Initial implementation of 'change-key-password' command of SOP-07

sop-java/src/main/java/sop/SOP.java

@@ -5,6 +5,7 @@
 package sop;
 
 import sop.operation.Armor;
+import sop.operation.ChangeKeyPassword;
 import sop.operation.Dearmor;
 import sop.operation.Decrypt;
 import sop.operation.Encrypt;
@@ -166,4 +167,11 @@ public interface SOP {
      * @return builder instance
      */
     RevokeKey revokeKey();
+
+    /**
+     * Update a key's password.
+     *
+     * @return builder instance
+     */
+    ChangeKeyPassword changeKeyPassword();
 }

sop-java/src/main/java/sop/operation/ChangeKeyPassword.java

@@ -0,0 +1,83 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.operation;
+
+import sop.Ready;
+import sop.exception.SOPGPException;
+import sop.util.UTF8Util;
+
+import java.io.ByteArrayInputStream;
+import java.io.InputStream;
+import java.nio.charset.CharacterCodingException;
+
+public interface ChangeKeyPassword {
+
+    /**
+     * Disable ASCII armoring of the output.
+     *
+     * @return builder instance
+     */
+    ChangeKeyPassword noArmor();
+
+    default ChangeKeyPassword oldKeyPassphrase(byte[] password) {
+        try {
+            return oldKeyPassphrase(UTF8Util.decodeUTF8(password));
+        } catch (CharacterCodingException e) {
+            throw new SOPGPException.PasswordNotHumanReadable("Password MUST be a valid UTF8 string.");
+        }
+    }
+
+    /**
+     * Provide a passphrase to unlock the secret key.
+     * This method can be provided multiple times to provide separate passphrases that are tried as a
+     * means to unlock any secret key material encountered.
+     *
+     * @param oldPassphrase old passphrase
+     * @return builder instance
+     */
+    ChangeKeyPassword oldKeyPassphrase(String oldPassphrase);
+
+    /**
+     * Provide a passphrase to re-lock the secret key with.
+     * This method can only be used once, and all key material encountered will be encrypted with the given passphrase.
+     * If this method is not called, the key material will not be protected.
+     *
+     * @param newPassphrase new passphrase
+     * @return builder instance
+     */
+    default ChangeKeyPassword newKeyPassphrase(byte[] newPassphrase) {
+        try {
+            return newKeyPassphrase(UTF8Util.decodeUTF8(newPassphrase));
+        } catch (CharacterCodingException e) {
+            throw new SOPGPException.PasswordNotHumanReadable("Password MUST be a valid UTF8 string.");
+        }
+    }
+
+    /**
+     * Provide a passphrase to re-lock the secret key with.
+     * This method can only be used once, and all key material encountered will be encrypted with the given passphrase.
+     * If this method is not called, the key material will not be protected.
+     *
+     * @param newPassphrase new passphrase
+     * @return builder instance
+     */
+    ChangeKeyPassword newKeyPassphrase(String newPassphrase);
+
+    default Ready keys(byte[] keys) throws SOPGPException.KeyIsProtected, SOPGPException.BadData {
+        return keys(new ByteArrayInputStream(keys));
+    }
+
+    /**
+     * Provide the key material.
+     *
+     * @param inputStream input stream of secret key material
+     * @return ready
+     *
+     * @throws sop.exception.SOPGPException.KeyIsProtected if any (sub-) key encountered cannot be unlocked.
+     * @throws sop.exception.SOPGPException.BadData if the key material is malformed
+     */
+    Ready keys(InputStream inputStream) throws SOPGPException.KeyIsProtected, SOPGPException.BadData;
+
+}

sop-java/src/testFixtures/java/sop/testsuite/operation/ChangeKeyPasswordTest.java

@@ -0,0 +1,98 @@
+// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package sop.testsuite.operation;
+
+import org.junit.jupiter.api.condition.EnabledIf;
+import org.junit.jupiter.params.ParameterizedTest;
+import org.junit.jupiter.params.provider.Arguments;
+import org.junit.jupiter.params.provider.MethodSource;
+import sop.SOP;
+import sop.exception.SOPGPException;
+import sop.util.UTF8Util;
+
+import java.io.IOException;
+import java.nio.charset.StandardCharsets;
+import java.util.stream.Stream;
+
+import static org.junit.jupiter.api.Assertions.assertArrayEquals;
+import static org.junit.jupiter.api.Assertions.assertThrows;
+
+@EnabledIf("sop.testsuite.operation.AbstractSOPTest#hasBackends")
+public class ChangeKeyPasswordTest extends AbstractSOPTest {
+
+    static Stream<Arguments> provideInstances() {
+        return AbstractSOPTest.provideBackends();
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void changePasswordFromUnprotectedToProtected(SOP sop) throws IOException {
+        byte[] unprotectedKey = sop.generateKey().generate().getBytes();
+        byte[] password = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
+        byte[] protectedKey = sop.changeKeyPassword().newKeyPassphrase(password).keys(unprotectedKey).getBytes();
+
+        sop.sign().withKeyPassword(password).key(protectedKey).data("Test123".getBytes(StandardCharsets.UTF_8));
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void changePasswordFromUnprotectedToUnprotected(SOP sop) throws IOException {
+        byte[] unprotectedKey = sop.generateKey().noArmor().generate().getBytes();
+        byte[] stillUnprotectedKey = sop.changeKeyPassword().noArmor().keys(unprotectedKey).getBytes();
+
+        assertArrayEquals(unprotectedKey, stillUnprotectedKey);
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void changePasswordFromProtectedToUnprotected(SOP sop) throws IOException {
+        byte[] password = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
+        byte[] protectedKey = sop.generateKey().withKeyPassword(password).generate().getBytes();
+        byte[] unprotectedKey = sop.changeKeyPassword()
+                .oldKeyPassphrase(password)
+                .keys(protectedKey).getBytes();
+
+        sop.sign().key(unprotectedKey).data("Test123".getBytes(StandardCharsets.UTF_8));
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void changePasswordFromProtectedToDifferentProtected(SOP sop) throws IOException {
+        byte[] oldPassword = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
+        byte[] newPassword = "0r4ng3".getBytes(UTF8Util.UTF8);
+        byte[] protectedKey = sop.generateKey().withKeyPassword(oldPassword).generate().getBytes();
+        byte[] reprotectedKey = sop.changeKeyPassword()
+                .oldKeyPassphrase(oldPassword)
+                .newKeyPassphrase(newPassword)
+                .keys(protectedKey).getBytes();
+
+        sop.sign().key(reprotectedKey).withKeyPassword(newPassword).data("Test123".getBytes(StandardCharsets.UTF_8));
+    }
+
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void changePasswordWithWrongOldPasswordFails(SOP sop) throws IOException {
+        byte[] oldPassword = "sw0rdf1sh".getBytes(UTF8Util.UTF8);
+        byte[] newPassword = "monkey123".getBytes(UTF8Util.UTF8);
+        byte[] wrongPassword = "0r4ng3".getBytes(UTF8Util.UTF8);
+
+        byte[] protectedKey = sop.generateKey().withKeyPassword(oldPassword).generate().getBytes();
+        assertThrows(SOPGPException.KeyIsProtected.class, () -> sop.changeKeyPassword()
+                .oldKeyPassphrase(wrongPassword)
+                .newKeyPassphrase(newPassword)
+                .keys(protectedKey).getBytes());
+    }
+
+    @ParameterizedTest
+    @MethodSource("provideInstances")
+    public void nonUtf8PasswordsFail(SOP sop) {
+        assertThrows(SOPGPException.PasswordNotHumanReadable.class, () ->
+                sop.changeKeyPassword().oldKeyPassphrase(new byte[] {(byte) 0xff, (byte) 0xfe}));
+        assertThrows(SOPGPException.PasswordNotHumanReadable.class, () ->
+                sop.changeKeyPassword().newKeyPassphrase(new byte[] {(byte) 0xff, (byte) 0xfe}));
+
+    }
+}