diff options
| author | Justus Winter <justus@sequoia-pgp.org> | 2021-03-17 19:07:04 +0100 |
|---|---|---|
| committer | Justus Winter <justus@sequoia-pgp.org> | 2021-03-17 19:07:04 +0100 |
| commit | 711d29ebff65aa08c06898d91a2db4ecbcdbee67 (patch) | |
| tree | 32d6bdd1f3b30f2a80e6da0e4cde24146e552c2d | |
| parent | 0f16b07729c15312f1a60010205c7a5629aa8c95 (diff) | |
openpgp: Improve tests related to encrypted keys.
- Add a test exercising key encryption.
- Demonstrate that key packets are correctly replacing existing
packets when using Cert::insert_packets.
| -rw-r--r-- | openpgp/src/cert.rs | 43 | ||||
| -rw-r--r-- | openpgp/src/packet/key.rs | 29 |
2 files changed, 60 insertions, 12 deletions
diff --git a/openpgp/src/cert.rs b/openpgp/src/cert.rs index 7fbe74e7..4ef6d27a 100644 --- a/openpgp/src/cert.rs +++ b/openpgp/src/cert.rs @@ -5254,24 +5254,43 @@ Pu1xwz57O4zo1VYf6TqHJzVC3OMvMUM2hhdecMUe5x6GorNaj6g= } #[test] - fn decrypt_secrets() { - let (cert, _) = CertBuilder::new() + fn decrypt_encrypt_secrets() -> Result<()> { + let p: crate::crypto::Password = "streng geheim".into(); + let (mut cert, _) = CertBuilder::new() .add_transport_encryption_subkey() - .set_password(Some(String::from("streng geheim").into())) - .generate().unwrap(); + .set_password(Some(p.clone())) + .generate()?; assert_eq!(cert.keys().secret().count(), 2); assert_eq!(cert.keys().unencrypted_secret().count(), 0); - let mut primary = cert.primary_key().key().clone() - .parts_into_secret().unwrap(); - let algo = primary.pk_algo(); - primary.secret_mut() - .decrypt_in_place(algo, &"streng geheim".into()).unwrap(); - let cert = cert.insert_packets( - primary.parts_into_secret().unwrap().role_into_primary()).unwrap(); + for (i, ka) in cert.clone().keys().secret().enumerate() { + let key = ka.key().clone().decrypt_secret(&p)?; + cert = if i == 0 { + cert.insert_packets(key.role_into_primary())? + } else { + cert.insert_packets(key.role_into_subordinate())? + }; + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), i + 1); + } + + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), 2); + + for (i, ka) in cert.clone().keys().secret().enumerate() { + let key = ka.key().clone().encrypt_secret(&p)?; + cert = if i == 0 { + cert.insert_packets(key.role_into_primary())? + } else { + cert.insert_packets(key.role_into_subordinate())? + }; + assert_eq!(cert.keys().secret().count(), 2); + assert_eq!(cert.keys().unencrypted_secret().count(), 2 - 1 - i); + } assert_eq!(cert.keys().secret().count(), 2); - assert_eq!(cert.keys().unencrypted_secret().count(), 1); + assert_eq!(cert.keys().unencrypted_secret().count(), 0); + Ok(()) } /// Tests that Cert::into_packets() and Cert::serialize(..) agree. diff --git a/openpgp/src/packet/key.rs b/openpgp/src/packet/key.rs index 7f7217bc..83e94f81 100644 --- a/openpgp/src/packet/key.rs +++ b/openpgp/src/packet/key.rs @@ -1743,6 +1743,35 @@ mod tests { } #[test] + fn key_encrypt_decrypt() -> Result<()> { + let mut g = quickcheck::StdThreadGen::new(256); + let p: Password = Vec::<u8>::arbitrary(&mut g).into(); + + let check = |key: Key4<SecretParts, UnspecifiedRole>| -> Result<()> { + let key: Key<_, _> = key.into(); + let encrypted = key.clone().encrypt_secret(&p)?; + let decrypted = encrypted.decrypt_secret(&p)?; + assert_eq!(key, decrypted); + Ok(()) + }; + + use crate::types::Curve::*; + for curve in vec![NistP256, NistP384, NistP521, Ed25519] { + let key: Key4<_, key::UnspecifiedRole> + = Key4::generate_ecc(true, curve.clone())?; + check(key)?; + } + + for bits in vec![2048, 3072] { + let key: Key4<_, key::UnspecifiedRole> + = Key4::generate_rsa(bits)?; + check(key)?; + } + + Ok(()) + } + + #[test] fn eq() { use crate::types::Curve::*; |