summaryrefslogtreecommitdiff
path: root/crypto/pgpainless/src
diff options
context:
space:
mode:
authorHarsh Shandilya <me@msfjarvis.dev>2024-04-14 22:50:59 +0530
committerHarsh Shandilya <me@msfjarvis.dev>2024-04-14 23:19:31 +0530
commit87738477be87afb639509f5ebdf5da979ba0bd04 (patch)
treed2575904de2bd37e23463d8f9831161b38be790b /crypto/pgpainless/src
parent312f92d21a5b8925496d5015357c257dace3a028 (diff)
fix: special-case AEAD failure
Fixes #2974 Fixes #2963 Fixes #2921 Fixes #2924 Fixes #2653 Fixes #2461 Fixes #2586 Fixes #2179
Diffstat (limited to 'crypto/pgpainless/src')
-rw-r--r--crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt9
-rw-r--r--crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt18
-rw-r--r--crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/TestUtils.kt3
-rw-r--r--crypto/pgpainless/src/test/resources/aead_encrypted_filebin0 -> 354 bytes
4 files changed, 30 insertions, 0 deletions
diff --git a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt
index a7087acf..92fbfa64 100644
--- a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt
+++ b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt
@@ -8,6 +8,7 @@ package app.passwordstore.crypto
import app.passwordstore.crypto.errors.CryptoHandlerException
import app.passwordstore.crypto.errors.IncorrectPassphraseException
import app.passwordstore.crypto.errors.NoKeysProvidedException
+import app.passwordstore.crypto.errors.NonStandardAEAD
import app.passwordstore.crypto.errors.UnknownError
import com.github.michaelbull.result.Result
import com.github.michaelbull.result.mapError
@@ -24,6 +25,7 @@ import org.pgpainless.PGPainless
import org.pgpainless.decryption_verification.ConsumerOptions
import org.pgpainless.encryption_signing.EncryptionOptions
import org.pgpainless.encryption_signing.ProducerOptions
+import org.pgpainless.exception.MessageNotIntegrityProtectedException
import org.pgpainless.exception.WrongPassphraseException
import org.pgpainless.key.protection.SecretKeyRingProtector
import org.pgpainless.util.Passphrase
@@ -75,6 +77,13 @@ public class PGPainlessCryptoHandler @Inject constructor() :
when (error) {
is WrongPassphraseException -> IncorrectPassphraseException(error)
is CryptoHandlerException -> error
+ is MessageNotIntegrityProtectedException -> {
+ if (error.message?.contains("Symmetrically Encrypted Data") == true) {
+ NonStandardAEAD(error)
+ } else {
+ UnknownError(error)
+ }
+ }
else -> UnknownError(error)
}
}
diff --git a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
index 4ec4b7fa..5de2bf4f 100644
--- a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
+++ b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandlerTest.kt
@@ -9,6 +9,7 @@ package app.passwordstore.crypto
import app.passwordstore.crypto.CryptoConstants.KEY_PASSPHRASE
import app.passwordstore.crypto.CryptoConstants.PLAIN_TEXT
import app.passwordstore.crypto.errors.IncorrectPassphraseException
+import app.passwordstore.crypto.errors.NonStandardAEAD
import com.github.michaelbull.result.getError
import com.google.testing.junit.testparameterinjector.TestParameter
import com.google.testing.junit.testparameterinjector.TestParameterInjector
@@ -138,6 +139,23 @@ class PGPainlessCryptoHandlerTest {
}
@Test
+ fun aeadEncryptedMaterialIsSurfacedProperly() {
+ val secKey = PGPKey(TestUtils.getAEADSecretKey())
+ val plaintextStream = ByteArrayOutputStream()
+ val ciphertextStream = TestUtils.getAEADEncryptedFile().inputStream()
+ val res =
+ cryptoHandler.decrypt(
+ listOf(secKey),
+ "Password",
+ ciphertextStream,
+ plaintextStream,
+ PGPDecryptOptions.Builder().build(),
+ )
+ assertTrue(res.isErr)
+ assertIs<NonStandardAEAD>(res.error, message = "${res.error.cause}")
+ }
+
+ @Test
fun canHandleFiltersFormats() {
assertFalse { cryptoHandler.canHandle("example.com") }
assertTrue { cryptoHandler.canHandle("example.com.gpg") }
diff --git a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/TestUtils.kt b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/TestUtils.kt
index 90b98ac9..56c8c1d8 100644
--- a/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/TestUtils.kt
+++ b/crypto/pgpainless/src/test/kotlin/app/passwordstore/crypto/TestUtils.kt
@@ -21,6 +21,9 @@ object TestUtils {
fun getAEADSecretKey() = this::class.java.classLoader.getResource("aead_sec").readBytes()
+ fun getAEADEncryptedFile() =
+ this::class.java.classLoader.getResource("aead_encrypted_file").readBytes()
+
enum class AllKeys(val keyMaterial: ByteArray) {
ARMORED_SEC(getArmoredSecretKey()),
ARMORED_PUB(getArmoredPublicKey()),
diff --git a/crypto/pgpainless/src/test/resources/aead_encrypted_file b/crypto/pgpainless/src/test/resources/aead_encrypted_file
new file mode 100644
index 00000000..d8547bdb
--- /dev/null
+++ b/crypto/pgpainless/src/test/resources/aead_encrypted_file
Binary files differ