Merge branch 'master' of github.com:open-keychain/open-keychain

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/keyimport/HkpKeyserver.java

@@ -209,8 +209,13 @@ public class HkpKeyserver extends Keyserver {
             Log.w(Constants.TAG, e);
         }
 
-        client.setProxy(proxy);
+        if (proxy != null) {
-        client.setConnectTimeout(proxy != null ? 30000 : 5000, TimeUnit.MILLISECONDS);
+            client.setProxy(proxy);
+            client.setConnectTimeout(30000, TimeUnit.MILLISECONDS);
+        } else {
+            client.setProxy(Proxy.NO_PROXY);
+            client.setConnectTimeout(5000, TimeUnit.MILLISECONDS);
+        }
         client.setReadTimeout(45000, TimeUnit.MILLISECONDS);
 
         return client;

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java

@@ -279,7 +279,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
                             CanonicalizedPublicKey key = keyRing.getPublicKey(subKeyId);
                             cPk.addMethod(key.getPubKeyEncryptionGenerator(input.isHiddenRecipients()));
                             log.add(LogType.MSG_PSE_KEY_OK, indent + 1,
-                                    KeyFormattingUtils.convertKeyIdToHex(id));
+                                    KeyFormattingUtils.convertKeyIdToHex(subKeyId));
                         }
                         if (encryptSubKeyIds.isEmpty()) {
                             log.add(LogType.MSG_PSE_KEY_WARN, indent + 1,

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java

@@ -65,7 +65,6 @@ import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.TemporaryStorageProvider;
-import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 // this import NEEDS to be above the ViewModel one, or it won't compile! (as of 06/06/15)
 import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils.StatusHolder;
 import org.sufficientlysecure.keychain.ui.DecryptListFragment.DecryptFilesAdapter.ViewModel;
@@ -111,6 +110,10 @@ public class DecryptListFragment
         return frag;
     }
 
+    public DecryptListFragment() {
+        super(null);
+    }
+
     /**
      * Inflate the layout for this fragment
      */
@@ -248,11 +251,6 @@ public class DecryptListFragment
         }
     }
 
-    @Override
-    protected void cryptoOperation(CryptoInputParcel cryptoInput) {
-        super.cryptoOperation(cryptoInput, false);
-    }
-
     @Override
     public boolean onCryptoSetProgress(String msg, int progress, int max) {
         mAdapter.setProgress(mCurrentInputUri, progress, max, msg);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java

@@ -652,38 +652,6 @@ public class ViewKeyActivity extends BaseNfcActivity implements
         }
     }
 
-    private void updateFromKeyserver(Uri dataUri, ProviderHelper providerHelper)
-            throws ProviderHelper.NotFoundException {
-
-        mIsRefreshing = true;
-        mRefreshItem.setEnabled(false);
-        mRefreshItem.setActionView(mRefresh);
-        mRefresh.startAnimation(mRotate);
-
-        byte[] blob = (byte[]) providerHelper.getGenericData(
-                KeychainContract.KeyRings.buildUnifiedKeyRingUri(dataUri),
-                KeychainContract.Keys.FINGERPRINT, ProviderHelper.FIELD_TYPE_BLOB);
-        String fingerprint = KeyFormattingUtils.convertFingerprintToHex(blob);
-
-        ParcelableKeyRing keyEntry = new ParcelableKeyRing(fingerprint, null, null);
-        ArrayList<ParcelableKeyRing> entries = new ArrayList<>();
-        entries.add(keyEntry);
-        mKeyList = entries;
-
-        // search config
-        {
-            Preferences prefs = Preferences.getPreferences(this);
-            Preferences.CloudSearchPrefs cloudPrefs =
-                    new Preferences.CloudSearchPrefs(true, true, prefs.getPreferredKeyserver());
-            mKeyserver = cloudPrefs.keyserver;
-        }
-
-        mOperationHelper = new CryptoOperationHelper<>(
-                this, this, R.string.progress_importing);
-
-        mOperationHelper.cryptoOperation();
-    }
-
     private void editKey(Uri dataUri) {
         Intent editIntent = new Intent(this, EditKeyActivity.class);
         editIntent.setData(KeychainContract.KeyRingData.buildSecretKeyRingUri(dataUri));
@@ -971,6 +939,37 @@ public class ViewKeyActivity extends BaseNfcActivity implements
 
     // CryptoOperationHelper.Callback functions
 
+
+    private void updateFromKeyserver(Uri dataUri, ProviderHelper providerHelper)
+            throws ProviderHelper.NotFoundException {
+
+        mIsRefreshing = true;
+        mRefreshItem.setEnabled(false);
+        mRefreshItem.setActionView(mRefresh);
+        mRefresh.startAnimation(mRotate);
+
+        byte[] blob = (byte[]) providerHelper.getGenericData(
+                KeychainContract.KeyRings.buildUnifiedKeyRingUri(dataUri),
+                KeychainContract.Keys.FINGERPRINT, ProviderHelper.FIELD_TYPE_BLOB);
+        String fingerprint = KeyFormattingUtils.convertFingerprintToHex(blob);
+
+        ParcelableKeyRing keyEntry = new ParcelableKeyRing(fingerprint, null, null);
+        ArrayList<ParcelableKeyRing> entries = new ArrayList<>();
+        entries.add(keyEntry);
+        mKeyList = entries;
+
+        // search config
+        {
+            Preferences prefs = Preferences.getPreferences(this);
+            Preferences.CloudSearchPrefs cloudPrefs =
+                    new Preferences.CloudSearchPrefs(true, true, prefs.getPreferredKeyserver());
+            mKeyserver = cloudPrefs.keyserver;
+        }
+
+        mOperationHelper = new CryptoOperationHelper<>(this, this, null);
+        mOperationHelper.cryptoOperation();
+    }
+
     @Override
     public ImportKeyringParcel createOperationInput() {
         return new ImportKeyringParcel(mKeyList, mKeyserver);
@@ -995,6 +994,6 @@ public class ViewKeyActivity extends BaseNfcActivity implements
 
     @Override
     public boolean onCryptoSetProgress(String msg, int progress, int max) {
-        return false;
+        return true;
     }
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyYubiKeyFragment.java

@@ -75,6 +75,10 @@ public class ViewKeyYubiKeyFragment
         return frag;
     }
 
+    public ViewKeyYubiKeyFragment() {
+        super(R.string.progress_processing);
+    }
+
     @Override
     public void onCreate(Bundle savedInstanceState) {
         super.onCreate(savedInstanceState);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/adapter/ImportKeysListCloudLoader.java

@@ -103,7 +103,7 @@ public class ImportKeysListCloudLoader
             ArrayList<ImportKeysListEntry> searchResult = CloudSearch.search(
                     mServerQuery,
                     mCloudPrefs,
-                    mParcelableProxy.getProxy()
+                    mParcelableProxy != null ? mParcelableProxy.getProxy() : null
             );
 
             mEntryList.clear();

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CachingCryptoOperationFragment.java

@@ -4,6 +4,7 @@ package org.sufficientlysecure.keychain.ui.base;
 import android.os.Bundle;
 import android.os.Parcelable;
 
+import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CryptoOperationFragment.java

@@ -23,6 +23,7 @@ import android.os.Parcelable;
 import android.support.annotation.Nullable;
 import android.support.v4.app.Fragment;
 
+import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.service.KeychainService;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
@@ -50,9 +51,12 @@ public abstract class CryptoOperationFragment<T extends Parcelable, S extends Op
 
     final private CryptoOperationHelper<T, S> mOperationHelper;
 
-    public CryptoOperationFragment() {
+    public CryptoOperationFragment(Integer initialProgressMsg) {
+        mOperationHelper = new CryptoOperationHelper<>(this, this, initialProgressMsg);
+    }
 
-        mOperationHelper = new CryptoOperationHelper<>(this, this);
+    public CryptoOperationFragment() {
+        mOperationHelper = new CryptoOperationHelper<>(this, this, R.string.progress_processing);
     }
 
     @Override
@@ -76,10 +80,6 @@ public abstract class CryptoOperationFragment<T extends Parcelable, S extends Op
         mOperationHelper.cryptoOperation(cryptoInput);
     }
 
-    protected void cryptoOperation(CryptoInputParcel cryptoInput, boolean showProgress) {
-        mOperationHelper.cryptoOperation(cryptoInput, showProgress);
-    }
-
     @Override @Nullable
     /** Creates input for the crypto operation. Called internally after the
      * crypto operation is started by a call to cryptoOperation(). Silently

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/base/CryptoOperationHelper.java

@@ -74,7 +74,7 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
     // otherwise all CryptoOperationHandlers may respond to the same onActivityResult
     private int mRequestedCode = -1;
 
-    private int mProgressMessageResource;
+    private Integer mProgressMessageResource;
 
     private FragmentActivity mActivity;
     private Fragment mFragment;
@@ -85,7 +85,7 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
     /**
      * If OperationHelper is being integrated into an activity
      */
-    public CryptoOperationHelper(FragmentActivity activity, Callback<T, S> callback, int progressMessageString) {
+    public CryptoOperationHelper(FragmentActivity activity, Callback<T, S> callback, Integer progressMessageString) {
         mActivity = activity;
         mUseFragment = false;
         mCallback = callback;
@@ -95,23 +95,13 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
     /**
      * if OperationHelper is being integrated into a fragment
      */
-    public CryptoOperationHelper(Fragment fragment, Callback<T, S> callback, int progressMessageString) {
+    public CryptoOperationHelper(Fragment fragment, Callback<T, S> callback, Integer progressMessageString) {
         mFragment = fragment;
         mUseFragment = true;
         mProgressMessageResource = progressMessageString;
         mCallback = callback;
     }
 
-    /**
-     * if OperationHelper is being integrated into a fragment with default message for the progress dialog
-     */
-    public CryptoOperationHelper(Fragment fragment, Callback<T, S> callback) {
-        mFragment = fragment;
-        mUseFragment = true;
-        mProgressMessageResource = R.string.progress_building_key;
-        mCallback = callback;
-    }
-
     public void setProgressMessageResource(int id) {
         mProgressMessageResource = id;
     }
@@ -248,7 +238,7 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
 
     }
 
-    public void cryptoOperation(final CryptoInputParcel cryptoInput, boolean showProgress) {
+    public void cryptoOperation(final CryptoInputParcel cryptoInput) {
 
         FragmentActivity activity = mUseFragment ? mFragment.getActivity() : mActivity;
 
@@ -297,7 +287,7 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
         Messenger messenger = new Messenger(saveHandler);
         intent.putExtra(KeychainService.EXTRA_MESSENGER, messenger);
 
-        if (showProgress) {
+        if (mProgressMessageResource != null) {
             saveHandler.showProgressDialog(
                     activity.getString(mProgressMessageResource),
                     ProgressDialog.STYLE_HORIZONTAL, false);
@@ -306,10 +296,6 @@ public class CryptoOperationHelper<T extends Parcelable, S extends OperationResu
         activity.startService(intent);
     }
 
-    public void cryptoOperation(CryptoInputParcel cryptoInputParcel) {
-        cryptoOperation(cryptoInputParcel, true);
-    }
-
     public void cryptoOperation() {
         cryptoOperation(new CryptoInputParcel());
     }

OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java

@@ -17,6 +17,15 @@
 
 package org.sufficientlysecure.keychain.pgp;
 
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.PrintStream;
+import java.security.Security;
+import java.util.ArrayList;
+import java.util.HashSet;
+import java.util.Iterator;
+
 import org.junit.Assert;
 import org.junit.Before;
 import org.junit.BeforeClass;
@@ -24,14 +33,19 @@ import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
-import org.robolectric.*;
+import org.robolectric.RobolectricGradleTestRunner;
+import org.robolectric.RuntimeEnvironment;
 import org.robolectric.annotation.Config;
 import org.robolectric.shadows.ShadowLog;
+import org.spongycastle.bcpg.BCPGInputStream;
+import org.spongycastle.bcpg.Packet;
+import org.spongycastle.bcpg.PacketTags;
+import org.spongycastle.bcpg.PublicKeyEncSessionPacket;
 import org.spongycastle.bcpg.sig.KeyFlags;
 import org.spongycastle.jce.provider.BouncyCastleProvider;
 import org.spongycastle.openpgp.PGPEncryptedData;
-import org.sufficientlysecure.keychain.BuildConfig;
 import org.sufficientlysecure.keychain.WorkaroundBuildConfig;
+import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
 import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
 import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
@@ -39,21 +53,19 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
-import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.service.SaveKeyringParcel.ChangeUnlockParcel;
 import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
 import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
+import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Passphrase;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
 import org.sufficientlysecure.keychain.util.TestingUtils;
 
-import java.io.ByteArrayInputStream;
+import static org.hamcrest.core.AnyOf.anyOf;
-import java.io.ByteArrayOutputStream;
+import static org.hamcrest.core.Is.is;
-import java.io.PrintStream;
+
-import java.security.Security;
-import java.util.HashSet;
 
 @RunWith(RobolectricGradleTestRunner.class)
 @Config(constants = WorkaroundBuildConfig.class, sdk = 21, manifest = "src/main/AndroidManifest.xml")
@@ -83,6 +95,8 @@ public class PgpEncryptDecryptTest {
                     Algorithm.DSA, 1024, null, KeyFlags.SIGN_DATA, 0L));
             parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
                     Algorithm.ELGAMAL, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
+            parcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(
+                    Algorithm.RSA, 1024, null, KeyFlags.ENCRYPT_COMMS, 0L));
             parcel.mAddUserIds.add("bloom");
             parcel.mNewUnlock = new ChangeUnlockParcel(mKeyPhrase1);
 
@@ -326,6 +340,101 @@ public class PgpEncryptDecryptTest {
 
     }
 
+    @Test
+    public void testAsymmetricMultiSubkeyEncrypt() throws Exception {
+
+        String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true);
+
+        { // encrypt data with key
+            byte[] ciphertext;
+
+            ByteArrayOutputStream out = new ByteArrayOutputStream();
+            ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());
+
+            PgpSignEncryptOperation op = new PgpSignEncryptOperation(RuntimeEnvironment.application,
+                    new ProviderHelper(RuntimeEnvironment.application), null);
+
+            InputData data = new InputData(in, in.available());
+            PgpSignEncryptInputParcel input = new PgpSignEncryptInputParcel();
+
+            input.setEncryptionMasterKeyIds(new long[] { mStaticRing1.getMasterKeyId() });
+            input.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
+            PgpSignEncryptResult result = op.execute(input, new CryptoInputParcel(), data, out);
+            Assert.assertTrue("encryption must succeed", result.success());
+
+            ciphertext = out.toByteArray();
+
+            Iterator<RawPacket> packets = KeyringTestingHelper.parseKeyring(ciphertext);
+
+            RawPacket enc1 = packets.next(), enc2 = packets.next();
+            Assert.assertEquals("last packet must be encrypted data packet",
+                    PacketTags.SYM_ENC_INTEGRITY_PRO, packets.next().tag);
+            Assert.assertFalse("no further packets", packets.hasNext());
+
+            Packet p;
+            p = new BCPGInputStream(new ByteArrayInputStream(enc1.buf)).readPacket();
+            Assert.assertTrue("first packet must be session packet", p instanceof PublicKeyEncSessionPacket);
+            long encKeyId1 = ((PublicKeyEncSessionPacket) p).getKeyID();
+
+            p = new BCPGInputStream(new ByteArrayInputStream(enc2.buf)).readPacket();
+            Assert.assertTrue("second packet must be session packet", p instanceof PublicKeyEncSessionPacket);
+            long encKeyId2 = ((PublicKeyEncSessionPacket) p).getKeyID();
+
+            Assert.assertNotEquals("encrypted-to subkey ids must not be equal",
+                    encKeyId1, encKeyId2);
+            Assert.assertThat("first packet must be encrypted to one of the subkeys",
+                    KeyringTestingHelper.getSubkeyId(mStaticRing1, 2), anyOf(is(encKeyId1), is(encKeyId2)));
+            Assert.assertThat("second packet must be encrypted to one of the subkeys",
+                    KeyringTestingHelper.getSubkeyId(mStaticRing1, 3), anyOf(is(encKeyId1), is(encKeyId2)));
+
+        }
+
+        { // revoke first encryption subkey of keyring in database
+            SaveKeyringParcel parcel = new SaveKeyringParcel(mStaticRing1.getMasterKeyId(), mStaticRing1.getFingerprint());
+            parcel.mRevokeSubKeys.add(KeyringTestingHelper.getSubkeyId(mStaticRing1, 2));
+            UncachedKeyRing modified = PgpKeyOperationTest.applyModificationWithChecks(parcel, mStaticRing1,
+                    new ArrayList<RawPacket>(), new ArrayList<RawPacket>(), new CryptoInputParcel(mKeyPhrase1));
+
+            ProviderHelper providerHelper = new ProviderHelper(RuntimeEnvironment.application);
+            providerHelper.saveSecretKeyRing(modified, new ProgressScaler());
+        }
+
+        { // encrypt to this keyring, make sure it's not encrypted to the revoked subkey
+            byte[] ciphertext;
+
+            ByteArrayOutputStream out = new ByteArrayOutputStream();
+            ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());
+
+            PgpSignEncryptOperation op = new PgpSignEncryptOperation(RuntimeEnvironment.application,
+                    new ProviderHelper(RuntimeEnvironment.application), null);
+
+            InputData data = new InputData(in, in.available());
+            PgpSignEncryptInputParcel input = new PgpSignEncryptInputParcel();
+
+            input.setEncryptionMasterKeyIds(new long[] { mStaticRing1.getMasterKeyId() });
+            input.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
+            PgpSignEncryptResult result = op.execute(input, new CryptoInputParcel(), data, out);
+            Assert.assertTrue("encryption must succeed", result.success());
+
+            ciphertext = out.toByteArray();
+
+            Iterator<RawPacket> packets = KeyringTestingHelper.parseKeyring(ciphertext);
+
+            RawPacket enc1 = packets.next();
+            Assert.assertEquals("last packet must be encrypted data packet",
+                    PacketTags.SYM_ENC_INTEGRITY_PRO, packets.next().tag);
+            Assert.assertFalse("no further packets", packets.hasNext());
+
+            Packet p;
+            p = new BCPGInputStream(new ByteArrayInputStream(enc1.buf)).readPacket();
+            Assert.assertTrue("first packet must be session packet", p instanceof PublicKeyEncSessionPacket);
+            Assert.assertEquals("first packet must be encrypted to second enc subkey",
+                    KeyringTestingHelper.getSubkeyId(mStaticRing1, 3), ((PublicKeyEncSessionPacket) p).getKeyID());
+
+        }
+
+    }
+
     @Test
     public void testMultiAsymmetricEncryptDecrypt() {
 

OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperationTest.java

@@ -1240,14 +1240,14 @@ public class PgpKeyOperationTest {
         Assert.assertFalse("non-restricted operations should fail without passphrase", result.success());
     }
 
-    private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
+    public static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
                                                                UncachedKeyRing ring,
                                                                ArrayList<RawPacket> onlyA,
                                                                ArrayList<RawPacket> onlyB) {
         return applyModificationWithChecks(parcel, ring, onlyA, onlyB, cryptoInput, true, true);
     }
 
-    private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
+    public static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
                                                                UncachedKeyRing ring,
                                                                ArrayList<RawPacket> onlyA,
                                                                ArrayList<RawPacket> onlyB,
@@ -1256,7 +1256,7 @@ public class PgpKeyOperationTest {
     }
 
     // applies a parcel modification while running some integrity checks
-    private static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
+    public static UncachedKeyRing applyModificationWithChecks(SaveKeyringParcel parcel,
                                                                UncachedKeyRing ring,
                                                                ArrayList<RawPacket> onlyA,
                                                                ArrayList<RawPacket> onlyB,