mirror of
https://github.com/pgpainless/pgpainless.git
synced 2025-09-10 02:39:39 +02:00
Add fuzzer test for generate-key for testing fuzzed passphrases and user-ids
This commit is contained in:
parent
7656bcd101
commit
4d46edf3b6
GPG key ID:
62BEE9264BF17311
9 changed files with 78 additions and 0 deletions
|
|
@ -0,0 +1,67 @@
|
|||
// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
|
||||
//
|
||||
// SPDX-License-Identifier: Apache-2.0
|
||||
|
||||
package org.pgpainless.sop.fuzzing;
|
||||
|
||||
import com.code_intelligence.jazzer.api.FuzzedDataProvider;
|
||||
import com.code_intelligence.jazzer.junit.FuzzTest;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.api.KeyPassphraseProvider;
|
||||
import org.bouncycastle.openpgp.api.OpenPGPKey;
|
||||
import org.bouncycastle.openpgp.api.OpenPGPKeyReader;
|
||||
import org.bouncycastle.openpgp.api.exception.KeyPassphraseException;
|
||||
import org.bouncycastle.util.encoders.Hex;
|
||||
import org.junit.jupiter.api.Test;
|
||||
import org.pgpainless.sop.SOPImpl;
|
||||
import sop.SOP;
|
||||
import sop.exception.SOPGPException;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.nio.charset.StandardCharsets;
|
||||
|
||||
import static org.junit.jupiter.api.Assertions.assertNotNull;
|
||||
|
||||
public class GenerateKeyFuzzTest {
|
||||
|
||||
private final SOP sop = new SOPImpl();
|
||||
|
||||
@FuzzTest(maxDuration = "5m")
|
||||
public void generateKeyWithFuzzedUserId(FuzzedDataProvider provider) throws IOException {
|
||||
String userId = provider.consumeRemainingAsString();
|
||||
|
||||
try {
|
||||
byte[] keyBytes = sop.generateKey()
|
||||
.userId(userId)
|
||||
.generate()
|
||||
.getBytes();
|
||||
|
||||
OpenPGPKey key = new OpenPGPKeyReader().parseKey(keyBytes);
|
||||
assertNotNull(key.getUserId(userId), "Cannot fetch user-id for '" + userId + "' (" + Hex.toHexString(userId.getBytes(StandardCharsets.UTF_8)) + ")\n" + new String(keyBytes));
|
||||
} catch (IllegalArgumentException e) {
|
||||
// expected.
|
||||
}
|
||||
}
|
||||
|
||||
@FuzzTest
|
||||
public void generateKeyWithFuzzedPassphrase(FuzzedDataProvider provider) throws IOException, KeyPassphraseException {
|
||||
byte[] passphrase = provider.consumeRemainingAsBytes();
|
||||
|
||||
try {
|
||||
byte[] keyBytes = sop.generateKey()
|
||||
.withKeyPassword(passphrase)
|
||||
.generate()
|
||||
.getBytes();
|
||||
|
||||
OpenPGPKey key = new OpenPGPKeyReader().parseKey(keyBytes);
|
||||
OpenPGPKey.OpenPGPPrivateKey pk = key.getPrimarySecretKey().unlock(new String(passphrase).toCharArray());
|
||||
assertNotNull(pk, "Got null result unlocking key that was generated with passphrase 0x'" + Hex.toHexString(passphrase) + "'");
|
||||
}
|
||||
catch (SOPGPException.PasswordNotHumanReadable e) {
|
||||
// expected.
|
||||
}
|
||||
catch (PGPException e) {
|
||||
throw new RuntimeException("Cannot unlock key that was generated with passphrase 0x'" + Hex.toHexString(passphrase) + "'", e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
/
|
||||
|
|
@ -0,0 +1 @@
|
|||
]
M
|
||||
|
|
@ -0,0 +1 @@
|
|||
牋<EFBFBD>
|
||||
|
|
@ -0,0 +1 @@
|
|||
<EFBFBD><EFBFBD>
|
||||
|
|
@ -0,0 +1,2 @@
|
|||
|
||||
]
|
||||
|
|
@ -0,0 +1 @@
|
|||
<EFBFBD>
|
||||
Loading…
Add table
Add a link
Reference in a new issue