moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2025-01-31 07:00:24 -05:00
Code Issues Releases Wiki Activity

Fix PgpDecryptVerify signature verification: search for right signature subkey instead of using first subkey for verification

Browse Source
This commit is contained in:
Dominik Schürmann 2014-04-15 23:54:05 +02:00
parent 9df498b714
commit 08399dec4b
3 changed files with 60 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
View File

@ -276,6 +276,7 @@ public class PgpDecryptVerify {
// continue with the next packet in the while loop // continue with the next packet in the while loop
continue; continue;
} }
// get subkey which has been used for this encryption packet
secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID()); secretEncryptionKey = secretKeyRing.getSecretKey(encData.getKeyID());
if (secretEncryptionKey == null) { if (secretEncryptionKey == null) {
// continue with the next packet in the while loop // continue with the next packet in the while loop
@ -390,7 +391,6 @@ public class PgpDecryptVerify {
OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder(); OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
PGPPublicKey signatureKey = null; PGPPublicKey signatureKey = null;
int signatureIndex = -1; int signatureIndex = -1;
boolean isSignatureKeyCertified = false;
if (dataChunk instanceof PGPCompressedData) { if (dataChunk instanceof PGPCompressedData) {
updateProgress(R.string.progress_decompressing_data, currentProgress, 100); updateProgress(R.string.progress_decompressing_data, currentProgress, 100);
@ -426,18 +426,23 @@ public class PgpDecryptVerify {
if (masterKeyId != null) { if (masterKeyId != null) {
// key found in our database! // key found in our database!
signature = sigList.get(signatureIndex);
PGPPublicKeyRing publicKeyRing = null;
try { try {
signatureKey = mProviderHelper publicKeyRing = mProviderHelper
.getPGPPublicKeyRing(masterKeyId).getPublicKey(); .getPGPPublicKeyRing(masterKeyId);
} catch (ProviderHelper.NotFoundException e) { } catch (ProviderHelper.NotFoundException e) {
// can't happen // can't happen
} }
signature = sigList.get(signatureIndex); // get the subkey which has been used to generate this signature
signatureKey = publicKeyRing.getPublicKey(signature.getKeyID());
signatureResultBuilder.knownKey(true); signatureResultBuilder.knownKey(true);
signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(signatureKey)); // TODO: uses the first pubkey for information
signatureResultBuilder.keyId(signature.getKeyID()); signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(publicKeyRing.getPublicKey()));
signatureResultBuilder.keyId(publicKeyRing.getPublicKey().getKeyID());
JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider = JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
new JcaPGPContentVerifierBuilderProvider() new JcaPGPContentVerifierBuilderProvider()
@ -449,8 +454,8 @@ public class PgpDecryptVerify {
KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(masterKeyId)), KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(masterKeyId)),
KeyRings.VERIFIED, KeyRings.VERIFIED,
ProviderHelper.FIELD_TYPE_INTEGER); ProviderHelper.FIELD_TYPE_INTEGER);
boolean isSignatureKeyCertified = ((Long) data > 0);
isSignatureKeyCertified = ((Long) data > 0); signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified);
} else { } else {
// no key in our database -> return "unknown pub key" status including the first key id // no key in our database -> return "unknown pub key" status including the first key id
signatureResultBuilder.knownKey(false); signatureResultBuilder.knownKey(false);
@ -529,7 +534,6 @@ public class PgpDecryptVerify {
signatureResultBuilder.validSignature(validSignature); signatureResultBuilder.validSignature(validSignature);
signatureResultBuilder.validKeyBinding(validKeyBinding); signatureResultBuilder.validKeyBinding(validKeyBinding);
signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified);
} }
} }
@ -622,22 +626,25 @@ public class PgpDecryptVerify {
PGPSignature signature = null; PGPSignature signature = null;
PGPPublicKey signatureKey = null; PGPPublicKey signatureKey = null;
boolean isSignatureKeyCertified = false;
if (masterKeyId != null) { if (masterKeyId != null) {
// key found in our database! // key found in our database!
signature = sigList.get(signatureIndex);
PGPPublicKeyRing publicKeyRing = null;
try { try {
signatureKey = mProviderHelper publicKeyRing = mProviderHelper
.getPGPPublicKeyRing(masterKeyId).getPublicKey(); .getPGPPublicKeyRing(masterKeyId);
} catch (ProviderHelper.NotFoundException e) { } catch (ProviderHelper.NotFoundException e) {
// can't happen // can't happen
} }
signature = sigList.get(signatureIndex); // get the subkey which has been used to generate this signature
signatureKey = publicKeyRing.getPublicKey(signature.getKeyID());
signatureResultBuilder.knownKey(true); signatureResultBuilder.knownKey(true);
signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(signatureKey)); // TODO: uses the first pubkey for information
signatureResultBuilder.keyId(signature.getKeyID()); signatureResultBuilder.userId(PgpKeyHelper.getMainUserId(publicKeyRing.getPublicKey()));
signatureResultBuilder.keyId(publicKeyRing.getPublicKey().getKeyID());
JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider = JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
new JcaPGPContentVerifierBuilderProvider() new JcaPGPContentVerifierBuilderProvider()
@ -649,8 +656,8 @@ public class PgpDecryptVerify {
KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(masterKeyId)), KeychainContract.KeyRings.buildUnifiedKeyRingUri(Long.toString(masterKeyId)),
KeyRings.VERIFIED, KeyRings.VERIFIED,
ProviderHelper.FIELD_TYPE_INTEGER); ProviderHelper.FIELD_TYPE_INTEGER);
boolean isSignatureKeyCertified = ((Long) data > 0);
isSignatureKeyCertified = ((Long) data > 0); signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified);
} else { } else {
// no key in our database -> return "unknown pub key" status including the first key id // no key in our database -> return "unknown pub key" status including the first key id
signatureResultBuilder.knownKey(false); signatureResultBuilder.knownKey(false);
@ -692,7 +699,6 @@ public class PgpDecryptVerify {
signatureResultBuilder.validSignature(validSignature); signatureResultBuilder.validSignature(validSignature);
signatureResultBuilder.validKeyBinding(validKeyBinding); signatureResultBuilder.validKeyBinding(validKeyBinding);
signatureResultBuilder.signatureKeyCertified(isSignatureKeyCertified);
} }
result.setSignatureResult(signatureResultBuilder.build()); result.setSignatureResult(signatureResultBuilder.build());

67
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyHelper.java
View File

@ -60,6 +60,34 @@ public class PgpKeyHelper {
return key.getPublicKey().getCreationTime(); return key.getPublicKey().getCreationTime();
} }
public static Date getExpiryDate(PGPPublicKey key) {
Date creationDate = getCreationDate(key);
if (key.getValidDays() == 0) {
// no expiry
return null;
}
Calendar calendar = GregorianCalendar.getInstance();
calendar.setTime(creationDate);
calendar.add(Calendar.DATE, key.getValidDays());
return calendar.getTime();
}
public static Date getExpiryDate(PGPSecretKey key) {
return getExpiryDate(key.getPublicKey());
}
public static boolean isExpired(PGPPublicKey key) {
Date creationDate = getCreationDate(key);
Date expiryDate = getExpiryDate(key);
Date now = new Date();
if (now.compareTo(creationDate) >= 0
&& (expiryDate == null || now.compareTo(expiryDate) <= 0)) {
return false;
}
return true;
}
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static PGPSecretKey getKeyNum(PGPSecretKeyRing keyRing, long num) { public static PGPSecretKey getKeyNum(PGPSecretKeyRing keyRing, long num) {
long cnt = 0; long cnt = 0;
@ -77,7 +105,7 @@ public class PgpKeyHelper {
} }
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static Vector<PGPPublicKey> getEncryptKeys(PGPPublicKeyRing keyRing) { private static Vector<PGPPublicKey> getEncryptKeys(PGPPublicKeyRing keyRing) {
Vector<PGPPublicKey> encryptKeys = new Vector<PGPPublicKey>(); Vector<PGPPublicKey> encryptKeys = new Vector<PGPPublicKey>();
for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(keyRing.getPublicKeys())) { for (PGPPublicKey key : new IterableIterator<PGPPublicKey>(keyRing.getPublicKeys())) {
@ -90,7 +118,7 @@ public class PgpKeyHelper {
} }
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static Vector<PGPSecretKey> getSigningKeys(PGPSecretKeyRing keyRing) { private static Vector<PGPSecretKey> getSigningKeys(PGPSecretKeyRing keyRing) {
Vector<PGPSecretKey> signingKeys = new Vector<PGPSecretKey>(); Vector<PGPSecretKey> signingKeys = new Vector<PGPSecretKey>();
for (PGPSecretKey key : new IterableIterator<PGPSecretKey>(keyRing.getSecretKeys())) { for (PGPSecretKey key : new IterableIterator<PGPSecretKey>(keyRing.getSecretKeys())) {
@ -103,7 +131,7 @@ public class PgpKeyHelper {
} }
@SuppressWarnings("unchecked") @SuppressWarnings("unchecked")
public static Vector<PGPSecretKey> getCertificationKeys(PGPSecretKeyRing keyRing) { private static Vector<PGPSecretKey> getCertificationKeys(PGPSecretKeyRing keyRing) {
Vector<PGPSecretKey> signingKeys = new Vector<PGPSecretKey>(); Vector<PGPSecretKey> signingKeys = new Vector<PGPSecretKey>();
for (PGPSecretKey key : new IterableIterator<PGPSecretKey>(keyRing.getSecretKeys())) { for (PGPSecretKey key : new IterableIterator<PGPSecretKey>(keyRing.getSecretKeys())) {
@ -115,7 +143,7 @@ public class PgpKeyHelper {
return signingKeys; return signingKeys;
} }
public static Vector<PGPPublicKey> getUsableEncryptKeys(PGPPublicKeyRing keyRing) { private static Vector<PGPPublicKey> getUsableEncryptKeys(PGPPublicKeyRing keyRing) {
Vector<PGPPublicKey> usableKeys = new Vector<PGPPublicKey>(); Vector<PGPPublicKey> usableKeys = new Vector<PGPPublicKey>();
Vector<PGPPublicKey> encryptKeys = getEncryptKeys(keyRing); Vector<PGPPublicKey> encryptKeys = getEncryptKeys(keyRing);
PGPPublicKey masterKey = null; PGPPublicKey masterKey = null;
@ -135,18 +163,7 @@ public class PgpKeyHelper {
return usableKeys; return usableKeys;
} }
public static boolean isExpired(PGPPublicKey key) { private static Vector<PGPSecretKey> getUsableCertificationKeys(PGPSecretKeyRing keyRing) {
Date creationDate = getCreationDate(key);
Date expiryDate = getExpiryDate(key);
Date now = new Date();
if (now.compareTo(creationDate) >= 0
&& (expiryDate == null || now.compareTo(expiryDate) <= 0)) {
return false;
}
return true;
}
public static Vector<PGPSecretKey> getUsableCertificationKeys(PGPSecretKeyRing keyRing) {
Vector<PGPSecretKey> usableKeys = new Vector<PGPSecretKey>(); Vector<PGPSecretKey> usableKeys = new Vector<PGPSecretKey>();
Vector<PGPSecretKey> signingKeys = getCertificationKeys(keyRing); Vector<PGPSecretKey> signingKeys = getCertificationKeys(keyRing);
PGPSecretKey masterKey = null; PGPSecretKey masterKey = null;
@ -164,7 +181,7 @@ public class PgpKeyHelper {
return usableKeys; return usableKeys;
} }
public static Vector<PGPSecretKey> getUsableSigningKeys(PGPSecretKeyRing keyRing) { private static Vector<PGPSecretKey> getUsableSigningKeys(PGPSecretKeyRing keyRing) {
Vector<PGPSecretKey> usableKeys = new Vector<PGPSecretKey>(); Vector<PGPSecretKey> usableKeys = new Vector<PGPSecretKey>();
Vector<PGPSecretKey> signingKeys = getSigningKeys(keyRing); Vector<PGPSecretKey> signingKeys = getSigningKeys(keyRing);
PGPSecretKey masterKey = null; PGPSecretKey masterKey = null;
@ -182,22 +199,6 @@ public class PgpKeyHelper {
return usableKeys; return usableKeys;
} }
public static Date getExpiryDate(PGPPublicKey key) {
Date creationDate = getCreationDate(key);
if (key.getValidDays() == 0) {
// no expiry
return null;
}
Calendar calendar = GregorianCalendar.getInstance();
calendar.setTime(creationDate);
calendar.add(Calendar.DATE, key.getValidDays());
return calendar.getTime();
}
public static Date getExpiryDate(PGPSecretKey key) {
return getExpiryDate(key.getPublicKey());
}
public static PGPPublicKey getFirstEncryptSubkey(PGPPublicKeyRing keyRing) { public static PGPPublicKey getFirstEncryptSubkey(PGPPublicKeyRing keyRing) {
Vector<PGPPublicKey> encryptKeys = getUsableEncryptKeys(keyRing); Vector<PGPPublicKey> encryptKeys = getUsableEncryptKeys(keyRing);

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptAsymmetricFragment.java
View File

@ -152,8 +152,8 @@ public class EncryptAsymmetricFragment extends Fragment {
PGPSecretKey masterKey = keyRing.getSecretKey(); PGPSecretKey masterKey = keyRing.getSecretKey();
if (masterKey != null) { if (masterKey != null) {
Vector<PGPSecretKey> signKeys = PgpKeyHelper.getUsableSigningKeys(keyRing); PGPSecretKey signKey = PgpKeyHelper.getFirstSigningSubkey(keyRing);
if (signKeys.size() > 0) { if (signKey != null) {
setSignatureKeyId(masterKey.getKeyID()); setSignatureKeyId(masterKey.getKeyID());
} }
} }