mirror of
https://github.com/moparisthebest/open-keychain
synced 2024-08-13 15:53:53 -04:00
Fix signing subkey selection in remote service
This commit is contained in:
parent
8e5d0d1682
commit
a467480717
@ -77,6 +77,7 @@ public class SignEncryptOperation extends BaseOperation {
|
|||||||
|
|
||||||
NfcSignOperationsBuilder pendingInputBuilder = null;
|
NfcSignOperationsBuilder pendingInputBuilder = null;
|
||||||
|
|
||||||
|
// if signing subkey has not explicitly been set, get first usable subkey capable of signing
|
||||||
if (input.getSignatureMasterKeyId() != Constants.key.none
|
if (input.getSignatureMasterKeyId() != Constants.key.none
|
||||||
&& input.getSignatureSubKeyId() == null) {
|
&& input.getSignatureSubKeyId() == null) {
|
||||||
try {
|
try {
|
||||||
|
@ -36,11 +36,12 @@ import org.sufficientlysecure.keychain.Constants;
|
|||||||
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
|
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
|
||||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
|
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
|
||||||
import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
|
import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
|
||||||
|
import org.sufficientlysecure.keychain.operations.results.SignEncryptResult;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpConstants;
|
import org.sufficientlysecure.keychain.pgp.PgpConstants;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
|
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerify;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
|
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptInputParcel;
|
||||||
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
|
import org.sufficientlysecure.keychain.pgp.PgpSignEncryptOperation;
|
||||||
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
|
import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
import org.sufficientlysecure.keychain.provider.KeychainContract;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAccounts;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.ApiAccounts;
|
||||||
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
|
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
|
||||||
@ -162,7 +163,7 @@ public class OpenPgpService extends RemoteService {
|
|||||||
}
|
}
|
||||||
|
|
||||||
private static PendingIntent getRequiredInputPendingIntent(Context context,
|
private static PendingIntent getRequiredInputPendingIntent(Context context,
|
||||||
Intent data, RequiredInputParcel requiredInput) {
|
Intent data, RequiredInputParcel requiredInput) {
|
||||||
|
|
||||||
switch (requiredInput.mType) {
|
switch (requiredInput.mType) {
|
||||||
case NFC_DECRYPT:
|
case NFC_DECRYPT:
|
||||||
@ -221,15 +222,35 @@ public class OpenPgpService extends RemoteService {
|
|||||||
try {
|
try {
|
||||||
boolean asciiArmor = cleartextSign || data.getBooleanExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
|
boolean asciiArmor = cleartextSign || data.getBooleanExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
|
||||||
|
|
||||||
|
// sign-only
|
||||||
|
PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
|
||||||
|
.setEnableAsciiArmorOutput(asciiArmor)
|
||||||
|
.setCleartextSignature(cleartextSign)
|
||||||
|
.setDetachedSignature(!cleartextSign)
|
||||||
|
.setVersionHeader(null)
|
||||||
|
.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED);
|
||||||
|
|
||||||
Intent signKeyIdIntent = getSignKeyMasterId(data);
|
Intent signKeyIdIntent = getSignKeyMasterId(data);
|
||||||
// NOTE: Fallback to return account settings (Old API)
|
// NOTE: Fallback to return account settings (Old API)
|
||||||
if (signKeyIdIntent.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)
|
if (signKeyIdIntent.getIntExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR)
|
||||||
== OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) {
|
== OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED) {
|
||||||
return signKeyIdIntent;
|
return signKeyIdIntent;
|
||||||
}
|
}
|
||||||
|
|
||||||
long signKeyId = signKeyIdIntent.getLongExtra(OpenPgpApi.EXTRA_SIGN_KEY_ID, Constants.key.none);
|
long signKeyId = signKeyIdIntent.getLongExtra(OpenPgpApi.EXTRA_SIGN_KEY_ID, Constants.key.none);
|
||||||
if (signKeyId == Constants.key.none) {
|
if (signKeyId == Constants.key.none) {
|
||||||
Log.e(Constants.TAG, "No signing key given!");
|
throw new Exception("No signing key given");
|
||||||
|
} else {
|
||||||
|
pseInput.setSignatureMasterKeyId(signKeyId);
|
||||||
|
|
||||||
|
// get first usable subkey capable of signing
|
||||||
|
try {
|
||||||
|
long signSubKeyId = mProviderHelper.getCachedPublicKeyRing(
|
||||||
|
pseInput.getSignatureMasterKeyId()).getSecretSignId();
|
||||||
|
pseInput.setSignatureSubKeyId(signSubKeyId);
|
||||||
|
} catch (PgpKeyNotFoundException e) {
|
||||||
|
throw new Exception("signing subkey not found!", e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Get Input- and OutputStream from ParcelFileDescriptor
|
// Get Input- and OutputStream from ParcelFileDescriptor
|
||||||
@ -243,20 +264,14 @@ public class OpenPgpService extends RemoteService {
|
|||||||
InputData inputData = new InputData(is, inputLength);
|
InputData inputData = new InputData(is, inputLength);
|
||||||
|
|
||||||
CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
|
CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
|
||||||
|
if (cryptoInput == null) {
|
||||||
|
cryptoInput = new CryptoInputParcel();
|
||||||
|
}
|
||||||
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
||||||
cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
|
cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
|
||||||
new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
|
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
|
||||||
}
|
}
|
||||||
|
|
||||||
// sign-only
|
|
||||||
PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel()
|
|
||||||
.setEnableAsciiArmorOutput(asciiArmor)
|
|
||||||
.setCleartextSignature(cleartextSign)
|
|
||||||
.setDetachedSignature(!cleartextSign)
|
|
||||||
.setVersionHeader(null)
|
|
||||||
.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
|
|
||||||
.setSignatureMasterKeyId(signKeyId);
|
|
||||||
|
|
||||||
// execute PGP operation!
|
// execute PGP operation!
|
||||||
PgpSignEncryptOperation pse = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
|
PgpSignEncryptOperation pse = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
|
||||||
PgpSignEncryptResult pgpResult = pse.execute(pseInput, cryptoInput, inputData, os);
|
PgpSignEncryptResult pgpResult = pse.execute(pseInput, cryptoInput, inputData, os);
|
||||||
@ -369,19 +384,32 @@ public class OpenPgpService extends RemoteService {
|
|||||||
}
|
}
|
||||||
long signKeyId = signKeyIdIntent.getLongExtra(OpenPgpApi.EXTRA_SIGN_KEY_ID, Constants.key.none);
|
long signKeyId = signKeyIdIntent.getLongExtra(OpenPgpApi.EXTRA_SIGN_KEY_ID, Constants.key.none);
|
||||||
if (signKeyId == Constants.key.none) {
|
if (signKeyId == Constants.key.none) {
|
||||||
Log.e(Constants.TAG, "No signing key given!");
|
throw new Exception("No signing key given");
|
||||||
|
} else {
|
||||||
|
pseInput.setSignatureMasterKeyId(signKeyId);
|
||||||
|
|
||||||
|
// get first usable subkey capable of signing
|
||||||
|
try {
|
||||||
|
long signSubKeyId = mProviderHelper.getCachedPublicKeyRing(
|
||||||
|
pseInput.getSignatureMasterKeyId()).getSecretSignId();
|
||||||
|
pseInput.setSignatureSubKeyId(signSubKeyId);
|
||||||
|
} catch (PgpKeyNotFoundException e) {
|
||||||
|
throw new Exception("signing subkey not found!", e);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// sign and encrypt
|
// sign and encrypt
|
||||||
pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
|
pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
|
||||||
.setSignatureMasterKeyId(signKeyId)
|
|
||||||
.setAdditionalEncryptId(signKeyId); // add sign key for encryption
|
.setAdditionalEncryptId(signKeyId); // add sign key for encryption
|
||||||
}
|
}
|
||||||
|
|
||||||
CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
|
CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
|
||||||
|
if (cryptoInput == null) {
|
||||||
|
cryptoInput = new CryptoInputParcel();
|
||||||
|
}
|
||||||
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
||||||
cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
|
cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
|
||||||
new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
|
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
|
||||||
}
|
}
|
||||||
|
|
||||||
PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
|
PgpSignEncryptOperation op = new PgpSignEncryptOperation(this, new ProviderHelper(getContext()), null);
|
||||||
@ -464,9 +492,12 @@ public class OpenPgpService extends RemoteService {
|
|||||||
);
|
);
|
||||||
|
|
||||||
CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
|
CryptoInputParcel cryptoInput = data.getParcelableExtra(OpenPgpApi.EXTRA_CRYPTO_INPUT);
|
||||||
|
if (cryptoInput == null) {
|
||||||
|
cryptoInput = new CryptoInputParcel();
|
||||||
|
}
|
||||||
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
|
||||||
cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
|
cryptoInput = new CryptoInputParcel(cryptoInput.getSignatureTime(),
|
||||||
new Passphrase(data.getStringExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
|
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
|
||||||
}
|
}
|
||||||
|
|
||||||
byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
|
byte[] detachedSignature = data.getByteArrayExtra(OpenPgpApi.EXTRA_DETACHED_SIGNATURE);
|
||||||
@ -474,9 +505,9 @@ public class OpenPgpService extends RemoteService {
|
|||||||
// allow only private keys associated with accounts of this app
|
// allow only private keys associated with accounts of this app
|
||||||
// no support for symmetric encryption
|
// no support for symmetric encryption
|
||||||
builder.setAllowSymmetricDecryption(false)
|
builder.setAllowSymmetricDecryption(false)
|
||||||
.setAllowedKeyIds(allowedKeyIds)
|
.setAllowedKeyIds(allowedKeyIds)
|
||||||
.setDecryptMetadataOnly(decryptMetadataOnly)
|
.setDecryptMetadataOnly(decryptMetadataOnly)
|
||||||
.setDetachedSignature(detachedSignature);
|
.setDetachedSignature(detachedSignature);
|
||||||
|
|
||||||
DecryptVerifyResult pgpResult = builder.build().execute(cryptoInput);
|
DecryptVerifyResult pgpResult = builder.build().execute(cryptoInput);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user