pass (encryption) key id from Decrypt*Fragment to NfcActivity

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java

@@ -289,7 +289,7 @@ public class PgpDecryptVerify {
 
                 // allow only specific keys for decryption?
                 if (mAllowedKeyIds != null) {
-                    long masterKeyId = secretEncryptionKey.getRing().getMasterKeyId();
+                    long masterKeyId = secretKeyRing.getMasterKeyId();
                     Log.d(Constants.TAG, "encData.getKeyID(): " + subKeyId);
                     Log.d(Constants.TAG, "mAllowedKeyIds: " + mAllowedKeyIds);
                     Log.d(Constants.TAG, "masterKeyId: " + masterKeyId);
@@ -418,7 +418,7 @@ public class PgpDecryptVerify {
                 log.add(LogType.MSG_DC_PENDING_NFC, indent +1);
                 DecryptVerifyResult result =
                         new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log);
-                result.setNfcState(e.encryptedSessionKey, mPassphrase);
+                result.setNfcState(secretEncryptionKey.getKeyId(), e.encryptedSessionKey, mPassphrase);
                 return result;
             }
             encryptedData = encryptedDataAsymmetric;

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java

@@ -35,6 +35,7 @@ public class DecryptVerifyResult extends OperationResult {
 
     long mKeyIdPassphraseNeeded;
 
+    long mNfcSubKeyId;
     byte[] mNfcSessionKey;
     String mNfcPassphrase;
 
@@ -49,11 +50,16 @@ public class DecryptVerifyResult extends OperationResult {
         mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
     }
 
-    public void setNfcState(byte[] sessionKey, String passphrase) {
+    public void setNfcState(long subKeyId, byte[] sessionKey, String passphrase) {
+        mNfcSubKeyId = subKeyId;
         mNfcSessionKey = sessionKey;
         mNfcPassphrase = passphrase;
     }
 
+    public long getNfcSubKeyId() {
+        return mNfcSubKeyId;
+    }
+
     public byte[] getNfcEncryptedSessionKey() {
         return mNfcSessionKey;
     }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java

@@ -216,7 +216,7 @@ public class DecryptFilesFragment extends DecryptFragment {
                             startPassphraseDialog(Constants.key.symmetric);
                         } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
                                 DecryptVerifyResult.RESULT_PENDING_NFC) {
-                            startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
                         } else {
                             throw new RuntimeException("Unhandled pending result!");
                         }
@@ -290,7 +290,7 @@ public class DecryptFilesFragment extends DecryptFragment {
                             startPassphraseDialog(Constants.key.symmetric);
                         } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
                                 DecryptVerifyResult.RESULT_PENDING_NFC) {
-                            startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
                         } else {
                             throw new RuntimeException("Unhandled pending result!");
                         }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java

@@ -89,11 +89,12 @@ public abstract class DecryptFragment extends Fragment {
         startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
     }
 
-    protected void startNfcDecrypt(String pin, byte[] encryptedSessionKey) {
+    protected void startNfcDecrypt(long subKeyId, String pin, byte[] encryptedSessionKey) {
         // build PendingIntent for Yubikey NFC operations
         Intent intent = new Intent(getActivity(), NfcActivity.class);
         intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
         intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
+        intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
         intent.putExtra(NfcActivity.EXTRA_PIN, pin);
 
         intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java

@@ -172,7 +172,7 @@ public class DecryptTextFragment extends DecryptFragment {
                             startPassphraseDialog(Constants.key.symmetric);
                         } else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
                                 DecryptVerifyResult.RESULT_PENDING_NFC) {
-                            startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+                            startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
                         } else {
                             throw new RuntimeException("Unhandled pending result!");
                         }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java

@@ -205,19 +205,6 @@ public class NfcActivity extends ActionBarActivity {
             return;
         }
 
-        // If we were supplied with a key id for checking, do so
-        if (mKeyId != null) {
-            // We always check the master key id
-            long keyId = nfcGetKeyId(mIsoDep, 0);
-            // If it's wrong, just cancel
-            if (keyId != mKeyId) {
-                toast("NFC Tag has wrong key id!");
-                setResult(RESULT_CANCELED, mServiceIntent);
-                finish();
-                return;
-            }
-        }
-
         // Command APDU for VERIFY command (page 32)
         String login =
               "00" // CLA
@@ -234,6 +221,20 @@ public class NfcActivity extends ActionBarActivity {
         }
 
         if (ACTION_SIGN_HASH.equals(mAction)) {
+
+            // If we were supplied with a key id for checking, do so
+            if (mKeyId != null) {
+                // For signing, we check the master key
+                long keyId = nfcGetKeyId(mIsoDep, 0);
+                // If it's wrong, just cancel
+                if (keyId != mKeyId) {
+                    toast("NFC Tag has wrong signing key id!");
+                    setResult(RESULT_CANCELED, mServiceIntent);
+                    finish();
+                    return;
+                }
+            }
+
             // returns signed hash
             byte[] signedHash = nfcCalculateSignature(mHashToSign, mHashAlgo);
 
@@ -252,6 +253,20 @@ public class NfcActivity extends ActionBarActivity {
             finish();
 
         } else if (ACTION_DECRYPT_SESSION_KEY.equals(mAction)) {
+
+            // If we were supplied with a key id for checking, do so
+            if (mKeyId != null) {
+                // For decryption, we check the confidentiality key
+                long keyId = nfcGetKeyId(mIsoDep, 1);
+                // If it's wrong, just cancel
+                if (keyId != mKeyId) {
+                    toast("NFC Tag has wrong encryption key id!");
+                    setResult(RESULT_CANCELED, mServiceIntent);
+                    finish();
+                    return;
+                }
+            }
+
             byte[] decryptedSessionKey = nfcDecryptSessionKey(mEncryptedSessionKey);
 
             // give data through for new service call