add override button to security problem dialog

2017-04-28 22:46:08 +02:00
parent 78c3e17d0a
commit 10112eeea8
8 changed files with 282 additions and 40 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
@@ -331,7 +331,8 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp

                // Check for insecure encryption algorithms!
                EncryptionAlgorithmProblem symmetricSecurityProblem =
-                        PgpSecurityConstants.checkSecureSymmetricAlgorithm(esResult.symmetricEncryptionAlgo);
+                        PgpSecurityConstants.checkSecureSymmetricAlgorithm(
+                                esResult.symmetricEncryptionAlgo, esResult.sessionKey);
                if (symmetricSecurityProblem != null) {
                    log.add(LogType.MSG_DC_INSECURE_SYMMETRIC_ENCRYPTION_ALGO, indent + 1);
                    securityProblemBuilder.addSymmetricSecurityProblem(symmetricSecurityProblem);
@@ -542,7 +543,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
                // Handle missing integrity protection like failed integrity protection!
                // The MDC packet can be stripped by an attacker!
                log.add(LogType.MSG_DC_INSECURE_MDC_MISSING, indent);
-                securityProblemBuilder.addSymmetricSecurityProblem(new MissingMdc());
+                securityProblemBuilder.addSymmetricSecurityProblem(new MissingMdc(esResult.sessionKey));
                decryptionResultBuilder.setInsecure(true);
            }
        }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
@@ -74,9 +74,9 @@ public class PgpSecurityConstants {
            // CAMELLIA_256: not used widely
    ));

-    public static EncryptionAlgorithmProblem checkSecureSymmetricAlgorithm(int id) {
+    public static EncryptionAlgorithmProblem checkSecureSymmetricAlgorithm(int id, byte[] sessionKey) {
        if (!sSymmetricAlgorithmsWhitelist.contains(id)) {
-            return new InsecureEncryptionAlgorithm(id);
+            return new InsecureEncryptionAlgorithm(sessionKey, id);
        }
        return null;
    }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SecurityProblem.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SecurityProblem.java
@@ -18,10 +18,40 @@
 package org.sufficientlysecure.keychain.pgp;


+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.ObjectOutputStream;
 import java.io.Serializable;
+import java.security.MessageDigest;
+import java.security.NoSuchAlgorithmException;
+
+import org.bouncycastle.util.encoders.Base64;
+

 public abstract class SecurityProblem implements Serializable {

+    String getIdentifier() {
+        if (!isIdentifiable()) {
+            return null;
+        }
+
+        try {
+            ByteArrayOutputStream out = new ByteArrayOutputStream();
+            ObjectOutputStream oos = new ObjectOutputStream(out);
+            oos.writeObject(this);
+            oos.close();
+
+            byte[] digest = MessageDigest.getInstance("SHA1").digest(out.toByteArray());
+            return Base64.toBase64String(digest);
+        } catch (NoSuchAlgorithmException | IOException e) {
+            throw new IllegalStateException(e);
+        }
+    }
+
+    public boolean isIdentifiable() {
+        return false;
+    }
+
    public static abstract class KeySecurityProblem extends SecurityProblem {
        public final long masterKeyId;
        public final long subKeyId;
@@ -32,10 +62,25 @@ public abstract class SecurityProblem implements Serializable {
            this.subKeyId = subKeyId;
            this.algorithm = algorithm;
        }
+
+        @Override
+        public boolean isIdentifiable() {
+            return true;
+        }
    }

    public static abstract class EncryptionAlgorithmProblem extends SecurityProblem {
+        @SuppressWarnings("unused") // used for identifying this specific problem
+        private final byte[] sessionKey;

+        private EncryptionAlgorithmProblem(byte[] sessionKey) {
+            this.sessionKey = sessionKey;
+        }
+
+        @Override
+        public boolean isIdentifiable() {
+            return sessionKey != null;
+        }
    }

    public static class InsecureBitStrength extends KeySecurityProblem {
@@ -73,12 +118,16 @@ public abstract class SecurityProblem implements Serializable {
    public static class InsecureEncryptionAlgorithm extends EncryptionAlgorithmProblem {
        public final int symmetricAlgorithm;

-        InsecureEncryptionAlgorithm(int symmetricAlgorithm) {
+        InsecureEncryptionAlgorithm(byte[] sessionKey, int symmetricAlgorithm) {
+            super(sessionKey);
            this.symmetricAlgorithm = symmetricAlgorithm;
        }
    }

    public static class MissingMdc extends EncryptionAlgorithmProblem {

+        MissingMdc(byte[] sessionKey) {
+            super(sessionKey);
+        }
    }
 }