introduce OperationResultParcel for PgpDecryptVerify operations (WIP)

OpenKeychain-Test/src/test/java/org/sufficientlysecure/keychain/support/PgpVerifyTestingHelper.java

@@ -19,7 +19,7 @@ package org.sufficientlysecure.keychain.support;
 import android.content.Context;
 
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
-import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.util.InputData;
 
@@ -56,7 +56,7 @@ public class PgpVerifyTestingHelper {
         OutputStream outStream = new ByteArrayOutputStream();
 
         PgpDecryptVerify verify = new PgpDecryptVerify.Builder(providerHelper, passphraseCache, data, outStream).build();
-        PgpDecryptVerifyResult result = verify.execute();
+        DecryptVerifyResult result = verify.execute();
 
         return result.getSignatureResult().getStatus();
     }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java

@@ -48,6 +48,8 @@ import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.OperationResultParcel.OperationLog;
 import org.sufficientlysecure.keychain.util.InputData;
 import org.sufficientlysecure.keychain.util.Log;
 import org.sufficientlysecure.keychain.util.ProgressScaler;
@@ -68,7 +70,6 @@ import java.util.Set;
  */
 public class PgpDecryptVerify {
     private ProviderHelper mProviderHelper;
-    private PassphraseCache mPassphraseCache;
     private InputData mData;
     private OutputStream mOutStream;
 
@@ -82,7 +83,6 @@ public class PgpDecryptVerify {
     private PgpDecryptVerify(Builder builder) {
         // private Constructor can only be called from Builder
         this.mProviderHelper = builder.mProviderHelper;
-        this.mPassphraseCache = builder.mPassphraseCache;
         this.mData = builder.mData;
         this.mOutStream = builder.mOutStream;
 
@@ -97,7 +97,6 @@ public class PgpDecryptVerify {
     public static class Builder {
         // mandatory parameter
         private ProviderHelper mProviderHelper;
-        private PassphraseCache mPassphraseCache;
         private InputData mData;
         private OutputStream mOutStream;
 
@@ -109,10 +108,8 @@ public class PgpDecryptVerify {
         private boolean mDecryptMetadataOnly = false;
         private byte[] mDecryptedSessionKey = null;
 
-        public Builder(ProviderHelper providerHelper, PassphraseCache passphraseCache,
+        public Builder(ProviderHelper providerHelper, InputData data, OutputStream outStream) {
-                       InputData data, OutputStream outStream) {
             this.mProviderHelper = providerHelper;
-            this.mPassphraseCache = passphraseCache;
             this.mData = data;
             this.mOutStream = outStream;
         }
@@ -172,78 +169,44 @@ public class PgpDecryptVerify {
         }
     }
 
-    public interface PassphraseCache {
-        public String getCachedPassphrase(long masterKeyId)
-                throws NoSecretKeyException;
-    }
-
-    public static class InvalidDataException extends Exception {
-        public InvalidDataException() {
-        }
-    }
-
-    public static class KeyExtractionException extends Exception {
-        public KeyExtractionException() {
-        }
-    }
-
-    public static class WrongPassphraseException extends Exception {
-        public WrongPassphraseException() {
-        }
-    }
-
-    public static class NoSecretKeyException extends Exception {
-        public NoSecretKeyException() {
-        }
-    }
-
-    public static class IntegrityCheckFailedException extends Exception {
-        public IntegrityCheckFailedException() {
-        }
-    }
-
-    public static class NeedNfcDataException extends Exception {
-        public byte[] mEncryptedSessionKey;
-        public String mPassphrase;
-
-        public NeedNfcDataException(byte[] encryptedSessionKey, String passphrase) {
-            mEncryptedSessionKey = encryptedSessionKey;
-            mPassphrase = passphrase;
-        }
-    }
-
     /**
      * Decrypts and/or verifies data based on parameters of class
      */
-    public PgpDecryptVerifyResult execute()
+    public DecryptVerifyResult execute() {
-            throws IOException, PGPException, SignatureException,
+        try {
-            WrongPassphraseException, NoSecretKeyException, KeyExtractionException,
+            // automatically works with ascii armor input and binary
-            InvalidDataException, IntegrityCheckFailedException, NeedNfcDataException {
+            InputStream in = PGPUtil.getDecoderStream(mData.getInputStream());
-        // automatically works with ascii armor input and binary
-        InputStream in = PGPUtil.getDecoderStream(mData.getInputStream());
-        if (in instanceof ArmoredInputStream) {
-            ArmoredInputStream aIn = (ArmoredInputStream) in;
-            // it is ascii armored
-            Log.d(Constants.TAG, "ASCII Armor Header Line: " + aIn.getArmorHeaderLine());
 
-            if (aIn.isClearText()) {
+            if (in instanceof ArmoredInputStream) {
-                // a cleartext signature, verify it with the other method
+                ArmoredInputStream aIn = (ArmoredInputStream) in;
-                return verifyCleartextSignature(aIn);
+                // it is ascii armored
+                Log.d(Constants.TAG, "ASCII Armor Header Line: " + aIn.getArmorHeaderLine());
+
+                if (aIn.isClearText()) {
+                    // a cleartext signature, verify it with the other method
+                    return verifyCleartextSignature(aIn);
+                }
+                // else: ascii armored encryption! go on...
             }
-            // else: ascii armored encryption! go on...
-        }
 
-        return decryptVerify(in);
+            return decryptVerify(in);
+        } catch (PGPException e) {
+            OperationLog log = new OperationLog();
+            // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_PGP_EXCEPTION);
+            return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
+        } catch (IOException e) {
+            OperationLog log = new OperationLog();
+            // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_IO);
+            return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
+        }
     }
 
     /**
      * Decrypt and/or verifies binary or ascii armored pgp
      */
-    private PgpDecryptVerifyResult decryptVerify(InputStream in)
+    private DecryptVerifyResult decryptVerify(InputStream in) throws IOException, PGPException {
-            throws IOException, PGPException, SignatureException,
+
-            WrongPassphraseException, KeyExtractionException, NoSecretKeyException,
+        OperationLog log = new OperationLog();
-            InvalidDataException, IntegrityCheckFailedException, NeedNfcDataException {
-        PgpDecryptVerifyResult result = new PgpDecryptVerifyResult();
 
         PGPObjectFactory pgpF = new PGPObjectFactory(in, new JcaKeyFingerprintCalculator());
         PGPEncryptedDataList enc;
@@ -259,7 +222,8 @@ public class PgpDecryptVerify {
         }
 
         if (enc == null) {
-            throw new InvalidDataException();
+            // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_INVALID_DATA)
+            return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
         }
 
         InputStream clear;
@@ -322,18 +286,12 @@ public class PgpDecryptVerify {
 
                 encryptedDataAsymmetric = encData;
 
-                // if no passphrase was explicitly set try to get it from the cache service
+                // if passphrase was not cached, return here indicating that a passphrase is missing!
                 if (mPassphrase == null) {
-                    // returns "" if key has no passphrase
+                    DecryptVerifyResult result =
-                    mPassphrase = mPassphraseCache.getCachedPassphrase(subKeyId);
+                            new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE, log);
-
+                    result.setKeyIdPassphraseNeeded(subKeyId);
-                    // if passphrase was not cached, return here
+                    return result;
-                    // indicating that a passphrase is missing!
-                    if (mPassphrase == null) {
-                        result.setKeyIdPassphraseNeeded(subKeyId);
-                        result.setStatus(PgpDecryptVerifyResult.KEY_PASSHRASE_NEEDED);
-                        return result;
-                    }
                 }
 
                 // break out of while, only decrypt the first packet where we have a key
@@ -351,8 +309,7 @@ public class PgpDecryptVerify {
                 // if no passphrase is given, return here
                 // indicating that a passphrase is missing!
                 if (mPassphrase == null) {
-                    result.setStatus(PgpDecryptVerifyResult.SYMMETRIC_PASSHRASE_NEEDED);
+                    return new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE, log);
-                    return result;
                 }
 
                 // break out of while, only decrypt the first packet
@@ -379,10 +336,12 @@ public class PgpDecryptVerify {
             updateProgress(R.string.progress_extracting_key, currentProgress, 100);
             try {
                 if (!secretEncryptionKey.unlock(mPassphrase)) {
-                    throw new WrongPassphraseException();
+                    // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_BAD_PASSPHRASE);
+                    return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
                 }
             } catch (PgpGeneralException e) {
-                throw new KeyExtractionException();
+                // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_EXTRACT_KEY);
+                return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
             }
 
             currentProgress += 2;
@@ -393,12 +352,19 @@ public class PgpDecryptVerify {
                         = secretEncryptionKey.getDecryptorFactory(mDecryptedSessionKey);
                 clear = encryptedDataAsymmetric.getDataStream(decryptorFactory);
             } catch (NfcSyncPublicKeyDataDecryptorFactoryBuilder.NfcInteractionNeeded e) {
-                throw new NeedNfcDataException(e.encryptedSessionKey, mPassphrase);
+                // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_NFC_INTERACTION);
+
+                DecryptVerifyResult result =
+                        new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log);
+                result.setNfcEncryptedSessionKey(e.encryptedSessionKey);
+                // TODO save passphrase here?
+                return result;
             }
             encryptedData = encryptedDataAsymmetric;
         } else {
             // no packet has been found where we have the corresponding secret key in our db
-            throw new NoSecretKeyException();
+            // log.add(LogLevel.ERROR, LogType.MSG_DC_MISSING_SECRET_KEY);
+            return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
         }
 
         PGPObjectFactory plainFact = new PGPObjectFactory(clear, new JcaKeyFingerprintCalculator());
@@ -468,6 +434,8 @@ public class PgpDecryptVerify {
             dataChunk = plainFact.nextObject();
         }
 
+        OpenPgpMetadata metadata;
+
         if (dataChunk instanceof PGPLiteralData) {
             currentProgress += 4;
             updateProgress(R.string.progress_decrypting, currentProgress, 100);
@@ -503,17 +471,17 @@ public class PgpDecryptVerify {
                 }
             }
 
-            OpenPgpMetadata metadata = new OpenPgpMetadata(
+            metadata = new OpenPgpMetadata(
                     originalFilename,
                     mimeType,
                     literalData.getModificationTime().getTime(),
                     originalSize);
-            result.setDecryptMetadata(metadata);
-
-            Log.d(Constants.TAG, "metadata: " + metadata);
 
             // return here if we want to decrypt the metadata only
             if (mDecryptMetadataOnly) {
+                DecryptVerifyResult result =
+                        new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
+                result.setDecryptMetadata(metadata);
                 return result;
             }
 
@@ -569,18 +537,19 @@ public class PgpDecryptVerify {
                 boolean validSignature = signature.verify(messageSignature);
                 signatureResultBuilder.setValidSignature(validSignature);
             }
+        } else {
+            // If there is no literalData, we don't have any metadata
+            metadata = null;
         }
 
         if (encryptedData.isIntegrityProtected()) {
             updateProgress(R.string.progress_verifying_integrity, 95, 100);
 
             if (encryptedData.verify()) {
-                // passed
+                // log.add(LogLevel.INFO, LogType.MSG_DC_INTEGRITY_CHECK_OK)
-                Log.d(Constants.TAG, "Integrity verification: success!");
             } else {
-                // failed
+                // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_INTEGRITY_CHECK)
-                Log.d(Constants.TAG, "Integrity verification: failed!");
+                return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
-                throw new IntegrityCheckFailedException();
             }
         } else {
             // no integrity check
@@ -590,14 +559,20 @@ public class PgpDecryptVerify {
             // Handle missing integrity protection like failed integrity protection!
             // The MDC packet can be stripped by an attacker!
             if (!signatureResultBuilder.isValidSignature()) {
-                throw new IntegrityCheckFailedException();
+                // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_INTEGRITY_CHECK)
+                return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
             }
         }
 
         updateProgress(R.string.progress_done, 100, 100);
 
+        // Return a positive result, with metadata and verification info
+        DecryptVerifyResult result =
+                new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
+        result.setDecryptMetadata(metadata);
         result.setSignatureResult(signatureResultBuilder.build());
         return result;
+
     }
 
     /**
@@ -607,9 +582,11 @@ public class PgpDecryptVerify {
      * The method is heavily based on
      * pg/src/main/java/org/spongycastle/openpgp/examples/ClearSignedFileProcessor.java
      */
-    private PgpDecryptVerifyResult verifyCleartextSignature(ArmoredInputStream aIn)
+    private DecryptVerifyResult verifyCleartextSignature(ArmoredInputStream aIn)
-            throws IOException, PGPException, SignatureException, InvalidDataException {
+            throws IOException, PGPException {
-        PgpDecryptVerifyResult result = new PgpDecryptVerifyResult();
+
+        OperationLog log = new OperationLog();
+
         OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
         // cleartext signatures are never encrypted ;)
         signatureResultBuilder.setSignatureOnly(true);
@@ -643,7 +620,8 @@ public class PgpDecryptVerify {
 
         PGPSignatureList sigList = (PGPSignatureList) pgpFact.nextObject();
         if (sigList == null) {
-            throw new InvalidDataException();
+            // log.add(LogLevel.ERROR, LogType.MSG_DC_ERROR_INVALID_DATA)
+            return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
         }
 
         CanonicalizedPublicKeyRing signingRing = null;
@@ -686,7 +664,7 @@ public class PgpDecryptVerify {
             }
         }
 
-        if (signature != null) {
+        if (signature != null) try {
             updateProgress(R.string.progress_verifying_signature, 90, 100);
 
             InputStream sigIn = new BufferedInputStream(new ByteArrayInputStream(clearText));
@@ -708,13 +686,16 @@ public class PgpDecryptVerify {
 
             // Verify signature and check binding signatures
             boolean validSignature = signature.verify();
-
             signatureResultBuilder.setValidSignature(validSignature);
+
+        } catch (SignatureException e) {
+            return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
         }
 
-        result.setSignatureResult(signatureResultBuilder.build());
-
         updateProgress(R.string.progress_done, 100, 100);
+
+        DecryptVerifyResult result = new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
+        result.setSignatureResult(signatureResultBuilder.build());
         return result;
     }
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java

@@ -34,7 +34,7 @@ import org.sufficientlysecure.keychain.nfc.NfcActivity;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
-import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.PgpSignEncrypt;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
@@ -462,7 +462,7 @@ public class OpenPgpService extends RemoteService {
                         .setDecryptMetadataOnly(decryptMetadataOnly)
                         .setNfcState(nfcDecryptedSessionKey);
 
-                PgpDecryptVerifyResult decryptVerifyResult;
+                DecryptVerifyResult decryptVerifyResult;
                 try {
                     // TODO: currently does not support binary signed-only content
                     decryptVerifyResult = builder.build().execute();
@@ -483,10 +483,10 @@ public class OpenPgpService extends RemoteService {
                     return getNfcDecryptIntent(data, e.mPassphrase, e.mEncryptedSessionKey);
                 }
 
-                if (PgpDecryptVerifyResult.KEY_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
+                if (DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE == decryptVerifyResult.getStatus()) {
                     // get PendingIntent for passphrase input, add it to given params and return to client
                     return getPassphraseIntent(data, decryptVerifyResult.getKeyIdPassphraseNeeded());
-                } else if (PgpDecryptVerifyResult.SYMMETRIC_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
+                } else if (DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE == decryptVerifyResult.getStatus()) {
                     throw new PgpGeneralException("Decryption of symmetric content not supported by API!");
                 }
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeychainIntentService.java

@@ -41,7 +41,7 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedPublicKeyRing;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
-import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.pgp.PgpImportExport;
 import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
@@ -337,28 +337,21 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 Bundle resultData = new Bundle();
 
+                /* TODO find passphrase from cache, if not provided
+                    return PassphraseCacheService.getCachedPassphrase(
+                        KeychainIntentService.this, masterKeyId);
+                */
+
                 // verifyText and decrypt returning additional resultData values for the
                 // verification of signatures
                 PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
-                        new ProviderHelper(this),
+                        new ProviderHelper(this), inputData, outStream
-                        new PgpDecryptVerify.PassphraseCache() {
-                            @Override
-                            public String getCachedPassphrase(long masterKeyId) throws PgpDecryptVerify.NoSecretKeyException {
-                                try {
-                                    return PassphraseCacheService.getCachedPassphrase(
-                                            KeychainIntentService.this, masterKeyId);
-                                } catch (PassphraseCacheService.KeyNotFoundException e) {
-                                    throw new PgpDecryptVerify.NoSecretKeyException();
-                                }
-                            }
-                        },
-                        inputData, outStream
                 );
                 builder.setProgressable(this)
                         .setAllowSymmetricDecryption(true)
                         .setPassphrase(passphrase);
 
-                PgpDecryptVerifyResult decryptVerifyResult = builder.build().execute();
+                DecryptVerifyResult decryptVerifyResult = builder.build().execute();
 
                 outStream.close();
 
@@ -385,29 +378,22 @@ public class KeychainIntentService extends IntentService implements Progressable
 
                 Bundle resultData = new Bundle();
 
+                /* TODO find passphrase from cache, if not provided
+                    return PassphraseCacheService.getCachedPassphrase(
+                        KeychainIntentService.this, masterKeyId);
+                */
+
                 // verifyText and decrypt returning additional resultData values for the
                 // verification of signatures
                 PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
-                        new ProviderHelper(this),
+                        new ProviderHelper(this), inputData, null
-                        new PgpDecryptVerify.PassphraseCache() {
-                            @Override
-                            public String getCachedPassphrase(long masterKeyId) throws PgpDecryptVerify.NoSecretKeyException {
-                                try {
-                                    return PassphraseCacheService.getCachedPassphrase(
-                                            KeychainIntentService.this, masterKeyId);
-                                } catch (PassphraseCacheService.KeyNotFoundException e) {
-                                    throw new PgpDecryptVerify.NoSecretKeyException();
-                                }
-                            }
-                        },
-                        inputData, null
                 );
                 builder.setProgressable(this)
                         .setAllowSymmetricDecryption(true)
                         .setPassphrase(passphrase)
                         .setDecryptMetadataOnly(true);
 
-                PgpDecryptVerifyResult decryptVerifyResult = builder.build().execute();
+                DecryptVerifyResult decryptVerifyResult = builder.build().execute();
 
                 resultData.putParcelable(RESULT_DECRYPT_VERIFY_RESULT, decryptVerifyResult);
 
@@ -785,16 +771,6 @@ public class KeychainIntentService extends IntentService implements Progressable
             message = getString(R.string.error_no_signature_passphrase);
         } else if (e instanceof PgpSignEncrypt.NoSigningKeyException) {
             message = getString(R.string.error_no_signature_key);
-        } else if (e instanceof PgpDecryptVerify.InvalidDataException) {
-            message = getString(R.string.error_invalid_data);
-        } else if (e instanceof PgpDecryptVerify.KeyExtractionException) {
-            message = getString(R.string.error_could_not_extract_private_key);
-        } else if (e instanceof PgpDecryptVerify.WrongPassphraseException) {
-            message = getString(R.string.error_wrong_passphrase);
-        } else if (e instanceof PgpDecryptVerify.NoSecretKeyException) {
-            message = getString(R.string.error_no_secret_key_found);
-        } else if (e instanceof PgpDecryptVerify.IntegrityCheckFailedException) {
-            message = getString(R.string.error_integrity_check_failed);
         } else {
             message = e.getMessage();
         }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java

@@ -15,7 +15,7 @@
  * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
-package org.sufficientlysecure.keychain.pgp;
+package org.sufficientlysecure.keychain.service.results;
 
 import android.os.Parcel;
 import android.os.Parcelable;
@@ -23,25 +23,22 @@ import android.os.Parcelable;
 import org.openintents.openpgp.OpenPgpMetadata;
 import org.openintents.openpgp.OpenPgpSignatureResult;
 
-public class PgpDecryptVerifyResult implements Parcelable {
+public class DecryptVerifyResult extends OperationResultParcel {
-    public static final int SUCCESS = 1;
+
-    public static final int KEY_PASSHRASE_NEEDED = 2;
+    // the fourth bit indicates a "data pending" result!
-    public static final int SYMMETRIC_PASSHRASE_NEEDED = 3;
+    public static final int RESULT_PENDING = 8;
+
+    // fifth to sixth bit in addition indicate specific type of pending
+    public static final int RESULT_PENDING_ASYM_PASSPHRASE = RESULT_PENDING +16;
+    public static final int RESULT_PENDING_SYM_PASSPHRASE = RESULT_PENDING +32;
+    public static final int RESULT_PENDING_NFC = RESULT_PENDING +48;
 
-    int mStatus;
     long mKeyIdPassphraseNeeded;
+    byte[] mSessionKey;
 
     OpenPgpSignatureResult mSignatureResult;
     OpenPgpMetadata mDecryptMetadata;
 
-    public int getStatus() {
-        return mStatus;
-    }
-
-    public void setStatus(int status) {
-        mStatus = status;
-    }
-
     public long getKeyIdPassphraseNeeded() {
         return mKeyIdPassphraseNeeded;
     }
@@ -50,6 +47,10 @@ public class PgpDecryptVerifyResult implements Parcelable {
         mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
     }
 
+    public void setNfcEncryptedSessionKey(byte[] sessionKey) {
+        mSessionKey = sessionKey;
+    }
+
     public OpenPgpSignatureResult getSignatureResult() {
         return mSignatureResult;
     }
@@ -66,41 +67,47 @@ public class PgpDecryptVerifyResult implements Parcelable {
         mDecryptMetadata = decryptMetadata;
     }
 
-    public PgpDecryptVerifyResult() {
+    public boolean isPending() {
-
+        return (mResult & RESULT_PENDING) != 0;
     }
 
-    public PgpDecryptVerifyResult(PgpDecryptVerifyResult b) {
+    public DecryptVerifyResult(int result, OperationLog log) {
-        this.mStatus = b.mStatus;
+        super(result, log);
-        this.mKeyIdPassphraseNeeded = b.mKeyIdPassphraseNeeded;
-        this.mSignatureResult = b.mSignatureResult;
-        this.mDecryptMetadata = b.mDecryptMetadata;
     }
 
+    public DecryptVerifyResult(Parcel source) {
+        super(source);
+        mKeyIdPassphraseNeeded = source.readLong();
+        mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
+        mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
+        mSessionKey = source.readInt() != 0 ? source.createByteArray() : null;
+    }
 
     public int describeContents() {
         return 0;
     }
 
     public void writeToParcel(Parcel dest, int flags) {
-        dest.writeInt(mStatus);
+        super.writeToParcel(dest, flags);
         dest.writeLong(mKeyIdPassphraseNeeded);
         dest.writeParcelable(mSignatureResult, 0);
         dest.writeParcelable(mDecryptMetadata, 0);
+        if (mSessionKey != null) {
+            dest.writeInt(1);
+            dest.writeByteArray(mSessionKey);
+        } else {
+            dest.writeInt(0);
+        }
     }
 
-    public static final Creator<PgpDecryptVerifyResult> CREATOR = new Creator<PgpDecryptVerifyResult>() {
+    public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {
-        public PgpDecryptVerifyResult createFromParcel(final Parcel source) {
+        public DecryptVerifyResult createFromParcel(final Parcel source) {
-            PgpDecryptVerifyResult vr = new PgpDecryptVerifyResult();
+            return new DecryptVerifyResult(source);
-            vr.mStatus = source.readInt();
-            vr.mKeyIdPassphraseNeeded = source.readLong();
-            vr.mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
-            vr.mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
-            return vr;
         }
 
-        public PgpDecryptVerifyResult[] newArray(final int size) {
+        public DecryptVerifyResult[] newArray(final int size) {
-            return new PgpDecryptVerifyResult[size];
+            return new DecryptVerifyResult[size];
         }
     };
+
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFileFragment.java

@@ -36,7 +36,7 @@ import android.widget.TextView;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.helper.FileHelper;
-import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
 import org.sufficientlysecure.keychain.ui.dialog.DeleteFileDialogFragment;
@@ -178,19 +178,20 @@ public class DecryptFileFragment extends DecryptFragment {
                     // get returned data bundle
                     Bundle returnData = message.getData();
 
-                    PgpDecryptVerifyResult decryptVerifyResult =
+                    DecryptVerifyResult result =
                             returnData.getParcelable(KeychainIntentService.RESULT_DECRYPT_VERIFY_RESULT);
 
-                    if (PgpDecryptVerifyResult.KEY_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
+                    switch (result.getResult()) {
-                        showPassphraseDialogForFilename(decryptVerifyResult.getKeyIdPassphraseNeeded());
+                        case DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE:
-                    } else if (PgpDecryptVerifyResult.SYMMETRIC_PASSHRASE_NEEDED ==
+                            showPassphraseDialog(result.getKeyIdPassphraseNeeded());
-                            decryptVerifyResult.getStatus()) {
+                            return;
-                        showPassphraseDialogForFilename(Constants.key.symmetric);
+                        case DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE:
-                    } else {
+                            showPassphraseDialog(Constants.key.symmetric);
-
+                            return;
-                        // go on...
-                        askForOutputFilename(decryptVerifyResult.getDecryptMetadata().getFilename());
                     }
+
+                    // go on...
+                    askForOutputFilename(result.getDecryptMetadata().getFilename());
                 }
             }
         };
@@ -257,35 +258,38 @@ public class DecryptFileFragment extends DecryptFragment {
                     // get returned data bundle
                     Bundle returnData = message.getData();
 
-                    PgpDecryptVerifyResult decryptVerifyResult =
+                    DecryptVerifyResult result =
                             returnData.getParcelable(KeychainIntentService.RESULT_DECRYPT_VERIFY_RESULT);
 
-                    if (PgpDecryptVerifyResult.KEY_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
+                    switch (result.getResult()) {
-                        showPassphraseDialog(decryptVerifyResult.getKeyIdPassphraseNeeded());
+                        case DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE:
-                    } else if (PgpDecryptVerifyResult.SYMMETRIC_PASSHRASE_NEEDED ==
+                            showPassphraseDialog(result.getKeyIdPassphraseNeeded());
-                            decryptVerifyResult.getStatus()) {
+                            return;
-                        showPassphraseDialog(Constants.key.symmetric);
+                        case DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE:
-                    } else {
+                            showPassphraseDialog(Constants.key.symmetric);
-                        // display signature result in activity
+                            return;
-                        onResult(decryptVerifyResult);
-
-                        if (mDeleteAfter.isChecked()) {
-                            // Create and show dialog to delete original file
-                            DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(mInputUri);
-                            deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
-                            setInputUri(null);
-                        }
-
-                        /*
-                        // A future open after decryption feature
-                        if () {
-                            Intent viewFile = new Intent(Intent.ACTION_VIEW);
-                            viewFile.setData(mOutputUri);
-                            startActivity(viewFile);
-                        }
-                        */
                     }
+
+                    // display signature result in activity
+                    onResult(result);
+
+                    if (mDeleteAfter.isChecked()) {
+                        // Create and show dialog to delete original file
+                        DeleteFileDialogFragment deleteFileDialog = DeleteFileDialogFragment.newInstance(mInputUri);
+                        deleteFileDialog.show(getActivity().getSupportFragmentManager(), "deleteDialog");
+                        setInputUri(null);
+                    }
+
+                    /*
+                    // A future open after decryption feature
+                    if () {
+                        Intent viewFile = new Intent(Intent.ACTION_VIEW);
+                        viewFile.setData(mOutputUri);
+                        startActivity(viewFile);
+                    }
+                    */
                 }
+
             }
         };
 

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java

@@ -34,7 +34,7 @@ import android.widget.TextView;
 import org.openintents.openpgp.OpenPgpSignatureResult;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.pgp.KeyRing;
-import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpKeyHelper;
 import org.sufficientlysecure.keychain.ui.dialog.PassphraseDialogFragment;
 
@@ -100,7 +100,7 @@ public abstract class DecryptFragment extends Fragment {
         }
     }
 
-    protected void onResult(PgpDecryptVerifyResult decryptVerifyResult) {
+    protected void onResult(DecryptVerifyResult decryptVerifyResult) {
         OpenPgpSignatureResult signatureResult = decryptVerifyResult.getSignatureResult();
 
         mSignatureKeyId = 0;

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptMessageFragment.java

@@ -31,7 +31,7 @@ import android.widget.EditText;
 import org.sufficientlysecure.keychain.Constants;
 import org.sufficientlysecure.keychain.R;
 import org.sufficientlysecure.keychain.compatibility.ClipboardReflection;
-import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyResult;
+import org.sufficientlysecure.keychain.service.results.DecryptVerifyResult;
 import org.sufficientlysecure.keychain.pgp.PgpHelper;
 import org.sufficientlysecure.keychain.service.KeychainIntentService;
 import org.sufficientlysecure.keychain.service.KeychainIntentServiceHandler;
@@ -143,24 +143,27 @@ public class DecryptMessageFragment extends DecryptFragment {
                     // get returned data bundle
                     Bundle returnData = message.getData();
 
-                    PgpDecryptVerifyResult decryptVerifyResult =
+                    DecryptVerifyResult result =
                             returnData.getParcelable(KeychainIntentService.RESULT_DECRYPT_VERIFY_RESULT);
 
-                    if (PgpDecryptVerifyResult.KEY_PASSHRASE_NEEDED == decryptVerifyResult.getStatus()) {
+                    switch (result.getResult()) {
-                        showPassphraseDialog(decryptVerifyResult.getKeyIdPassphraseNeeded());
+                        case DecryptVerifyResult.RESULT_PENDING_ASYM_PASSPHRASE:
-                    } else if (PgpDecryptVerifyResult.SYMMETRIC_PASSHRASE_NEEDED ==
+                            showPassphraseDialog(result.getKeyIdPassphraseNeeded());
-                                    decryptVerifyResult.getStatus()) {
+                            return;
-                        showPassphraseDialog(Constants.key.symmetric);
+                        case DecryptVerifyResult.RESULT_PENDING_SYM_PASSPHRASE:
-                    } else {
+                            showPassphraseDialog(Constants.key.symmetric);
-                        byte[] decryptedMessage = returnData
+                            return;
-                                .getByteArray(KeychainIntentService.RESULT_DECRYPTED_BYTES);
-                        mMessage.setText(new String(decryptedMessage));
-                        mMessage.setHorizontallyScrolling(false);
-
-                        // display signature result in activity
-                        onResult(decryptVerifyResult);
                     }
+
+                    byte[] decryptedMessage = returnData
+                            .getByteArray(KeychainIntentService.RESULT_DECRYPTED_BYTES);
+                    mMessage.setText(new String(decryptedMessage));
+                    mMessage.setHorizontallyScrolling(false);
+
+                    // display signature result in activity
+                    onResult(result);
                 }
+
             }
         };