actually promote to divert, pass yubikey's AID

This commit is contained in:
Vincent Breitmoser 2015-03-22 03:56:58 +01:00
parent 22063cdd6e
commit 2151411219
6 changed files with 24 additions and 31 deletions

View File

@ -50,7 +50,7 @@ public class PromoteKeyOperation extends BaseOperation {
super(context, providerHelper, progressable, cancelled);
}
public PromoteKeyResult execute(long masterKeyId) {
public PromoteKeyResult execute(long masterKeyId, byte[] cardAid) {
OperationLog log = new OperationLog();
log.add(LogType.MSG_PR, 0);
@ -58,27 +58,16 @@ public class PromoteKeyOperation extends BaseOperation {
// Perform actual type change
UncachedKeyRing promotedRing;
{
try {
// This operation is only allowed for pure public keys
// TODO delete secret keys if they are stripped, or have been moved to the card?
if (mProviderHelper.getCachedPublicKeyRing(masterKeyId).hasAnySecret()) {
log.add(LogType.MSG_PR_ERROR_ALREADY_SECRET, 2);
return new PromoteKeyResult(PromoteKeyResult.RESULT_ERROR, log, null);
}
log.add(LogType.MSG_PR_FETCHING, 1,
KeyFormattingUtils.convertKeyIdToHex(masterKeyId));
CanonicalizedPublicKeyRing pubRing =
mProviderHelper.getCanonicalizedPublicKeyRing(masterKeyId);
// create divert-to-card secret key from public key
promotedRing = pubRing.createDummySecretRing(true);
promotedRing = pubRing.createDivertSecretRing(cardAid);
} catch (PgpKeyNotFoundException e) {
log.add(LogType.MSG_PR_ERROR_KEY_NOT_FOUND, 2);
return new PromoteKeyResult(PromoteKeyResult.RESULT_ERROR, log, null);
} catch (NotFoundException e) {
log.add(LogType.MSG_PR_ERROR_KEY_NOT_FOUND, 2);
return new PromoteKeyResult(PromoteKeyResult.RESULT_ERROR, log, null);

View File

@ -603,7 +603,6 @@ public abstract class OperationResult implements Parcelable {
// promote key
MSG_PR (LogLevel.START, R.string.msg_pr),
MSG_PR_ERROR_ALREADY_SECRET (LogLevel.ERROR, R.string.msg_pr_error_already_secret),
MSG_PR_ERROR_KEY_NOT_FOUND (LogLevel.ERROR, R.string.msg_pr_error_key_not_found),
MSG_PR_FETCHING (LogLevel.DEBUG, R.string.msg_pr_fetching),
MSG_PR_SUCCESS (LogLevel.OK, R.string.msg_pr_success),

View File

@ -97,14 +97,15 @@ public class CanonicalizedPublicKeyRing extends CanonicalizedKeyRing {
}
/** Create a dummy secret ring from this key */
public UncachedKeyRing createDummySecretRing (boolean divertToCard) {
PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(),
divertToCard
? S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD
: S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY);
public UncachedKeyRing createDummySecretRing () {
PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(), null);
return new UncachedKeyRing(secRing);
}
/** Create a dummy secret ring from this key */
public UncachedKeyRing createDivertSecretRing (byte[] cardAid) {
PGPSecretKeyRing secRing = PGPSecretKeyRing.constructDummyFromPublic(getRing(), cardAid);
return new UncachedKeyRing(secRing);
}
}

View File

@ -187,7 +187,7 @@ public class KeychainIntentService extends IntentService implements Progressable
// promote key
public static final String PROMOTE_MASTER_KEY_ID = "promote_master_key_id";
public static final String PROMOTE_TYPE = "promote_type";
public static final String PROMOTE_CARD_AID = "promote_card_aid";
// consolidate
public static final String CONSOLIDATE_RECOVERY = "consolidate_recovery";
@ -488,10 +488,11 @@ public class KeychainIntentService extends IntentService implements Progressable
// Input
long keyRingId = data.getLong(PROMOTE_MASTER_KEY_ID);
byte[] cardAid = data.getByteArray(PROMOTE_CARD_AID);
// Operation
PromoteKeyOperation op = new PromoteKeyOperation(this, providerHelper, this, mActionCanceled);
PromoteKeyResult result = op.execute(keyRingId);
PromoteKeyResult result = op.execute(keyRingId, cardAid);
// Result
sendMessageToHandler(MessageStatus.OKAY, result);

View File

@ -36,10 +36,10 @@ public class ViewKeyYubikeyFragment extends Fragment
public static final String ARG_FINGERPRINT = "fingerprint";
public static final String ARG_USER_ID = "user_id";
public static final String ARG_AID = "aid";
public static final String ARG_CARD_AID = "aid";
private byte[][] mFingerprints;
private String mUserId;
private byte[] mAid;
private byte[] mCardAid;
private long mMasterKeyId;
private Button vButton;
private TextView vStatus;
@ -51,7 +51,7 @@ public class ViewKeyYubikeyFragment extends Fragment
Bundle args = new Bundle();
args.putByteArray(ARG_FINGERPRINT, fingerprints);
args.putString(ARG_USER_ID, userId);
args.putByteArray(ARG_AID, aid);
args.putByteArray(ARG_CARD_AID, aid);
frag.setArguments(args);
return frag;
@ -70,7 +70,7 @@ public class ViewKeyYubikeyFragment extends Fragment
buf.get(mFingerprints[i]);
}
mUserId = args.getString(ARG_USER_ID);
mAid = args.getByteArray(ARG_AID);
mCardAid = args.getByteArray(ARG_CARD_AID);
mMasterKeyId = KeyFormattingUtils.getKeyIdFromFingerprint(mFingerprints[0]);
@ -85,7 +85,7 @@ public class ViewKeyYubikeyFragment extends Fragment
TextView vSerNo = (TextView) view.findViewById(R.id.yubikey_serno);
TextView vUserId = (TextView) view.findViewById(R.id.yubikey_userid);
String serno = Hex.toHexString(mAid, 10, 4);
String serno = Hex.toHexString(mCardAid, 10, 4);
vSerNo.setText(getString(R.string.yubikey_serno, serno));
if (!mUserId.isEmpty()) {
@ -137,6 +137,7 @@ public class ViewKeyYubikeyFragment extends Fragment
Bundle data = new Bundle();
data.putLong(KeychainIntentService.PROMOTE_MASTER_KEY_ID, mMasterKeyId);
data.putByteArray(KeychainIntentService.PROMOTE_CARD_AID, mCardAid);
intent.putExtra(KeychainIntentService.EXTRA_DATA, data);
// Create a new Messenger for the communication back
@ -192,13 +193,13 @@ public class ViewKeyYubikeyFragment extends Fragment
if (allBound) {
vButton.setVisibility(View.GONE);
vStatus.setText("Key matches, fully bound");
vStatus.setText(R.string.yubikey_status_bound);
} else {
vButton.setVisibility(View.VISIBLE);
if (noneBound) {
vStatus.setText("Key matches, can be bound");
vStatus.setText(R.string.yubikey_status_unbound);
} else {
vStatus.setText("Key matches, partly bound");
vStatus.setText(R.string.yubikey_status_partly);
}
}

View File

@ -988,7 +988,6 @@
<!-- Promote key -->
<string name="msg_pr">"Promoting public key to secret key"</string>
<string name="msg_pr_error_already_secret">"Key is already a secret key!"</string>
<string name="msg_pr_error_key_not_found">"Key not found!"</string>
<string name="msg_pr_fetching">"Fetching key to modify (%s)"</string>
<string name="msg_pr_success">"Key successfully promoted"</string>
@ -1273,5 +1272,8 @@
<string name="yubikey_serno">"Serial No: %s"</string>
<string name="yubikey_key_holder">"Key holder: "</string>
<string name="yubikey_key_holder_unset">"Key holder: &lt;unset&gt;"</string>
<string name="yubikey_status_bound">Yubikey matches, bound to key</string>
<string name="yubikey_status_unbound">Yubikey matches, can be bound to key</string>
<string name="yubikey_status_partly">Yubikey matches, partly bound to key</string>
</resources>