cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

use only primary and mutually bound subkeys for fingerprint verification

Browse Source
This commit is contained in:
Vincent Breitmoser
2015-10-06 15:06:36 +02:00
parent dfc396a44c
commit 8f40c6df51
3 changed files with 11 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
View File

@@ -154,8 +154,13 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
return getRing().getEncoded(); return getRing().getEncoded();
} }
public boolean containsSubkey(String expectedFingerprint) { /// Returns true iff the keyring contains a primary key or mutually bound subkey with the expected fingerprint
public boolean containsBoundSubkey(String expectedFingerprint) {
for (CanonicalizedPublicKey key : publicKeyIterator()) { for (CanonicalizedPublicKey key : publicKeyIterator()) {
boolean isMasterOrMutuallyBound = key.isMasterKey() || key.canSign();
if (!isMasterOrMutuallyBound) {
continue;
}
if (KeyFormattingUtils.convertFingerprintToHex( if (KeyFormattingUtils.convertFingerprintToHex(
key.getFingerprint()).equalsIgnoreCase(expectedFingerprint)) { key.getFingerprint()).equalsIgnoreCase(expectedFingerprint)) {
return true; return true;

3
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
View File

@@ -62,7 +62,6 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings; import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.KeychainContract.Keys; import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
import org.sufficientlysecure.keychain.provider.KeychainContract.UserPackets;
import org.sufficientlysecure.keychain.provider.KeychainContract.UpdatedKeys; import org.sufficientlysecure.keychain.provider.KeychainContract.UpdatedKeys;
import org.sufficientlysecure.keychain.remote.AccountSettings; import org.sufficientlysecure.keychain.remote.AccountSettings;
import org.sufficientlysecure.keychain.remote.AppSettings; import org.sufficientlysecure.keychain.remote.AppSettings;
@@ -968,7 +967,7 @@ public class ProviderHelper {
// If we have an expected fingerprint, make sure it matches // If we have an expected fingerprint, make sure it matches
if (expectedFingerprint != null) { if (expectedFingerprint != null) {
if (!canPublicRing.containsSubkey(expectedFingerprint)) { if (!canPublicRing.containsBoundSubkey(expectedFingerprint)) {
log(LogType.MSG_IP_FINGERPRINT_ERROR); log(LogType.MSG_IP_FINGERPRINT_ERROR);
return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog, null); return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog, null);
} else { } else {

8
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java
View File

@@ -49,7 +49,7 @@ public class CreateYubiKeyImportFragment
extends QueueingCryptoOperationFragment<ImportKeyringParcel, ImportKeyResult> extends QueueingCryptoOperationFragment<ImportKeyringParcel, ImportKeyResult>
implements NfcListenerFragment { implements NfcListenerFragment {
private static final String ARG_FINGERPRINT = "fingerprint"; private static final String ARG_FINGERPRINTS = "fingerprint";
public static final String ARG_AID = "aid"; public static final String ARG_AID = "aid";
public static final String ARG_USER_ID = "user_ids"; public static final String ARG_USER_ID = "user_ids";
@@ -72,7 +72,7 @@ public class CreateYubiKeyImportFragment
CreateYubiKeyImportFragment frag = new CreateYubiKeyImportFragment(); CreateYubiKeyImportFragment frag = new CreateYubiKeyImportFragment();
Bundle args = new Bundle(); Bundle args = new Bundle();
args.putByteArray(ARG_FINGERPRINT, scannedFingerprints); args.putByteArray(ARG_FINGERPRINTS, scannedFingerprints);
args.putByteArray(ARG_AID, nfcAid); args.putByteArray(ARG_AID, nfcAid);
args.putString(ARG_USER_ID, userId); args.putString(ARG_USER_ID, userId);
frag.setArguments(args); frag.setArguments(args);
@@ -86,7 +86,7 @@ public class CreateYubiKeyImportFragment
Bundle args = savedInstanceState != null ? savedInstanceState : getArguments(); Bundle args = savedInstanceState != null ? savedInstanceState : getArguments();
mNfcFingerprints = args.getByteArray(ARG_FINGERPRINT); mNfcFingerprints = args.getByteArray(ARG_FINGERPRINTS);
mNfcAid = args.getByteArray(ARG_AID); mNfcAid = args.getByteArray(ARG_AID);
mNfcUserId = args.getString(ARG_USER_ID); mNfcUserId = args.getString(ARG_USER_ID);
@@ -149,7 +149,7 @@ public class CreateYubiKeyImportFragment
public void onSaveInstanceState(Bundle args) { public void onSaveInstanceState(Bundle args) {
super.onSaveInstanceState(args); super.onSaveInstanceState(args);
args.putByteArray(ARG_FINGERPRINT, mNfcFingerprints); args.putByteArray(ARG_FINGERPRINTS, mNfcFingerprints);
args.putByteArray(ARG_AID, mNfcAid); args.putByteArray(ARG_AID, mNfcAid);
args.putString(ARG_USER_ID, mNfcUserId); args.putString(ARG_USER_ID, mNfcUserId);
} }