handle one-octet length headers in public key block reformatting
This commit is contained in:
parent
534f816e35
commit
90b7a0f4f1
|
@ -44,6 +44,7 @@ public class PgpHelper {
|
||||||
public static final Pattern PGP_PUBLIC_KEY = Pattern.compile(
|
public static final Pattern PGP_PUBLIC_KEY = Pattern.compile(
|
||||||
".*?(-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----).*",
|
".*?(-----BEGIN PGP PUBLIC KEY BLOCK-----.*?-----END PGP PUBLIC KEY BLOCK-----).*",
|
||||||
Pattern.DOTALL);
|
Pattern.DOTALL);
|
||||||
|
private static final Pattern KEYDATA_START_PATTERN = Pattern.compile("\\s(m[A-Q])");
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Fixing broken PGP MESSAGE Strings coming from GMail/AOSP Mail
|
* Fixing broken PGP MESSAGE Strings coming from GMail/AOSP Mail
|
||||||
|
@ -126,17 +127,50 @@ public class PgpHelper {
|
||||||
@Nullable
|
@Nullable
|
||||||
@CheckResult
|
@CheckResult
|
||||||
@VisibleForTesting
|
@VisibleForTesting
|
||||||
|
/* Reformats a public key block with messed up whitespace. This will strip headers in the process. */
|
||||||
static String reformatPgpPublicKeyBlock(@NonNull String text) {
|
static String reformatPgpPublicKeyBlock(@NonNull String text) {
|
||||||
StringBuilder reformattedKeyBlocks = new StringBuilder();
|
StringBuilder reformattedKeyBlocks = new StringBuilder();
|
||||||
|
|
||||||
|
/*
|
||||||
|
This method assumes that the base64 encoded public key data always starts with "m[A-Q]".
|
||||||
|
This holds based on a few assumptions based on the following observations:
|
||||||
|
|
||||||
|
mA encodes 12 bits: 1001 1000 0000
|
||||||
|
...
|
||||||
|
mP encodes 12 bits: 1001 1000 1111
|
||||||
|
mQ encodes 12 bits: 1001 1001 0000
|
||||||
|
1234 5678
|
||||||
|
|
||||||
|
The first bit is a constant 1, the second is 0 for old packet format. Bits 3
|
||||||
|
through 6 encode the packet tag (constant 6 = b0110). Bits 7 and 8 encode the
|
||||||
|
length type of the packet, with a value of b00 or b01 referring to a 2- or
|
||||||
|
3-octet header, respectively. The following four bits are part of the length
|
||||||
|
header.
|
||||||
|
|
||||||
|
Thus we make the following assumptions:
|
||||||
|
- The packet uses the old packet format. Since the public key packet tag is available in the old format,
|
||||||
|
there is no reason to use the new one - implementations *could* do that, however.
|
||||||
|
- The first packet is a public key.
|
||||||
|
- The length is encoded as one or two bytes.
|
||||||
|
- If the length is encoded as one byte, the second character may be A through P (four length bits).
|
||||||
|
- If the length is encoded as two bytes, the second character is Q. This fixes the first four bits of
|
||||||
|
the length field to zero, limiting the length to 4096.
|
||||||
|
*/
|
||||||
|
|
||||||
while (!text.isEmpty()) {
|
while (!text.isEmpty()) {
|
||||||
int indexOfBlock = text.indexOf("-----BEGIN PGP PUBLIC KEY BLOCK-----");
|
int indexOfBlock = text.indexOf("-----BEGIN PGP PUBLIC KEY BLOCK-----");
|
||||||
int indexOfPubkeyMaterial = text.indexOf("mQ", indexOfBlock);
|
|
||||||
int indexOfBlockEnd = text.indexOf("-----END PGP PUBLIC KEY BLOCK-----");
|
int indexOfBlockEnd = text.indexOf("-----END PGP PUBLIC KEY BLOCK-----");
|
||||||
if (indexOfBlock < 0 || indexOfPubkeyMaterial < 0 || indexOfBlockEnd < 0) {
|
if (indexOfBlock < 0 || indexOfBlockEnd < 0) {
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
Matcher matcher = KEYDATA_START_PATTERN.matcher(text);
|
||||||
|
if (!matcher.find()) {
|
||||||
|
Log.e(Constants.TAG, "Could not find start of key data!");
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
int indexOfPubkeyMaterial = matcher.start(1);
|
||||||
|
|
||||||
String keyMaterial = text.substring(indexOfPubkeyMaterial, indexOfBlockEnd);
|
String keyMaterial = text.substring(indexOfPubkeyMaterial, indexOfBlockEnd);
|
||||||
keyMaterial = keyMaterial.replaceAll("\\s+", "\n");
|
keyMaterial = keyMaterial.replaceAll("\\s+", "\n");
|
||||||
|
|
||||||
|
|
|
@ -17,7 +17,7 @@ import static junit.framework.Assert.assertNotNull;
|
||||||
@RunWith(KeychainTestRunner.class)
|
@RunWith(KeychainTestRunner.class)
|
||||||
public class PgpHelperTest {
|
public class PgpHelperTest {
|
||||||
|
|
||||||
static final String INPUT_KEY_BLOCK = "-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 " +
|
static final String INPUT_KEY_BLOCK_TWO_OCTET_LENGTH = "-----BEGIN PGP PUBLIC KEY BLOCK----- Version: GnuPG v2 " +
|
||||||
"mQENBFnA7Y0BCAC+pdQ1mV9QguWvAyMsKiKkzeP5VxbIDUyQ8OBDFKIrZKZGTzjZ " +
|
"mQENBFnA7Y0BCAC+pdQ1mV9QguWvAyMsKiKkzeP5VxbIDUyQ8OBDFKIrZKZGTzjZ " +
|
||||||
"xvZs22j5pXWYlyDi4HU4+nuQmAMo6jxJMKQQkW7Y5AmRYijboLN+lZ8L28bYJC4o " +
|
"xvZs22j5pXWYlyDi4HU4+nuQmAMo6jxJMKQQkW7Y5AmRYijboLN+lZ8L28bYJC4o " +
|
||||||
"PcAnS3xlib2lE7aNK2BRUbctkhahhb2hohAxiXTUdGmfr9sHgZ2+B9sPTfuhrvtI " +
|
"PcAnS3xlib2lE7aNK2BRUbctkhahhb2hohAxiXTUdGmfr9sHgZ2+B9sPTfuhrvtI " +
|
||||||
|
@ -44,10 +44,23 @@ public class PgpHelperTest {
|
||||||
"O/eTJGOfMl6hC4rRxRUbM+piZzbYcQ0lO3R2yPlEwzlO+asM9820V9bkviJUrXiY " +
|
"O/eTJGOfMl6hC4rRxRUbM+piZzbYcQ0lO3R2yPlEwzlO+asM9820V9bkviJUrXiY " +
|
||||||
"c5EX44mwFdhpXuHbRS18DJjCVcMhEsPG6rQ0Qy/6/dafow5HExRBmZl6ZkfjR2Lb " +
|
"c5EX44mwFdhpXuHbRS18DJjCVcMhEsPG6rQ0Qy/6/dafow5HExRBmZl6ZkfjR2Lb " +
|
||||||
"alOZH0SNi47bvn6QKqKgiqT4f9mImyEDtSj/ =2V66 -----END PGP PUBLIC KEY BLOCK-----";
|
"alOZH0SNi47bvn6QKqKgiqT4f9mImyEDtSj/ =2V66 -----END PGP PUBLIC KEY BLOCK-----";
|
||||||
|
static final String INPUT_KEY_BLOCK_ONE_OCTET_LENGTH = "-----BEGIN PGP PUBLIC KEY BLOCK-----\n" +
|
||||||
|
"\n" +
|
||||||
|
"mFIEVk2iwRMIKoZIzj0DAQcCAwTBaWEpVYOfZDm85s/zszd4J4CBW8FesYiYQTeX\n" +
|
||||||
|
"5WMtwXsqrG5/ZcIgHNBzI0EvUbm/oSBFUJNk7RhmOk6MpS2gtAdNci4gRUNDiHkE\n" +
|
||||||
|
"ExMIACEFAlZNosECGwMFCwkIBwIGFQgJCgsCBBYCAwECHgECF4AACgkQt60Zc7T/\n" +
|
||||||
|
"SfQTPAD/bZ0ld3UyqAt8oPoHyJduGMkbur5KYoht1w/MMtiogG0BAN8Anhy55kTe\n" +
|
||||||
|
"H4VmMWxzK9M+kIFPzqEVHOzsuE5nhJOouFYEVk2iwRIIKoZIzj0DAQcCAwSvfTrq\n" +
|
||||||
|
"kkVeD0cVM8FZwhjTaG+B9wgk7yeoMgjIrSuZLiRjGAYC7Kq+6OiczduoItC2oMuK\n" +
|
||||||
|
"GpymTF6t+CmQpUfuAwEIB4hhBBgTCAAJBQJWTaLBAhsMAAoJELetGXO0/0n00BwA\n" +
|
||||||
|
"/2d1w/A4xMwfIFrKDwHeHALUBaIOuhF2AKd/43HujmuLAQDdcWf3h/0zjgBTjSoB\n" +
|
||||||
|
"bcVr5AE/huKUnwKYa7SP7wzoZg==\n" +
|
||||||
|
"=ou9N\n" +
|
||||||
|
"-----END PGP PUBLIC KEY BLOCK-----\n";
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void reformatPgpPublicKeyBlock() throws Exception {
|
public void reformatPgpPublicKeyBlock() throws Exception {
|
||||||
String reformattedKey = PgpHelper.reformatPgpPublicKeyBlock(INPUT_KEY_BLOCK);
|
String reformattedKey = PgpHelper.reformatPgpPublicKeyBlock(INPUT_KEY_BLOCK_TWO_OCTET_LENGTH);
|
||||||
|
|
||||||
assertNotNull(reformattedKey);
|
assertNotNull(reformattedKey);
|
||||||
UncachedKeyRing.decodeFromData(reformattedKey.getBytes());
|
UncachedKeyRing.decodeFromData(reformattedKey.getBytes());
|
||||||
|
@ -55,7 +68,8 @@ public class PgpHelperTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void reformatPgpPublicKeyBlock_consecutiveKeys() throws Exception {
|
public void reformatPgpPublicKeyBlock_consecutiveKeys() throws Exception {
|
||||||
String reformattedKey = PgpHelper.reformatPgpPublicKeyBlock(INPUT_KEY_BLOCK + INPUT_KEY_BLOCK);
|
String reformattedKey = PgpHelper.reformatPgpPublicKeyBlock(
|
||||||
|
INPUT_KEY_BLOCK_TWO_OCTET_LENGTH + INPUT_KEY_BLOCK_TWO_OCTET_LENGTH);
|
||||||
|
|
||||||
assertNotNull(reformattedKey);
|
assertNotNull(reformattedKey);
|
||||||
IteratorWithIOThrow<UncachedKeyRing> uncachedKeyRingIteratorWithIOThrow =
|
IteratorWithIOThrow<UncachedKeyRing> uncachedKeyRingIteratorWithIOThrow =
|
||||||
|
@ -67,10 +81,18 @@ public class PgpHelperTest {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
public void reformatPgpPublicKeyBlock_shouldBeIdempotent() throws Exception {
|
public void reformatPgpPublicKeyBlock_shouldBeIdempotent() throws Exception {
|
||||||
String reformattedKey1 = PgpHelper.reformatPgpPublicKeyBlock(INPUT_KEY_BLOCK);
|
String reformattedKey1 = PgpHelper.reformatPgpPublicKeyBlock(INPUT_KEY_BLOCK_TWO_OCTET_LENGTH);
|
||||||
String reformattedKey2 = PgpHelper.reformatPgpPublicKeyBlock(reformattedKey1);
|
assertNotNull(reformattedKey1);
|
||||||
|
|
||||||
|
String reformattedKey2 = PgpHelper.reformatPgpPublicKeyBlock(reformattedKey1);
|
||||||
assertEquals(reformattedKey1, reformattedKey2);
|
assertEquals(reformattedKey1, reformattedKey2);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void reformatPgpPublicKeyBlock_withOneOctetLengthHeader() throws Exception {
|
||||||
|
String reformattedKey = PgpHelper.reformatPgpPublicKeyBlock(INPUT_KEY_BLOCK_ONE_OCTET_LENGTH);
|
||||||
|
|
||||||
|
assertNotNull(reformattedKey);
|
||||||
|
UncachedKeyRing.decodeFromData(reformattedKey.getBytes());
|
||||||
|
}
|
||||||
}
|
}
|
Loading…
Reference in a new issue