Test for detection of uncompressed, signed messages, and improve decryption of seip messages

2025-12-10 06:11:08 +01:00 · 2022-05-05 12:43:44 +02:00 · 2022-05-05 12:43:44 +02:00 · 64a50266f1
commit 64a50266f1
parent 7b7707b3a9
3 changed files with 46 additions and 8 deletions
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/DecryptionStreamFactory.java
@ -140,7 +140,10 @@ public final class DecryptionStreamFactory {
            return new DecryptionStream(pgpInStream, resultBuilder, integrityProtectedEncryptedInputStream, null);
        }

-        if (openPgpIn.isLikelyOpenPgpMessage()) {
+        // Data appears to be OpenPGP message,
+        //  or we handle it as such, since user provided a session-key for decryption
+        if (openPgpIn.isLikelyOpenPgpMessage() ||
+                (openPgpIn.isBinaryOpenPgp() && options.getSessionKey() != null)) {
            outerDecodingStream = openPgpIn;
            objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(outerDecodingStream);
            // Parse OpenPGP message
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java
@ -77,14 +77,14 @@ public class OpenPgpInputStream extends BufferedInputStream {
    }

    private void inspectBuffer() throws IOException {
-        if (determineIsArmored()) {
+        if (checkForAsciiArmor()) {
            return;
        }

-        determineIsBinaryOpenPgp();
+        checkForBinaryOpenPgp();
    }

-    private boolean determineIsArmored() {
+    private boolean checkForAsciiArmor() {
        if (startsWithIgnoringWhitespace(buffer, ARMOR_HEADER, bufferLen)) {
            containsArmorHeader = true;
            return true;
@ -100,7 +100,7 @@ public class OpenPgpInputStream extends BufferedInputStream {
     * This breaks down though if we read plausible garbage where the data accidentally makes sense,
     * or valid, yet incomplete packets (remember, we are still only working on a portion of the data).
     */
-    private void determineIsBinaryOpenPgp() throws IOException {
+    private void checkForBinaryOpenPgp() throws IOException {
        if (bufferLen == -1) {
            // Empty data
            return;
@ -210,7 +210,6 @@ public class OpenPgpInputStream extends BufferedInputStream {
                }

                containsOpenPgpPackets = true;
-                isLikelyOpenPgpMessage = true;
                break;

            case SYMMETRIC_KEY_ENC_SESSION:
@ -295,6 +294,8 @@ public class OpenPgpInputStream extends BufferedInputStream {
            case SYMMETRIC_KEY_ENC:
                // No data to compare :(
                containsOpenPgpPackets = true;
+                // While this is a valid OpenPGP message, enabling the line below would lead to too many false positives
+                // isLikelyOpenPgpMessage = true;
                break;

            case MARKER: