WIP

key packet fuzzing tests: Use OpenPGPKey/OpenPGPCertificate API
Replace consumeAsBytes(XXX) with consumeRemainingAsBytes()
2025-09-14 12:49:39 +02:00 · 2025-07-23 10:40:45 +02:00 · 2025-07-14 22:09:51 +02:00 · 2025-07-14 21:52:04 +02:00 · 2025-07-14 21:33:51 +02:00 · 2025-07-14 20:34:33 +02:00
5 changed files with 15 additions and 22 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt
@ -45,6 +45,9 @@ class KeyRingBuilder : KeyRingBuilderInterface<KeyRingBuilder> {
    }
    override fun addUserId(userId: CharSequence): KeyRingBuilder = apply {
        require(!userId.contains("\n") && !userId.contains("\r")) {
            "User-ID cannot contain newlines and/or carriage returns."
        }
        userIds[userId.toString()] = null
    }
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -569,10 +569,11 @@ class SecretKeyRingEditor(
    }
    private fun sanitizeUserId(userId: CharSequence): CharSequence =
-        // I'm not sure, what kind of sanitization is needed.
+        userId.toString().also {
-        // Newlines are allowed, they just need to be escaped when emitted in an ASCII armor header
+            require(!it.contains("\n") && !it.contains("\r")) {
-        // Trailing/Leading whitespace is also fine.
+                "UserId cannot contain newlines and/or carriage returns."
-        userId.toString()
+            }
        }
    private fun callbackFromRevocationAttributes(attributes: RevocationAttributes?) =
        object : RevocationSignatureSubpackets.Callback {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/util/ArmorUtils.kt
@ -247,8 +247,7 @@ class ArmorUtils {
                .add(OpenPgpFingerprint.of(publicKey).prettyPrint())
            // Primary / First User ID
            (primary ?: first)?.let {
-                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }
+                headerMap.getOrPut(HEADER_COMMENT) { mutableSetOf() }.add(it)
                    .add(it.replace("\n", "\\n").replace("\r", "\\r"))
            }
            // X-1 further identities
            when (userIds.size) {
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/util/Passphrase.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/util/Passphrase.kt
@ -11,9 +11,14 @@ import org.bouncycastle.util.Arrays
 *
 * @param chars may be null for empty passwords.
 */
-class Passphrase(private val chars: CharArray?) {
+class Passphrase(chars: CharArray?) {
    private val lock = Any()
    private var valid = true
    private val chars: CharArray?
    init {
        this.chars = chars;//trimWhitespace(chars)
    }
    /**
     * Return a copy of the underlying char array. A return value of null represents an empty
@ -62,11 +67,6 @@ class Passphrase(private val chars: CharArray?) {
    override fun hashCode(): Int = getChars()?.let { String(it) }.hashCode()
    /**
     * Return a copy of this [Passphrase], but with whitespace characters trimmed off.
     *
     * @return copy with trimmed whitespace
     */
    fun withTrimmedWhitespace(): Passphrase = Passphrase(trimWhitespace(chars))
    companion object {
--- a/pgpainless-sop/src/test/java/org/pgpainless/sop/GenerateKeyTest.java
+++ b/pgpainless-sop/src/test/java/org/pgpainless/sop/GenerateKeyTest.java
@ -100,14 +100,4 @@ public class GenerateKeyTest {
        assertThrows(SOPGPException.UnsupportedProfile.class, () ->
                sop.generateKey().profile("invalid"));
    }
    @Test
    public void generateKeyWithNewlinesInUserId() throws IOException {
        byte[] keyBytes = sop.generateKey()
                .userId("Foo\n\nBar")
                .generate()
                .getBytes();
        assertTrue(new String(keyBytes).contains("Foo\\n\\nBar"));
    }
 }
Author	SHA1	Message	Date
Paul Schaub	880b0720db	WIP	2025-07-23 10:40:45 +02:00
Paul Schaub	8f41fb0f27	key packet fuzzing tests: Use OpenPGPKey/OpenPGPCertificate API	2025-07-14 22:09:51 +02:00
Paul Schaub	5939b747b0	Replace consumeAsBytes(XXX) with consumeRemainingAsBytes()	2025-07-14 21:52:04 +02:00
Paul Schaub	adf9fc4639	Fix IndexOutOfBounds, but keep decryption with only SK working	2025-07-14 21:33:51 +02:00
Paul Schaub	9df5060bab	gitignore all .cifuzz-corpus directories	2025-07-14 20:34:33 +02:00
Paul Schaub	fef620d18b	Move jazzerVersion to version.gradle	2025-07-12 11:35:34 +02:00
Paul Schaub	42e6bb483f	More fuzzing tests and vectors	2025-07-12 11:29:07 +02:00
Paul Schaub	1560980c7e	Even more fuzzing	2025-07-09 14:09:47 +02:00
Paul Schaub	cefdfa8eac	More fuzzing	2025-07-09 11:24:18 +02:00
Paul Schaub	ae9c702b29	Add more test vectors	2025-07-08 15:03:59 +02:00
Paul Schaub	4c2e60bb92	Add fuzzing data to REUSE.toml	2025-07-08 14:34:55 +02:00
Paul Schaub	599c689c2e	Fuzzer tests	2025-07-08 14:34:35 +02:00
Paul Schaub	556766e0bf	Fuzz different methods	2025-07-04 17:37:26 +02:00
Paul Schaub	343fc6cf65	Add pgpainless-sop/.cifuzz-corpus/* to .gitignore	2025-07-04 17:37:04 +02:00
Paul Schaub	fa0d515c35	SOP armor: catch IOException during inspection of data	2025-07-04 17:35:27 +02:00
Paul Schaub	453b190f58	OpenPGPInputStream: Expose inspectBuffer method	2025-07-04 17:34:44 +02:00