moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2024-11-27 19:22:14 -05:00
Code Issues Releases Wiki Activity

Yubikey decryption

Browse Source
This commit is contained in:
Dominik Schürmann 2014-09-24 00:50:58 +02:00
parent 7c82e1c728
commit 07704c2726
8 changed files with 50 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
View File

@ -418,7 +418,7 @@ public class PgpDecryptVerify {
log.add(LogType.MSG_DC_PENDING_NFC, indent +1); log.add(LogType.MSG_DC_PENDING_NFC, indent +1);
DecryptVerifyResult result = DecryptVerifyResult result =
new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log); new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log);
result.setNfcState(e.encryptedSessionKey, mPassphrase); result.setNfcState(e.encryptedSessionKey, secretEncryptionKey.getKeyId());
return result; return result;
} }
encryptedData = encryptedDataAsymmetric; encryptedData = encryptedDataAsymmetric;

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
View File

@ -526,8 +526,9 @@ public class OpenPgpService extends RemoteService {
"Decryption of symmetric content not supported by API!"); "Decryption of symmetric content not supported by API!");
} else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) == } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
DecryptVerifyResult.RESULT_PENDING_NFC) { DecryptVerifyResult.RESULT_PENDING_NFC) {
return getNfcDecryptIntent( // we assume that the pin has been cached before
data, pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); String pin = passphraseCacheInterface.getCachedPassphrase(pgpResult.getNfcKeyId());
return getNfcDecryptIntent(data, pin, pgpResult.getNfcEncryptedSessionKey());
} else { } else {
throw new PgpGeneralException( throw new PgpGeneralException(
"Encountered unhandled type of pending action not supported by API!"); "Encountered unhandled type of pending action not supported by API!");

9
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java
View File

@ -146,6 +146,7 @@ public class KeychainIntentService extends IntentService implements Progressable
// decrypt/verify // decrypt/verify
public static final String DECRYPT_CIPHERTEXT_BYTES = "ciphertext_bytes"; public static final String DECRYPT_CIPHERTEXT_BYTES = "ciphertext_bytes";
public static final String DECRYPT_PASSPHRASE = "passphrase"; public static final String DECRYPT_PASSPHRASE = "passphrase";
public static final String DECRYPT_NFC_DECRYPTED_SESSION_KEY = "nfc_decrypted_session_key";
// save keyring // save keyring
public static final String EDIT_KEYRING_PARCEL = "save_parcel"; public static final String EDIT_KEYRING_PARCEL = "save_parcel";
@ -326,6 +327,7 @@ public class KeychainIntentService extends IntentService implements Progressable
try { try {
/* Input */ /* Input */
String passphrase = data.getString(DECRYPT_PASSPHRASE); String passphrase = data.getString(DECRYPT_PASSPHRASE);
byte[] nfcDecryptedSessionKey = data.getByteArray(DECRYPT_NFC_DECRYPTED_SESSION_KEY);
InputData inputData = createDecryptInputData(data); InputData inputData = createDecryptInputData(data);
OutputStream outStream = createCryptOutputStream(data); OutputStream outStream = createCryptOutputStream(data);
@ -342,7 +344,8 @@ public class KeychainIntentService extends IntentService implements Progressable
); );
builder.setProgressable(this) builder.setProgressable(this)
.setAllowSymmetricDecryption(true) .setAllowSymmetricDecryption(true)
.setPassphrase(passphrase); .setPassphrase(passphrase)
.setNfcState(nfcDecryptedSessionKey);
DecryptVerifyResult decryptVerifyResult = builder.build().execute(); DecryptVerifyResult decryptVerifyResult = builder.build().execute();
@ -364,6 +367,7 @@ public class KeychainIntentService extends IntentService implements Progressable
try { try {
/* Input */ /* Input */
String passphrase = data.getString(DECRYPT_PASSPHRASE); String passphrase = data.getString(DECRYPT_PASSPHRASE);
byte[] nfcDecryptedSessionKey = data.getByteArray(DECRYPT_NFC_DECRYPTED_SESSION_KEY);
InputData inputData = createDecryptInputData(data); InputData inputData = createDecryptInputData(data);
@ -380,7 +384,8 @@ public class KeychainIntentService extends IntentService implements Progressable
builder.setProgressable(this) builder.setProgressable(this)
.setAllowSymmetricDecryption(true) .setAllowSymmetricDecryption(true)
.setPassphrase(passphrase) .setPassphrase(passphrase)
.setDecryptMetadataOnly(true); .setDecryptMetadataOnly(true)
.setNfcState(nfcDecryptedSessionKey);
DecryptVerifyResult decryptVerifyResult = builder.build().execute(); DecryptVerifyResult decryptVerifyResult = builder.build().execute();

12
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java
View File

@ -36,7 +36,7 @@ public class DecryptVerifyResult extends OperationResult {
long mKeyIdPassphraseNeeded; long mKeyIdPassphraseNeeded;
byte[] mNfcSessionKey; byte[] mNfcSessionKey;
String mNfcPassphrase; long mNfcKeyId;
OpenPgpSignatureResult mSignatureResult; OpenPgpSignatureResult mSignatureResult;
OpenPgpMetadata mDecryptMetadata; OpenPgpMetadata mDecryptMetadata;
@ -49,17 +49,17 @@ public class DecryptVerifyResult extends OperationResult {
mKeyIdPassphraseNeeded = keyIdPassphraseNeeded; mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
} }
public void setNfcState(byte[] sessionKey, String passphrase) { public void setNfcState(byte[] sessionKey, long nfcKeyId) {
mNfcSessionKey = sessionKey; mNfcSessionKey = sessionKey;
mNfcPassphrase = passphrase; mNfcKeyId = nfcKeyId;
} }
public byte[] getNfcEncryptedSessionKey() { public byte[] getNfcEncryptedSessionKey() {
return mNfcSessionKey; return mNfcSessionKey;
} }
public String getNfcPassphrase() { public long getNfcKeyId() {
return mNfcPassphrase; return mNfcKeyId;
} }
public OpenPgpSignatureResult getSignatureResult() { public OpenPgpSignatureResult getSignatureResult() {
@ -92,7 +92,6 @@ public class DecryptVerifyResult extends OperationResult {
mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader()); mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader()); mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
mNfcSessionKey = source.readInt() != 0 ? source.createByteArray() : null; mNfcSessionKey = source.readInt() != 0 ? source.createByteArray() : null;
mNfcPassphrase = source.readString();
} }
public int describeContents() { public int describeContents() {
@ -110,7 +109,6 @@ public class DecryptVerifyResult extends OperationResult {
} else { } else {
dest.writeInt(0); dest.writeInt(0);
} }
dest.writeString(mNfcPassphrase);
} }
public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() { public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {

39
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
View File

@ -33,6 +33,7 @@ import android.view.ViewGroup;
import android.widget.CheckBox; import android.widget.CheckBox;
import android.widget.TextView; import android.widget.TextView;
import org.openintents.openpgp.util.OpenPgpApi;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.util.FileHelper; import org.sufficientlysecure.keychain.util.FileHelper;
@ -141,7 +142,7 @@ public class DecryptFilesFragment extends DecryptFragment {
} }
// askForOutputFilename(); // askForOutputFilename();
decryptOriginalFilename(null); decryptOriginalFilename();
} }
private String removeEncryptedAppend(String name) { private String removeEncryptedAppend(String name) {
@ -169,7 +170,7 @@ public class DecryptFilesFragment extends DecryptFragment {
} }
} }
private void decryptOriginalFilename(String passphrase) { private void decryptOriginalFilename() {
Log.d(Constants.TAG, "decryptOriginalFilename"); Log.d(Constants.TAG, "decryptOriginalFilename");
Intent intent = new Intent(getActivity(), KeychainIntentService.class); Intent intent = new Intent(getActivity(), KeychainIntentService.class);
@ -187,7 +188,8 @@ public class DecryptFilesFragment extends DecryptFragment {
data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_URI); data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_URI);
data.putParcelable(KeychainIntentService.ENCRYPT_OUTPUT_URI, mOutputUri); data.putParcelable(KeychainIntentService.ENCRYPT_OUTPUT_URI, mOutputUri);
data.putString(KeychainIntentService.DECRYPT_PASSPHRASE, passphrase); data.putString(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
intent.putExtra(KeychainIntentService.EXTRA_DATA, data); intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
@ -214,7 +216,7 @@ public class DecryptFilesFragment extends DecryptFragment {
startPassphraseDialog(Constants.key.symmetric); startPassphraseDialog(Constants.key.symmetric);
} else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) == } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
DecryptVerifyResult.RESULT_PENDING_NFC) { DecryptVerifyResult.RESULT_PENDING_NFC) {
// TODO startNfcDecrypt(mPassphrase, pgpResult.getNfcEncryptedSessionKey());
} else { } else {
throw new RuntimeException("Unhandled pending result!"); throw new RuntimeException("Unhandled pending result!");
} }
@ -239,23 +241,8 @@ public class DecryptFilesFragment extends DecryptFragment {
getActivity().startService(intent); getActivity().startService(intent);
} }
protected void showPassphraseDialogForFilename(long keyId) {
PassphraseDialogFragment.show(getActivity(), keyId,
new Handler() {
@Override @Override
public void handleMessage(Message message) { protected void decryptStart() {
if (message.what == PassphraseDialogFragment.MESSAGE_OKAY) {
String passphrase =
message.getData().getString(PassphraseDialogFragment.MESSAGE_DATA_PASSPHRASE);
decryptOriginalFilename(passphrase);
}
}
}
);
}
@Override
protected void decryptStart(String passphrase) {
Log.d(Constants.TAG, "decryptStart"); Log.d(Constants.TAG, "decryptStart");
// Send all information needed to service to decrypt in other thread // Send all information needed to service to decrypt in other thread
@ -275,7 +262,8 @@ public class DecryptFilesFragment extends DecryptFragment {
data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_URI); data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_URI);
data.putParcelable(KeychainIntentService.ENCRYPT_OUTPUT_URI, mOutputUri); data.putParcelable(KeychainIntentService.ENCRYPT_OUTPUT_URI, mOutputUri);
data.putString(KeychainIntentService.DECRYPT_PASSPHRASE, passphrase); data.putString(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
intent.putExtra(KeychainIntentService.EXTRA_DATA, data); intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
@ -350,15 +338,16 @@ public class DecryptFilesFragment extends DecryptFragment {
switch (requestCode) { switch (requestCode) {
case REQUEST_CODE_PASSPHRASE: { case REQUEST_CODE_PASSPHRASE: {
if (resultCode == Activity.RESULT_OK && data != null) { if (resultCode == Activity.RESULT_OK && data != null) {
String passphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE); mPassphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
decryptOriginalFilename(passphrase); decryptOriginalFilename();
} }
return; return;
} }
case REQUEST_CODE_NFC: { case REQUEST_CODE_NFC: {
if (resultCode == Activity.RESULT_OK && data != null) { if (resultCode == Activity.RESULT_OK && data != null) {
// TODO mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
decryptStart();
} }
return; return;
} }
@ -374,7 +363,7 @@ public class DecryptFilesFragment extends DecryptFragment {
// This happens after output file was selected, so start our operation // This happens after output file was selected, so start our operation
if (resultCode == Activity.RESULT_OK && data != null) { if (resultCode == Activity.RESULT_OK && data != null) {
mOutputUri = data.getData(); mOutputUri = data.getData();
decryptStart(null); decryptStart();
} }
return; return;
} }

52
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
View File

@ -54,6 +54,9 @@ public abstract class DecryptFragment extends Fragment {
protected Button mLookupKey; protected Button mLookupKey;
// State
protected String mPassphrase;
protected byte[] mNfcDecryptedSessionKey;
@Override @Override
public void onActivityCreated(Bundle savedInstanceState) { public void onActivityCreated(Bundle savedInstanceState) {
@ -91,42 +94,19 @@ public abstract class DecryptFragment extends Fragment {
startActivityForResult(intent, REQUEST_CODE_PASSPHRASE); startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
} }
protected void startNfcSign(String pin, byte[] hashToSign, int hashAlgo) { protected void startNfcDecrypt(String pin, byte[] encryptedSessionKey) {
Intent data = new Intent();
// build PendingIntent for Yubikey NFC operations // build PendingIntent for Yubikey NFC operations
Intent intent = new Intent(getActivity(), NfcActivity.class); Intent intent = new Intent(getActivity(), NfcActivity.class);
intent.setAction(NfcActivity.ACTION_SIGN_HASH); intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
// pass params through to activity that it can be returned again later to repeat pgp operation intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
intent.putExtra(NfcActivity.EXTRA_DATA, data);
intent.putExtra(NfcActivity.EXTRA_PIN, pin); intent.putExtra(NfcActivity.EXTRA_PIN, pin);
intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign); intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);
intent.putExtra(NfcActivity.EXTRA_NFC_HASH_ALGO, hashAlgo);
intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP); intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);
startActivityForResult(intent, REQUEST_CODE_NFC); startActivityForResult(intent, REQUEST_CODE_NFC);
} }
// @Override
// public void onActivityResult(int requestCode, int resultCode, Intent data) {
// switch (requestCode) {
//
// case RESULT_CODE_LOOKUP_KEY: {
// if (resultCode == Activity.RESULT_OK) {
// // TODO: generate new OpenPgpSignatureResult and display it
// }
// return;
// }
//
// default: {
// super.onActivityResult(requestCode, resultCode, data);
//
// break;
// }
// }
// }
protected void onResult(DecryptVerifyResult decryptVerifyResult) { protected void onResult(DecryptVerifyResult decryptVerifyResult) {
OpenPgpSignatureResult signatureResult = decryptVerifyResult.getSignatureResult(); OpenPgpSignatureResult signatureResult = decryptVerifyResult.getSignatureResult();
@ -224,26 +204,10 @@ public abstract class DecryptFragment extends Fragment {
} }
} }
// protected void showPassphraseDialog(long keyId) {
// PassphraseDialogFragment.show(getActivity(), keyId,
// new Handler() {
// @Override
// public void handleMessage(Message message) {
// if (message.what == PassphraseDialogFragment.MESSAGE_OKAY) {
// String passphrase =
// message.getData().getString(PassphraseDialogFragment.MESSAGE_DATA_PASSPHRASE);
// decryptStart(passphrase);
// }
// }
// }
// );
// }
/** /**
* Should be overridden by MessageFragment and FileFragment to start actual decryption * Should be overridden by MessageFragment and FileFragment to start actual decryption
* *
* @param passphrase
*/ */
protected abstract void decryptStart(String passphrase); protected abstract void decryptStart();
} }

18
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
View File

@ -28,9 +28,11 @@ import android.view.View;
import android.view.ViewGroup; import android.view.ViewGroup;
import android.widget.TextView; import android.widget.TextView;
import org.openintents.openpgp.util.OpenPgpApi;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.compatibility.ClipboardReflection; import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
import org.sufficientlysecure.keychain.nfc.NfcActivity;
import org.sufficientlysecure.keychain.service.KeychainIntentService; import org.sufficientlysecure.keychain.service.KeychainIntentService;
import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler; import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult; import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
@ -124,12 +126,12 @@ public class DecryptTextFragment extends DecryptFragment {
String ciphertext = getArguments().getString(ARG_CIPHERTEXT); String ciphertext = getArguments().getString(ARG_CIPHERTEXT);
if (ciphertext != null) { if (ciphertext != null) {
mCiphertext = ciphertext; mCiphertext = ciphertext;
decryptStart(null); decryptStart();
} }
} }
@Override @Override
protected void decryptStart(String passphrase) { protected void decryptStart() {
Log.d(Constants.TAG, "decryptStart"); Log.d(Constants.TAG, "decryptStart");
// Send all information needed to service to decrypt in other thread // Send all information needed to service to decrypt in other thread
@ -143,7 +145,8 @@ public class DecryptTextFragment extends DecryptFragment {
// data // data
data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_BYTES); data.putInt(KeychainIntentService.TARGET, KeychainIntentService.IO_BYTES);
data.putByteArray(KeychainIntentService.DECRYPT_CIPHERTEXT_BYTES, mCiphertext.getBytes()); data.putByteArray(KeychainIntentService.DECRYPT_CIPHERTEXT_BYTES, mCiphertext.getBytes());
data.putString(KeychainIntentService.DECRYPT_PASSPHRASE, passphrase); data.putString(KeychainIntentService.DECRYPT_PASSPHRASE, mPassphrase);
data.putByteArray(KeychainIntentService.DECRYPT_NFC_DECRYPTED_SESSION_KEY, mNfcDecryptedSessionKey);
intent.putExtra(KeychainIntentService.EXTRA_DATA, data); intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
@ -170,7 +173,7 @@ public class DecryptTextFragment extends DecryptFragment {
startPassphraseDialog(Constants.key.symmetric); startPassphraseDialog(Constants.key.symmetric);
} else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) == } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
DecryptVerifyResult.RESULT_PENDING_NFC) { DecryptVerifyResult.RESULT_PENDING_NFC) {
// TODO startNfcDecrypt(mPassphrase, pgpResult.getNfcEncryptedSessionKey());
} else { } else {
throw new RuntimeException("Unhandled pending result!"); throw new RuntimeException("Unhandled pending result!");
} }
@ -209,8 +212,8 @@ public class DecryptTextFragment extends DecryptFragment {
case REQUEST_CODE_PASSPHRASE: { case REQUEST_CODE_PASSPHRASE: {
if (resultCode == Activity.RESULT_OK && data != null) { if (resultCode == Activity.RESULT_OK && data != null) {
String passphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE); mPassphrase = data.getStringExtra(PassphraseDialogActivity.MESSAGE_DATA_PASSPHRASE);
decryptStart(passphrase); decryptStart();
} else { } else {
getActivity().finish(); getActivity().finish();
} }
@ -219,7 +222,8 @@ public class DecryptTextFragment extends DecryptFragment {
case REQUEST_CODE_NFC: { case REQUEST_CODE_NFC: {
if (resultCode == Activity.RESULT_OK && data != null) { if (resultCode == Activity.RESULT_OK && data != null) {
// TODO mNfcDecryptedSessionKey = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_DECRYPTED_SESSION_KEY);
decryptStart();
} else { } else {
getActivity().finish(); getActivity().finish();
} }

5
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptActivity.java
View File

@ -16,13 +16,10 @@ public class EncryptActivity extends DrawerActivity {
} }
protected void startNfcSign(String pin, byte[] hashToSign, int hashAlgo) { protected void startNfcSign(String pin, byte[] hashToSign, int hashAlgo) {
Intent data = new Intent();
// build PendingIntent for Yubikey NFC operations // build PendingIntent for Yubikey NFC operations
Intent intent = new Intent(this, NfcActivity.class); Intent intent = new Intent(this, NfcActivity.class);
intent.setAction(NfcActivity.ACTION_SIGN_HASH); intent.setAction(NfcActivity.ACTION_SIGN_HASH);
// pass params through to activity that it can be returned again later to repeat pgp operation intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
intent.putExtra(NfcActivity.EXTRA_DATA, data);
intent.putExtra(NfcActivity.EXTRA_PIN, pin); intent.putExtra(NfcActivity.EXTRA_PIN, pin);
intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign); intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign);