cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

mime: support for signed-then-encrypted format

Browse Source
This commit is contained in:
Vincent Breitmoser
2015-09-17 21:51:11 +02:00
parent fdb1a7384e
commit 955a1f4b26
4 changed files with 147 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/InputDataOperation.java
View File

@@ -18,6 +18,7 @@
package org.sufficientlysecure.keychain.operations; package org.sufficientlysecure.keychain.operations;
import java.io.ByteArrayOutputStream;
import java.io.FileNotFoundException; import java.io.FileNotFoundException;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
@@ -51,7 +52,16 @@ import org.sufficientlysecure.keychain.service.InputDataParcel;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel; import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
/** This operation deals with input data, trying to determine its type as it goes. */ /** This operation deals with input data, trying to determine its type as it goes.
*
* We deal with four types of structures:
*
* - signed/encrypted non-mime data
* - signed/encrypted mime data
* - encrypted multipart/signed mime data
* - multipart/signed mime data (WIP)
*
*/
public class InputDataOperation extends BaseOperation<InputDataParcel> { public class InputDataOperation extends BaseOperation<InputDataParcel> {
final private byte[] buf = new byte[256]; final private byte[] buf = new byte[256];
@@ -60,9 +70,12 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
super(context, providerHelper, progressable); super(context, providerHelper, progressable);
} }
Uri mSignedDataUri;
DecryptVerifyResult mSignedDataResult;
@NonNull @NonNull
@Override @Override
public InputDataResult execute(InputDataParcel input, CryptoInputParcel cryptoInput) { public InputDataResult execute(InputDataParcel input, final CryptoInputParcel cryptoInput) {
final OperationLog log = new OperationLog(); final OperationLog log = new OperationLog();
@@ -119,16 +132,7 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
} }
log.add(LogType.MSG_DATA_MIME, 1); final MimeStreamParser parser = new MimeStreamParser((MimeConfig) null);
InputStream in;
try {
in = mContext.getContentResolver().openInputStream(currentInputUri);
} catch (FileNotFoundException e) {
log.add(LogType.MSG_DATA_ERROR_IO, 2);
return new InputDataResult(InputDataResult.RESULT_ERROR, log);
}
MimeStreamParser parser = new MimeStreamParser((MimeConfig) null);
final ArrayList<Uri> outputUris = new ArrayList<>(); final ArrayList<Uri> outputUris = new ArrayList<>();
final ArrayList<OpenPgpMetadata> metadatas = new ArrayList<>(); final ArrayList<OpenPgpMetadata> metadatas = new ArrayList<>();
@@ -136,8 +140,55 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
parser.setContentDecoding(true); parser.setContentDecoding(true);
parser.setRecurse(); parser.setRecurse();
parser.setContentHandler(new AbstractContentHandler() { parser.setContentHandler(new AbstractContentHandler() {
private Uri uncheckedSignedDataUri;
String mFilename; String mFilename;
@Override
public void startMultipart(BodyDescriptor bd) throws MimeException {
if ("signed".equals(bd.getSubType())) {
if (mSignedDataResult != null) {
// recursive signed data is not supported!
log.add(LogType.MSG_DATA_DETACHED_NESTED, 2);
return;
}
log.add(LogType.MSG_DATA_DETACHED, 2);
if (!outputUris.isEmpty()) {
// we can't have previous data if we parse a detached signature!
log.add(LogType.MSG_DATA_DETACHED_CLEAR, 3);
outputUris.clear();
metadatas.clear();
}
// this is signed data, we require the next part raw
parser.setRaw();
}
}
@Override
public void raw(InputStream is) throws MimeException, IOException {
if (uncheckedSignedDataUri != null) {
throw new AssertionError("raw parts must only be received as first part of multipart/signed!");
}
log.add(LogType.MSG_DATA_DETACHED_RAW, 3);
uncheckedSignedDataUri = TemporaryStorageProvider.createFile(mContext, mFilename, "text/plain");
OutputStream out = mContext.getContentResolver().openOutputStream(uncheckedSignedDataUri, "w");
if (out == null) {
throw new IOException("Error getting file for writing!");
}
int len;
while ((len = is.read(buf)) > 0) {
out.write(buf, 0, len);
}
out.close();
parser.setFlat();
}
@Override @Override
public void startHeader() throws MimeException { public void startHeader() throws MimeException {
mFilename = null; mFilename = null;
@@ -151,9 +202,57 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
} }
} }
private void bodySignature(BodyDescriptor bd, InputStream is) throws MimeException, IOException {
if (!"application/pgp-signature".equals(bd.getMimeType())) {
log.add(LogType.MSG_DATA_DETACHED_UNSUPPORTED, 3);
uncheckedSignedDataUri = null;
parser.setRecurse();
return;
}
log.add(LogType.MSG_DATA_DETACHED_SIG, 3);
ByteArrayOutputStream detachedSig = new ByteArrayOutputStream();
int len, totalLength = 0;
while ((len = is.read(buf)) > 0) {
totalLength += len;
detachedSig.write(buf, 0, len);
if (totalLength > 4096) {
throw new IOException("detached signature is unreasonably large!");
}
}
detachedSig.close();
PgpDecryptVerifyInputParcel decryptInput = new PgpDecryptVerifyInputParcel();
decryptInput.setInputUri(uncheckedSignedDataUri);
decryptInput.setDetachedSignature(detachedSig.toByteArray());
PgpDecryptVerifyOperation op =
new PgpDecryptVerifyOperation(mContext, mProviderHelper, mProgressable);
DecryptVerifyResult verifyResult = op.execute(decryptInput, cryptoInput);
log.addByMerge(verifyResult, 4);
mSignedDataUri = uncheckedSignedDataUri;
mSignedDataResult = verifyResult;
// reset parser state
uncheckedSignedDataUri = null;
parser.setRecurse();
}
@Override @Override
public void body(BodyDescriptor bd, InputStream is) throws MimeException, IOException { public void body(BodyDescriptor bd, InputStream is) throws MimeException, IOException {
// if we have signed data waiting, we expect a signature for checking
if (uncheckedSignedDataUri != null) {
bodySignature(bd, is);
return;
}
// we read first, no need to create an output file if nothing was read! // we read first, no need to create an output file if nothing was read!
int len = is.read(buf); int len = is.read(buf);
if (len < 0) { if (len < 0) {
@@ -196,14 +295,29 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
} }
}); });
try { try {
log.add(LogType.MSG_DATA_MIME, 1);
// open current uri for input
InputStream in = mContext.getContentResolver().openInputStream(currentInputUri);
parser.parse(in); parser.parse(in);
// if no mime data parsed, just return the raw data as fallback if (mSignedDataUri != null) {
if (decryptResult != null) {
decryptResult.setSignatureResult(mSignedDataResult.getSignatureResult());
} else {
decryptResult = mSignedDataResult;
}
in = mContext.getContentResolver().openInputStream(mSignedDataUri);
parser.parse(in);
}
// if we found data, return success
if (!outputUris.isEmpty()) { if (!outputUris.isEmpty()) {
log.add(LogType.MSG_DATA_MIME_OK, 2); log.add(LogType.MSG_DATA_MIME_OK, 2);
@@ -211,6 +325,7 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas); return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas);
} }
// if no mime data parsed, just return the raw data as fallback
log.add(LogType.MSG_DATA_MIME_NONE, 2); log.add(LogType.MSG_DATA_MIME_NONE, 2);
OpenPgpMetadata metadata; OpenPgpMetadata metadata;
@@ -228,9 +343,12 @@ public class InputDataOperation extends BaseOperation<InputDataParcel> {
log.add(LogType.MSG_DATA_OK, 1); log.add(LogType.MSG_DATA_OK, 1);
return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas); return new InputDataResult(InputDataResult.RESULT_OK, log, decryptResult, outputUris, metadatas);
} catch (FileNotFoundException e) {
log.add(LogType.MSG_DATA_ERROR_IO, 2);
return new InputDataResult(InputDataResult.RESULT_ERROR, log);
} catch (IOException e) { } catch (IOException e) {
e.printStackTrace(); e.printStackTrace();
log.add(LogType.MSG_DATA_MIME_ERROR, 2); log.add(LogType.MSG_DATA_ERROR_IO, 2);
return new InputDataResult(InputDataResult.RESULT_ERROR, log); return new InputDataResult(InputDataResult.RESULT_ERROR, log);
} catch (MimeException e) { } catch (MimeException e) {
e.printStackTrace(); e.printStackTrace();

8
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
View File

@@ -830,6 +830,12 @@ public abstract class OperationResult implements Parcelable {
MSG_DATA_OPENPGP (LogLevel.DEBUG, R.string.msg_data_openpgp), MSG_DATA_OPENPGP (LogLevel.DEBUG, R.string.msg_data_openpgp),
MSG_DATA_ERROR_IO (LogLevel.ERROR, R.string.msg_data_error_io), MSG_DATA_ERROR_IO (LogLevel.ERROR, R.string.msg_data_error_io),
MSG_DATA_ERROR_OPENPGP (LogLevel.ERROR, R.string.msg_data_error_openpgp), MSG_DATA_ERROR_OPENPGP (LogLevel.ERROR, R.string.msg_data_error_openpgp),
MSG_DATA_DETACHED (LogLevel.INFO, R.string.msg_data_detached),
MSG_DATA_DETACHED_CLEAR (LogLevel.WARN, R.string.msg_data_detached_clear),
MSG_DATA_DETACHED_SIG (LogLevel.DEBUG, R.string.msg_data_detached_sig),
MSG_DATA_DETACHED_RAW (LogLevel.DEBUG, R.string.msg_data_detached_raw),
MSG_DATA_DETACHED_NESTED(LogLevel.WARN, R.string.msg_data_detached_nested),
MSG_DATA_DETACHED_UNSUPPORTED (LogLevel.WARN, R.string.msg_data_detached_unsupported),
MSG_DATA_MIME_ERROR (LogLevel.ERROR, R.string.msg_data_mime_error), MSG_DATA_MIME_ERROR (LogLevel.ERROR, R.string.msg_data_mime_error),
MSG_DATA_MIME_FILENAME (LogLevel.DEBUG, R.string.msg_data_mime_filename), MSG_DATA_MIME_FILENAME (LogLevel.DEBUG, R.string.msg_data_mime_filename),
MSG_DATA_MIME_LENGTH (LogLevel.DEBUG, R.string.msg_data_mime_length), MSG_DATA_MIME_LENGTH (LogLevel.DEBUG, R.string.msg_data_mime_length),
@@ -1004,7 +1010,7 @@ public abstract class OperationResult implements Parcelable {
for (LogEntryParcel entry : this) { for (LogEntryParcel entry : this) {
log.append(entry.getPrintableLogEntry(resources, indent)).append("\n"); log.append(entry.getPrintableLogEntry(resources, indent)).append("\n");
} }
return log.toString().substring(0, log.length() -1); // get rid of extra new line return log.toString().substring(0, log.length() - 1); // get rid of extra new line
} }
} }

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyInputParcel.java
View File

@@ -18,6 +18,7 @@
package org.sufficientlysecure.keychain.pgp; package org.sufficientlysecure.keychain.pgp;
import java.io.InputStream;
import java.util.HashSet; import java.util.HashSet;
import android.net.Uri; import android.net.Uri;

6
OpenKeychain/src/main/res/values/strings.xml
View File

@@ -1357,6 +1357,12 @@
<string name="msg_data">"Processing input data"</string> <string name="msg_data">"Processing input data"</string>
<string name="msg_data_openpgp">"Attempting to process OpenPGP data"</string> <string name="msg_data_openpgp">"Attempting to process OpenPGP data"</string>
<string name="msg_data_detached">"Encountered detached signature"</string>
<string name="msg_data_detached_clear">"Clearing earlier, unsigned data!"</string>
<string name="msg_data_detached_sig">"Processing detached signature"</string>
<string name="msg_data_detached_raw">"Processing signed data"</string>
<string name="msg_data_detached_nested">"Skipping nested signed data!"</string>
<string name="msg_data_detached_unsupported">"Unsupported type of detached signature!"</string>
<string name="msg_data_error_io">"Error reading input data!"</string> <string name="msg_data_error_io">"Error reading input data!"</string>
<string name="msg_data_error_openpgp">"Error processing OpenPGP data!"</string> <string name="msg_data_error_openpgp">"Error processing OpenPGP data!"</string>
<string name="msg_data_mime_error">"Error parsing MIME data!"</string> <string name="msg_data_mime_error">"Error parsing MIME data!"</string>