From 2ddc02eac0ec66a258b1855e9cb5d30264277669 Mon Sep 17 00:00:00 2001 From: Sauhard Sharma Date: Tue, 5 Dec 2023 11:49:51 -0800 Subject: [PATCH] Bug Fix - Issue #58 - Added a null check in MDC validation stream for signed but unencrypted streams - Fixes bug - https://github.com/neuhalje/bouncy-gpg/issues/58 --- .../decrypting/MDCValidatingInputStream.java | 2 ++ .../DecryptionStreamFactoryTest.java | 24 +++++++++++-------- .../openpgp/testtooling/ExampleMessages.java | 21 ++++++++++++++++ 3 files changed, 37 insertions(+), 10 deletions(-) diff --git a/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/MDCValidatingInputStream.java b/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/MDCValidatingInputStream.java index fc881e7..cf3c79d 100644 --- a/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/MDCValidatingInputStream.java +++ b/src/main/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/MDCValidatingInputStream.java @@ -57,10 +57,12 @@ public int read(@Nonnull byte[] b, int off, int len) throws IOException { /** * Checks MDC if present. + * If stream is not encrypted, returns directly * * @throws IOException Error while reading input stream or if MDC fails */ private void validateMDC() throws IOException { + if (pbe == null) { return; } try { if (pbe.isIntegrityProtected()) { if (!pbe.verify()) { diff --git a/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/DecryptionStreamFactoryTest.java b/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/DecryptionStreamFactoryTest.java index 262e9ab..b7fed44 100644 --- a/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/DecryptionStreamFactoryTest.java +++ b/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/decrypting/DecryptionStreamFactoryTest.java @@ -1,14 +1,6 @@ package name.neuhalfen.projects.crypto.bouncycastle.openpgp.decrypting; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_NOT_ENCRYPTED_TO_ME; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_NOT_SIGNED_NOT_COMPRESSED; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_SIGNED_BY_2_KNOWN_1_UNKNOWN_KEY; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_SIGNED_COMPRESSED; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_SIGNED_MULTIPLE_COMPRESSED; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_SIGNED_MULTIPLE_V2_COMPRESSED; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_SIGNED_NOT_COMPRESSED; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_SIGNED_UNKNOWN_KEY_COMPRESSED; -import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.IMPORTANT_QUOTE_TEXT; +import static name.neuhalfen.projects.crypto.bouncycastle.openpgp.testtooling.ExampleMessages.*; import static org.hamcrest.CoreMatchers.equalTo; import static org.junit.Assert.assertTrue; import static org.mockito.Mockito.never; @@ -296,7 +288,7 @@ public void decryptingSignedMessage_andSignatureIsNotRequired_succeeds() } @Test - public void decryptingSignedMessageWithSingleeSignatures_andAnySignatureIsRequired_succeeds() + public void decryptingSignedMessageWithSingleSignature_andAnySignatureIsRequired_succeeds() throws IOException, SignatureException { final KeyringConfig config = Configs.keyringConfigFromFilesForRecipient(); @@ -331,6 +323,18 @@ public void decryptingSignedMessageWithMultipleSignaturesUnknownSignatureFirst_a Assert.assertThat(decryptedQuote, equalTo(IMPORTANT_QUOTE_TEXT)); } + @Test + public void verifyingSignedMessageWithSingleSignature_andNoSignatureIsRequired_succeeds() + throws IOException, SignatureException { + final KeyringConfig config = Configs.keyringConfigFromFilesForRecipient(); + + final String decryptedQuote = decrypt( + IMPORTANT_QUOTE_NOT_ENCRYPTED_BUT_SIGNED.getBytes("US-ASCII"), config, + SignatureValidationStrategies.ignoreSignatures()); + + Assert.assertThat(decryptedQuote, equalTo(IMPORTANT_QUOTE_TEXT)); + } + @Test(expected = IOException.class) public void decryptingTamperedUnSignedCiphertextWithMDC_fails() throws IOException, NoSuchAlgorithmException, NoSuchProviderException { diff --git a/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java b/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java index 987f7f5..101a8d9 100644 --- a/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java +++ b/src/test/java/name/neuhalfen/projects/crypto/bouncycastle/openpgp/testtooling/ExampleMessages.java @@ -714,6 +714,27 @@ public class ExampleMessages { "znd5CR+Jye1UXfLusnylrlfgKZcCRA==\n" + "=q3RN\n" + "-----END PGP MESSAGE-----"; + + /** + * Encrypted-To: recipient@example.com Signed-By: not encrypted but signed Compressed: no + */ + public final static String IMPORTANT_QUOTE_NOT_ENCRYPTED_BUT_SIGNED = + "-----BEGIN PGP MESSAGE-----\n" + + "Version: Keybase OpenPGP v2.0.76\n" + + "Comment: https://keybase.io/crypto\n" + + "\n" + + "yMDRAnicO8LLzMDFGLL4trl/RdV2xtNRpQyp+TWTPRVy8stSFVJSE1NyMvNSi/UU\n" + + "gCKZ2akKJRmpCuUZ+fnFGZl56QrF+aV5KSCxSoXcRKBsYjGEk5ZTqZBUqafgkl+a\n" + + "ngMUdExJzC0+dCCGhYGRi4GNlQlkBQMXpwDM3ikLORjazieoXLSXYeKoN/rn9qKQ\n" + + "3/58UNEr+9kXngh2W8knW9ke99/nIB5z4t4l23snT1r7ME2bbfJsbaWoL+fEh9Ws\n" + + "BXWrH9Y/Px9f6Zv7ZWftgXk7TNdWJcm2OWSKMLr8Oz/rhRvn1y3zn5tVy6+RjWed\n" + + "u74w7taaGyf8mHYpC7UzS6TVqiiIv72jv0bg/3/z6T8+/ty57eH26XtrJ8Zfld/w\n" + + "dMYmFuY7k/eKb/JcNzPW7fLa3r4naXuDre/1mx4SmF++cmr3hUl6x9Q7PmzwP/75\n" + + "hMysoIvfc/seZW9OZJsW2lB56/+ed5OKpqzb2/KVvbRa71LNLGWpIHXTlJrWp7qs\n" + + "YU/nvsrk+xQWcdbD7qQdABDtsOc=\n" + + "=5J9M\n" + + "-----END PGP MESSAGE-----\n"; + /** * Encrypted-To: sender@example.com Signed-By: not signed Compressed: no */