Improve PGPv6KeyTest

Author: vanitasvitae

pg/src/test/java/org/bouncycastle/openpgp/test/PGPv6KeyTest.java

@@ -1,22 +1,31 @@
 package org.bouncycastle.openpgp.test;
 
 import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.Date;
 import java.util.Iterator;
 
+import org.bouncycastle.bcpg.AEADAlgorithmTags;
 import org.bouncycastle.bcpg.ArmoredInputStream;
 import org.bouncycastle.bcpg.BCPGInputStream;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.bcpg.PublicKeyPacket;
+import org.bouncycastle.bcpg.SecretKeyPacket;
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKey;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
 import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
-import org.bouncycastle.util.Arrays;
+import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator;
 import org.bouncycastle.util.encoders.Hex;
-import org.bouncycastle.util.test.SimpleTest;
 
 public class PGPv6KeyTest
-    extends SimpleTest
+    extends AbstractPgpKeyPairTest
 {
 
     private static final String ARMORED_CERT = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
@@ -45,9 +54,31 @@ public class PGPv6KeyTest
         "M0g12vYxoWM8Y81W+bHBw805I8kWVkXU6vFOi+HWvv/ira7ofJu16NnoUkhclkUr\n" +
         "k0mXubZvyl4GBg==\n" +
         "-----END PGP PRIVATE KEY BLOCK-----";
+    // https://www.rfc-editor.org/rfc/rfc9580.html#name-sample-locked-version-6-sec
+    private static final String ARMORED_PROTECTED_KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
+            "\n" +
+            "xYIGY4d/4xsAAAAg+U2nu0jWCmHlZ3BqZYfQMxmZu52JGggkLq2EVD34laP9JgkC\n" +
+            "FARdb9ccngltHraRe25uHuyuAQQVtKipJ0+r5jL4dacGWSAheCWPpITYiyfyIOPS\n" +
+            "3gIDyg8f7strd1OB4+LZsUhcIjOMpVHgmiY/IutJkulneoBYwrEGHxsKAAAAQgWC\n" +
+            "Y4d/4wMLCQcFFQoOCAwCFgACmwMCHgkiIQbLGGxPBgmml+TVLfpscisMHx4nwYpW\n" +
+            "cI9lJewnutmsyQUnCQIHAgAAAACtKCAQPi19In7A5tfORHHbNr/JcIMlNpAnFJin\n" +
+            "7wV2wH+q4UWFs7kDsBJ+xP2i8CMEWi7Ha8tPlXGpZR4UruETeh1mhELIj5UeM8T/\n" +
+            "0z+5oX1RHu11j8bZzFDLX9eTsgOdWATHggZjh3/jGQAAACCGkySDZ/nlAV25Ivj0\n" +
+            "gJXdp4SYfy1ZhbEvutFsr15ENf0mCQIUBA5hhGgp2oaavg6mFUXcFMwBBBUuE8qf\n" +
+            "9Ock+xwusd+GAglBr5LVyr/lup3xxQvHXFSjjA2haXfoN6xUGRdDEHI6+uevKjVR\n" +
+            "v5oAxgu7eJpaXNjCmwYYGwoAAAAsBYJjh3/jApsMIiEGyxhsTwYJppfk1S36bHIr\n" +
+            "DB8eJ8GKVnCPZSXsJ7rZrMkAAAAABAEgpukYbZ1ZNfyP5WMUzbUnSGpaUSD5t2Ki\n" +
+            "Nacp8DkBClZRa2c3AMQzSDXa9jGhYzxjzVb5scHDzTkjyRZWRdTq8U6L4da+/+Kt\n" +
+            "ruh8m7Xo2ehSSFyWRSuTSZe5tm/KXgYG\n" +
+            "-----END PGP PRIVATE KEY BLOCK-----";
+    private static final Date CREATION_TIME = parseUTCTimestamp("2022-11-30 16:08:03 UTC");
+
     private static final byte[] PRIMARY_FINGERPRINT = Hex.decode("CB186C4F0609A697E4D52DFA6C722B0C1F1E27C18A56708F6525EC27BAD9ACC9");
     private static final byte[] SUBKEY_FINGERPRINT = Hex.decode("12C83F1E706F6308FE151A417743A1F033790E93E9978488D1DB378DA9930885");
+    private static final long PRIMARY_KEYID = -3812177997909612905L;
+    private static final long SUBKEY_KEYID = 1353401087992750856L;
 
+    private static final KeyFingerPrintCalculator fingerPrintCalculator = new BcKeyFingerprintCalculator();
 
     @Override
     public String getName()
@@ -59,7 +90,15 @@ public String getName()
     public void performTest()
         throws Exception
     {
-        KeyFingerPrintCalculator fingerPrintCalculator = new BcKeyFingerprintCalculator();
+        parseUnprotectedCertTest();
+        parseUnprotectedKeyTest();
+        testJcaFingerprintCalculation();
+        parseProtectedKeyTest();
+    }
+
+    private void parseUnprotectedCertTest()
+            throws IOException
+    {
         ByteArrayInputStream bIn = new ByteArrayInputStream(ARMORED_CERT.getBytes());
         ArmoredInputStream armorIn = new ArmoredInputStream(bIn);
         BCPGInputStream bcIn = new BCPGInputStream(armorIn);
@@ -68,22 +107,112 @@ public void performTest()
 
         Iterator<PGPPublicKey> pIt = publicKeys.getPublicKeys();
         PGPPublicKey key = (PGPPublicKey)pIt.next();
-        isTrue(key.hasFingerprint(PRIMARY_FINGERPRINT));
+        isTrue("Primary key fingerprint mismatch", key.hasFingerprint(PRIMARY_FINGERPRINT));
+        isEquals("Primary key-ID mismatch", PRIMARY_KEYID, key.getKeyID());
+        isEquals("Primary key version mismatch", PublicKeyPacket.VERSION_6, key.getVersion());
+        isEquals("Primary key creation time mismatch", CREATION_TIME, key.getCreationTime());
+        isEquals("Primary key bit-strength mismatch", 256, key.getBitStrength());
+
         key = (PGPPublicKey)pIt.next();
-        isTrue(key.hasFingerprint(SUBKEY_FINGERPRINT));
+        isTrue("Subkey fingerprint mismatch", key.hasFingerprint(SUBKEY_FINGERPRINT));
+        isEquals("Subkey key-ID mismatch", SUBKEY_KEYID, key.getKeyID());
+        isEquals("Subkey version mismatch", PublicKeyPacket.VERSION_6, key.getVersion());
+        isEquals("Subkey creation time mismatch", CREATION_TIME, key.getCreationTime());
+        isEquals("Subkey bit-strength mismatch", 256, key.getBitStrength());
 
-        bIn = new ByteArrayInputStream(ARMORED_KEY.getBytes());
-        armorIn = new ArmoredInputStream(bIn);
-        bcIn = new BCPGInputStream(armorIn);
+        isFalse("Unexpected key object in key ring", pIt.hasNext());
+    }
+
+    private void parseUnprotectedKeyTest()
+            throws IOException, PGPException
+    {
+        ByteArrayInputStream bIn = new ByteArrayInputStream(ARMORED_KEY.getBytes());
+        ArmoredInputStream armorIn = new ArmoredInputStream(bIn);
+        BCPGInputStream bcIn = new BCPGInputStream(armorIn);
 
         PGPSecretKeyRing secretKeys = new PGPSecretKeyRing(bcIn, fingerPrintCalculator);
 
         Iterator<PGPSecretKey> sIt = secretKeys.getSecretKeys();
-        PGPSecretKey sKey = (PGPSecretKey)sIt.next();
-        isTrue(Arrays.areEqual(PRIMARY_FINGERPRINT, sKey.getFingerprint()));
+        PGPSecretKey key = (PGPSecretKey)sIt.next();
+        isEncodingEqual("Primary key fingerprint mismatch", PRIMARY_FINGERPRINT, key.getFingerprint());
+        isEquals("Primary key-ID mismatch", PRIMARY_KEYID, key.getKeyID());
+        isEquals("Primary key version mismatch", PublicKeyPacket.VERSION_6, key.getPublicKey().getVersion());
+        isEquals("Primary key creation time mismatch", CREATION_TIME, key.getPublicKey().getCreationTime());
+        isEquals("Primary key S2K-usage mismatch", SecretKeyPacket.USAGE_NONE, key.getS2KUsage());
+        isNull("Primary key S2K MUST be null", key.getS2K());
+
+        key = (PGPSecretKey)sIt.next();
+        isEncodingEqual("Subkey fingerprint mismatch", SUBKEY_FINGERPRINT, key.getFingerprint());
+        isEquals("Subkey key-ID mismatch", SUBKEY_KEYID, key.getKeyID());
+        isEquals("Subkey version mismatch", PublicKeyPacket.VERSION_6, key.getPublicKey().getVersion());
+        isEquals("Subkey creation time mismatch", CREATION_TIME, key.getPublicKey().getCreationTime());
+        isEquals("Subkey S2K-usage mismatch", SecretKeyPacket.USAGE_NONE, key.getS2KUsage());
+        isNull("Subkey S2K MUST be null", key.getS2K());
+
+        isFalse("Unexpected key object in key ring", sIt.hasNext());
+    }
+
+    private void testJcaFingerprintCalculation()
+            throws IOException
+    {
+        ByteArrayInputStream bIn = new ByteArrayInputStream(ARMORED_CERT.getBytes());
+        ArmoredInputStream armorIn = new ArmoredInputStream(bIn);
+        BCPGInputStream bcIn = new BCPGInputStream(armorIn);
+
+        JcaKeyFingerprintCalculator fpCalc =  new JcaKeyFingerprintCalculator();
+        fpCalc.setProvider(new BouncyCastleProvider());
+        PGPPublicKeyRing publicKeys = new PGPPublicKeyRing(bcIn, fpCalc);
+
+        Iterator<PGPPublicKey> pIt = publicKeys.getPublicKeys();
+        PGPPublicKey key = (PGPPublicKey)pIt.next();
+        isTrue("Primary key fingerprint mismatch", key.hasFingerprint(PRIMARY_FINGERPRINT));
+        isEquals("Primary key-ID mismatch", PRIMARY_KEYID, key.getKeyID());
+        key = (PGPPublicKey)pIt.next();
+        isTrue("Subkey fingerprint mismatch", key.hasFingerprint(SUBKEY_FINGERPRINT));
+        isEquals("Subkey key-ID mismatch", SUBKEY_KEYID, key.getKeyID());
+    }
+
+    private void parseProtectedKeyTest()
+            throws IOException, PGPException
+    {
+        ByteArrayInputStream bIn = new ByteArrayInputStream(ARMORED_PROTECTED_KEY.getBytes(StandardCharsets.UTF_8));
+        ArmoredInputStream aIn = new ArmoredInputStream(bIn);
+        BCPGInputStream pIn = new BCPGInputStream(aIn);
+
+        PGPSecretKeyRing secretKeys = new PGPSecretKeyRing(pIn, fingerPrintCalculator);
+        Iterator<PGPSecretKey> sIt = secretKeys.getSecretKeys();
+
+        PGPSecretKey key = sIt.next();
+        isEncodingEqual("Primary key fingerprint mismatch", PRIMARY_FINGERPRINT, key.getFingerprint());
+        isEquals("Primary key ID mismatch", PRIMARY_KEYID, key.getKeyID());
+        isEquals("Primary key algorithm mismatch",
+                PublicKeyAlgorithmTags.Ed25519, key.getPublicKey().getAlgorithm());
+        isEquals("Primary key version mismatch", PublicKeyPacket.VERSION_6, key.getPublicKey().getVersion());
+        isEquals("Primary key creation time mismatch", CREATION_TIME, key.getPublicKey().getCreationTime());
+        isEquals("Primary key S2K-Usage mismatch", SecretKeyPacket.USAGE_AEAD, key.getS2KUsage());
+        isEquals("Primary key AEAD algorithm mismatch",
+                AEADAlgorithmTags.OCB, key.getAEADKeyEncryptionAlgorithm());
+        isEquals("Primary key protection algorithm mismatch",
+                SymmetricKeyAlgorithmTags.AES_256, key.getKeyEncryptionAlgorithm());
+        isEncodingEqual("Primary key S2K salt mismatch",
+                Hex.decode("5d6fd71c9e096d1eb6917b6e6e1eecae"), key.getS2K().getIV());
+
+        key = sIt.next();
+        isEncodingEqual("Subkey fingerprint mismatch", SUBKEY_FINGERPRINT, key.getFingerprint());
+        isEquals("Subkey ID mismatch", SUBKEY_KEYID, key.getKeyID());
+        isEquals("Subkey algorithm mismatch",
+                PublicKeyAlgorithmTags.X25519, key.getPublicKey().getAlgorithm());
+        isEquals("Subkey version mismatch", PublicKeyPacket.VERSION_6, key.getPublicKey().getVersion());
+        isEquals("Subkey creation time mismatch", CREATION_TIME, key.getPublicKey().getCreationTime());
+        isEquals("Subkey S2K-Usage mismatch", SecretKeyPacket.USAGE_AEAD, key.getS2KUsage());
+        isEquals("Subkey AEAD algorithm mismatch",
+                AEADAlgorithmTags.OCB, key.getAEADKeyEncryptionAlgorithm());
+        isEquals("Subkey protection algorithm mismatch",
+                SymmetricKeyAlgorithmTags.AES_256, key.getKeyEncryptionAlgorithm());
+        isEncodingEqual("Subkey S2K salt mismatch",
+                Hex.decode("0e61846829da869abe0ea61545dc14cc"), key.getS2K().getIV());
 
-        sKey = (PGPSecretKey)sIt.next();
-        isTrue(Arrays.areEqual(SUBKEY_FINGERPRINT, sKey.getFingerprint()));
+        isFalse("Unexpected key in key ring", sIt.hasNext());
     }
 
     public static void main(String[] args)