cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Implement SIGNATURE_SUCCESS_CERTIFIED in PgpDecryptVerify (not tested)

Browse Source
This commit is contained in:
Dominik Schürmann
2014-04-13 18:55:18 +02:00
parent 9b1a4a456a
commit e10b24e2ea
2 changed files with 31 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
View File

@@ -53,6 +53,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.provider.KeychainContract;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.util.InputData;
@@ -248,11 +249,11 @@ public class PgpDecryptVerify {
PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
PGPPBEEncryptedData encryptedDataSymmetric = null;
PGPSecretKey secretKey = null;
PGPSecretKey secretEncryptionKey = null;
Iterator<?> it = enc.getEncryptedDataObjects();
boolean asymmetricPacketFound = false;
boolean symmetricPacketFound = false;
// find secret key
// go through all objects and find one we can decrypt
while (it.hasNext()) {
Object obj = it.next();
if (obj instanceof PGPPublicKeyEncryptedData) {
@@ -260,8 +261,8 @@ public class PgpDecryptVerify {
PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
long masterKeyId = 0;
PGPSecretKeyRing secretKeyRing = null;
long masterKeyId;
PGPSecretKeyRing secretKeyRing;
try {
// get master key id for this encryption key id
masterKeyId = mProviderHelper.getMasterKeyId(
@@ -277,15 +278,15 @@ public class PgpDecryptVerify {
// continue with the next packet in the while loop
continue;
}
secretKey = secretKeyRing.getSecretKey(encData.getKeyID());
if (secretKey == null) {
secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID());
if (secretEncryptionKey == null) {
// continue with the next packet in the while loop
continue;
}
/* secret key exists in database! */
// allow only a specific key for decryption?
// allow only specific keys for decryption?
if (mAllowedKeyIds != null) {
Log.d(Constants.TAG, "encData.getKeyID():" + encData.getKeyID());
Log.d(Constants.TAG, "allowedKeyIds: " + mAllowedKeyIds);
@@ -363,7 +364,7 @@ public class PgpDecryptVerify {
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
mPassphrase.toCharArray());
privateKey = secretKey.extractPrivateKey(keyDecryptor);
privateKey = secretEncryptionKey.extractPrivateKey(keyDecryptor);
} catch (PGPException e) {
throw new WrongPassphraseException();
}
@@ -391,6 +392,7 @@ public class PgpDecryptVerify {
OpenPgpSignatureResult signatureResult = null;
PGPPublicKey signatureKey = null;
int signatureIndex = -1;
boolean isSignatureKeyCertified = false;
if (dataChunk instanceof PGPCompressedData) {
updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
@@ -407,6 +409,9 @@ public class PgpDecryptVerify {
signatureResult = new OpenPgpSignatureResult();
PGPOnePassSignatureList sigList = (PGPOnePassSignatureList) dataChunk;
// go through all signatures
// and find out for which signature we have a key in our database
Long masterKeyId = null;
for (int i = 0; i < sigList.size(); ++i) {
try {
@@ -416,10 +421,12 @@ public class PgpDecryptVerify {
signatureIndex = i;
} catch (ProviderHelper.NotFoundException e) {
Log.d(Constants.TAG, "key not found!");
// try next one...
}
}
if (masterKeyId == null) {
if (masterKeyId != null) {
// key found in our database!
try {
signatureKey = mProviderHelper
.getPGPPublicKeyRing(masterKeyId).getPublicKey();
@@ -435,7 +442,15 @@ public class PgpDecryptVerify {
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
signature.init(contentVerifierBuilderProvider, signatureKey);
// get certification status of this key
Object data = mProviderHelper.getGenericData(
KeychainContract.UserIds.buildUserIdsUri(Long.toString(masterKeyId)),
KeyRings.VERIFIED,
ProviderHelper.FIELD_TYPE_INTEGER);
isSignatureKeyCertified = (Long) data > 0;
} else {
// no key in our database -> return "unknwon pub key" status including the first key id
if (!sigList.isEmpty()) {
signatureResult.setKeyId(sigList.get(0).getKeyID());
}
@@ -511,10 +526,14 @@ public class PgpDecryptVerify {
boolean validKeyBinding = verifyKeyBinding(messageSignature, signatureKey);
boolean validSignature = signature.verify(messageSignature);
// TODO: implement CERTIFIED!
if (validKeyBinding && validSignature) {
Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
if (isSignatureKeyCertified) {
Log.d(Constants.TAG, "SIGNATURE_SUCCESS_CERTIFIED");
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED);
} else {
Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
}
} else {
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
Log.e(Constants.TAG, "Error!\nvalidKeyBinding: " + validKeyBinding

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/KeyListFragment.java
View File

@@ -104,7 +104,6 @@ public class KeyListFragment extends Fragment
mStickyList = (StickyListHeadersListView) root.findViewById(R.id.key_list_list);
mStickyList.setOnItemClickListener(this);
// empty view
mButtonEmptyCreate = (BootstrapButton) root.findViewById(R.id.key_list_empty_button_create);
mButtonEmptyCreate.setOnClickListener(new OnClickListener() {