don't show allowed key list if no key exists, and some minor PgpDecryptVerify changes
This commit is contained in:
Vincent Breitmoser
parent
426d17bd0a
commit
a8e95f676e
|
|
@ -29,6 +29,7 @@ import org.robolectric.shadows.ShadowLog;
|
|||
import org.spongycastle.bcpg.sig.KeyFlags;
|
||||
import org.spongycastle.jce.provider.BouncyCastleProvider;
|
||||
import org.spongycastle.openpgp.PGPEncryptedData;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogType;
|
||||
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
|
||||
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData;
|
||||
|
|
@ -214,7 +215,7 @@ public class PgpEncryptDecryptTest {
|
|||
String plaintext = "dies ist ein plaintext ☭" + TestingUtils.genPassphrase(true);
|
||||
byte[] ciphertext;
|
||||
|
||||
{ // encrypt data with a given passphrase
|
||||
{ // encrypt data with key
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(plaintext.getBytes());
|
||||
|
||||
|
|
@ -224,7 +225,7 @@ public class PgpEncryptDecryptTest {
|
|||
InputData data = new InputData(in, in.available());
|
||||
PgpSignEncryptInputParcel b = new PgpSignEncryptInputParcel();
|
||||
|
||||
b.setEncryptionMasterKeyIds(new long[]{ mStaticRing1.getMasterKeyId() });
|
||||
b.setEncryptionMasterKeyIds(new long[] { mStaticRing1.getMasterKeyId() });
|
||||
b.setSymmetricEncryptionAlgorithm(PGPEncryptedData.AES_128);
|
||||
PgpSignEncryptResult result = op.execute(b, new CryptoInputParcel(), data, out);
|
||||
Assert.assertTrue("encryption must succeed", result.success());
|
||||
|
|
@ -334,7 +335,7 @@ public class PgpEncryptDecryptTest {
|
|||
out.toByteArray().length, metadata.getOriginalSize());
|
||||
}
|
||||
|
||||
{ // decryption with passphrase cached should succeed for the first key
|
||||
{ // decryption should succeed if key is allowed
|
||||
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
|
||||
|
|
@ -350,12 +351,32 @@ public class PgpEncryptDecryptTest {
|
|||
b.setAllowedKeyIds(allowed);
|
||||
|
||||
DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
|
||||
Assert.assertTrue("decryption with cached passphrase must succeed for the first key", result.success());
|
||||
Assert.assertTrue("decryption with cached passphrase must succeed for allowed key", result.success());
|
||||
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
|
||||
out.toByteArray(), plaintext.getBytes());
|
||||
Assert.assertTrue("other key was skipped", result.getLog().containsType(LogType.MSG_DC_ASKIP_NOT_ALLOWED));
|
||||
Assert.assertNull("signature should be empty", result.getSignatureResult());
|
||||
}
|
||||
|
||||
{ // decryption should fail if no key is allowed
|
||||
|
||||
ByteArrayOutputStream out = new ByteArrayOutputStream();
|
||||
ByteArrayInputStream in = new ByteArrayInputStream(ciphertext);
|
||||
InputData data = new InputData(in, in.available());
|
||||
|
||||
// provide passphrase for the second, and check that the first is never asked for!
|
||||
PgpDecryptVerify.Builder b = builderWithFakePassphraseCache(data, out,
|
||||
mKeyPhrase2, mStaticRing2.getMasterKeyId(), null);
|
||||
// no keys allowed!
|
||||
b.setAllowedKeyIds(new HashSet<Long>());
|
||||
|
||||
DecryptVerifyResult result = b.build().execute(new CryptoInputParcel());
|
||||
Assert.assertFalse("decryption must fail if no key allowed", result.success());
|
||||
Assert.assertEquals("decryption must fail with key disllowed status",
|
||||
DecryptVerifyResult.RESULT_KEY_DISALLOWED, result.getResult());
|
||||
|
||||
}
|
||||
|
||||
{ // decryption with passphrase cached should succeed for the other key if first is gone
|
||||
|
||||
// delete first key from database
|
||||
|
|
|
|||
|
|
@ -27,12 +27,19 @@ import org.sufficientlysecure.keychain.util.Passphrase;
|
|||
|
||||
public class DecryptVerifyResult extends InputPendingResult {
|
||||
|
||||
public static final int RESULT_NO_DATA = RESULT_ERROR + 16;
|
||||
public static final int RESULT_KEY_DISALLOWED = RESULT_ERROR + 32;
|
||||
|
||||
OpenPgpSignatureResult mSignatureResult;
|
||||
OpenPgpMetadata mDecryptMetadata;
|
||||
// This holds the charset which was specified in the ascii armor, if specified
|
||||
// https://tools.ietf.org/html/rfc4880#page56
|
||||
String mCharset;
|
||||
|
||||
public boolean isKeysDisallowed () {
|
||||
return (mResult & RESULT_KEY_DISALLOWED) == RESULT_KEY_DISALLOWED;
|
||||
}
|
||||
|
||||
public OpenPgpSignatureResult getSignatureResult() {
|
||||
return mSignatureResult;
|
||||
}
|
||||
|
|
@ -57,10 +64,6 @@ public class DecryptVerifyResult extends InputPendingResult {
|
|||
mCharset = charset;
|
||||
}
|
||||
|
||||
public boolean isPending() {
|
||||
return (mResult & RESULT_PENDING) == RESULT_PENDING;
|
||||
}
|
||||
|
||||
public DecryptVerifyResult(int result, OperationLog log) {
|
||||
super(result, log);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -598,7 +598,7 @@ public abstract class OperationResult implements Parcelable {
|
|||
MSG_DC_ERROR_EXTRACT_KEY (LogLevel.ERROR, R.string.msg_dc_error_extract_key),
|
||||
MSG_DC_ERROR_INTEGRITY_CHECK (LogLevel.ERROR, R.string.msg_dc_error_integrity_check),
|
||||
MSG_DC_ERROR_INTEGRITY_MISSING (LogLevel.ERROR, R.string.msg_dc_error_integrity_missing),
|
||||
MSG_DC_ERROR_INVALID_SIGLIST(LogLevel.ERROR, R.string.msg_dc_error_invalid_siglist),
|
||||
MSG_DC_ERROR_INVALID_DATA (LogLevel.ERROR, R.string.msg_dc_error_invalid_data),
|
||||
MSG_DC_ERROR_IO (LogLevel.ERROR, R.string.msg_dc_error_io),
|
||||
MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data),
|
||||
MSG_DC_ERROR_NO_KEY (LogLevel.ERROR, R.string.msg_dc_error_no_key),
|
||||
|
|
|
|||
|
|
@ -384,7 +384,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
}
|
||||
|
||||
if (enc == null) {
|
||||
log.add(LogType.MSG_DC_ERROR_INVALID_SIGLIST, indent);
|
||||
log.add(LogType.MSG_DC_ERROR_INVALID_DATA, indent);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
|
|
@ -419,6 +419,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
}
|
||||
|
||||
Passphrase passphrase = null;
|
||||
boolean skippedDisallowedKey = false;
|
||||
|
||||
// go through all objects and find one we can decrypt
|
||||
while (it.hasNext()) {
|
||||
|
|
@ -451,13 +452,6 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
log.add(LogType.MSG_DC_ASKIP_NO_KEY, indent + 1);
|
||||
continue;
|
||||
}
|
||||
// get subkey which has been used for this encryption packet
|
||||
secretEncryptionKey = secretKeyRing.getSecretKey(subKeyId);
|
||||
if (secretEncryptionKey == null) {
|
||||
// should actually never happen, so no need to be more specific.
|
||||
log.add(LogType.MSG_DC_ASKIP_NO_KEY, indent + 1);
|
||||
continue;
|
||||
}
|
||||
|
||||
// allow only specific keys for decryption?
|
||||
if (mAllowedKeyIds != null) {
|
||||
|
|
@ -469,11 +463,20 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
if (!mAllowedKeyIds.contains(masterKeyId)) {
|
||||
// this key is in our db, but NOT allowed!
|
||||
// continue with the next packet in the while loop
|
||||
skippedDisallowedKey = true;
|
||||
log.add(LogType.MSG_DC_ASKIP_NOT_ALLOWED, indent + 1);
|
||||
continue;
|
||||
}
|
||||
}
|
||||
|
||||
// get subkey which has been used for this encryption packet
|
||||
secretEncryptionKey = secretKeyRing.getSecretKey(subKeyId);
|
||||
if (secretEncryptionKey == null) {
|
||||
// should actually never happen, so no need to be more specific.
|
||||
log.add(LogType.MSG_DC_ASKIP_NO_KEY, indent + 1);
|
||||
continue;
|
||||
}
|
||||
|
||||
/* secret key exists in database and is allowed! */
|
||||
asymmetricPacketFound = true;
|
||||
|
||||
|
|
@ -604,10 +607,18 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
}
|
||||
encryptedData = encryptedDataAsymmetric;
|
||||
} else {
|
||||
// If we didn't find any useful data, error out
|
||||
// there wasn't even any useful data
|
||||
if (!anyPacketFound) {
|
||||
log.add(LogType.MSG_DC_ERROR_NO_DATA, indent + 1);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_NO_DATA, log);
|
||||
}
|
||||
// there was data but key wasn't allowed
|
||||
if (skippedDisallowedKey) {
|
||||
log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_KEY_DISALLOWED, log);
|
||||
}
|
||||
// no packet has been found where we have the corresponding secret key in our db
|
||||
log.add(
|
||||
anyPacketFound ? LogType.MSG_DC_ERROR_NO_KEY : LogType.MSG_DC_ERROR_NO_DATA, indent + 1);
|
||||
log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
|
|
@ -910,7 +921,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
|
||||
PGPSignatureList sigList = (PGPSignatureList) pgpFact.nextObject();
|
||||
if (sigList == null) {
|
||||
log.add(LogType.MSG_DC_ERROR_INVALID_SIGLIST, 0);
|
||||
log.add(LogType.MSG_DC_ERROR_INVALID_DATA, 0);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
|
|
@ -993,7 +1004,7 @@ public class PgpDecryptVerify extends BaseOperation {
|
|||
} else if (o instanceof PGPSignatureList) {
|
||||
sigList = (PGPSignatureList) o;
|
||||
} else {
|
||||
log.add(LogType.MSG_DC_ERROR_INVALID_SIGLIST, 0);
|
||||
log.add(LogType.MSG_DC_ERROR_INVALID_DATA, 0);
|
||||
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -34,7 +34,6 @@ import org.openintents.openpgp.util.OpenPgpApi;
|
|||
import org.spongycastle.bcpg.CompressionAlgorithmTags;
|
||||
import org.sufficientlysecure.keychain.Constants;
|
||||
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult;
|
||||
import org.sufficientlysecure.keychain.operations.results.OperationResult.LogEntryParcel;
|
||||
import org.sufficientlysecure.keychain.operations.results.PgpSignEncryptResult;
|
||||
import org.sufficientlysecure.keychain.pgp.PgpConstants;
|
||||
|
|
@ -602,9 +601,8 @@ public class OpenPgpService extends RemoteService {
|
|||
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_SUCCESS);
|
||||
return result;
|
||||
} else {
|
||||
LogEntryParcel errorMsg = pgpResult.getLog().getLast();
|
||||
|
||||
if (errorMsg.mType == OperationResult.LogType.MSG_DC_ERROR_NO_KEY) {
|
||||
//
|
||||
if (pgpResult.isKeysDisallowed()) {
|
||||
// allow user to select allowed keys
|
||||
Intent result = new Intent();
|
||||
result.putExtra(OpenPgpApi.RESULT_INTENT, getSelectAllowedKeysIntent(data));
|
||||
|
|
@ -612,14 +610,17 @@ public class OpenPgpService extends RemoteService {
|
|||
return result;
|
||||
}
|
||||
|
||||
throw new Exception(getString(errorMsg.mType.getMsgId()));
|
||||
String errorMsg = getString(pgpResult.getLog().getLast().mType.getMsgId());
|
||||
Intent result = new Intent();
|
||||
result.putExtra(OpenPgpApi.RESULT_ERROR, new OpenPgpError(OpenPgpError.GENERIC_ERROR, errorMsg));
|
||||
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR);
|
||||
return result;
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
Log.d(Constants.TAG, "decryptAndVerifyImpl", e);
|
||||
} catch (IOException e) {
|
||||
Log.e(Constants.TAG, "decryptAndVerifyImpl", e);
|
||||
Intent result = new Intent();
|
||||
result.putExtra(OpenPgpApi.RESULT_ERROR,
|
||||
new OpenPgpError(OpenPgpError.GENERIC_ERROR, e.getMessage()));
|
||||
result.putExtra(OpenPgpApi.RESULT_ERROR, new OpenPgpError(OpenPgpError.GENERIC_ERROR, e.getMessage()));
|
||||
result.putExtra(OpenPgpApi.RESULT_CODE, OpenPgpApi.RESULT_CODE_ERROR);
|
||||
return result;
|
||||
} finally {
|
||||
|
|
|
|||
|
|
@ -930,7 +930,7 @@
|
|||
<string name="msg_dc_error_extract_key">Unbekannter Fehler bei Schlüsselentsperrung!</string>
|
||||
<string name="msg_dc_error_integrity_check">Integritätsprüfungsfehler!</string>
|
||||
<string name="msg_dc_error_integrity_missing">Fehlende Integritätsprüfung Dies kann passieren, wenn die Verschlüsselungsanwendung veraltet ist oder durch einen Downgrade-Angriff.</string>
|
||||
<string name="msg_dc_error_invalid_siglist">Keine gültigen Signaturdaten gefunden!</string>
|
||||
<string name="msg_dc_error_invalid_data">Keine gültigen Signaturdaten gefunden!</string>
|
||||
<string name="msg_dc_error_io">Ein-/Ausgabefehler während Vorgang aufgetreten!</string>
|
||||
<string name="msg_dc_error_no_data">Keine verschlüsselten Daten in Datenstrom gefunden!</string>
|
||||
<string name="msg_dc_error_no_key">Keine verschlüsselten Daten mit bekanntem geheimen Schlüssel in Datenstrom gefunden!</string>
|
||||
|
|
|
|||
|
|
@ -929,7 +929,7 @@
|
|||
<string name="msg_dc_error_extract_key">¡Error desconocido al desbloquear clave!</string>
|
||||
<string name="msg_dc_error_integrity_check">¡Error de comprobación de integridad!</string>
|
||||
<string name="msg_dc_error_integrity_missing">¡Verificación de integridad ausente! Esto puede ocurrir porque la aplicación de cifrado no está actualizada, o debido a un ataque desactualización.</string>
|
||||
<string name="msg_dc_error_invalid_siglist">¡No se encontraron datos de firma válidos!</string>
|
||||
<string name="msg_dc_error_invalid_data">¡No se encontraron datos de firma válidos!</string>
|
||||
<string name="msg_dc_error_io">¡Se encontró Excepción de E/S durante la operación!</string>
|
||||
<string name="msg_dc_error_no_data">¡No se encontraron datos cifrados en el flujo de datos (`stream`)!</string>
|
||||
<string name="msg_dc_error_no_key">¡No se encontraron datos cifrados con clave secreta (privada) conocida en el flujo de datos (`stream`)!</string>
|
||||
|
|
|
|||
|
|
@ -929,7 +929,7 @@
|
|||
<string name="msg_dc_error_extract_key">Erreur inconnue de déverrouillage de la clef !</string>
|
||||
<string name="msg_dc_error_integrity_check">Erreur de vérification de l\'intégrité !</string>
|
||||
<string name="msg_dc_error_integrity_missing">Vérification de l\'intégrité absente ! Ceci peut arriver car l\'application n\'est pas à jour, ou à cause d\'une attaque par mise à niveau inférieur.</string>
|
||||
<string name="msg_dc_error_invalid_siglist">Aucune donnée de signature valide trouvée !</string>
|
||||
<string name="msg_dc_error_invalid_data">Aucune donnée de signature valide trouvée !</string>
|
||||
<string name="msg_dc_error_io">Une exception E/S a été rencontrée durant l\'opération !</string>
|
||||
<string name="msg_dc_error_no_data">Aucune donnée chiffrée n\'a été trouvée dans le flux !</string>
|
||||
<string name="msg_dc_error_no_key">Aucune donnée chiffrée avec une clef secrète connue n\'a été trouvée dans le flux !</string>
|
||||
|
|
|
|||
|
|
@ -914,7 +914,7 @@
|
|||
<string name="msg_dc_error_extract_key">鍵のロック解除で不明なエラー!</string>
|
||||
<string name="msg_dc_error_integrity_check">完全性チェックエラー!</string>
|
||||
<string name="msg_dc_error_integrity_missing">完全聖チェックの欠落!これは暗号化アプリケーションが期限切れになった場合、もしくは暗号強度低下攻撃がある場合に発生します。</string>
|
||||
<string name="msg_dc_error_invalid_siglist">正常な署名データが見付からなかった!</string>
|
||||
<string name="msg_dc_error_invalid_data">正常な署名データが見付からなかった!</string>
|
||||
<string name="msg_dc_error_io">操作中にIO例外に当たりました!</string>
|
||||
<string name="msg_dc_error_no_data">ストリーム中に暗号化されたデータが見付からなかった!</string>
|
||||
<string name="msg_dc_error_no_key">ストリーム中に既知の秘密鍵で暗号化されたデータが見付からなかった!</string>
|
||||
|
|
|
|||
|
|
@ -929,7 +929,7 @@
|
|||
<string name="msg_dc_error_extract_key">Onbekende fout bij ontgrendelen van sleutel!</string>
|
||||
<string name="msg_dc_error_integrity_check">Fout bij integriteitscontrole!</string>
|
||||
<string name="msg_dc_error_integrity_missing">Integriteitscheck ontbreekt! Dit kan gebeuren omdat de versleutelingsapplicatie verouderd is, of door een downgrade-aanval.</string>
|
||||
<string name="msg_dc_error_invalid_siglist">Geen geldige ondertekeningsgegevens gevonden!</string>
|
||||
<string name="msg_dc_error_invalid_data">Geen geldige ondertekeningsgegevens gevonden!</string>
|
||||
<string name="msg_dc_error_io">I/O-uitzondering tegengekomen tijdens bewerking!</string>
|
||||
<string name="msg_dc_error_no_data">Geen versleutelde gegevens gevonden!</string>
|
||||
<string name="msg_dc_error_no_key">Geen versleutelde gegevens met bekende geheime sleutel gevonden!</string>
|
||||
|
|
|
|||
|
|
@ -916,7 +916,7 @@
|
|||
<string name="msg_dc_error_extract_key">Непозната грешка откључавања кључа!</string>
|
||||
<string name="msg_dc_error_integrity_check">Грешка провере интегритета!</string>
|
||||
<string name="msg_dc_error_integrity_missing">Недостаје провера интегритета! Ово може да се деси ако је апликација за шифровање застарела, или услед напада старијег издања.</string>
|
||||
<string name="msg_dc_error_invalid_siglist">Нису нађени исправни подаци потписа!</string>
|
||||
<string name="msg_dc_error_invalid_data">Нису нађени исправни подаци потписа!</string>
|
||||
<string name="msg_dc_error_io">Наиђох на У/И изузетак током радње!</string>
|
||||
<string name="msg_dc_error_no_data">Шифровани подаци нису нађени у току!</string>
|
||||
<string name="msg_dc_error_no_key">Подаци шифровани познатим тајним кључем нису нађени у току!</string>
|
||||
|
|
|
|||
|
|
@ -511,7 +511,7 @@
|
|||
<!--Other messages used in OperationLogs-->
|
||||
<string name="msg_ek_error_not_found">找不到金鑰!</string>
|
||||
<!--Messages for DecryptVerify operation-->
|
||||
<string name="msg_dc_error_invalid_siglist">找不到有效的簽名資訊!</string>
|
||||
<string name="msg_dc_error_invalid_data">找不到有效的簽名資訊!</string>
|
||||
<string name="msg_dc">開始解密…</string>
|
||||
<!--Messages for VerifySignedLiteralData operation-->
|
||||
<!--Messages for SignEncrypt operation-->
|
||||
|
|
|
|||
|
|
@ -1039,7 +1039,7 @@
|
|||
<string name="msg_dc_error_extract_key">"Unknown error unlocking key!"</string>
|
||||
<string name="msg_dc_error_integrity_check">"Integrity check error!"</string>
|
||||
<string name="msg_dc_error_integrity_missing">"Missing integrity check! This can happen because the encrypting application is out of date, or from a downgrade attack."</string>
|
||||
<string name="msg_dc_error_invalid_siglist">"No valid signature data found!"</string>
|
||||
<string name="msg_dc_error_invalid_data">"No valid OpenPGP encrypted or signed data found!"</string>
|
||||
<string name="msg_dc_error_io">"Encountered IO Exception during operation!"</string>
|
||||
<string name="msg_dc_error_no_data">"No encrypted data found in stream!"</string>
|
||||
<string name="msg_dc_error_no_key">"No encrypted data with known secret key found in stream!"</string>
|
||||
|
|
|
|||
Loading…
Reference in New Issue