Change SymmetricEncryptionAlgorithmNegotiator to return the 'best' avail. alg

2025-09-14 20:59:39 +02:00 · 2021-07-01 21:33:38 +02:00 · 2021-07-01 21:33:38 +02:00 · 9b046a0cf1
commit 9b046a0cf1
parent 30740aba4f
4 changed files with 124 additions and 22 deletions
--- a/pgpainless-core/src/test/java/org/pgpainless/algorithm/SymmetricKeyAlgorithmNegotiatorTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/algorithm/SymmetricKeyAlgorithmNegotiatorTest.java
@ -76,4 +76,66 @@ public class SymmetricKeyAlgorithmNegotiatorTest {
        // AES 192 is most popular
        assertEquals(SymmetricKeyAlgorithm.AES_192, byPopularity.negotiate(policy, null, preferences));
    }
+
+    @Test
+    public void byPopularityIgnoresRejectedAlgorithms() {
+        List<Set<SymmetricKeyAlgorithm>> preferences = new ArrayList<>();
+
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.CAMELLIA_128);
+            add(SymmetricKeyAlgorithm.CAMELLIA_192); // <- rejected
+            add(SymmetricKeyAlgorithm.AES_256); // <- accepted
+        }});
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.CAMELLIA_128);
+            add(SymmetricKeyAlgorithm.CAMELLIA_192); // <- rejected
+        }});
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.CAMELLIA_192); // <- rejected
+            add(SymmetricKeyAlgorithm.AES_256); // <- accepted
+        }});
+
+        // AES 192 is most popular
+        assertEquals(SymmetricKeyAlgorithm.AES_256, byPopularity.negotiate(policy, null, preferences));
+    }
+
+    @Test
+    public void byPopularityChoosesFallbackWhenNoAlgIsAcceptable() {
+        List<Set<SymmetricKeyAlgorithm>> preferences = new ArrayList<>();
+
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.CAMELLIA_128);
+            add(SymmetricKeyAlgorithm.CAMELLIA_192);
+        }});
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.CAMELLIA_128);
+            add(SymmetricKeyAlgorithm.CAMELLIA_192);
+        }});
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.CAMELLIA_192);
+            add(SymmetricKeyAlgorithm.BLOWFISH);
+        }});
+
+        // AES 192 is most popular
+        assertEquals(SymmetricKeyAlgorithm.CAMELLIA_256, byPopularity.negotiate(policy, null, preferences));
+    }
+
+    @Test
+    public void byPopularitySelectsBestOnDraw() {
+        List<Set<SymmetricKeyAlgorithm>> preferences = new ArrayList<>();
+
+        // Create draw between AES 128 and AES 256
+        // The recipients prefer AES 128 first, but we prioritize our policies order
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.AES_128);
+            add(SymmetricKeyAlgorithm.AES_192);
+            add(SymmetricKeyAlgorithm.AES_256);
+        }});
+        preferences.add(new LinkedHashSet<SymmetricKeyAlgorithm>(){{
+            add(SymmetricKeyAlgorithm.AES_128);
+            add(SymmetricKeyAlgorithm.AES_256);
+        }});
+
+        assertEquals(SymmetricKeyAlgorithm.AES_256, byPopularity.negotiate(policy, null, preferences));
+    }
 }
--- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/EncryptDecryptTest.java
@ -35,6 +35,7 @@ import org.bouncycastle.openpgp.PGPPublicKeyRing;
 import org.bouncycastle.openpgp.PGPSecretKeyRing;
 import org.bouncycastle.openpgp.PGPSignature;
 import org.bouncycastle.util.io.Streams;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.MethodSource;
@ -56,6 +57,7 @@ import org.pgpainless.key.generation.type.rsa.RsaLength;
 import org.pgpainless.key.protection.SecretKeyRingProtector;
 import org.pgpainless.key.protection.UnprotectedKeysProtector;
 import org.pgpainless.key.util.KeyRingUtils;
+import org.pgpainless.policy.Policy;
 import org.pgpainless.util.ArmoredOutputStreamFactory;

 public class EncryptDecryptTest {
@ -71,6 +73,14 @@ public class EncryptDecryptTest {
                    "Unfold the imagined happiness that both\n" +
                    "Receive in either by this dear encounter.";

+    @BeforeEach
+    public void setDefaultPolicy() {
+        PGPainless.getPolicy().setSymmetricKeyEncryptionAlgorithmPolicy(
+                Policy.SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyEncryptionAlgorithmPolicy());
+        PGPainless.getPolicy().setSymmetricKeyDecryptionAlgorithmPolicy(
+                Policy.SymmetricKeyAlgorithmPolicy.defaultSymmetricKeyDecryptionAlgorithmPolicy());
+    }
+
    @ParameterizedTest
    @MethodSource("org.pgpainless.util.TestUtil#provideImplementationFactories")
    public void freshKeysRsaToElGamalTest(ImplementationFactory implementationFactory)