pgpdecryptverify: fix one pass signature check, actually use bracketed structure
This commit is contained in:
Vincent Breitmoser
@@ -661,6 +661,7 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_DC_ERROR_INPUT (LogLevel.ERROR, R.string.msg_dc_error_input),
|
||||
MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data),
|
||||
MSG_DC_ERROR_NO_KEY (LogLevel.ERROR, R.string.msg_dc_error_no_key),
|
||||
MSG_DC_ERROR_NO_SIGNATURE (LogLevel.ERROR, R.string.msg_dc_error_no_signature),
|
||||
MSG_DC_ERROR_PGP_EXCEPTION (LogLevel.ERROR, R.string.msg_dc_error_pgp_exception),
|
||||
MSG_DC_INTEGRITY_CHECK_OK (LogLevel.INFO, R.string.msg_dc_integrity_check_ok),
|
||||
MSG_DC_OK_META_ONLY (LogLevel.OK, R.string.msg_dc_ok_meta_only),
|
||||
@@ -687,6 +688,7 @@ public abstract class OperationResult implements Parcelable {
|
||||
MSG_VL_ERROR_MISSING_SIGLIST (LogLevel.ERROR, R.string.msg_vl_error_no_siglist),
|
||||
MSG_VL_ERROR_MISSING_LITERAL (LogLevel.ERROR, R.string.msg_vl_error_missing_literal),
|
||||
MSG_VL_ERROR_MISSING_KEY (LogLevel.ERROR, R.string.msg_vl_error_wrong_key),
|
||||
MSG_VL_ERROR_NO_SIGNATURE (LogLevel.ERROR, R.string.msg_vl_error_no_signature),
|
||||
MSG_VL_CLEAR_SIGNATURE_CHECK (LogLevel.DEBUG, R.string.msg_vl_clear_signature_check),
|
||||
MSG_VL_ERROR_INTEGRITY_CHECK (LogLevel.ERROR, R.string.msg_vl_error_integrity_check),
|
||||
MSG_VL_OK (LogLevel.OK, R.string.msg_vl_ok),
|
||||
|
||||
@@ -264,8 +264,20 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
|
||||
updateProgress(R.string.progress_verifying_signature, 95, 100);
|
||||
log.add(LogType.MSG_VL_CLEAR_SIGNATURE_CHECK, indent + 1);
|
||||
|
||||
PGPSignatureList signatureList = (PGPSignatureList) pgpF.nextObject();
|
||||
PGPSignature messageSignature = signatureList.get(signatureData.signatureIndex);
|
||||
o = pgpF.nextObject();
|
||||
if ( ! (o instanceof PGPSignatureList) ) {
|
||||
log.add(LogType.MSG_VL_ERROR_NO_SIGNATURE, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
PGPSignatureList signatureList = (PGPSignatureList) o;
|
||||
if (signatureList.size() <= signatureData.signatureIndex) {
|
||||
log.add(LogType.MSG_VL_ERROR_NO_SIGNATURE, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
// PGPOnePassSignature and PGPSignature packets are "bracketed",
|
||||
// so we need to take the last-minus-index'th element here
|
||||
PGPSignature messageSignature = signatureList.get(signatureList.size() -1 -signatureData.signatureIndex);
|
||||
|
||||
// Verify signature and check binding signatures
|
||||
boolean validSignature = signature.verify(messageSignature);
|
||||
@@ -274,6 +286,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
|
||||
} else {
|
||||
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
|
||||
}
|
||||
|
||||
signatureResultBuilder.setValidSignature(validSignature);
|
||||
|
||||
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
|
||||
@@ -578,8 +591,20 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
|
||||
updateProgress(R.string.progress_verifying_signature, 90, 100);
|
||||
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_CHECK, indent);
|
||||
|
||||
PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject();
|
||||
PGPSignature messageSignature = signatureList.get(signatureData.signatureIndex);
|
||||
Object o = plainFact.nextObject();
|
||||
if ( ! (o instanceof PGPSignatureList) ) {
|
||||
log.add(LogType.MSG_DC_ERROR_NO_SIGNATURE, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
PGPSignatureList signatureList = (PGPSignatureList) o;
|
||||
if (signatureList.size() <= signatureData.signatureIndex) {
|
||||
log.add(LogType.MSG_DC_ERROR_NO_SIGNATURE, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
// PGPOnePassSignature and PGPSignature packets are "bracketed",
|
||||
// so we need to take the last-minus-index'th element here
|
||||
PGPSignature messageSignature = signatureList.get(signatureList.size() -1 - signatureData.signatureIndex);
|
||||
|
||||
// Verify signature
|
||||
boolean validSignature = signature.verify(messageSignature);
|
||||
|
||||
@@ -1174,6 +1174,7 @@
|
||||
<string name="msg_dc_error_input">"Error opening input data stream!"</string>
|
||||
<string name="msg_dc_error_no_data">"No encrypted data found in stream!"</string>
|
||||
<string name="msg_dc_error_no_key">"No encrypted data with known secret key found in stream!"</string>
|
||||
<string name="msg_dc_error_no_signature">"Missing signature data!"</string>
|
||||
<string name="msg_dc_error_pgp_exception">"Encountered OpenPGP Exception during operation!"</string>
|
||||
<string name="msg_dc_integrity_check_ok">"Integrity check OK!"</string>
|
||||
<string name="msg_dc_ok_meta_only">"Only metadata was requested, skipping decryption"</string>
|
||||
@@ -1197,8 +1198,9 @@
|
||||
|
||||
<!-- Messages for VerifySignedLiteralData operation -->
|
||||
<string name="msg_vl">"Starting signature check"</string>
|
||||
<string name="msg_vl_error_no_siglist">"No signature list in signed literal data"</string>
|
||||
<string name="msg_vl_error_wrong_key">"Message not signed with right key"</string>
|
||||
<string name="msg_vl_error_no_siglist">"No signature list in signed literal data!"</string>
|
||||
<string name="msg_vl_error_wrong_key">"Message not signed with expected key!"</string>
|
||||
<string name="msg_vl_error_no_signature">"Missing signature data!"</string>
|
||||
<string name="msg_vl_error_missing_literal">"No payload in signed literal data"</string>
|
||||
<string name="msg_vl_clear_meta_file">"Filename: %s"</string>
|
||||
<string name="msg_vl_clear_meta_mime">"MIME type: %s"</string>
|
||||
|
||||
Reference in New Issue
Block a user