Check for insecure hash and symmetric encryption algos on decrypt

This commit is contained in:
Dominik Schürmann 2015-03-05 17:46:43 +01:00
parent aeb0169f02
commit 3bc3e3e6f4
3 changed files with 34 additions and 0 deletions

View File

@ -626,6 +626,7 @@ public abstract class OperationResult implements Parcelable {
MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data), MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data),
MSG_DC_ERROR_NO_KEY (LogLevel.ERROR, R.string.msg_dc_error_no_key), MSG_DC_ERROR_NO_KEY (LogLevel.ERROR, R.string.msg_dc_error_no_key),
MSG_DC_ERROR_PGP_EXCEPTION (LogLevel.ERROR, R.string.msg_dc_error_pgp_exception), MSG_DC_ERROR_PGP_EXCEPTION (LogLevel.ERROR, R.string.msg_dc_error_pgp_exception),
MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO (LogLevel.ERROR, R.string.msg_dc_error_unsupported_hash_algo),
MSG_DC_INTEGRITY_CHECK_OK (LogLevel.INFO, R.string.msg_dc_integrity_check_ok), MSG_DC_INTEGRITY_CHECK_OK (LogLevel.INFO, R.string.msg_dc_integrity_check_ok),
MSG_DC_OK_META_ONLY (LogLevel.OK, R.string.msg_dc_ok_meta_only), MSG_DC_OK_META_ONLY (LogLevel.OK, R.string.msg_dc_ok_meta_only),
MSG_DC_OK (LogLevel.OK, R.string.msg_dc_ok), MSG_DC_OK (LogLevel.OK, R.string.msg_dc_ok),
@ -640,6 +641,7 @@ public abstract class OperationResult implements Parcelable {
MSG_DC_TRAIL_SYM (LogLevel.DEBUG, R.string.msg_dc_trail_sym), MSG_DC_TRAIL_SYM (LogLevel.DEBUG, R.string.msg_dc_trail_sym),
MSG_DC_TRAIL_UNKNOWN (LogLevel.DEBUG, R.string.msg_dc_trail_unknown), MSG_DC_TRAIL_UNKNOWN (LogLevel.DEBUG, R.string.msg_dc_trail_unknown),
MSG_DC_UNLOCKING (LogLevel.INFO, R.string.msg_dc_unlocking), MSG_DC_UNLOCKING (LogLevel.INFO, R.string.msg_dc_unlocking),
MSG_DC_OLD_SYMMETRIC_ENCRYPTION_ALGO (LogLevel.WARN, R.string.msg_dc_old_symmetric_encryption_algo),
// verify signed literal data // verify signed literal data
MSG_VL (LogLevel.INFO, R.string.msg_vl), MSG_VL (LogLevel.INFO, R.string.msg_vl),

View File

@ -563,6 +563,7 @@ public class PgpDecryptVerify extends BaseOperation {
log.add(LogType.MSG_DC_PREP_STREAMS, indent); log.add(LogType.MSG_DC_PREP_STREAMS, indent);
// we made sure above one of these two would be true // we made sure above one of these two would be true
int symmetricEncryptionAlgo;
if (symmetricPacketFound) { if (symmetricPacketFound) {
currentProgress += 2; currentProgress += 2;
updateProgress(R.string.progress_preparing_streams, currentProgress, 100); updateProgress(R.string.progress_preparing_streams, currentProgress, 100);
@ -576,6 +577,7 @@ public class PgpDecryptVerify extends BaseOperation {
clear = encryptedDataSymmetric.getDataStream(decryptorFactory); clear = encryptedDataSymmetric.getDataStream(decryptorFactory);
encryptedData = encryptedDataSymmetric; encryptedData = encryptedDataSymmetric;
symmetricEncryptionAlgo = encryptedDataSymmetric.getSymmetricAlgorithm(decryptorFactory);
} else if (asymmetricPacketFound) { } else if (asymmetricPacketFound) {
currentProgress += 2; currentProgress += 2;
updateProgress(R.string.progress_extracting_key, currentProgress, 100); updateProgress(R.string.progress_extracting_key, currentProgress, 100);
@ -598,6 +600,8 @@ public class PgpDecryptVerify extends BaseOperation {
PublicKeyDataDecryptorFactory decryptorFactory PublicKeyDataDecryptorFactory decryptorFactory
= secretEncryptionKey.getDecryptorFactory(mDecryptedSessionKey); = secretEncryptionKey.getDecryptorFactory(mDecryptedSessionKey);
clear = encryptedDataAsymmetric.getDataStream(decryptorFactory); clear = encryptedDataAsymmetric.getDataStream(decryptorFactory);
symmetricEncryptionAlgo = encryptedDataAsymmetric.getSymmetricAlgorithm(decryptorFactory);
} catch (NfcSyncPublicKeyDataDecryptorFactoryBuilder.NfcInteractionNeeded e) { } catch (NfcSyncPublicKeyDataDecryptorFactoryBuilder.NfcInteractionNeeded e) {
log.add(LogType.MSG_DC_PENDING_NFC, indent + 1); log.add(LogType.MSG_DC_PENDING_NFC, indent + 1);
DecryptVerifyResult result = DecryptVerifyResult result =
@ -614,6 +618,11 @@ public class PgpDecryptVerify extends BaseOperation {
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
} }
// Warn about old encryption algorithms!
if (!PgpConstants.sPreferredSymmetricAlgorithms.contains(symmetricEncryptionAlgo)) {
log.add(LogType.MSG_DC_OLD_SYMMETRIC_ENCRYPTION_ALGO, indent + 1);
}
JcaPGPObjectFactory plainFact = new JcaPGPObjectFactory(clear); JcaPGPObjectFactory plainFact = new JcaPGPObjectFactory(clear);
Object dataChunk = plainFact.nextObject(); Object dataChunk = plainFact.nextObject();
OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder(); OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
@ -811,6 +820,13 @@ public class PgpDecryptVerify extends BaseOperation {
} else { } else {
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1); log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
} }
// Don't allow verification of old hash algorithms!
if (!PgpConstants.sPreferredHashAlgorithms.contains(signature.getHashAlgorithm())) {
validSignature = false;
log.add(LogType.MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO, indent + 1);
}
signatureResultBuilder.setValidSignature(validSignature); signatureResultBuilder.setValidSignature(validSignature);
} }
@ -936,6 +952,13 @@ public class PgpDecryptVerify extends BaseOperation {
} else { } else {
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1); log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
} }
// Don't allow verification of old hash algorithms!
if (!PgpConstants.sPreferredHashAlgorithms.contains(signature.getHashAlgorithm())) {
validSignature = false;
log.add(LogType.MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO, indent + 1);
}
signatureResultBuilder.setValidSignature(validSignature); signatureResultBuilder.setValidSignature(validSignature);
} catch (SignatureException e) { } catch (SignatureException e) {
@ -1024,6 +1047,13 @@ public class PgpDecryptVerify extends BaseOperation {
} else { } else {
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1); log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
} }
// Don't allow verification of old hash algorithms!
if (!PgpConstants.sPreferredHashAlgorithms.contains(signature.getHashAlgorithm())) {
validSignature = false;
log.add(LogType.MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO, indent + 1);
}
signatureResultBuilder.setValidSignature(validSignature); signatureResultBuilder.setValidSignature(validSignature);
} }

View File

@ -988,6 +988,7 @@
<string name="msg_dc_clear_meta_size_unknown">"File size is unknown"</string> <string name="msg_dc_clear_meta_size_unknown">"File size is unknown"</string>
<string name="msg_dc_clear_meta_time">"Modification time: %s"</string> <string name="msg_dc_clear_meta_time">"Modification time: %s"</string>
<string name="msg_dc_clear_signature_bad">"Signature check NOT OK!"</string> <string name="msg_dc_clear_signature_bad">"Signature check NOT OK!"</string>
<string name="msg_dc_error_unsupported_hash_algo">"Unsupported and potentially insecure hash algorithm!"</string>
<string name="msg_dc_clear_signature_check">"Verifying signature data"</string> <string name="msg_dc_clear_signature_check">"Verifying signature data"</string>
<string name="msg_dc_clear_signature_ok">"Signature check OK"</string> <string name="msg_dc_clear_signature_ok">"Signature check OK"</string>
<string name="msg_dc_clear_signature">"Saving signature data for later"</string> <string name="msg_dc_clear_signature">"Saving signature data for later"</string>
@ -1015,6 +1016,7 @@
<string name="msg_dc_trail_sym">"Encountered trailing, symmetrically encrypted data"</string> <string name="msg_dc_trail_sym">"Encountered trailing, symmetrically encrypted data"</string>
<string name="msg_dc_trail_unknown">"Encountered trailing data of unknown type"</string> <string name="msg_dc_trail_unknown">"Encountered trailing data of unknown type"</string>
<string name="msg_dc_unlocking">"Unlocking secret key"</string> <string name="msg_dc_unlocking">"Unlocking secret key"</string>
<string name="msg_dc_old_symmetric_encryption_algo">"Potentially insecure encryption algorithm has been used!"</string>
<!-- Messages for VerifySignedLiteralData operation --> <!-- Messages for VerifySignedLiteralData operation -->
<string name="msg_vl">"Starting signature check"</string> <string name="msg_vl">"Starting signature check"</string>