Implement SIGNATURE_SUCCESS_CERTIFIED in PgpDecryptVerify (not tested)
This commit is contained in:
Dominik Schürmann
@@ -53,6 +53,7 @@ import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder;
|
|||||||
import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
|
import org.spongycastle.openpgp.operator.jcajce.JcePublicKeyDataDecryptorFactoryBuilder;
|
||||||
import org.sufficientlysecure.keychain.Constants;
|
import org.sufficientlysecure.keychain.Constants;
|
||||||
import org.sufficientlysecure.keychain.R;
|
import org.sufficientlysecure.keychain.R;
|
||||||
|
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
|
||||||
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
import org.sufficientlysecure.keychain.provider.ProviderHelper;
|
||||||
import org.sufficientlysecure.keychain.util.InputData;
|
import org.sufficientlysecure.keychain.util.InputData;
|
||||||
@@ -248,11 +249,11 @@ public class PgpDecryptVerify {
|
|||||||
|
|
||||||
PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
|
PGPPublicKeyEncryptedData encryptedDataAsymmetric = null;
|
||||||
PGPPBEEncryptedData encryptedDataSymmetric = null;
|
PGPPBEEncryptedData encryptedDataSymmetric = null;
|
||||||
PGPSecretKey secretKey = null;
|
PGPSecretKey secretEncryptionKey = null;
|
||||||
Iterator<?> it = enc.getEncryptedDataObjects();
|
Iterator<?> it = enc.getEncryptedDataObjects();
|
||||||
boolean asymmetricPacketFound = false;
|
boolean asymmetricPacketFound = false;
|
||||||
boolean symmetricPacketFound = false;
|
boolean symmetricPacketFound = false;
|
||||||
// find secret key
|
// go through all objects and find one we can decrypt
|
||||||
while (it.hasNext()) {
|
while (it.hasNext()) {
|
||||||
Object obj = it.next();
|
Object obj = it.next();
|
||||||
if (obj instanceof PGPPublicKeyEncryptedData) {
|
if (obj instanceof PGPPublicKeyEncryptedData) {
|
||||||
@@ -260,8 +261,8 @@ public class PgpDecryptVerify {
|
|||||||
|
|
||||||
PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
|
PGPPublicKeyEncryptedData encData = (PGPPublicKeyEncryptedData) obj;
|
||||||
|
|
||||||
long masterKeyId = 0;
|
long masterKeyId;
|
||||||
PGPSecretKeyRing secretKeyRing = null;
|
PGPSecretKeyRing secretKeyRing;
|
||||||
try {
|
try {
|
||||||
// get master key id for this encryption key id
|
// get master key id for this encryption key id
|
||||||
masterKeyId = mProviderHelper.getMasterKeyId(
|
masterKeyId = mProviderHelper.getMasterKeyId(
|
||||||
@@ -277,15 +278,15 @@ public class PgpDecryptVerify {
|
|||||||
// continue with the next packet in the while loop
|
// continue with the next packet in the while loop
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
secretKey = secretKeyRing.getSecretKey(encData.getKeyID());
|
secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID());
|
||||||
if (secretKey == null) {
|
if (secretEncryptionKey == null) {
|
||||||
// continue with the next packet in the while loop
|
// continue with the next packet in the while loop
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
/* secret key exists in database! */
|
/* secret key exists in database! */
|
||||||
|
|
||||||
// allow only a specific key for decryption?
|
// allow only specific keys for decryption?
|
||||||
if (mAllowedKeyIds != null) {
|
if (mAllowedKeyIds != null) {
|
||||||
Log.d(Constants.TAG, "encData.getKeyID():" + encData.getKeyID());
|
Log.d(Constants.TAG, "encData.getKeyID():" + encData.getKeyID());
|
||||||
Log.d(Constants.TAG, "allowedKeyIds: " + mAllowedKeyIds);
|
Log.d(Constants.TAG, "allowedKeyIds: " + mAllowedKeyIds);
|
||||||
@@ -363,7 +364,7 @@ public class PgpDecryptVerify {
|
|||||||
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
|
PBESecretKeyDecryptor keyDecryptor = new JcePBESecretKeyDecryptorBuilder()
|
||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME).build(
|
||||||
mPassphrase.toCharArray());
|
mPassphrase.toCharArray());
|
||||||
privateKey = secretKey.extractPrivateKey(keyDecryptor);
|
privateKey = secretEncryptionKey.extractPrivateKey(keyDecryptor);
|
||||||
} catch (PGPException e) {
|
} catch (PGPException e) {
|
||||||
throw new WrongPassphraseException();
|
throw new WrongPassphraseException();
|
||||||
}
|
}
|
||||||
@@ -391,6 +392,7 @@ public class PgpDecryptVerify {
|
|||||||
OpenPgpSignatureResult signatureResult = null;
|
OpenPgpSignatureResult signatureResult = null;
|
||||||
PGPPublicKey signatureKey = null;
|
PGPPublicKey signatureKey = null;
|
||||||
int signatureIndex = -1;
|
int signatureIndex = -1;
|
||||||
|
boolean isSignatureKeyCertified = false;
|
||||||
|
|
||||||
if (dataChunk instanceof PGPCompressedData) {
|
if (dataChunk instanceof PGPCompressedData) {
|
||||||
updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
|
updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
|
||||||
@@ -407,6 +409,9 @@ public class PgpDecryptVerify {
|
|||||||
|
|
||||||
signatureResult = new OpenPgpSignatureResult();
|
signatureResult = new OpenPgpSignatureResult();
|
||||||
PGPOnePassSignatureList sigList = (PGPOnePassSignatureList) dataChunk;
|
PGPOnePassSignatureList sigList = (PGPOnePassSignatureList) dataChunk;
|
||||||
|
|
||||||
|
// go through all signatures
|
||||||
|
// and find out for which signature we have a key in our database
|
||||||
Long masterKeyId = null;
|
Long masterKeyId = null;
|
||||||
for (int i = 0; i < sigList.size(); ++i) {
|
for (int i = 0; i < sigList.size(); ++i) {
|
||||||
try {
|
try {
|
||||||
@@ -416,10 +421,12 @@ public class PgpDecryptVerify {
|
|||||||
signatureIndex = i;
|
signatureIndex = i;
|
||||||
} catch (ProviderHelper.NotFoundException e) {
|
} catch (ProviderHelper.NotFoundException e) {
|
||||||
Log.d(Constants.TAG, "key not found!");
|
Log.d(Constants.TAG, "key not found!");
|
||||||
|
// try next one...
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (masterKeyId == null) {
|
if (masterKeyId != null) {
|
||||||
|
// key found in our database!
|
||||||
try {
|
try {
|
||||||
signatureKey = mProviderHelper
|
signatureKey = mProviderHelper
|
||||||
.getPGPPublicKeyRing(masterKeyId).getPublicKey();
|
.getPGPPublicKeyRing(masterKeyId).getPublicKey();
|
||||||
@@ -435,7 +442,15 @@ public class PgpDecryptVerify {
|
|||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||||
signature.init(contentVerifierBuilderProvider, signatureKey);
|
signature.init(contentVerifierBuilderProvider, signatureKey);
|
||||||
|
|
||||||
|
// get certification status of this key
|
||||||
|
Object data = mProviderHelper.getGenericData(
|
||||||
|
KeychainContract.UserIds.buildUserIdsUri(Long.toString(masterKeyId)),
|
||||||
|
KeyRings.VERIFIED,
|
||||||
|
ProviderHelper.FIELD_TYPE_INTEGER);
|
||||||
|
|
||||||
|
isSignatureKeyCertified = (Long) data > 0;
|
||||||
} else {
|
} else {
|
||||||
|
// no key in our database -> return "unknwon pub key" status including the first key id
|
||||||
if (!sigList.isEmpty()) {
|
if (!sigList.isEmpty()) {
|
||||||
signatureResult.setKeyId(sigList.get(0).getKeyID());
|
signatureResult.setKeyId(sigList.get(0).getKeyID());
|
||||||
}
|
}
|
||||||
@@ -511,10 +526,14 @@ public class PgpDecryptVerify {
|
|||||||
boolean validKeyBinding = verifyKeyBinding(messageSignature, signatureKey);
|
boolean validKeyBinding = verifyKeyBinding(messageSignature, signatureKey);
|
||||||
boolean validSignature = signature.verify(messageSignature);
|
boolean validSignature = signature.verify(messageSignature);
|
||||||
|
|
||||||
// TODO: implement CERTIFIED!
|
|
||||||
if (validKeyBinding && validSignature) {
|
if (validKeyBinding && validSignature) {
|
||||||
Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
|
if (isSignatureKeyCertified) {
|
||||||
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
|
Log.d(Constants.TAG, "SIGNATURE_SUCCESS_CERTIFIED");
|
||||||
|
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED);
|
||||||
|
} else {
|
||||||
|
Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
|
||||||
|
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
|
signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
|
||||||
Log.e(Constants.TAG, "Error!\nvalidKeyBinding: " + validKeyBinding
|
Log.e(Constants.TAG, "Error!\nvalidKeyBinding: " + validKeyBinding
|
||||||
|
|||||||
@@ -104,7 +104,6 @@ public class KeyListFragment extends Fragment
|
|||||||
mStickyList = (StickyListHeadersListView) root.findViewById(R.id.key_list_list);
|
mStickyList = (StickyListHeadersListView) root.findViewById(R.id.key_list_list);
|
||||||
mStickyList.setOnItemClickListener(this);
|
mStickyList.setOnItemClickListener(this);
|
||||||
|
|
||||||
|
|
||||||
// empty view
|
// empty view
|
||||||
mButtonEmptyCreate = (BootstrapButton) root.findViewById(R.id.key_list_empty_button_create);
|
mButtonEmptyCreate = (BootstrapButton) root.findViewById(R.id.key_list_empty_button_create);
|
||||||
mButtonEmptyCreate.setOnClickListener(new OnClickListener() {
|
mButtonEmptyCreate.setOnClickListener(new OnClickListener() {
|
||||||
|
|||||||
Reference in New Issue
Block a user