Example #1
0
  @Test
  public void test() throws SymmetricKeyDecryptionException, SymmetricKeyEncryptionException {
    // Precondition:
    // Owner has pw-protected MasterKeystore containig MKey_sig and MKey_enc
    // Owner hat lesser protected DeviceKeystore containing at least one
    // DeviceKey DevKey_1_enc

    // Create Empty SharePartList
    assertNotNull(volume);

    // ShareMetaData shareMetaData = volume.createShareMetaData(alias,
    // mKey_sig_pub, mKey_sig, deviceAlias, devKey1_enc);
    ShareMetaData shareMetaData = null;
    try {
      shareMetaData =
          new ShareMetaData(
              new JDBCHelperNonRevokeable("jdbc:sqlite:" + dbName + File.separator), mKey_sig_pub);
    } catch (Exception e) {
      e.printStackTrace();
      fail(e.getMessage());
    }
    try {
      Field smdField = Volume.class.getDeclaredField("shareMetaData");
      smdField.setAccessible(true);
      smdField.set(volume, shareMetaData);
    } catch (Exception e) {
      fail(e.getMessage());
    }
    assertNotNull(shareMetaData);

    SharePartList spl = shareMetaData.initSharePartList();
    assertEquals("SharePartList is not empty, although it should be", 0, spl.size());
    // Sign SharePartList
    try {
      spl.sign(mKey_sig);
      assertTrue(CryptCore.verifySignature(spl, spl.getSignature(), mKey_sig_pub));
    } catch (SignatureException e2) {
      fail(e2.getMessage());
    }

    spl.add(mKey_sig_pub, alias);
    assertEquals("SharePartList is not empty, although it should be", 1, spl.size());
    try {
      spl.sign(mKey_sig);
      assertTrue(CryptCore.verifySignature(spl, spl.getSignature(), mKey_sig_pub));
    } catch (SignatureException e2) {
      fail(e2.getMessage());
    }

    // get DevKeys for the Devices that the owner wants to enable for this
    // Volume
    // Put keys in dkList
    dkList.put(deviceAlias, devKey1_enc);
    assertEquals("DeviceKeyList should have 1 element", 1, dkList.size());

    // Create and sign devicelist
    DeviceList dl = shareMetaData.createDeviceList(mKey_sig_pub, dkList);
    assertEquals(
        "ShareMetaData should have 1 DeviceList",
        1,
        shareMetaData.getDeviceLists().values().size());

    // Create symmetric ShareKey
    SecretKey sk = CryptCore.generateSymmetricKey();
    assertNotNull(sk);

    // Encrypt sk for all deviceLists
    Collection<DeviceList> deviceLists = shareMetaData.getDeviceLists().values();
    Collection<PublicKey> pubKeys = new LinkedList<PublicKey>();
    for (DeviceList devList : deviceLists) {
      pubKeys.addAll(devList.getPublicKeys());
    }
    assertEquals(1, pubKeys.size());
    // fetch ShareKeyDB
    ShareKeyDB db = shareMetaData.getShareKeys();
    assertNotNull(db);
    // add Encrypted Keys to db
    try {
      db.add(sk, pubKeys);
    } catch (SymmetricKeyEncryptionException e1) {
      fail(e1.getMessage());
    }
    assertEquals(1, db.size());
    try {
      db.sign(mKey_sig, alias);
    } catch (SignatureException e1) {
      fail(e1.getMessage());
    }

    // Encrypt skOb for all deviceLists
    shareMetaData.addObfuscationKey(devKey1_enc, null, null);

    System.out.println("Making ShareMetaData persistent...");

    try {
      dl.sign(mKey_sig, shareMetaData.shareKeys, shareMetaData.obfuscationKeys);
      assertTrue(
          SignatureHelper.verify(
              dl.getSignature(),
              mKey_sig_pub,
              dl,
              shareMetaData.shareKeys.get(dl.getPublicKeys()),
              shareMetaData.obfuscationKeys.get(dl.getPublicKeys())));

    } catch (SignatureException
        | InvalidKeyException
        | NoSuchAlgorithmException
        | SerializationException e2) {
      fail(e2.getMessage());
    }

    // make sharemetadata persistent
    try {
      shareMetaData.persist();
      shareMetaData.persist(dl);
    } catch (Exception e) {
      fail(e.getMessage());
    }

    System.out.println("Loading Volume...");

    // load volume with sharemetadata
    try {
      Volume loadedVol = new Volume(dbName);
      ShareMetaData loadedSMD = loadedVol.loadShareMetaData(mKey_sig_pub);

      assertArrayEquals(shareMetaData.getSignature(), loadedSMD.getSignature());

      System.out.println("DONE");
    } catch (Exception e) {
      e.printStackTrace(System.err);
      fail(e.getMessage());
    }
  }
Example #2
0
  @Override
  public void addDevice(
      String alias,
      PublicKey masterPubSigKey,
      PrivateKey masterPrivSigKey,
      String newDeviceAlias,
      PublicKey newDevicePubKey,
      PublicKey masterPubEncKey,
      PrivateKey masterPrivEncKey)
      throws ShareMetaDataException {

    if (IVolume.MASTER_KEY.equals(newDeviceAlias)) {
      throw new IllegalArgumentException("Illegal alias for device. Choose another alias");
    }

    // verify matching public/private keys
    if (!Utils.keysMatch(masterPubSigKey, masterPrivSigKey)) {
      throw new IllegalArgumentException(
          "User's master private and public signature keys do not match!");
    }
    if (!Utils.keysMatch(masterPubEncKey, masterPrivEncKey)) {
      throw new IllegalArgumentException(
          "User's master private and public encryption keys do not match!");
    }

    // verify integrity of ShareParticipantList
    SharePartList sharePartList = shareMetaData.getSharePartList();
    try {
      SignatureHelper.verify(
          sharePartList, sharePartList.getSignature(), shareMetaData.ownerPubSigKey);
    } catch (InvalidKeyException
        | NoSuchAlgorithmException
        | SignatureException
        | SerializationException e) {
      throw new ShareMetaDataException("Could not verify ShareParticipantsList signature", e);
    }

    // check if masterPubSigKey is in ShareParticipants
    if (!sharePartList.getPublicKey(alias).equals(masterPubSigKey)) {
      throw new ShareMetaDataException(
          "Given user singature publickey is not " + "in sharepartiticapnts list");
    }

    // Get DeviceList for user
    DeviceList deviceList = shareMetaData.getDeviceLists().get(masterPubSigKey);
    if (deviceList == null) {
      throw new ShareMetaDataException(
          "DeviceList for user " + alias + " was empty, which should never be the case.");
    }

    // add device
    deviceList.addDevice(newDeviceAlias, newDevicePubKey);

    // add encrypted Obfuscation key for new device
    try {
      shareMetaData.addObfuscationKey(masterPubEncKey, masterPrivEncKey, newDevicePubKey);
    } catch (SymmetricKeyEncryptionException | SymmetricKeyDecryptionException e) {
      throw new ShareMetaDataException("Could not add encrypted obfuscation key for new device", e);
    }

    // add encrypted sharekey for device
    try {
      this.shareMetaData.shareKeys.addDevice(masterPubEncKey, masterPrivEncKey, newDevicePubKey);
    } catch (Exception e) {
      throw new ShareMetaDataException("Could not add encrypted share keys for new device", e);
    }
    // Sign everything
    try {
      deviceList.sign(masterPrivSigKey, shareMetaData.shareKeys, shareMetaData.obfuscationKeys);
    } catch (SignatureException e) {
      throw new ShareMetaDataException("Could not sign devicelist", e);
    }

    this.shareMetaData.persist(deviceList);
  }