diff --git a/passKitTests/Crypto/PGPAgentTest.swift b/passKitTests/Crypto/PGPAgentTest.swift index 248c2ef..d62c7ff 100644 --- a/passKitTests/Crypto/PGPAgentTest.swift +++ b/passKitTests/Crypto/PGPAgentTest.swift @@ -28,9 +28,9 @@ class PGPAgentTest: XCTestCase { super.tearDown() } - func basicEncryptDecrypt(using pgpAgent: PGPAgent) throws -> Data? { + func basicEncryptDecrypt(using pgpAgent: PGPAgent, requestPassphrase: () -> String = requestPGPKeyPassphrase) throws -> Data? { let encryptedData = try pgpAgent.encrypt(plainData: testData) - return try pgpAgent.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPGPKeyPassphrase) + return try pgpAgent.decrypt(encryptedData: encryptedData, requestPGPKeyPassphrase: requestPassphrase) } func testBasicEncryptDecrypt() throws { @@ -97,6 +97,28 @@ class PGPAgentTest: XCTestCase { } } + func testNoDecryptionWithIncorrectPassphrase() throws { + try importKeys(RSA2048.publicKey, RSA2048.privateKey) + + var passphraseRequestCalled = false + let provideCorrectPassphrase: () -> String = { + passphraseRequestCalled = true + return requestPGPKeyPassphrase() + } + XCTAssertEqual(try basicEncryptDecrypt(using: pgpAgent, requestPassphrase: provideCorrectPassphrase), testData) + XCTAssert(passphraseRequestCalled) + + passphraseRequestCalled = false + let provideIncorrectPassphrase: () -> String = { + passphraseRequestCalled = true + return "incorrect passphrase" + } + XCTAssertThrowsError(try basicEncryptDecrypt(using: pgpAgent, requestPassphrase: provideIncorrectPassphrase)) { + XCTAssert($0.localizedDescription.contains("openpgp: invalid data: private key checksum failure")) + } + XCTAssert(passphraseRequestCalled) + } + private func importKeys(_ publicKey: String, _ privateKey: String) throws { try KeyFileManager(keyType: PgpKey.PUBLIC, keyPath: "", keyHandler: keychain.add).importKey(from: publicKey) try KeyFileManager(keyType: PgpKey.PRIVATE, keyPath: "", keyHandler: keychain.add).importKey(from: privateKey)