PGPainless/pgpainless
PGPainless/pgpainless
1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2025-12-10 14:21:09 +01:00
Code Issues Releases Wiki Activity

WIP: Replace nesting with independent instancing

Browse source
This commit is contained in:
Paul Schaub 2022-09-13 19:23:59 +02:00
parent bf8949d7f4
commit e86062c427
13 changed files with 1227 additions and 411 deletions
Download patch file Download diff file Expand all files Collapse all files

210
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/PGPDecryptionStream.java → pgpainless-core/src/main/java/org/pgpainless/decryption_verification/MessageDecryptionStream.java
View file

@ -12,41 +12,50 @@ import org.bouncycastle.bcpg.Packet;
import org.bouncycastle.bcpg.PacketTags;
import org.bouncycastle.bcpg.PublicKeyEncSessionPacket;
import org.bouncycastle.bcpg.SignaturePacket;
import org.bouncycastle.bcpg.SymmetricEncDataPacket;
import org.bouncycastle.bcpg.SymmetricEncIntegrityPacket;
import org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket;
import org.bouncycastle.bcpg.TrustPacket;
import org.bouncycastle.bcpg.UserAttributePacket;
import org.bouncycastle.bcpg.UserIDPacket;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPBEEncryptedData;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
import org.pgpainless.algorithm.OpenPgpPacket;
import org.pgpainless.decryption_verification.automaton.InputAlphabet;
import org.pgpainless.decryption_verification.automaton.NestingPDA;
import org.pgpainless.exception.MalformedOpenPgpMessageException;
import org.pgpainless.exception.MessageNotIntegrityProtectedException;
import org.pgpainless.exception.MissingDecryptionMethodException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.util.Passphrase;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.SequenceInputStream;
import java.util.ArrayList;
import java.util.List;
import java.util.NoSuchElementException;
import java.util.Stack;
public class PGPDecryptionStream extends InputStream {
public class MessageDecryptionStream extends InputStream {
PushdownAutomaton automaton = new PushdownAutomaton();
private final ConsumerOptions options;
NestingPDA automaton = new NestingPDA();
// nested streams, outermost at the bottom of the stack
Stack<Layer> packetLayers = new Stack<>();
List<PublicKeyEncSessionPacket> pkeskList = new ArrayList<>();
List<SymmetricKeyEncSessionPacket> skeskList = new ArrayList<>();
public PGPDecryptionStream(InputStream inputStream) throws IOException, PGPException {
try {
packetLayers.push(Layer.initial(inputStream));
walkLayer();
} catch (MalformedOpenPgpMessageException e) {
throw e.toRuntimeException();
}
public MessageDecryptionStream(InputStream inputStream, ConsumerOptions options)
throws IOException, PGPException {
this.options = options;
packetLayers.push(Layer.initial(inputStream));
walkLayer();
}
private void walkLayer() throws PGPException, IOException {
@ -54,6 +63,7 @@ public class PGPDecryptionStream extends InputStream {
return;
}
// We are currently in the deepest layer
Layer layer = packetLayers.peek();
BCPGInputStream inputStream = (BCPGInputStream) layer.inputStream;
@ -65,33 +75,23 @@ public class PGPDecryptionStream extends InputStream {
OpenPgpPacket tag = nextTagOrThrow(inputStream);
switch (tag) {
case PKESK:
PublicKeyEncSessionPacket pkeskPacket = (PublicKeyEncSessionPacket) inputStream.readPacket();
PGPEncryptedDataList encList = null;
break;
case SIG:
automaton.next(PushdownAutomaton.InputAlphabet.Signatures);
case LIT:
automaton.next(InputAlphabet.LiteralData);
PGPLiteralData literalData = new PGPLiteralData(inputStream);
packetLayers.push(Layer.literalMessage(literalData.getDataStream()));
break loop;
case COMP:
automaton.next(InputAlphabet.CompressedData);
PGPCompressedData compressedData = new PGPCompressedData(inputStream);
inputStream = new BCPGInputStream(compressedData.getDataStream());
packetLayers.push(Layer.compressedData(inputStream));
break;
case OPS:
automaton.next(InputAlphabet.OnePassSignatures);
ByteArrayOutputStream buf = new ByteArrayOutputStream();
BCPGOutputStream bcpgOut = new BCPGOutputStream(buf);
while (inputStream.nextPacketTag() == PacketTags.SIGNATURE || inputStream.nextPacketTag() == PacketTags.MARKER) {
Packet packet = inputStream.readPacket();
if (packet instanceof SignaturePacket) {
SignaturePacket sig = (SignaturePacket) packet;
sig.encode(bcpgOut);
}
}
PGPSignatureList signatures = (PGPSignatureList) ImplementationFactory.getInstance()
.getPGPObjectFactory(buf.toByteArray()).nextObject();
break;
case SKESK:
SymmetricKeyEncSessionPacket skeskPacket = (SymmetricKeyEncSessionPacket) inputStream.readPacket();
break;
case OPS:
automaton.next(PushdownAutomaton.InputAlphabet.OnePassSignatures);
buf = new ByteArrayOutputStream();
bcpgOut = new BCPGOutputStream(buf);
while (inputStream.nextPacketTag() == PacketTags.ONE_PASS_SIGNATURE || inputStream.nextPacketTag() == PacketTags.MARKER) {
Packet packet = inputStream.readPacket();
if (packet instanceof OnePassSignaturePacket) {
@ -102,60 +102,103 @@ public class PGPDecryptionStream extends InputStream {
PGPOnePassSignatureList onePassSignatures = (PGPOnePassSignatureList) ImplementationFactory.getInstance()
.getPGPObjectFactory(buf.toByteArray()).nextObject();
break;
case SK:
case SIG:
automaton.next(InputAlphabet.Signatures);
buf = new ByteArrayOutputStream();
bcpgOut = new BCPGOutputStream(buf);
while (inputStream.nextPacketTag() == PacketTags.SIGNATURE || inputStream.nextPacketTag() == PacketTags.MARKER) {
Packet packet = inputStream.readPacket();
if (packet instanceof SignaturePacket) {
SignaturePacket sig = (SignaturePacket) packet;
sig.encode(bcpgOut);
}
}
PGPSignatureList signatures = (PGPSignatureList) ImplementationFactory.getInstance()
.getPGPObjectFactory(buf.toByteArray()).nextObject();
break;
case PK:
case PKESK:
PublicKeyEncSessionPacket pkeskPacket = (PublicKeyEncSessionPacket) inputStream.readPacket();
pkeskList.add(pkeskPacket);
break;
case SSK:
break;
case COMP:
automaton.next(PushdownAutomaton.InputAlphabet.CompressedData);
PGPCompressedData compressedData = new PGPCompressedData(inputStream);
inputStream = new BCPGInputStream(compressedData.getDataStream());
packetLayers.push(Layer.CompressedData(inputStream));
case SKESK:
SymmetricKeyEncSessionPacket skeskPacket = (SymmetricKeyEncSessionPacket) inputStream.readPacket();
skeskList.add(skeskPacket);
break;
case SED:
automaton.next(PushdownAutomaton.InputAlphabet.EncryptedData);
SymmetricEncDataPacket symmetricEncDataPacket = (SymmetricEncDataPacket) inputStream.readPacket();
break;
if (!options.isIgnoreMDCErrors()) {
throw new MessageNotIntegrityProtectedException();
}
// No break; we continue below!
case SEIPD:
automaton.next(InputAlphabet.EncryptedData);
PGPEncryptedDataList encryptedDataList = assembleEncryptedDataList(inputStream);
for (PGPEncryptedData encData : encryptedDataList) {
if (encData instanceof PGPPBEEncryptedData) {
PGPPBEEncryptedData skenc = (PGPPBEEncryptedData) encData;
for (Passphrase passphrase : options.getDecryptionPassphrases()) {
PBEDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
.getPBEDataDecryptorFactory(passphrase);
InputStream decryptedIn = skenc.getDataStream(decryptorFactory);
packetLayers.push(Layer.encryptedData(new BCPGInputStream(decryptedIn)));
walkLayer();
break loop;
}
}
}
throw new MissingDecryptionMethodException("Cannot decrypt message.");
case MARKER:
inputStream.readPacket(); // discard
break;
case LIT:
automaton.next(PushdownAutomaton.InputAlphabet.LiteralData);
PGPLiteralData literalData = new PGPLiteralData(inputStream);
packetLayers.push(Layer.LiteralMessage(literalData.getDataStream()));
break loop;
case TRUST:
TrustPacket trustPacket = (TrustPacket) inputStream.readPacket();
break;
case UID:
UserIDPacket userIDPacket = (UserIDPacket) inputStream.readPacket();
break;
case SK:
case PK:
case SSK:
case PSK:
break;
case TRUST:
case UID:
case UATTR:
UserAttributePacket userAttributePacket = (UserAttributePacket) inputStream.readPacket();
break;
case SEIPD:
automaton.next(PushdownAutomaton.InputAlphabet.EncryptedData);
SymmetricEncIntegrityPacket symmetricEncIntegrityPacket = (SymmetricEncIntegrityPacket) inputStream.readPacket();
break;
throw new MalformedOpenPgpMessageException("OpenPGP packet " + tag + " MUST NOT be part of OpenPGP messages.");
case MOD:
ModDetectionCodePacket modDetectionCodePacket = (ModDetectionCodePacket) inputStream.readPacket();
break;
case EXP_1:
break;
case EXP_2:
break;
case EXP_3:
break;
case EXP_4:
break;
throw new MalformedOpenPgpMessageException("Experimental packet " + tag + " found inside the message.");
}
}
}
private PGPEncryptedDataList assembleEncryptedDataList(BCPGInputStream inputStream)
throws IOException {
ByteArrayOutputStream buf = new ByteArrayOutputStream();
BCPGOutputStream bcpgOut = new BCPGOutputStream(buf);
for (SymmetricKeyEncSessionPacket skesk : skeskList) {
bcpgOut.write(skesk.getEncoded());
}
skeskList.clear();
for (PublicKeyEncSessionPacket pkesk : pkeskList) {
bcpgOut.write(pkesk.getEncoded());
}
pkeskList.clear();
SequenceInputStream sqin = new SequenceInputStream(
new ByteArrayInputStream(buf.toByteArray()), inputStream);
PGPEncryptedDataList encryptedDataList = (PGPEncryptedDataList) ImplementationFactory.getInstance()
.getPGPObjectFactory(sqin).nextObject();
return encryptedDataList;
}
private OpenPgpPacket nextTagOrThrow(BCPGInputStream inputStream)
throws IOException, InvalidOpenPgpPacketException {
try {
@ -167,17 +210,13 @@ public class PGPDecryptionStream extends InputStream {
private void popLayer() throws MalformedOpenPgpMessageException {
if (packetLayers.pop().isNested)
automaton.next(PushdownAutomaton.InputAlphabet.EndOfSequence);
automaton.next(InputAlphabet.EndOfSequence);
}
@Override
public int read() throws IOException {
if (packetLayers.isEmpty()) {
try {
automaton.assertValid();
} catch (MalformedOpenPgpMessageException e) {
throw e.toRuntimeException();
}
automaton.assertValid();
return -1;
}
@ -187,13 +226,10 @@ public class PGPDecryptionStream extends InputStream {
} catch (IOException e) {
}
if (r == -1) {
popLayer();
try {
popLayer();
walkLayer();
} catch (MalformedOpenPgpMessageException e) {
throw e.toRuntimeException();
}
catch (PGPException e) {
} catch (PGPException e) {
throw new RuntimeException(e);
}
return read();
@ -227,11 +263,15 @@ public class PGPDecryptionStream extends InputStream {
return new Layer(bcpgIn, true);
}
static Layer LiteralMessage(InputStream inputStream) {
static Layer literalMessage(InputStream inputStream) {
return new Layer(inputStream, false);
}
static Layer CompressedData(InputStream inputStream) {
static Layer compressedData(InputStream inputStream) {
return new Layer(inputStream, true);
}
static Layer encryptedData(InputStream inputStream) {
return new Layer(inputStream, true);
}
}

331
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpMessageInputStream.java Normal file
View file

@ -0,0 +1,331 @@
package org.pgpainless.decryption_verification;
import com.sun.tools.javac.code.Attribute;
import org.bouncycastle.bcpg.BCPGInputStream;
import org.bouncycastle.bcpg.BCPGOutputStream;
import org.bouncycastle.bcpg.OnePassSignaturePacket;
import org.bouncycastle.bcpg.Packet;
import org.bouncycastle.bcpg.PacketTags;
import org.bouncycastle.bcpg.SignaturePacket;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPObjectFactory;
import org.bouncycastle.openpgp.PGPOnePassSignature;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPPBEEncryptedData;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.EncryptionPurpose;
import org.pgpainless.algorithm.OpenPgpPacket;
import org.pgpainless.decryption_verification.automaton.InputAlphabet;
import org.pgpainless.decryption_verification.automaton.PDA;
import org.pgpainless.exception.MalformedOpenPgpMessageException;
import org.pgpainless.exception.MessageNotIntegrityProtectedException;
import org.pgpainless.implementation.ImplementationFactory;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnlockSecretKey;
import org.pgpainless.util.Passphrase;
import org.pgpainless.util.Tuple;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.ArrayList;
import java.util.List;
public class OpenPgpMessageInputStream extends InputStream {
protected final PDA automaton = new PDA();
protected final ConsumerOptions options;
protected final BCPGInputStream bcpgIn;
protected InputStream in;
private List<PGPSignature> signatures = new ArrayList<>();
private List<PGPOnePassSignature> onePassSignatures = new ArrayList<>();
public OpenPgpMessageInputStream(InputStream inputStream, ConsumerOptions options)
throws IOException, PGPException {
this.options = options;
// TODO: Use BCPGInputStream.wrap(inputStream);
if (inputStream instanceof BCPGInputStream) {
this.bcpgIn = (BCPGInputStream) inputStream;
} else {
this.bcpgIn = new BCPGInputStream(inputStream);
}
walk();
}
private void walk() throws IOException, PGPException {
loop: while (true) {
int tag = bcpgIn.nextPacketTag();
if (tag == -1) {
break loop;
}
OpenPgpPacket nextPacket = OpenPgpPacket.requireFromTag(tag);
switch (nextPacket) {
case LIT:
automaton.next(InputAlphabet.LiteralData);
PGPLiteralData literalData = new PGPLiteralData(bcpgIn);
in = literalData.getDataStream();
break loop;
case COMP:
automaton.next(InputAlphabet.CompressedData);
PGPCompressedData compressedData = new PGPCompressedData(bcpgIn);
in = new OpenPgpMessageInputStream(compressedData.getDataStream(), options);
break loop;
case OPS:
automaton.next(InputAlphabet.OnePassSignatures);
readOnePassSignatures();
break;
case SIG:
automaton.next(InputAlphabet.Signatures);
readSignatures();
break;
case PKESK:
case SKESK:
case SED:
case SEIPD:
automaton.next(InputAlphabet.EncryptedData);
PGPEncryptedDataList encDataList = new PGPEncryptedDataList(bcpgIn);
// TODO: Replace with !encDataList.isIntegrityProtected()
if (!encDataList.get(0).isIntegrityProtected()) {
throw new MessageNotIntegrityProtectedException();
}
SortedESKs esks = new SortedESKs(encDataList);
// TODO: try session keys
// Try passwords
for (PGPPBEEncryptedData skesk : esks.skesks) {
for (Passphrase passphrase : options.getDecryptionPassphrases()) {
PBEDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
.getPBEDataDecryptorFactory(passphrase);
try {
InputStream decrypted = skesk.getDataStream(decryptorFactory);
in = new OpenPgpMessageInputStream(decrypted, options);
break loop;
} catch (PGPException e) {
// password mismatch? Try next password
}
}
}
// Try (known) secret keys
for (PGPPublicKeyEncryptedData pkesk : esks.pkesks) {
long keyId = pkesk.getKeyID();
PGPSecretKeyRing decryptionKeys = getDecryptionKey(keyId);
if (decryptionKeys == null) {
continue;
}
SecretKeyRingProtector protector = options.getSecretKeyProtector(decryptionKeys);
PGPSecretKey decryptionKey = decryptionKeys.getSecretKey(keyId);
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(decryptionKey, protector);
PublicKeyDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
.getPublicKeyDataDecryptorFactory(privateKey);
try {
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
in = new OpenPgpMessageInputStream(decrypted, options);
break loop;
} catch (PGPException e) {
// hm :/
}
}
// try anonymous secret keys
for (PGPPublicKeyEncryptedData pkesk : esks.anonPkesks) {
for (Tuple<PGPSecretKeyRing, PGPSecretKey> decryptionKeyCandidate : findPotentialDecryptionKeys(pkesk)) {
SecretKeyRingProtector protector = options.getSecretKeyProtector(decryptionKeyCandidate.getA());
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(decryptionKeyCandidate.getB(), protector);
PublicKeyDataDecryptorFactory decryptorFactory = ImplementationFactory.getInstance()
.getPublicKeyDataDecryptorFactory(privateKey);
try {
InputStream decrypted = pkesk.getDataStream(decryptorFactory);
in = new OpenPgpMessageInputStream(decrypted, options);
break loop;
} catch (PGPException e) {
// hm :/
}
}
}
// TODO: try interactive password callbacks
break loop;
case MARKER:
bcpgIn.readPacket(); // skip marker packet
break;
case SK:
case PK:
case SSK:
case PSK:
case TRUST:
case UID:
case UATTR:
case MOD:
break;
case EXP_1:
case EXP_2:
case EXP_3:
case EXP_4:
break;
}
}
}
private List<Tuple<PGPSecretKeyRing, PGPSecretKey>> findPotentialDecryptionKeys(PGPPublicKeyEncryptedData pkesk) {
int algorithm = pkesk.getAlgorithm();
List<Tuple<PGPSecretKeyRing, PGPSecretKey>> decryptionKeyCandidates = new ArrayList<>();
for (PGPSecretKeyRing secretKeys : options.getDecryptionKeys()) {
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
for (PGPPublicKey publicKey : info.getEncryptionSubkeys(EncryptionPurpose.ANY)) {
if (publicKey.getAlgorithm() == algorithm && info.isSecretKeyAvailable(publicKey.getKeyID())) {
PGPSecretKey candidate = secretKeys.getSecretKey(publicKey.getKeyID());
decryptionKeyCandidates.add(new Tuple<>(secretKeys, candidate));
}
}
}
return decryptionKeyCandidates;
}
private PGPSecretKeyRing getDecryptionKey(long keyID) {
for (PGPSecretKeyRing secretKeys : options.getDecryptionKeys()) {
PGPSecretKey decryptionKey = secretKeys.getSecretKey(keyID);
if (decryptionKey == null) {
continue;
}
return secretKeys;
}
return null;
}
private void readOnePassSignatures() throws IOException {
ByteArrayOutputStream buf = new ByteArrayOutputStream();
BCPGOutputStream bcpgOut = new BCPGOutputStream(buf);
int tag = bcpgIn.nextPacketTag();
while (tag == PacketTags.ONE_PASS_SIGNATURE || tag == PacketTags.MARKER) {
Packet packet = bcpgIn.readPacket();
if (tag == PacketTags.ONE_PASS_SIGNATURE) {
OnePassSignaturePacket sigPacket = (OnePassSignaturePacket) packet;
sigPacket.encode(bcpgOut);
}
}
bcpgOut.close();
PGPObjectFactory objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(buf.toByteArray());
PGPOnePassSignatureList signatureList = (PGPOnePassSignatureList) objectFactory.nextObject();
for (PGPOnePassSignature ops : signatureList) {
onePassSignatures.add(ops);
}
}
private void readSignatures() throws IOException {
ByteArrayOutputStream buf = new ByteArrayOutputStream();
BCPGOutputStream bcpgOut = new BCPGOutputStream(buf);
int tag = bcpgIn.nextPacketTag();
while (tag == PacketTags.SIGNATURE || tag == PacketTags.MARKER) {
Packet packet = bcpgIn.readPacket();
if (tag == PacketTags.SIGNATURE) {
SignaturePacket sigPacket = (SignaturePacket) packet;
sigPacket.encode(bcpgOut);
}
}
bcpgOut.close();
PGPObjectFactory objectFactory = ImplementationFactory.getInstance().getPGPObjectFactory(buf.toByteArray());
PGPSignatureList signatureList = (PGPSignatureList) objectFactory.nextObject();
for (PGPSignature signature : signatureList) {
signatures.add(signature);
}
}
@Override
public int read() throws IOException {
int r = -1;
try {
r = in.read();
} catch (IOException e) {
//
}
if (r == -1) {
if (in instanceof OpenPgpMessageInputStream) {
in.close();
} else {
try {
walk();
} catch (PGPException e) {
throw new RuntimeException(e);
}
}
}
return r;
}
@Override
public void close() throws IOException {
try {
in.close();
// Nested streams (except LiteralData) need to be closed.
if (automaton.getState() != PDA.State.LiteralMessage) {
automaton.next(InputAlphabet.EndOfSequence);
automaton.assertValid();
}
} catch (IOException e) {
//
}
super.close();
}
private static class SortedESKs {
private List<PGPPBEEncryptedData> skesks = new ArrayList<>();
private List<PGPPublicKeyEncryptedData> pkesks = new ArrayList<>();
private List<PGPPublicKeyEncryptedData> anonPkesks = new ArrayList<>();
SortedESKs(PGPEncryptedDataList esks) {
for (PGPEncryptedData esk : esks) {
if (esk instanceof PGPPBEEncryptedData) {
skesks.add((PGPPBEEncryptedData) esk);
} else if (esk instanceof PGPPublicKeyEncryptedData) {
PGPPublicKeyEncryptedData pkesk = (PGPPublicKeyEncryptedData) esk;
if (pkesk.getKeyID() != 0) {
pkesks.add(pkesk);
} else {
anonPkesks.add(pkesk);
}
} else {
throw new IllegalArgumentException("Unknown ESK class type.");
}
}
}
}
}

41
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/automaton/InputAlphabet.java Normal file
View file

@ -0,0 +1,41 @@
package org.pgpainless.decryption_verification.automaton;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPSignatureList;
public enum InputAlphabet {
/**
* A {@link PGPLiteralData} packet.
*/
LiteralData,
/**
* A {@link PGPSignatureList} object.
*/
Signatures,
/**
* A {@link PGPOnePassSignatureList} object.
*/
OnePassSignatures,
/**
* A {@link PGPCompressedData} packet.
* The contents of this packet MUST form a valid OpenPGP message, so a nested PDA is opened to verify
* its nested packet sequence.
*/
CompressedData,
/**
* A {@link PGPEncryptedDataList} object.
* This object combines multiple ESKs and the corresponding Symmetrically Encrypted
* (possibly Integrity Protected) Data packet.
*/
EncryptedData,
/**
* Marks the end of a (sub-) sequence.
* This input is given if the end of an OpenPGP message is reached.
* This might be the case for the end of the whole ciphertext, or the end of a packet with nested contents
* (e.g. the end of a Compressed Data packet).
*/
EndOfSequence
}

90
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/PushdownAutomaton.java → pgpainless-core/src/main/java/org/pgpainless/decryption_verification/automaton/NestingPDA.java
View file

@ -1,17 +1,12 @@
package org.pgpainless.decryption_verification;
package org.pgpainless.decryption_verification.automaton;
import org.bouncycastle.openpgp.PGPCompressedData;
import org.bouncycastle.openpgp.PGPEncryptedDataList;
import org.bouncycastle.openpgp.PGPLiteralData;
import org.bouncycastle.openpgp.PGPOnePassSignatureList;
import org.bouncycastle.openpgp.PGPSignatureList;
import org.pgpainless.exception.MalformedOpenPgpMessageException;
import java.util.Stack;
import static org.pgpainless.decryption_verification.PushdownAutomaton.StackAlphabet.msg;
import static org.pgpainless.decryption_verification.PushdownAutomaton.StackAlphabet.ops;
import static org.pgpainless.decryption_verification.PushdownAutomaton.StackAlphabet.terminus;
import static org.pgpainless.decryption_verification.automaton.StackAlphabet.msg;
import static org.pgpainless.decryption_verification.automaton.StackAlphabet.ops;
import static org.pgpainless.decryption_verification.automaton.StackAlphabet.terminus;
/**
* Pushdown Automaton to verify the correct syntax of OpenPGP messages during decryption.
@ -37,71 +32,18 @@ import static org.pgpainless.decryption_verification.PushdownAutomaton.StackAlph
*
* @see <a href="https://www.rfc-editor.org/rfc/rfc4880#section-11.3">RFC4880 §11.3. OpenPGP Messages</a>
*/
public class PushdownAutomaton {
public enum InputAlphabet {
/**
* A {@link PGPLiteralData} packet.
*/
LiteralData,
/**
* A {@link PGPSignatureList} object.
*/
Signatures,
/**
* A {@link PGPOnePassSignatureList} object.
*/
OnePassSignatures,
/**
* A {@link PGPCompressedData} packet.
* The contents of this packet MUST form a valid OpenPGP message, so a nested PDA is opened to verify
* its nested packet sequence.
*/
CompressedData,
/**
* A {@link PGPEncryptedDataList} object.
* This object combines multiple ESKs and the corresponding Symmetrically Encrypted
* (possibly Integrity Protected) Data packet.
*/
EncryptedData,
/**
* Marks the end of a (sub-) sequence.
* This input is given if the end of an OpenPGP message is reached.
* This might be the case for the end of the whole ciphertext, or the end of a packet with nested contents
* (e.g. the end of a Compressed Data packet).
*/
EndOfSequence
}
public enum StackAlphabet {
/**
* OpenPGP Message.
*/
msg,
/**
* OnePassSignature (in case of BC this represents a OnePassSignatureList).
*/
ops,
/**
* ESK. Not used, as BC combines encrypted data with their encrypted session keys.
*/
esk,
/**
* Special symbol representing the end of the message.
*/
terminus
}
public class NestingPDA {
/**
* Set of states of the automaton.
* Each state defines its valid transitions in their {@link State#transition(InputAlphabet, PushdownAutomaton)}
* Each state defines its valid transitions in their {@link State#transition(InputAlphabet, NestingPDA)}
* method.
*/
public enum State {
OpenPgpMessage {
@Override
State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException {
State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
if (stackItem != msg) {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
@ -135,7 +77,7 @@ public class PushdownAutomaton {
LiteralMessage {
@Override
State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException {
State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
switch (input) {
@ -165,7 +107,7 @@ public class PushdownAutomaton {
CompressedMessage {
@Override
State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException {
State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
switch (input) {
case Signatures:
@ -194,7 +136,7 @@ public class PushdownAutomaton {
EncryptedMessage {
@Override
State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException {
State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
switch (input) {
case Signatures:
@ -223,7 +165,7 @@ public class PushdownAutomaton {
CorrespondingSignature {
@Override
State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException {
State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
if (stackItem == terminus && input == InputAlphabet.EndOfSequence && automaton.stack.isEmpty()) {
return Valid;
@ -235,7 +177,7 @@ public class PushdownAutomaton {
Valid {
@Override
State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException {
State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException {
throw new MalformedOpenPgpMessageException(this, input, null);
}
},
@ -252,15 +194,15 @@ public class PushdownAutomaton {
* @return new state of the automaton
* @throws MalformedOpenPgpMessageException in case of an illegal input symbol
*/
abstract State transition(InputAlphabet input, PushdownAutomaton automaton) throws MalformedOpenPgpMessageException;
abstract State transition(InputAlphabet input, NestingPDA automaton) throws MalformedOpenPgpMessageException;
}
private final Stack<StackAlphabet> stack = new Stack<>();
private State state;
// Some OpenPGP packets have nested contents (e.g. compressed / encrypted data).
PushdownAutomaton nestedSequence = null;
NestingPDA nestedSequence = null;
public PushdownAutomaton() {
public NestingPDA() {
state = State.OpenPgpMessage;
stack.push(terminus);
stack.push(msg);
@ -301,7 +243,7 @@ public class PushdownAutomaton {
// If the processed packet contains nested sequence, open nested automaton for it
if (input == InputAlphabet.CompressedData || input == InputAlphabet.EncryptedData) {
nestedSequence = new PushdownAutomaton();
nestedSequence = new NestingPDA();
}
}

237
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/automaton/PDA.java Normal file
View file

@ -0,0 +1,237 @@
package org.pgpainless.decryption_verification.automaton;
import org.pgpainless.exception.MalformedOpenPgpMessageException;
import java.util.Stack;
import static org.pgpainless.decryption_verification.automaton.StackAlphabet.msg;
import static org.pgpainless.decryption_verification.automaton.StackAlphabet.ops;
import static org.pgpainless.decryption_verification.automaton.StackAlphabet.terminus;
public class PDA {
/**
* Set of states of the automaton.
* Each state defines its valid transitions in their {@link NestingPDA.State#transition(InputAlphabet, NestingPDA)}
* method.
*/
public enum State {
OpenPgpMessage {
@Override
State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
if (stackItem != msg) {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
switch (input) {
case LiteralData:
return LiteralMessage;
case Signatures:
automaton.pushStack(msg);
return OpenPgpMessage;
case OnePassSignatures:
automaton.pushStack(ops);
automaton.pushStack(msg);
return OpenPgpMessage;
case CompressedData:
return CompressedMessage;
case EncryptedData:
return EncryptedMessage;
case EndOfSequence:
default:
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
}
},
LiteralMessage {
@Override
State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
switch (input) {
case Signatures:
if (stackItem == ops) {
return CorrespondingSignature;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
case EndOfSequence:
if (stackItem == terminus && automaton.stack.isEmpty()) {
return Valid;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
case LiteralData:
case OnePassSignatures:
case CompressedData:
case EncryptedData:
default:
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
}
},
CompressedMessage {
@Override
State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
switch (input) {
case Signatures:
if (stackItem == ops) {
return CorrespondingSignature;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
case EndOfSequence:
if (stackItem == terminus && automaton.stack.isEmpty()) {
return Valid;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
case LiteralData:
case OnePassSignatures:
case CompressedData:
case EncryptedData:
default:
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
}
},
EncryptedMessage {
@Override
State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
switch (input) {
case Signatures:
if (stackItem == ops) {
return CorrespondingSignature;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
case EndOfSequence:
if (stackItem == terminus && automaton.stack.isEmpty()) {
return Valid;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
case LiteralData:
case OnePassSignatures:
case CompressedData:
case EncryptedData:
default:
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
}
},
CorrespondingSignature {
@Override
State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException {
StackAlphabet stackItem = automaton.popStack();
if (stackItem == terminus && input == InputAlphabet.EndOfSequence && automaton.stack.isEmpty()) {
return Valid;
} else {
throw new MalformedOpenPgpMessageException(this, input, stackItem);
}
}
},
Valid {
@Override
State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException {
throw new MalformedOpenPgpMessageException(this, input, null);
}
},
;
/**
* Pop the automatons stack and transition to another state.
* If no valid transition from the current state is available given the popped stack item and input symbol,
* a {@link MalformedOpenPgpMessageException} is thrown.
* Otherwise, the stack is manipulated according to the valid transition and the new state is returned.
*
* @param input input symbol
* @param automaton automaton
* @return new state of the automaton
* @throws MalformedOpenPgpMessageException in case of an illegal input symbol
*/
abstract State transition(InputAlphabet input, PDA automaton) throws MalformedOpenPgpMessageException;
}
private final Stack<StackAlphabet> stack = new Stack<>();
private State state;
public PDA() {
state = State.OpenPgpMessage;
stack.push(terminus);
stack.push(msg);
}
public void next(InputAlphabet input) throws MalformedOpenPgpMessageException {
State old = state;
StackAlphabet stackItem = stack.isEmpty() ? null : stack.peek();
state = state.transition(input, this);
System.out.println("Transition from " + old + " to " + state + " via " + input + " with stack " + stackItem);
}
/**
* Return the current state of the PDA.
*
* @return state
*/
public State getState() {
return state;
}
/**
* Return true, if the PDA is in a valid state (the OpenPGP message is valid).
*
* @return true if valid, false otherwise
*/
public boolean isValid() {
return getState() == State.Valid && stack.isEmpty();
}
public void assertValid() throws MalformedOpenPgpMessageException {
if (!isValid()) {
throw new MalformedOpenPgpMessageException("Pushdown Automaton is not in an acceptable state: " + toString());
}
}
/**
* Pop an item from the stack.
*
* @return stack item
*/
private StackAlphabet popStack() {
return stack.pop();
}
/**
* Push an item onto the stack.
*
* @param item item
*/
private void pushStack(StackAlphabet item) {
stack.push(item);
}
@Override
public String toString() {
return "State: " + state + " Stack: " + stack;
}
}

20
pgpainless-core/src/main/java/org/pgpainless/decryption_verification/automaton/StackAlphabet.java Normal file
View file

@ -0,0 +1,20 @@
package org.pgpainless.decryption_verification.automaton;
public enum StackAlphabet {
/**
* OpenPGP Message.
*/
msg,
/**
* OnePassSignature (in case of BC this represents a OnePassSignatureList).
*/
ops,
/**
* ESK. Not used, as BC combines encrypted data with their encrypted session keys.
*/
esk,
/**
* Special symbol representing the end of the message.
*/
terminus
}

25
pgpainless-core/src/main/java/org/pgpainless/exception/MalformedOpenPgpMessageException.java
View file

@ -4,8 +4,10 @@
package org.pgpainless.exception;
import org.bouncycastle.openpgp.PGPException;
import org.pgpainless.decryption_verification.PushdownAutomaton;
import org.pgpainless.decryption_verification.automaton.InputAlphabet;
import org.pgpainless.decryption_verification.automaton.NestingPDA;
import org.pgpainless.decryption_verification.automaton.PDA;
import org.pgpainless.decryption_verification.automaton.StackAlphabet;
/**
* Exception that gets thrown if the OpenPGP message is malformed.
@ -13,7 +15,7 @@ import org.pgpainless.decryption_verification.PushdownAutomaton;
*
* @see <a href="https://www.rfc-editor.org/rfc/rfc4880#section-11.3">RFC4880 §11.3. OpenPGP Messages</a>
*/
public class MalformedOpenPgpMessageException extends PGPException {
public class MalformedOpenPgpMessageException extends RuntimeException {
public MalformedOpenPgpMessageException(String message) {
super(message);
@ -23,20 +25,17 @@ public class MalformedOpenPgpMessageException extends PGPException {
super(message, cause);
}
public MalformedOpenPgpMessageException(PushdownAutomaton.State state,
PushdownAutomaton.InputAlphabet input,
PushdownAutomaton.StackAlphabet stackItem) {
public MalformedOpenPgpMessageException(NestingPDA.State state,
InputAlphabet input,
StackAlphabet stackItem) {
this("Invalid input: There is no legal transition from state '" + state + "' for input '" + input + "' when '" + stackItem + "' is on top of the stack.");
}
public RTE toRuntimeException() {
return new RTE(this);
public MalformedOpenPgpMessageException(PDA.State state, InputAlphabet input, StackAlphabet stackItem) {
this("Invalid input: There is no legal transition from state '" + state + "' for input '" + input + "' when '" + stackItem + "' is on top of the stack.");
}
public static class RTE extends RuntimeException {
public RTE(MalformedOpenPgpMessageException e) {
super(e);
}
public MalformedOpenPgpMessageException(String message, PDA automaton) {
super(message + automaton.toString());
}
}

40
pgpainless-core/src/main/java/org/pgpainless/key/info/KeyRingInfo.java
View file

@ -1100,29 +1100,33 @@ public class KeyRingInfo {
List<PGPPublicKey> signingKeys = getSigningSubkeys();
for (PGPPublicKey pk : signingKeys) {
PGPSecretKey sk = getSecretKey(pk.getKeyID());
if (sk == null) {
// Missing secret key
continue;
}
S2K s2K = sk.getS2K();
// Unencrypted key
if (s2K == null) {
return true;
}
// Secret key on smart-card
int s2kType = s2K.getType();
if (s2kType >= 100 && s2kType <= 110) {
continue;
}
// protected secret key
return true;
return isSecretKeyAvailable(pk.getKeyID());
}
// No usable secret key found
return false;
}
public boolean isSecretKeyAvailable(long keyId) {
PGPSecretKey sk = getSecretKey(keyId);
if (sk == null) {
// Missing secret key
return false;
}
S2K s2K = sk.getS2K();
// Unencrypted key
if (s2K == null) {
return true;
}
// Secret key on smart-card
int s2kType = s2K.getType();
if (s2kType >= 100 && s2kType <= 110) {
return false;
}
// protected secret key
return true;
}
private KeyAccessor getKeyAccessor(@Nullable String userId, long keyID) {
if (getPublicKey(keyID) == null) {
throw new NoSuchElementException("No subkey with key id " + Long.toHexString(keyID) + " found on this key.");