCreationTime; -import org.spongycastle.openpgp.PGPException; -import org.spongycastle.openpgp.PGPPublicKey; -import org.spongycastle.openpgp.PGPPublicKeyRing; import org.spongycastle.openpgp.PGPSignature; -import org.spongycastle.openpgp.operator.bc.BcKeyFingerprintCalculator; import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; +import java.io.ByteArrayInputStream; +import java.io.IOException; import java.math.BigInteger; +import java.util.ArrayList; +import java.util.Arrays; import java.util.Date; +import java.util.List; import java.util.concurrent.TimeUnit; /** - * Created by art on 05/07/14. + * Helps create correct and incorrect keyrings for tests. + * + * The original "correct" keyring was generated by GnuPG. */ public class KeyringBuilder { - private static final BigInteger modulus = new BigInteger( - "cbab78d90d5f2cc0c54dd3c3953005a1" + - "e6b521f1ffa5465a102648bf7b91ec72" + - "f9c180759301587878caeb7333215620" + - "9f81ca5b3b94309d96110f6972cfc56a" + - "37fd6279f61d71f19b8f64b288e33829" + - "9dce133520f5b9b4253e6f4ba31ca36a" + - "fd87c2081b15f0b283e9350e370e181a" + - "23d31379101f17a23ae9192250db6540" + - "2e9cab2a275bc5867563227b197c8b13" + - "6c832a94325b680e144ed864fb00b9b8" + - "b07e13f37b40d5ac27dae63cd6a470a7" + - "b40fa3c7479b5b43e634850cc680b177" + - "8dd6b1b51856f36c3520f258f104db2f" + - "96b31a53dd74f708ccfcefccbe420a90" + - "1c37f1f477a6a4b15f5ecbbfd93311a6" + - "47bcc3f5f81c59dfe7252e3cd3be6e27" + private static final BigInteger PUBLIC_KEY_MODULUS = new BigInteger( + "cbab78d90d5f2cc0c54dd3c3953005a1e6b521f1ffa5465a102648bf7b91ec72" + + "f9c180759301587878caeb73332156209f81ca5b3b94309d96110f6972cfc56a" + + "37fd6279f61d71f19b8f64b288e338299dce133520f5b9b4253e6f4ba31ca36a" + + "fd87c2081b15f0b283e9350e370e181a23d31379101f17a23ae9192250db6540" + + "2e9cab2a275bc5867563227b197c8b136c832a94325b680e144ed864fb00b9b8" + + "b07e13f37b40d5ac27dae63cd6a470a7b40fa3c7479b5b43e634850cc680b177" + + "8dd6b1b51856f36c3520f258f104db2f96b31a53dd74f708ccfcefccbe420a90" + + "1c37f1f477a6a4b15f5ecbbfd93311a647bcc3f5f81c59dfe7252e3cd3be6e27" , 16 ); - private static final BigInteger exponent = new BigInteger("010001", 16); - - public static UncachedKeyRing ring1() { - return ringForModulus(new Date(1404566755000L), "OpenKeychain User (NOT A REAL KEY) "); - } + private static final BigInteger PUBLIC_SUBKEY_MODULUS = new BigInteger( + "e8e2e2a33102649f19f8a07486fb076a1406ca888d72ae05d28f0ef372b5408e" + + "45132c69f6e5cb6a79bb8aed84634196731393a82d53e0ddd42f28f92cc15850" + + "8ce3b7ca1a9830502745aee774f86987993df984781f47c4a2910f95cf4c950c" + + "c4c6cccdc134ad408a0c5418b5e360c9781a8434d366053ea6338b975fae88f9" + + "383a10a90e7b2caa9ddb95708aa9d8a90246e29b04dbd6136613085c9a287315" + + "c6e9c7ff4012defc1713875e3ff6073333a1c93d7cd75ebeaaf16b8b853d96ba" + + "7003258779e8d2f70f1bc0bcd3ef91d7a9ccd8e225579b2d6fcae32799b0a6c0" + + "e7305fc65dc4edc849c6130a0d669c90c193b1e746c812510f9d600a208be4a5" + , 16 + ); - public static UncachedKeyRing ring2() { - return ringForModulus(new Date(1404566755000L), "OpenKeychain User (NOT A REAL KEY) "); - } + private static final Date SIGNATURE_DATE = new Date(1404566755000L); - private static UncachedKeyRing ringForModulus(Date date, String userIdString) { + private static final BigInteger EXPONENT = BigInteger.valueOf(0x010001); - try { - PGPPublicKey publicKey = createPgpPublicKey(modulus, date); - UserIDPacket userId = createUserId(userIdString); - SignaturePacket signaturePacket = createSignaturePacket(date); + private static final String USER_ID_STRING = "OpenKeychain User (NOT A REAL KEY) "; - byte[] publicKeyEncoded = publicKey.getEncoded(); - byte[] userIdEncoded = userId.getEncoded(); - byte[] signaturePacketEncoded = signaturePacket.getEncoded(); - byte[] encodedRing = TestDataUtil.concatAll( - publicKeyEncoded, - userIdEncoded, - signaturePacketEncoded - ); + public static final BigInteger CORRECT_SIGNATURE = new BigInteger( + "b065c071d3439d5610eb22e5b4df9e42ed78b8c94f487389e4fc98e8a75a043f" + + "14bf57d591811e8e7db2d31967022d2ee64372829183ec51d0e20c42d7a1e519" + + "e9fa22cd9db90f0fd7094fd093b78be2c0db62022193517404d749152c71edc6" + + "fd48af3416038d8842608ecddebbb11c5823a4321d2029b8993cb017fa8e5ad7" + + "8a9a618672d0217c4b34002f1a4a7625a514b6a86475e573cb87c64d7069658e" + + "627f2617874007a28d525e0f87d93ca7b15ad10dbdf10251e542afb8f9b16cbf" + + "7bebdb5fe7e867325a44e59cad0991cb239b1c859882e2ebb041b80e5cdc3b40" + + "ed259a8a27d63869754c0881ccdcb50f0564fecdc6966be4a4b87a3507a9d9be" + , 16 + ); + public static final BigInteger CORRECT_SUBKEY_SIGNATURE = new BigInteger( + "9c40543e646cfa6d3d1863d91a4e8f1421d0616ddb3187505df75fbbb6c59dd5" + + "3136b866f246a0320e793cb142c55c8e0e521d1e8d9ab864650f10690f5f1429" + + "2eb8402a3b1f82c01079d12f5c57c43fce524a530e6f49f6f87d984e26db67a2" + + "d469386dac87553c50147ebb6c2edd9248325405f737b815253beedaaba4f5c9" + + "3acd5d07fe6522ceda1027932d849e3ec4d316422cd43ea6e506f643936ab0be" + + "8246e546bb90d9a83613185047566864ffe894946477e939725171e0e15710b2" + + "089f78752a9cb572f5907323f1b62f14cb07671aeb02e6d7178f185467624ec5" + + "74e4a73c439a12edba200a4832106767366a1e6f63da0a42d593fa3914deee2b" + , 16 + ); + public static final BigInteger KEY_ID = BigInteger.valueOf(0x15130BCF071AE6BFL); - PGPPublicKeyRing pgpPublicKeyRing = new PGPPublicKeyRing( - encodedRing, new BcKeyFingerprintCalculator()); + public static UncachedKeyRing correctRing() { + return convertToKeyring(correctKeyringPackets()); + } - return UncachedKeyRing.decodeFromData(pgpPublicKeyRing.getEncoded()); + public static UncachedKeyRing ringWithExtraIncorrectSignature() { + List packets = correctKeyringPackets(); + SignaturePacket incorrectSignaturePacket = createSignaturePacket(CORRECT_SIGNATURE.subtract(BigInteger.ONE)); + packets.add(2, incorrectSignaturePacket); + return convertToKeyring(packets); + } + private static UncachedKeyRing convertToKeyring(List packets) { + try { + return UncachedKeyRing.decodeFromData(TestDataUtil.concatAll(packets)); } catch (Exception e) { throw new RuntimeException(e); } } - private static SignaturePacket createSignaturePacket(Date date) { + private static List correctKeyringPackets() { + PublicKeyPacket publicKey = createPgpPublicKey(PUBLIC_KEY_MODULUS); + UserIDPacket userId = createUserId(USER_ID_STRING); + SignaturePacket signaturePacket = createSignaturePacket(CORRECT_SIGNATURE); + PublicKeyPacket subKey = createPgpPublicSubKey(PUBLIC_SUBKEY_MODULUS); + SignaturePacket subKeySignaturePacket = createSubkeySignaturePacket(); + + return new ArrayList(Arrays.asList( + publicKey, + userId, + signaturePacket, + subKey, + subKeySignaturePacket + )); + } + + private static SignaturePacket createSignaturePacket(BigInteger signature) { + MPInteger[] signatureArray = new MPInteger[]{ + new MPInteger(signature) + }; + int signatureType = PGPSignature.POSITIVE_CERTIFICATION; - long keyID = 0x15130BCF071AE6BFL; int keyAlgorithm = SignaturePacket.RSA_GENERAL; int hashAlgorithm = HashAlgorithmTags.SHA1; SignatureSubpacket[] hashedData = new SignatureSubpacket[]{ - new SignatureCreationTime(false, date), + new SignatureCreationTime(false, SIGNATURE_DATE), new KeyFlags(false, KeyFlags.CERTIFY_OTHER + KeyFlags.SIGN_DATA), new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)), new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_SYM_ALGS, false, new int[]{ @@ -120,34 +162,58 @@ public class KeyringBuilder { CompressionAlgorithmTags.ZIP }), new Features(false, Features.FEATURE_MODIFICATION_DETECTION), - // can't do keyserver prefs + createPreferencesSignatureSubpacket() }; SignatureSubpacket[] unhashedData = new SignatureSubpacket[]{ - new IssuerKeyID(false, new BigInteger("15130BCF071AE6BF", 16).toByteArray()) + new IssuerKeyID(false, KEY_ID.toByteArray()) }; byte[] fingerPrint = new BigInteger("522c", 16).toByteArray(); + + return new SignaturePacket(signatureType, + KEY_ID.longValue(), + keyAlgorithm, + hashAlgorithm, + hashedData, + unhashedData, + fingerPrint, + signatureArray); + } + + /** + * There is no Preferences subpacket in BouncyCastle, so we have + * to create one manually. + */ + private static SignatureSubpacket createPreferencesSignatureSubpacket() { + SignatureSubpacket prefs; + try { + prefs = new SignatureSubpacketInputStream(new ByteArrayInputStream( + new byte[]{2, SignatureSubpacketTags.KEY_SERVER_PREFS, (byte) 0x80}) + ).readPacket(); + } catch (IOException ex) { + throw new RuntimeException(ex); + } + return prefs; + } + + private static SignaturePacket createSubkeySignaturePacket() { + int signatureType = PGPSignature.SUBKEY_BINDING; + int keyAlgorithm = SignaturePacket.RSA_GENERAL; + int hashAlgorithm = HashAlgorithmTags.SHA1; + + SignatureSubpacket[] hashedData = new SignatureSubpacket[]{ + new SignatureCreationTime(false, SIGNATURE_DATE), + new KeyFlags(false, KeyFlags.ENCRYPT_COMMS + KeyFlags.ENCRYPT_STORAGE), + new KeyExpirationTime(false, TimeUnit.DAYS.toSeconds(2)), + }; + SignatureSubpacket[] unhashedData = new SignatureSubpacket[]{ + new IssuerKeyID(false, KEY_ID.toByteArray()) + }; + byte[] fingerPrint = new BigInteger("234a", 16).toByteArray(); MPInteger[] signature = new MPInteger[]{ - new MPInteger(new BigInteger( - "b065c071d3439d5610eb22e5b4df9e42" + - "ed78b8c94f487389e4fc98e8a75a043f" + - "14bf57d591811e8e7db2d31967022d2e" + - "e64372829183ec51d0e20c42d7a1e519" + - "e9fa22cd9db90f0fd7094fd093b78be2" + - "c0db62022193517404d749152c71edc6" + - "fd48af3416038d8842608ecddebbb11c" + - "5823a4321d2029b8993cb017fa8e5ad7" + - "8a9a618672d0217c4b34002f1a4a7625" + - "a514b6a86475e573cb87c64d7069658e" + - "627f2617874007a28d525e0f87d93ca7" + - "b15ad10dbdf10251e542afb8f9b16cbf" + - "7bebdb5fe7e867325a44e59cad0991cb" + - "239b1c859882e2ebb041b80e5cdc3b40" + - "ed259a8a27d63869754c0881ccdcb50f" + - "0564fecdc6966be4a4b87a3507a9d9be", 16 - )) + new MPInteger(CORRECT_SUBKEY_SIGNATURE) }; return new SignaturePacket(signatureType, - keyID, + KEY_ID.longValue(), keyAlgorithm, hashAlgorithm, hashedData, @@ -156,10 +222,12 @@ public class KeyringBuilder { signature); } - private static PGPPublicKey createPgpPublicKey(BigInteger modulus, Date date) throws PGPException { - PublicKeyPacket publicKeyPacket = new PublicKeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, date, new RSAPublicBCPGKey(modulus, exponent)); - return new PGPPublicKey( - publicKeyPacket, new BcKeyFingerprintCalculator()); + private static PublicKeyPacket createPgpPublicKey(BigInteger modulus) { + return new PublicKeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, SIGNATURE_DATE, new RSAPublicBCPGKey(modulus, EXPONENT)); + } + + private static PublicKeyPacket createPgpPublicSubKey(BigInteger modulus) { + return new PublicSubkeyPacket(PublicKeyAlgorithmTags.RSA_GENERAL, SIGNATURE_DATE, new RSAPublicBCPGKey(modulus, EXPONENT)); } private static UserIDPacket createUserId(String userId) { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java index 338488e1f..c08b60d1a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/testsupport/TestDataUtil.java @@ -1,8 +1,11 @@ package org.sufficientlysecure.keychain.testsupport; +import org.spongycastle.bcpg.ContainedPacket; + import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.InputStream; +import java.io.OutputStream; import java.util.Collection; import java.util.Iterator; @@ -17,7 +20,7 @@ public class TestDataUtil { return output.toByteArray(); } - private static void appendToOutput(InputStream input, ByteArrayOutputStream output) { + public static void appendToOutput(InputStream input, OutputStream output) { byte[] buffer = new byte[8192]; int bytesRead; try { @@ -82,6 +85,20 @@ public class TestDataUtil { public boolean areEquals(T lhs, T rhs); } + + public static byte[] concatAll(java.util.List packets) { + byte[][] byteArrays = new byte[packets.size()][]; + try { + for (int i = 0; i < packets.size(); i++) { + byteArrays[i] = packets.get(i).getEncoded(); + } + } catch (IOException ex) { + throw new RuntimeException(ex); + } + + return concatAll(byteArrays); + } + public static byte[] concatAll(byte[]... byteArrays) { if (byteArrays.length == 1) { return byteArrays[0]; diff --git a/OpenKeychain/src/test/java/tests/UncachedKeyringTest.java b/OpenKeychain/src/test/java/tests/UncachedKeyringTest.java index b14bc2301..1f5bb82bd 100644 --- a/OpenKeychain/src/test/java/tests/UncachedKeyringTest.java +++ b/OpenKeychain/src/test/java/tests/UncachedKeyringTest.java @@ -6,30 +6,39 @@ import org.junit.runner.RunWith; import org.robolectric.*; import org.sufficientlysecure.keychain.pgp.UncachedKeyRing; import org.sufficientlysecure.keychain.testsupport.*; -import org.sufficientlysecure.keychain.testsupport.KeyringBuilder; -import org.sufficientlysecure.keychain.testsupport.TestDataUtil; +import java.util.*; import java.io.*; -import java.util.Collections; @RunWith(RobolectricTestRunner.class) @org.robolectric.annotation.Config(emulateSdk = 18) // Robolectric doesn't yet support 19 public class UncachedKeyringTest { @Test - public void testVerifySuccess() throws Exception { - UncachedKeyRing expectedKeyRing = KeyringBuilder.ring2(); - UncachedKeyRing inputKeyRing = KeyringBuilder.ring1(); + public void testCanonicalizeNoChanges() throws Exception { + UncachedKeyRing expectedKeyRing = KeyringBuilder.correctRing(); + UncachedKeyRing inputKeyRing = KeyringBuilder.correctRing(); // Uncomment to dump the encoded key for manual inspection -// inputKeyRing.getPublicKey().getPublicKey().encode(new FileOutputStream(new File("/tmp/key-encoded"))); +// TestDataUtil.appendToOutput(new ByteArrayInputStream(inputKeyRing.getEncoded()), new FileOutputStream(new File("/tmp/key-encoded"))); new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, expectedKeyRing); } + + @Test + public void testCanonicalizeExtraIncorrectSignature() throws Exception { + UncachedKeyRing expectedKeyRing = KeyringBuilder.correctRing(); + UncachedKeyRing inputKeyRing = KeyringBuilder.ringWithExtraIncorrectSignature(); + new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, expectedKeyRing); + } + + /** + * Check the original GnuPG-generated public key is OK + */ @Test - public void testVerifyFromGpg() throws Exception { - byte[] data = TestDataUtil.readAllFully(Collections.singleton( "/public-key-canonicalize.blob")); + public void testCanonicalizeOriginalGpg() throws Exception { + byte[] data = TestDataUtil.readAllFully(Collections.singleton("/public-key-canonicalize.blob")); UncachedKeyRing inputKeyRing = UncachedKeyRing.decodeFromData(data); - new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, KeyringBuilder.ring2()); + new UncachedKeyringTestingHelper().doTestCanonicalize(inputKeyRing, KeyringBuilder.correctRing()); } @@ -38,8 +47,8 @@ public class UncachedKeyringTest { */ @Test public void testConcat() throws Exception { - byte[] actual = TestDataUtil.concatAll(new byte[]{1}, new byte[]{2,-2}, new byte[]{5},new byte[]{3}); - byte[] expected = new byte[]{1,2,-2,5,3}; + byte[] actual = TestDataUtil.concatAll(new byte[]{1}, new byte[]{2, -2}, new byte[]{5}, new byte[]{3}); + byte[] expected = new byte[]{1, 2, -2, 5, 3}; Assert.assertEquals(java.util.Arrays.toString(expected), java.util.Arrays.toString(actual)); } -- cgit v1.2.3