From b2b19d7b2bc2d10e9d3c8a713460dd0fcbd8b25c Mon Sep 17 00:00:00 2001 From: Vincent Breitmoser Date: Tue, 30 Sep 2014 02:13:43 +0200 Subject: [PATCH] pass (encryption) key id from Decrypt*Fragment to NfcActivity --- .../keychain/pgp/PgpDecryptVerify.java | 4 +- .../service/results/DecryptVerifyResult.java | 8 +++- .../keychain/ui/DecryptFilesFragment.java | 4 +- .../keychain/ui/DecryptFragment.java | 3 +- .../keychain/ui/DecryptTextFragment.java | 2 +- .../keychain/ui/NfcActivity.java | 41 +++++++++++++------ 6 files changed, 42 insertions(+), 20 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java index 9d21e89b3..b529c4309 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java @@ -289,7 +289,7 @@ public class PgpDecryptVerify { // allow only specific keys for decryption? if (mAllowedKeyIds != null) { - long masterKeyId = secretEncryptionKey.getRing().getMasterKeyId(); + long masterKeyId = secretKeyRing.getMasterKeyId(); Log.d(Constants.TAG, "encData.getKeyID(): " + subKeyId); Log.d(Constants.TAG, "mAllowedKeyIds: " + mAllowedKeyIds); Log.d(Constants.TAG, "masterKeyId: " + masterKeyId); @@ -418,7 +418,7 @@ public class PgpDecryptVerify { log.add(LogType.MSG_DC_PENDING_NFC, indent +1); DecryptVerifyResult result = new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log); - result.setNfcState(e.encryptedSessionKey, mPassphrase); + result.setNfcState(secretEncryptionKey.getKeyId(), e.encryptedSessionKey, mPassphrase); return result; } encryptedData = encryptedDataAsymmetric; diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java index 4a0aec548..7fa1b7363 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java @@ -35,6 +35,7 @@ public class DecryptVerifyResult extends OperationResult { long mKeyIdPassphraseNeeded; + long mNfcSubKeyId; byte[] mNfcSessionKey; String mNfcPassphrase; @@ -49,11 +50,16 @@ public class DecryptVerifyResult extends OperationResult { mKeyIdPassphraseNeeded = keyIdPassphraseNeeded; } - public void setNfcState(byte[] sessionKey, String passphrase) { + public void setNfcState(long subKeyId, byte[] sessionKey, String passphrase) { + mNfcSubKeyId = subKeyId; mNfcSessionKey = sessionKey; mNfcPassphrase = passphrase; } + public long getNfcSubKeyId() { + return mNfcSubKeyId; + } + public byte[] getNfcEncryptedSessionKey() { return mNfcSessionKey; } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java index 6a2fe6f14..2cc7b0bbb 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java @@ -216,7 +216,7 @@ public class DecryptFilesFragment extends DecryptFragment { startPassphraseDialog(Constants.key.symmetric); } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) == DecryptVerifyResult.RESULT_PENDING_NFC) { - startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); + startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); } else { throw new RuntimeException("Unhandled pending result!"); } @@ -290,7 +290,7 @@ public class DecryptFilesFragment extends DecryptFragment { startPassphraseDialog(Constants.key.symmetric); } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) == DecryptVerifyResult.RESULT_PENDING_NFC) { - startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); + startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); } else { throw new RuntimeException("Unhandled pending result!"); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java index c4c6c383e..31a307194 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java @@ -89,11 +89,12 @@ public abstract class DecryptFragment extends Fragment { startActivityForResult(intent, REQUEST_CODE_PASSPHRASE); } - protected void startNfcDecrypt(String pin, byte[] encryptedSessionKey) { + protected void startNfcDecrypt(long subKeyId, String pin, byte[] encryptedSessionKey) { // build PendingIntent for Yubikey NFC operations Intent intent = new Intent(getActivity(), NfcActivity.class); intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY); intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService + intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId); intent.putExtra(NfcActivity.EXTRA_PIN, pin); intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java index d69778fa0..134d26c8c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java @@ -172,7 +172,7 @@ public class DecryptTextFragment extends DecryptFragment { startPassphraseDialog(Constants.key.symmetric); } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) == DecryptVerifyResult.RESULT_PENDING_NFC) { - startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); + startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey()); } else { throw new RuntimeException("Unhandled pending result!"); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java index 163e9b253..4750d9840 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java @@ -205,19 +205,6 @@ public class NfcActivity extends ActionBarActivity { return; } - // If we were supplied with a key id for checking, do so - if (mKeyId != null) { - // We always check the master key id - long keyId = nfcGetKeyId(mIsoDep, 0); - // If it's wrong, just cancel - if (keyId != mKeyId) { - toast("NFC Tag has wrong key id!"); - setResult(RESULT_CANCELED, mServiceIntent); - finish(); - return; - } - } - // Command APDU for VERIFY command (page 32) String login = "00" // CLA @@ -234,6 +221,20 @@ public class NfcActivity extends ActionBarActivity { } if (ACTION_SIGN_HASH.equals(mAction)) { + + // If we were supplied with a key id for checking, do so + if (mKeyId != null) { + // For signing, we check the master key + long keyId = nfcGetKeyId(mIsoDep, 0); + // If it's wrong, just cancel + if (keyId != mKeyId) { + toast("NFC Tag has wrong signing key id!"); + setResult(RESULT_CANCELED, mServiceIntent); + finish(); + return; + } + } + // returns signed hash byte[] signedHash = nfcCalculateSignature(mHashToSign, mHashAlgo); @@ -252,6 +253,20 @@ public class NfcActivity extends ActionBarActivity { finish(); } else if (ACTION_DECRYPT_SESSION_KEY.equals(mAction)) { + + // If we were supplied with a key id for checking, do so + if (mKeyId != null) { + // For decryption, we check the confidentiality key + long keyId = nfcGetKeyId(mIsoDep, 1); + // If it's wrong, just cancel + if (keyId != mKeyId) { + toast("NFC Tag has wrong encryption key id!"); + setResult(RESULT_CANCELED, mServiceIntent); + finish(); + return; + } + } + byte[] decryptedSessionKey = nfcDecryptSessionKey(mEncryptedSessionKey); // give data through for new service call