moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2024-11-07 01:35:00 -05:00
Code Issues Releases Wiki Activity

always check binding when verifying

Browse Source
This commit is contained in:
Ashley Hughes 2014-01-15 00:41:18 +00:00
parent c95a52c070
commit 0bca0a4b08
1 changed files with 18 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
View File

@ -764,11 +764,11 @@ public class PgpOperation {
PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject(); PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject();
PGPSignature messageSignature = signatureList.get(signatureIndex); PGPSignature messageSignature = signatureList.get(signatureIndex);
if (signature.verify(messageSignature)) {
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, true); //Now check binding signatures
} else { boolean keyBinding_isok = verifyKeyBinding(mContext, messageSignature, signatureKey);
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, false); boolean sig_isok = signature.verify(messageSignature);
} returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, keyBinding_isok & sig_isok);
} }
} }
@ -897,9 +897,18 @@ public class PgpOperation {
boolean sig_isok = signature.verify(); boolean sig_isok = signature.verify();
//Now check binding signatures //Now check binding signatures
boolean keyBinding_isok = false; boolean keyBinding_isok = verifyKeyBinding(mContext, signature, signatureKey);
signatureKeyId = signature.getKeyID(); returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok);
updateProgress(R.string.progress_done, 100, 100);
return returnData;
}
public boolean verifyKeyBinding(Context mContext, PGPSignature signature, PGPPublicKey signatureKey)
{
long signatureKeyId = signature.getKeyID();
boolean keyBinding_isok = false;
String userId = null; String userId = null;
PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext, PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
signatureKeyId); signatureKeyId);
@ -912,13 +921,10 @@ public class PgpOperation {
} else { //if the key used to make the signature was the master key, no need to check binding sigs } else { //if the key used to make the signature was the master key, no need to check binding sigs
keyBinding_isok = true; keyBinding_isok = true;
} }
returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok); return keyBinding_isok;
updateProgress(R.string.progress_done, 100, 100);
return returnData;
} }
private boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey) public boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey)
{ {
boolean subkeyBinding_isok = false; boolean subkeyBinding_isok = false;
boolean tmp_subkeyBinding_isok = false; boolean tmp_subkeyBinding_isok = false;