cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Support of OpenPGP card v3

Browse Source
This commit is contained in:
Arnaud Fontaine
2016-10-25 16:37:43 +02:00
parent 7616c1c8b8
commit 05bfd6bc01
29 changed files with 1403 additions and 167 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyActivity.java
View File

@@ -31,6 +31,7 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.securitytoken.KeyFormat;
import org.sufficientlysecure.keychain.ui.base.BaseSecurityTokenActivity;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.Passphrase;
@@ -64,6 +65,9 @@ public class CreateKeyActivity extends BaseSecurityTokenActivity {
boolean mCreateSecurityToken;
Passphrase mSecurityTokenPin;
Passphrase mSecurityTokenAdminPin;
KeyFormat mSecurityTokenSign;
KeyFormat mSecurityTokenDec;
KeyFormat mSecurityTokenAuth;
Fragment mCurrentFragment;
@@ -97,6 +101,7 @@ public class CreateKeyActivity extends BaseSecurityTokenActivity {
mPassphrase = savedInstanceState.getParcelable(EXTRA_PASSPHRASE);
mFirstTime = savedInstanceState.getBoolean(EXTRA_FIRST_TIME);
mCreateSecurityToken = savedInstanceState.getBoolean(EXTRA_CREATE_SECURITY_TOKEN);
mSecurityTokenAid = savedInstanceState.getByteArray(EXTRA_SECURITY_TOKEN_AID);
mSecurityTokenPin = savedInstanceState.getParcelable(EXTRA_SECURITY_TOKEN_PIN);
mSecurityTokenAdminPin = savedInstanceState.getParcelable(EXTRA_SECURITY_TOKEN_ADMIN_PIN);
@@ -122,7 +127,7 @@ public class CreateKeyActivity extends BaseSecurityTokenActivity {
setTitle(R.string.title_import_keys);
} else {
Fragment frag = CreateSecurityTokenBlankFragment.newInstance();
Fragment frag = CreateSecurityTokenBlankFragment.newInstance(nfcAid);
loadFragment(frag, FragAction.START);
setTitle(R.string.title_manage_my_keys);
}
@@ -192,7 +197,7 @@ public class CreateKeyActivity extends BaseSecurityTokenActivity {
loadFragment(frag, FragAction.TO_RIGHT);
}
} else {
Fragment frag = CreateSecurityTokenBlankFragment.newInstance();
Fragment frag = CreateSecurityTokenBlankFragment.newInstance(mSecurityTokenAid);
loadFragment(frag, FragAction.TO_RIGHT);
}
}
@@ -221,6 +226,7 @@ public class CreateKeyActivity extends BaseSecurityTokenActivity {
outState.putParcelable(EXTRA_PASSPHRASE, mPassphrase);
outState.putBoolean(EXTRA_FIRST_TIME, mFirstTime);
outState.putBoolean(EXTRA_CREATE_SECURITY_TOKEN, mCreateSecurityToken);
outState.putByteArray(EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
outState.putParcelable(EXTRA_SECURITY_TOKEN_PIN, mSecurityTokenPin);
outState.putParcelable(EXTRA_SECURITY_TOKEN_ADMIN_PIN, mSecurityTokenAdminPin);
}

9
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java
View File

@@ -283,12 +283,9 @@ public class CreateKeyFinalFragment extends Fragment {
SaveKeyringParcel saveKeyringParcel = new SaveKeyringParcel();
if (createKeyActivity.mCreateSecurityToken) {
saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA,
2048, null, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER, 0L));
saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA,
2048, null, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE, 0L));
saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA,
2048, null, KeyFlags.AUTHENTICATION, 0L));
createKeyActivity.mSecurityTokenSign.addToKeyring(saveKeyringParcel, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER);
createKeyActivity.mSecurityTokenDec.addToKeyring(saveKeyringParcel, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE);
createKeyActivity.mSecurityTokenAuth.addToKeyring(saveKeyringParcel, KeyFlags.AUTHENTICATION);
// use empty passphrase
saveKeyringParcel.setNewUnlock(new ChangeUnlockParcel(new Passphrase()));

193
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenAlgorithmFragment.java Normal file
View File

@@ -0,0 +1,193 @@
/*
* Copyright (C) 2015 Dominik Schürmann <dominik@dominikschuermann.de>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.ui;
import android.app.Activity;
import android.content.Context;
import android.os.Bundle;
import android.support.v4.app.Fragment;
import android.support.v4.app.FragmentActivity;
import android.text.Html;
import android.view.LayoutInflater;
import android.view.View;
import android.view.ViewGroup;
import android.widget.ArrayAdapter;
import android.widget.Spinner;
import android.widget.TextView;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.securitytoken.KeyFormat;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper;
import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction;
import org.sufficientlysecure.keychain.util.Choice;
import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.util.SecurityTokenUtils;
import java.util.ArrayList;
import java.util.List;
public class CreateSecurityTokenAlgorithmFragment extends Fragment {
public enum SupportedKeyType {
RSA_2048, RSA_3072, RSA_4096, ECC_P256, ECC_P384, ECC_P521
}
private CreateKeyActivity mCreateKeyActivity;
private View mBackButton;
private View mNextButton;
private Spinner mSignKeySpinner;
private Spinner mDecKeySpinner;
private Spinner mAuthKeySpinner;
/**
* Creates new instance of this fragment
*/
public static CreateSecurityTokenAlgorithmFragment newInstance() {
CreateSecurityTokenAlgorithmFragment frag = new CreateSecurityTokenAlgorithmFragment();
Bundle args = new Bundle();
frag.setArguments(args);
return frag;
}
@Override
public View onCreateView(LayoutInflater inflater, ViewGroup container, Bundle savedInstanceState) {
final FragmentActivity context = getActivity();
View view = inflater.inflate(R.layout.create_yubi_key_algorithm_fragment, container, false);
mBackButton = (TextView) view.findViewById(R.id.create_key_back_button);
mNextButton = (TextView) view.findViewById(R.id.create_key_next_button);
mBackButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
back();
}
});
mNextButton.setOnClickListener(new View.OnClickListener() {
@Override
public void onClick(View v) {
nextClicked();
}
});
mSignKeySpinner = (Spinner) view.findViewById(R.id.create_key_yubi_key_algorithm_sign);
mDecKeySpinner = (Spinner) view.findViewById(R.id.create_key_yubi_key_algorithm_dec);
mAuthKeySpinner = (Spinner) view.findViewById(R.id.create_key_yubi_key_algorithm_auth);
ArrayList<Choice<SupportedKeyType>> choices = new ArrayList<>();
choices.add(new Choice<>(SupportedKeyType.RSA_2048, getResources().getString(
R.string.rsa_2048), getResources().getString(R.string.rsa_2048_description_html)));
choices.add(new Choice<>(SupportedKeyType.RSA_3072, getResources().getString(
R.string.rsa_3072), getResources().getString(R.string.rsa_3072_description_html)));
choices.add(new Choice<>(SupportedKeyType.RSA_4096, getResources().getString(
R.string.rsa_4096), getResources().getString(R.string.rsa_4096_description_html)));
final double version = SecurityTokenHelper.parseOpenPgpVersion(mCreateKeyActivity.mSecurityTokenAid);
if (version >= 3.0) {
choices.add(new Choice<>(SupportedKeyType.ECC_P256, getResources().getString(
R.string.ecc_p256), getResources().getString(R.string.ecc_p256_description_html)));
choices.add(new Choice<>(SupportedKeyType.ECC_P384, getResources().getString(
R.string.ecc_p384), getResources().getString(R.string.ecc_p384_description_html)));
choices.add(new Choice<>(SupportedKeyType.ECC_P521, getResources().getString(
R.string.ecc_p521), getResources().getString(R.string.ecc_p521_description_html)));
}
TwoLineArrayAdapter adapter = new TwoLineArrayAdapter(context,
android.R.layout.simple_spinner_item, choices);
mSignKeySpinner.setAdapter(adapter);
mDecKeySpinner.setAdapter(adapter);
mAuthKeySpinner.setAdapter(adapter);
// make ECC nist256 the default for v3.x
for (int i = 0; i < choices.size(); ++i) {
if (version >= 3.0) {
if (choices.get(i).getId() == SupportedKeyType.ECC_P256) {
mSignKeySpinner.setSelection(i);
mDecKeySpinner.setSelection(i);
mAuthKeySpinner.setSelection(i);
break;
}
} else {
if (choices.get(i).getId() == SupportedKeyType.RSA_2048) {
mSignKeySpinner.setSelection(i);
mDecKeySpinner.setSelection(i);
mAuthKeySpinner.setSelection(i);
break;
}
}
}
return view;
}
@Override
public void onAttach(Activity activity) {
super.onAttach(activity);
mCreateKeyActivity = (CreateKeyActivity) getActivity();
}
private void back() {
mCreateKeyActivity.loadFragment(null, FragAction.TO_LEFT);
}
private void nextClicked() {
mCreateKeyActivity.mSecurityTokenSign = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>)mSignKeySpinner.getSelectedItem()).getId(), false);
mCreateKeyActivity.mSecurityTokenDec = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>)mDecKeySpinner.getSelectedItem()).getId(), true);
mCreateKeyActivity.mSecurityTokenAuth = KeyFormat.fromCreationKeyType(((Choice<SupportedKeyType>)mAuthKeySpinner.getSelectedItem()).getId(), false);
CreateKeyFinalFragment frag = CreateKeyFinalFragment.newInstance();
mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
}
private class TwoLineArrayAdapter extends ArrayAdapter<Choice<SupportedKeyType>> {
public TwoLineArrayAdapter(Context context, int resource, List<Choice<SupportedKeyType>> objects) {
super(context, resource, objects);
}
@Override
public View getDropDownView(int position, View convertView, ViewGroup parent) {
// inflate view if not given one
if (convertView == null) {
convertView = getActivity().getLayoutInflater()
.inflate(R.layout.two_line_spinner_dropdown_item, parent, false);
}
Choice c = this.getItem(position);
TextView text1 = (TextView) convertView.findViewById(android.R.id.text1);
TextView text2 = (TextView) convertView.findViewById(android.R.id.text2);
text1.setText(c.getName());
text2.setText(Html.fromHtml(c.getDescription()));
return convertView;
}
}
}

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenBlankFragment.java
View File

@@ -34,14 +34,17 @@ public class CreateSecurityTokenBlankFragment extends Fragment {
View mBackButton;
View mNextButton;
private byte[] mAid;
/**
* Creates new instance of this fragment
*/
public static CreateSecurityTokenBlankFragment newInstance() {
public static CreateSecurityTokenBlankFragment newInstance(byte[] aid) {
CreateSecurityTokenBlankFragment frag = new CreateSecurityTokenBlankFragment();
Bundle args = new Bundle();
frag.mAid = aid;
frag.setArguments(args);
return frag;
@@ -83,6 +86,7 @@ public class CreateSecurityTokenBlankFragment extends Fragment {
private void nextClicked() {
mCreateKeyActivity.mCreateSecurityToken = true;
mCreateKeyActivity.mSecurityTokenAid = mAid;
CreateKeyNameFragment frag = CreateKeyNameFragment.newInstance();
mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenImportResetFragment.java
View File

@@ -37,6 +37,7 @@ import org.sufficientlysecure.keychain.keyimport.ParcelableKeyRing;
import org.sufficientlysecure.keychain.keyimport.processing.CloudLoaderState;
import org.sufficientlysecure.keychain.operations.results.ImportKeyResult;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper;
import org.sufficientlysecure.keychain.service.ImportKeyringParcel;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
@@ -66,6 +67,7 @@ public class CreateSecurityTokenImportResetFragment
private byte[] mTokenFingerprints;
private byte[] mTokenAid;
private double mTokenVersion;
private String mTokenUserId;
private String mTokenFingerprint;
private TextView vSerNo;
@@ -254,6 +256,7 @@ public class CreateSecurityTokenImportResetFragment
mTokenFingerprints = mCreateKeyActivity.getSecurityTokenHelper().getFingerprints();
mTokenAid = mCreateKeyActivity.getSecurityTokenHelper().getAid();
mTokenVersion = SecurityTokenHelper.parseOpenPgpVersion(mTokenAid);
mTokenUserId = mCreateKeyActivity.getSecurityTokenHelper().getUserId();
byte[] fp = new byte[20];
@@ -290,6 +293,7 @@ public class CreateSecurityTokenImportResetFragment
viewKeyIntent.setData(KeyRings.buildGenericKeyRingUri(masterKeyIds[0]));
viewKeyIntent.putExtra(ViewKeyActivity.EXTRA_DISPLAY_RESULT, result);
viewKeyIntent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mTokenAid);
viewKeyIntent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_VERSION, mTokenVersion);
viewKeyIntent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mTokenUserId);
viewKeyIntent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mTokenFingerprints);

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java
View File

@@ -200,7 +200,7 @@ public class CreateSecurityTokenPinFragment extends Fragment {
mCreateKeyActivity.mSecurityTokenPin = new Passphrase(mPin.getText().toString());
CreateKeyFinalFragment frag = CreateKeyFinalFragment.newInstance();
CreateSecurityTokenAlgorithmFragment frag = CreateSecurityTokenAlgorithmFragment.newInstance();
hideKeyboard();
mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT);
}

38
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EditKeyFragment.java
View File

@@ -35,6 +35,8 @@ import android.view.ViewGroup;
import android.widget.AdapterView;
import android.widget.ListView;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
@@ -449,19 +451,31 @@ public class EditKeyFragment extends QueueingCryptoOperationFragment<SaveKeyring
break;
}
int algorithm = mSubkeysAdapter.getAlgorithm(position);
if (algorithm != PublicKeyAlgorithmTags.RSA_GENERAL
&& algorithm != PublicKeyAlgorithmTags.RSA_ENCRYPT
&& algorithm != PublicKeyAlgorithmTags.RSA_SIGN) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_algo, Notify.Style.ERROR)
.show();
break;
}
switch (mSubkeysAdapter.getAlgorithm(position)) {
case PublicKeyAlgorithmTags.RSA_GENERAL:
case PublicKeyAlgorithmTags.RSA_ENCRYPT:
case PublicKeyAlgorithmTags.RSA_SIGN:
if (mSubkeysAdapter.getKeySize(position) < 2048) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_size, Notify.Style.ERROR)
.show();
}
break;
if (mSubkeysAdapter.getKeySize(position) != 2048) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_size, Notify.Style.ERROR)
.show();
break;
case PublicKeyAlgorithmTags.ECDH:
case PublicKeyAlgorithmTags.ECDSA:
final ASN1ObjectIdentifier curve = NISTNamedCurves.getOID(mSubkeysAdapter.getCurveOid(position));
if (!curve.equals(NISTNamedCurves.getByName("P-256")) &&
!curve.equals(NISTNamedCurves.getByName("P-384")) &&
!curve.equals(NISTNamedCurves.getByName("P-521"))) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_curve, Notify.Style.ERROR)
.show();
}
break;
default:
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_algo, Notify.Style.ERROR)
.show();
break;
}
SubkeyChange change;

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/SecurityTokenOperationActivity.java
View File

@@ -32,6 +32,7 @@ import android.widget.ViewAnimator;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.provider.KeychainContract;
@@ -192,9 +193,18 @@ public class SecurityTokenOperationActivity extends BaseSecurityTokenActivity {
throw new IOException(getString(R.string.error_wrong_security_token));
}
ProviderHelper providerHelper = new ProviderHelper(this);
CanonicalizedPublicKeyRing publicKeyRing;
try {
publicKeyRing = providerHelper.getCanonicalizedPublicKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(mRequiredInput.getMasterKeyId()));
} catch (ProviderHelper.NotFoundException e) {
throw new IOException("Couldn't find subkey for key to token operation.");
}
for (int i = 0; i < mRequiredInput.mInputData.length; i++) {
byte[] encryptedSessionKey = mRequiredInput.mInputData[i];
byte[] decryptedSessionKey = mSecurityTokenHelper.decryptSessionKey(encryptedSessionKey);
byte[] decryptedSessionKey = mSecurityTokenHelper.decryptSessionKey(encryptedSessionKey, publicKeyRing.getPublicKey(tokenKeyId));
mInputParcel.addCryptoData(encryptedSessionKey, decryptedSessionKey);
}
break;

13
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
View File

@@ -111,6 +111,7 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
public static final String EXTRA_SECURITY_TOKEN_USER_ID = "security_token_user_id";
public static final String EXTRA_SECURITY_TOKEN_AID = "security_token_aid";
public static final String EXTRA_SECURITY_TOKEN_VERSION = "security_token_version";
public static final String EXTRA_SECURITY_TOKEN_FINGERPRINTS = "security_token_fingerprints";
@Retention(RetentionPolicy.SOURCE)
@@ -178,6 +179,7 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
private byte[] mSecurityTokenFingerprints;
private String mSecurityTokenUserId;
private byte[] mSecurityTokenAid;
private double mSecurityTokenVersion;
@SuppressLint("InflateParams")
@Override
@@ -671,7 +673,7 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
// if the master key of that key matches this one, just show the token dialog
if (KeyFormattingUtils.convertFingerprintToHex(candidateFp).equals(mFingerprintString)) {
showSecurityTokenFragment(mSecurityTokenFingerprints, mSecurityTokenUserId, mSecurityTokenAid);
showSecurityTokenFragment(mSecurityTokenFingerprints, mSecurityTokenUserId, mSecurityTokenAid, mSecurityTokenVersion);
return;
}
@@ -685,6 +687,7 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
ViewKeyActivity.this, ViewKeyActivity.class);
intent.setData(KeyRings.buildGenericKeyRingUri(masterKeyId));
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_VERSION, mSecurityTokenVersion);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSecurityTokenFingerprints);
startActivity(intent);
@@ -700,6 +703,7 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
Intent intent = new Intent(
ViewKeyActivity.this, CreateKeyActivity.class);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_AID, mSecurityTokenAid);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_VERSION, mSecurityTokenVersion);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_USER_ID, mSecurityTokenUserId);
intent.putExtra(ViewKeyActivity.EXTRA_SECURITY_TOKEN_FINGERPRINTS, mSecurityTokenFingerprints);
startActivity(intent);
@@ -710,13 +714,13 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
}
public void showSecurityTokenFragment(
final byte[] tokenFingerprints, final String tokenUserId, final byte[] tokenAid) {
final byte[] tokenFingerprints, final String tokenUserId, final byte[] tokenAid, final double tokenVersion) {
new Handler().post(new Runnable() {
@Override
public void run() {
ViewKeySecurityTokenFragment frag = ViewKeySecurityTokenFragment.newInstance(
mMasterKeyId, tokenFingerprints, tokenUserId, tokenAid);
mMasterKeyId, tokenFingerprints, tokenUserId, tokenAid, tokenVersion);
FragmentManager manager = getSupportFragmentManager();
@@ -899,7 +903,8 @@ public class ViewKeyActivity extends BaseSecurityTokenActivity implements
byte[] tokenFingerprints = intent.getByteArrayExtra(EXTRA_SECURITY_TOKEN_FINGERPRINTS);
String tokenUserId = intent.getStringExtra(EXTRA_SECURITY_TOKEN_USER_ID);
byte[] tokenAid = intent.getByteArrayExtra(EXTRA_SECURITY_TOKEN_AID);
showSecurityTokenFragment(tokenFingerprints, tokenUserId, tokenAid);
double tokenVersion = intent.getDoubleExtra(EXTRA_SECURITY_TOKEN_VERSION, 2.0);
showSecurityTokenFragment(tokenFingerprints, tokenUserId, tokenAid, tokenVersion);
}
mIsSecret = data.getInt(INDEX_HAS_ANY_SECRET) != 0;

38
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyAdvSubkeysFragment.java
View File

@@ -38,6 +38,8 @@ import android.widget.AdapterView;
import android.widget.ListView;
import android.widget.ViewAnimator;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTNamedCurves;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
@@ -356,19 +358,31 @@ public class ViewKeyAdvSubkeysFragment extends LoaderFragment implements
break;
}
int algorithm = mSubkeysAdapter.getAlgorithm(position);
if (algorithm != PublicKeyAlgorithmTags.RSA_GENERAL
&& algorithm != PublicKeyAlgorithmTags.RSA_ENCRYPT
&& algorithm != PublicKeyAlgorithmTags.RSA_SIGN) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_algo, Notify.Style.ERROR)
.show();
break;
}
switch (mSubkeysAdapter.getAlgorithm(position)) {
case PublicKeyAlgorithmTags.RSA_GENERAL:
case PublicKeyAlgorithmTags.RSA_ENCRYPT:
case PublicKeyAlgorithmTags.RSA_SIGN:
if (mSubkeysAdapter.getKeySize(position) < 2048) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_size, Notify.Style.ERROR)
.show();
}
break;
if (mSubkeysAdapter.getKeySize(position) != 2048) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_size, Notify.Style.ERROR)
.show();
break;
case PublicKeyAlgorithmTags.ECDH:
case PublicKeyAlgorithmTags.ECDSA:
final ASN1ObjectIdentifier curve = NISTNamedCurves.getOID(mSubkeysAdapter.getCurveOid(position));
if (!curve.equals(NISTNamedCurves.getOID("P-256")) &&
!curve.equals(NISTNamedCurves.getOID("P-384")) &&
!curve.equals(NISTNamedCurves.getOID("P-521"))) {
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_curve, Notify.Style.ERROR)
.show();
}
break;
default:
Notify.create(getActivity(), R.string.edit_key_error_bad_security_token_algo, Notify.Style.ERROR)
.show();
break;
}
SubkeyChange change;

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeySecurityTokenFragment.java
View File

@@ -50,10 +50,12 @@ public class ViewKeySecurityTokenFragment
public static final String ARG_FINGERPRINT = "fingerprint";
public static final String ARG_USER_ID = "user_id";
public static final String ARG_CARD_AID = "aid";
public static final String ARG_CARD_VERSION = "version";
private byte[][] mFingerprints;
private String mUserId;
private byte[] mCardAid;
private double mCardVersion;
private long mMasterKeyId;
private long[] mSubKeyIds;
@@ -61,7 +63,7 @@ public class ViewKeySecurityTokenFragment
private TextView vStatus;
public static ViewKeySecurityTokenFragment newInstance(long masterKeyId,
byte[] fingerprints, String userId, byte[] aid) {
byte[] fingerprints, String userId, byte[] aid, double version) {
ViewKeySecurityTokenFragment frag = new ViewKeySecurityTokenFragment();
Bundle args = new Bundle();
@@ -69,6 +71,7 @@ public class ViewKeySecurityTokenFragment
args.putByteArray(ARG_FINGERPRINT, fingerprints);
args.putString(ARG_USER_ID, userId);
args.putByteArray(ARG_CARD_AID, aid);
args.putDouble(ARG_CARD_VERSION, version);
frag.setArguments(args);
return frag;
@@ -91,6 +94,7 @@ public class ViewKeySecurityTokenFragment
}
mUserId = args.getString(ARG_USER_ID);
mCardAid = args.getByteArray(ARG_CARD_AID);
mCardVersion = args.getDouble(ARG_CARD_VERSION);
mMasterKeyId = args.getLong(ARG_MASTER_KEY_ID);

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/SubkeysAdapter.java
View File

@@ -121,6 +121,11 @@ public class SubkeysAdapter extends CursorAdapter {
return mCursor.getInt(INDEX_KEY_SIZE);
}
public String getCurveOid(int position) {
mCursor.moveToPosition(position);
return mCursor.getString(INDEX_KEY_CURVE_OID);
}
public SecretKeyType getSecretKeyType(int position) {
mCursor.moveToPosition(position);
return SecretKeyType.fromNum(mCursor.getInt(INDEX_HAS_SECRET));

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/BaseSecurityTokenActivity.java
View File

@@ -91,9 +91,9 @@ public abstract class BaseSecurityTokenActivity extends BaseActivity
* Override to implement SecurityToken operations (background thread)
*/
protected void doSecurityTokenInBackground() throws IOException {
mSecurityTokenAid = mSecurityTokenHelper.getAid();
mSecurityTokenFingerprints = mSecurityTokenHelper.getFingerprints();
mSecurityTokenUserId = mSecurityTokenHelper.getUserId();
mSecurityTokenAid = mSecurityTokenHelper.getAid();
}
/**