From 2d76cb5c82c01d90fec7ee10533a0f14ad9406c0 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Wed, 4 Aug 2021 16:02:35 +0200
Subject: [PATCH] Fix partial length encoding of some messages

Fixes #160

I'm not yet sure, why this issue only happened with some keys and not others,
but this fix works for now.
---
 .../encryption_signing/EncryptionStream.java  |   5 +-
 .../InvestigateThunderbirdDecryption.java     | 137 ++++++++++++++++++
 2 files changed, 141 insertions(+), 1 deletion(-)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/EncryptionStream.java b/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/EncryptionStream.java
index ea9d72e7..87d2d0a5 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/EncryptionStream.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/encryption_signing/EncryptionStream.java
@@ -52,7 +52,10 @@ public final class EncryptionStream extends OutputStream {
     private final EncryptionResult.Builder resultBuilder = EncryptionResult.builder();
 
     private boolean closed = false;
-    private static final int BUFFER_SIZE = 1 << 8;
+    // 1 << 8 causes wrong partial body length encoding
+    //  1 << 9 fixes this.
+    //  see https://github.com/pgpainless/pgpainless/issues/160
+    private static final int BUFFER_SIZE = 1 << 9;
 
     OutputStream outermostStream;
     private ArmoredOutputStream armorOutputStream = null;
diff --git a/pgpainless-core/src/test/java/investigations/InvestigateThunderbirdDecryption.java b/pgpainless-core/src/test/java/investigations/InvestigateThunderbirdDecryption.java
index 8b79a937..aac6513d 100644
--- a/pgpainless-core/src/test/java/investigations/InvestigateThunderbirdDecryption.java
+++ b/pgpainless-core/src/test/java/investigations/InvestigateThunderbirdDecryption.java
@@ -28,6 +28,8 @@ import org.bouncycastle.util.io.Streams;
 import org.junit.jupiter.api.Test;
 import org.pgpainless.PGPainless;
 import org.pgpainless.algorithm.DocumentSignatureType;
+import org.pgpainless.decryption_verification.ConsumerOptions;
+import org.pgpainless.decryption_verification.DecryptionStream;
 import org.pgpainless.encryption_signing.EncryptionOptions;
 import org.pgpainless.encryption_signing.EncryptionStream;
 import org.pgpainless.encryption_signing.ProducerOptions;
@@ -128,4 +130,139 @@ public class InvestigateThunderbirdDecryption {
         System.out.println(out);
         // CHECKSTYLE:ON
     }
+
+    @Test
+    public void testWithSuspiciousKey() throws PGPException, IOException {
+        String KEY = "-----BEGIN PGP PRIVATE KEY BLOCK-----\n" +
+                "Comment: 4409 A346 1359 96C9 4595  510E 5A18 53D1 5656 CB7A\n" +
+                "Comment: Alice (Created with pgpkeygen.com) <alice@pgpainless.or\n" +
+                "\n" +
+                "xcLYBGEJRbUBCADdGTnWfMDfZx0Qddc5mpNW1+qMDubfzOoE0bhDMC8UIh+ElET3\n" +
+                "N8RgA2RQrFyzlugR7SmN0pa/rWaYmIe8nCRL+/BT8gTzO6HEV5Ya4KPTGCy3SVsp\n" +
+                "0ua8fBQBeyF/eBD2hEwPIODtWqjltAHajwU6e/eOsqtC6QS8V6x0vFFjKq+vbOEu\n" +
+                "9p9Yxt6jzSWMgLhJR2zRIkvS9Z5hiuz8jhKEWUNAtyhZIOnBYVRYhIWDWTvWMbDk\n" +
+                "+pQMoq28eSjFRyxWK7Cdln0H/hBO4kZ3xqOAUNK4B+FrxCDeVfYnlfKwZTBJkkwb\n" +
+                "3CkhtscUg54wC/2XCbyih6S1pLnMsNB0WSLZABEBAAEAB/4zYhUvvIL7eGSICobo\n" +
+                "D30t+dR708vCl8YMNCwZS0WprWt7PZUQijCUar1hxUjvAMNyxRX67IXVyof1Lz+e\n" +
+                "bQA/e2/lJnIRkBp+fad4HBxepvffacgqvmWayNBCbtoAXIg+rkzZ2DeF2eO2LIEg\n" +
+                "yMu7hYtpKatFC8/qsIp2/7v/akHRgPZ9QQGg2Sr5RJxZIUbSylrLmILPgTNbVu5+\n" +
+                "YTUo8P0IQC7E1FVRmt5EKN3w/6mcOY3Dz8ZtR1312178RnXt9bejjvvdvRRfooRw\n" +
+                "wtGr7CWfm8DxJ40GPP287Y2CZXX6ZURwSGCqkmEMPws/SN04qq6plF0pUluUI4re\n" +
+                "R3gtBAD10/eebm4wLixXTUNvbXb7PEzWz4gJdBqWc09Zkv8nHyZgrf8DReltFoX8\n" +
+                "v/BFjoxXVxUm3C+VP/sjDPDRHsVh4NFvY0nEI4V5jtg0V2gz5pCYoGnryridWARu\n" +
+                "FhlVDIaZ00BWmfllLmVMVuDBFqMIddkv7ND6SP6aVXokeV3lJQQA5j9NRj6ZFat/\n" +
+                "/vD9iLoXNxShx2bjIvXKyt/emsgay74+37Yzqbysn9XPm6sZcaXAB0DdNwAZKV1z\n" +
+                "iaPKbzrPW1dk00+LBuUnFrTlvBB0piOJ0X27hiruLBaZVgx7QnPrsRfEKQX6xKyP\n" +
+                "QoP7nE1+AnQpBtVFMtX6AE/Z5SkNCqUEAKXc9iD2Q9c7RkDeCfeUU1bppTSe8Rx2\n" +
+                "zroE3v6mrx8+SwLmvE59zGWRW5JtblhRXjJb1M3Z26h8bh3XOGaq3Y6iYkfaBS4y\n" +
+                "8BWvmq1yHDMui8sTjyRovhs26nu/PYK06Q1y4AnPbZElDsza3OIShicd6H5udZb9\n" +
+                "6XCoNmeGTZseQwzNOUFsaWNlIChDcmVhdGVkIHdpdGggcGdwa2V5Z2VuLmNvbSkg\n" +
+                "PGFsaWNlQHBncGFpbmxlc3Mub3JnPsLAhAQTAQoAFwUCYQlFtQIbLwMLCQcDFQoI\n" +
+                "Ah4BAheAACEJEFoYU9FWVst6FiEERAmjRhNZlslFlVEOWhhT0VZWy3r8wAgA1BkJ\n" +
+                "1DsN0uGUuUq0ENeAZQyHkymgsACJ9CpPkUgY4dDai7jR0XIVgBulOY6HYzoZlkbY\n" +
+                "S9PjkDby62Sw21sWwBKrGQubCfJjBIkZxb4uED07t5mkwRgq3B3EuZIZLZS0UlRk\n" +
+                "NC2iKpYtWGVd/qq0kE37erJPacX5MececN972gPGD1AlPsz+NFZhxsHBltveEZEb\n" +
+                "wuBxg7MF+YumkUc/OzE5znmUhStyLItuI5SI3OU59GXRErUwG9ZjKhsFx/xOM820\n" +
+                "m0to5V7psGy9ouBIRhjJKjwzOAkO+WJfey8oMWrHvVMGvPGoyfxBihKreIxUwFYG\n" +
+                "ay95kPVg2jbfVOuqP8fC2ARhCUW1AQgAruwAoeYnH1Mv7G+4fuO4qp/UJ7zZF8g5\n" +
+                "Jc/1qiX1wTrsubowo9NRPUKL5sG4nQkG4EFfAAEk8UawxyCr2FrFNh1g4+IPor6D\n" +
+                "fHC47uRT11sA3I/fGgc4q0cbsXYTpHEgmltkOIWF8a5n6l6pzN5Q5d8oruYkxmKE\n" +
+                "eNyn2Uusk6+qWi9IYSY9PnrE7oeRQSqcUUozuv5p8ThY0voYhby1fz6jj0MdaKvm\n" +
+                "JnlpJao09IgAU1nT8Hm/H1SbuIiQB1YEyG2oSaHS+B8SnfPFb6Yd/t9gvg7fUh52\n" +
+                "4RI7pwdQ/63A+y49IZCWiG5TB9do8/FAO8r55GkOrfAnZIuIvqga2wARAQABAAf9\n" +
+                "FVQTc6ozhP9IraSls1si7jMU1E+TjPHN/g1QYBHG2GvN54uLWL5wfm65zkY6s3Mh\n" +
+                "UoDGC6MYFQ9QiMc0DOpsd3+3i7HJxEdEkwzPj9lpW63t+fbU9kCBKWk/ODE0je15\n" +
+                "UzjnjHjDb0ebxhkKzT8iUBUYydKoE0R58J6/HKC8hzlFWg3ZvKQeqZ+HreP5Avw0\n" +
+                "lLpe21AX9ObjUfOjuqfOIra43HnME/6WCSWMat2+tYVAlOo85gOfhBN7vwzgN+4Q\n" +
+                "30IjZtxgr0cwsekQg5r96fAAidaQmeQebfMyHGZtFqBwz5iBJpIh/i5HT9rmdVwD\n" +
+                "062QY2QXU97ThJx6ms4BkQQA5n4BrpBdD9cDPZXlxFkOqhLB8hQ6l+VHNVg8XPY+\n" +
+                "QeLNgTUZG63AlEamPgPXFHHIvHJNsxxIpHJfsZyFQcH8qCc8opxlhHYNzQl1qOHZ\n" +
+                "afkpezvCDVgeJm+Zsa6yR3545CmaAVZgHmEkUqqcC9hihCWkI4D/XFX4ASh0y2sM\n" +
+                "ajkEAMJHpw5hBEYtH4QY3ANWVpYL8urwpEGg2baP4t9mPxdMc9a9pZ24Zi1UatdQ\n" +
+                "A/apxK0MTUNzpogGNYlwiT1k5TzOtuEwC7j5kN9JJsy7DOMFfS1vXQxlTISIGa2j\n" +
+                "nJcJyo2PclDGX/Xy7vijo+tW34YNM31UX2PbR7blPT1t/H2zBACVE/SSLud9j5Ps\n" +
+                "e7KjXiSdBvqgT5bl6jgtrl9QKVE8ICVnFxekuWtcuHMUfHgum8YhhzdwmpCCReFq\n" +
+                "PbaHY5p6OrFmnpJp+3pJjEjFU/2SVf9pVH7g0gQ+zEjyaduxkrCcDJWQ7SToqUlV\n" +
+                "vn70MLRmkXGpv1AeC3xUCHqPQoNivjv2wsGbBBgBCgAPBQJhCUW1BQkPCZwAAhsu\n" +
+                "AUAJEFoYU9FWVst6wF0gBBkBCgAGBQJhCUW1AAoJEAmePaNkGVibSJMH/29LGkog\n" +
+                "uYqwy76kUuqK0sDTOlQ+K9EDbabOvIujN4FN//hju7FU/1U1AmicBbOB2IfXmqwu\n" +
+                "ArWHq5JndjrH8oLk6u/weU+/x2t2NaSgM2i8vjAb1QBu7MLiWe4airAuYJ6X8KYC\n" +
+                "xhqO2DMCpByyjhCvS5P3idjZM4AHCnozFS7PS1hPsU1LjaAHonfsCbFngBJa1Bpy\n" +
+                "Zg/8mDCphYKhqA2K9lZ72r2TTqNQND+yr8R7Ksj9h9qvgHBahFzyT6va+Pd1rIrT\n" +
+                "Q4UNH4i4s2bdpF3UW8UauUmeyMp3ozQ5s4q2p7llFB17ul87TiA++DIVms4s3qct\n" +
+                "rV+O3VvkaDc8cWgWIQRECaNGE1mWyUWVUQ5aGFPRVlbLetRCCACabiPcOvnELk/F\n" +
+                "rdJlqRX+eoyYXFqkXVW7L4ev20SdT3zl7rsr6ExaREhRpACNuR9z80I7vzOqjN2D\n" +
+                "QXAnjttsXa09hAGa+1RC546NrG2uMHUTOiXItz5z+S3qI7K2+1XhYyEsBamUfKbP\n" +
+                "ymrmW50rcUlaupjDAo9Pfj8pYtkIZN9a8LX2Y5Uj/1e9TUvG/dO8txluL5ow8G5R\n" +
+                "q+PWWhoXBThXNyo7C7z3LfikLP+EVqA5VKVSz6xB0apIMIxlZy/LoZBWdoOMQAot\n" +
+                "fPz7D/gBblrzEX2St0FZmQBc8RAy1eLqCEXu2b8qgs8TUlkxuuOXzDG5joUI6VFP\n" +
+                "Rvm74iZEx8LYBGEJRbUBCADg7LwZ7CI3++geddBBVUdTpG+fVq/spFy0ONTX4HDq\n" +
+                "hRa6iRWsG9C39p45WGGKWF3SpXoEeXXT1/TXLUHEJ+R1VOAr/nj1fnki6MHJ1zSO\n" +
+                "bS6jH+ybOjA2rHYwmxPbfP9JSf+UgUMO7/X7cPa3QCX9CeXDCLDSiH3Hdi98YY6Y\n" +
+                "MwG8gkNw+o3Ot74JjQrQNNt2IMX5NcExr3P+0f0tCZxldukGzJdiEoeqi0eBa7Mo\n" +
+                "Mq8qDN8cw8rovBFm81HwW9GXpTmurtw61DOA2LZzP5lrb+nBVwx1GR2YfwD/ZUFg\n" +
+                "7DfhqfD5VFtK6zYhxC3GbAQCiRYUtju77M6UolP/h9zbABEBAAEAB/wJdryFZLOd\n" +
+                "4moGWhOspA9vvAP8UtPtI49I//koqidmHrpxl9IDH1p9WxGWPRtBjG1KLy8+n/Ou\n" +
+                "ua/yG9PgEoOg0jTqdPcW8T7ckqmQug7ajUqAj5fPgjfEHSaN7gB8ZDqDlWr9DyFI\n" +
+                "sB0L+tlOpZLTnkZ+GdAC075jFZxy4dHzomGTrc1ouWdX/m9ay5tqKOQyg0EyvDpv\n" +
+                "ygQMXOpcEqX5zWn5S12gLdvHU9DY3g7Tb6rLOjHUyVBdnMnngyYupb3iCw60QIor\n" +
+                "rgZvqs5ZB3WfYqFMAZRfN1YyzvAgj3AggGMRlGoABdTnnh9qStxPaDewgnqXeVCv\n" +
+                "rY9uT0Fu2zahBAD5NMixoHgJocq9HWEUp8i6jKz/jEYwvXjcFWQ6IdJUbHdEQNKp\n" +
+                "oVpeQeArX3e7SVGqQXUrJQGsE0tAem2Qb2OUO8aXtTTgqhfgOzaqfbieo36IMI9O\n" +
+                "mOFlicu3slaQhg7qDWaDjQCn12F+/VLbwGzz2MRPkQSOd8DFtNvNLB0juwQA5w59\n" +
+                "cvGH8OXhCqYs9pjpzDTXRw2ZKa5VhgFiXlzF6/mcvu8qKlND4u2CqbFxR/14Ov8P\n" +
+                "dU3aDvcgXuQpgOhZ/rafwjT2fDfTSraMLppVBNJo/FA5G5lPB3d0fNN69/loIuUR\n" +
+                "kPB/P6QW6yOsolmAVKgDJymyT9Nl0OeyIFKXSWED/0rfueyhzJ1md6TdV5bhAMW3\n" +
+                "kBcqmu6UB1VON357slA6bgmJRIn8zu99/dX3ploWchzWa8bDi+CB5uAVj/ybFsFh\n" +
+                "lAXnTAeT7qPMU6GzTxAenQxdKHiG/zt+HOstV7jnjYf/dcCOyG368ZxsBPqtmr4V\n" +
+                "AqCe644Pf3+pNKNkTr/5RRnCwZsEGAEKAA8FAmEJRbUFCQ8JnAACGy4BQAkQWhhT\n" +
+                "0VZWy3rAXSAEGQEKAAYFAmEJRbUACgkQbJk3aYTh+AiL0QgAn/e+K8B5K+E+ciSR\n" +
+                "A0jFfzCJCzqnueDK6rrxbrzk+8roqj9MS9J4V2Mtb/AMRGNTbRjbJfxUbvJaUCcz\n" +
+                "n9vKEiggx2ZyS6mr3cMWRxqH2p7s+SENrouUF8tdePRmI8IJT3e74idhblNPrUc0\n" +
+                "Wo9Kgzyv4SJqQrt+PG1Yte51O20AULbEkUF4u8ychpY8BJkodxVZENkZsQW+nrr6\n" +
+                "YNNp14v2RTCPuvdVmZXNfBVE9TQDigadzcyGUPmfoF9Xr164Cho/ugKgESSYbkMz\n" +
+                "kLe4fr5IRoz5aRDNjC4apxHlXrF/yQWWZ9U6CUiqEqUAlgYsNoEC++01I5B4rELg\n" +
+                "XO1aYhYhBEQJo0YTWZbJRZVRDloYU9FWVst6WHIH+wTajug9UQiNTyMZ8PAk0cHr\n" +
+                "miEaydBUdAWyZ6EKNsBgkamVSEOw9nPnDuGzZzcMOGwHfQ78CmoCniP44prMoRiS\n" +
+                "PcfmdFeQDt5kAKg1offUe6z36Brtk/8HO3FCbKM+zim2YF7GNLuCZTfZfYp1B0Gv\n" +
+                "/Ici5zjrJIFR/78vcZgjpEzUCQ2XkgFTNNuWsGJ7APm6MPzQLEyK6apVw0BoM+Mb\n" +
+                "vt8V+lJV+hZNzEWQmbuiyv87onWNJGDQiu30bXktaHx6VEjjwjicPqv4qDNT3rhv\n" +
+                "dsB/NddWOgRXfnZ833hVT6rBZYtm+nqb3nm8rbJOtPi/MnEFoyWFi3uT9h7oeAc=\n" +
+                "=Zaty\n" +
+                "-----END PGP PRIVATE KEY BLOCK-----\n";
+        PGPSecretKeyRing secretKey = PGPainless.readKeyRing().secretKeyRing(KEY);
+        PGPPublicKeyRing publicKey = PGPainless.extractCertificate(secretKey);
+
+        ByteArrayInputStream data = new ByteArrayInputStream("Hello, World!\n".getBytes(StandardCharsets.UTF_8));
+        ByteArrayOutputStream out = new ByteArrayOutputStream();
+        EncryptionStream encryptionStream = PGPainless.encryptAndOrSign().onOutputStream(out)
+                .withOptions(ProducerOptions.signAndEncrypt(
+                        EncryptionOptions.encryptCommunications()
+                                .addRecipient(publicKey),
+                        SigningOptions.get()
+                                .addInlineSignature(SecretKeyRingProtector.unprotectedKeys(), secretKey, DocumentSignatureType.BINARY_DOCUMENT)
+                ).setAsciiArmor(true));
+
+        Streams.pipeAll(data, encryptionStream);
+        encryptionStream.close();
+        // CHECKSTYLE:OFF
+        System.out.println(out);
+        // CHECKSTYLE:ON
+
+        ByteArrayInputStream in = new ByteArrayInputStream(out.toByteArray());
+        ByteArrayOutputStream clear = new ByteArrayOutputStream();
+
+        DecryptionStream decryptionStream = PGPainless.decryptAndOrVerify()
+                .onInputStream(in)
+                .withOptions(new ConsumerOptions()
+                        .addDecryptionKey(secretKey, SecretKeyRingProtector.unprotectedKeys())
+                        .addVerificationCert(publicKey));
+
+        Streams.pipeAll(decryptionStream, clear);
+
+        decryptionStream.close();
+        // CHECKSTYLE:OFF
+        System.out.println(clear);
+        // CHECKSTYLE:ON
+    }
 }