Remove support for V3 signatures

This commit is contained in:
Dominik Schürmann 2014-07-22 18:24:12 +02:00
parent e4e8bc5e07
commit bf10eb91b7
9 changed files with 17 additions and 162 deletions

View File

@ -65,7 +65,6 @@ public final class Constants {
public static final String DEFAULT_FILE_COMPRESSION = "defaultFileCompression"; public static final String DEFAULT_FILE_COMPRESSION = "defaultFileCompression";
public static final String PASSPHRASE_CACHE_TTL = "passphraseCacheTtl"; public static final String PASSPHRASE_CACHE_TTL = "passphraseCacheTtl";
public static final String LANGUAGE = "language"; public static final String LANGUAGE = "language";
public static final String FORCE_V3_SIGNATURES = "forceV3Signatures";
public static final String KEY_SERVERS = "keyServers"; public static final String KEY_SERVERS = "keyServers";
public static final String KEY_SERVERS_DEFAULT_VERSION = "keyServersDefaultVersion"; public static final String KEY_SERVERS_DEFAULT_VERSION = "keyServersDefaultVersion";
public static final String CONCEAL_PGP_APPLICATION = "concealPgpApplication"; public static final String CONCEAL_PGP_APPLICATION = "concealPgpApplication";

View File

@ -129,16 +129,6 @@ public class Preferences {
editor.commit(); editor.commit();
} }
public boolean getForceV3Signatures() {
return mSharedPreferences.getBoolean(Constants.Pref.FORCE_V3_SIGNATURES, false);
}
public void setForceV3Signatures(boolean value) {
SharedPreferences.Editor editor = mSharedPreferences.edit();
editor.putBoolean(Constants.Pref.FORCE_V3_SIGNATURES, value);
editor.commit();
}
public boolean getFirstTime() { public boolean getFirstTime() {
return mSharedPreferences.getBoolean(Constants.Pref.FIRST_TIME, true); return mSharedPreferences.getBoolean(Constants.Pref.FIRST_TIME, true);
} }

View File

@ -26,7 +26,6 @@ import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPLiteralData; import org.spongycastle.openpgp.PGPLiteralData;
import org.spongycastle.openpgp.PGPLiteralDataGenerator; import org.spongycastle.openpgp.PGPLiteralDataGenerator;
import org.spongycastle.openpgp.PGPSignatureGenerator; import org.spongycastle.openpgp.PGPSignatureGenerator;
import org.spongycastle.openpgp.PGPV3SignatureGenerator;
import org.spongycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator; import org.spongycastle.openpgp.operator.jcajce.JcePBEKeyEncryptionMethodGenerator;
import org.spongycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder; import org.spongycastle.openpgp.operator.jcajce.JcePGPDataEncryptorBuilder;
import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder; import org.spongycastle.openpgp.operator.jcajce.NfcSyncPGPContentSignerBuilder;
@ -68,7 +67,6 @@ public class PgpSignEncrypt {
private int mSymmetricEncryptionAlgorithm; private int mSymmetricEncryptionAlgorithm;
private long mSignatureMasterKeyId; private long mSignatureMasterKeyId;
private int mSignatureHashAlgorithm; private int mSignatureHashAlgorithm;
private boolean mSignatureForceV3;
private String mSignaturePassphrase; private String mSignaturePassphrase;
private boolean mEncryptToSigner; private boolean mEncryptToSigner;
private boolean mCleartextInput; private boolean mCleartextInput;
@ -101,7 +99,6 @@ public class PgpSignEncrypt {
this.mSymmetricEncryptionAlgorithm = builder.mSymmetricEncryptionAlgorithm; this.mSymmetricEncryptionAlgorithm = builder.mSymmetricEncryptionAlgorithm;
this.mSignatureMasterKeyId = builder.mSignatureMasterKeyId; this.mSignatureMasterKeyId = builder.mSignatureMasterKeyId;
this.mSignatureHashAlgorithm = builder.mSignatureHashAlgorithm; this.mSignatureHashAlgorithm = builder.mSignatureHashAlgorithm;
this.mSignatureForceV3 = builder.mSignatureForceV3;
this.mSignaturePassphrase = builder.mSignaturePassphrase; this.mSignaturePassphrase = builder.mSignaturePassphrase;
this.mEncryptToSigner = builder.mEncryptToSigner; this.mEncryptToSigner = builder.mEncryptToSigner;
this.mCleartextInput = builder.mCleartextInput; this.mCleartextInput = builder.mCleartextInput;
@ -125,7 +122,6 @@ public class PgpSignEncrypt {
private int mSymmetricEncryptionAlgorithm = 0; private int mSymmetricEncryptionAlgorithm = 0;
private long mSignatureMasterKeyId = Constants.key.none; private long mSignatureMasterKeyId = Constants.key.none;
private int mSignatureHashAlgorithm = 0; private int mSignatureHashAlgorithm = 0;
private boolean mSignatureForceV3 = false;
private String mSignaturePassphrase = null; private String mSignaturePassphrase = null;
private boolean mEncryptToSigner = false; private boolean mEncryptToSigner = false;
private boolean mCleartextInput = false; private boolean mCleartextInput = false;
@ -180,17 +176,6 @@ public class PgpSignEncrypt {
return this; return this;
} }
/**
* Generate old V3 signatures
*
* @param signatureForceV3
* @return
*/
public Builder setSignatureForceV3(boolean signatureForceV3) {
mSignatureForceV3 = signatureForceV3;
return this;
}
public Builder setSignaturePassphrase(String signaturePassphrase) { public Builder setSignaturePassphrase(String signaturePassphrase) {
mSignaturePassphrase = signaturePassphrase; mSignaturePassphrase = signaturePassphrase;
return this; return this;
@ -367,19 +352,13 @@ public class PgpSignEncrypt {
/* Initialize signature generator object for later usage */ /* Initialize signature generator object for later usage */
PGPSignatureGenerator signatureGenerator = null; PGPSignatureGenerator signatureGenerator = null;
PGPV3SignatureGenerator signatureV3Generator = null;
if (enableSignature) { if (enableSignature) {
updateProgress(R.string.progress_preparing_signature, 10, 100); updateProgress(R.string.progress_preparing_signature, 10, 100);
try { try {
boolean cleartext = mCleartextInput && mEnableAsciiArmorOutput && !enableEncryption; boolean cleartext = mCleartextInput && mEnableAsciiArmorOutput && !enableEncryption;
if (mSignatureForceV3) { signatureGenerator = signingKey.getSignatureGenerator(
signatureV3Generator = signingKey.getV3SignatureGenerator( mSignatureHashAlgorithm, cleartext, mNfcSignedHash, mNfcCreationTimestamp);
mSignatureHashAlgorithm, cleartext);
} else {
signatureGenerator = signingKey.getSignatureGenerator(
mSignatureHashAlgorithm, cleartext, mNfcSignedHash, mNfcCreationTimestamp);
}
} catch (PgpGeneralException e) { } catch (PgpGeneralException e) {
// TODO throw correct type of exception (which shouldn't be PGPException) // TODO throw correct type of exception (which shouldn't be PGPException)
throw new KeyExtractionException(); throw new KeyExtractionException();
@ -414,11 +393,7 @@ public class PgpSignEncrypt {
} }
if (enableSignature) { if (enableSignature) {
if (mSignatureForceV3) { signatureGenerator.generateOnePassVersion(false).encode(bcpgOut);
signatureV3Generator.generateOnePassVersion(false).encode(bcpgOut);
} else {
signatureGenerator.generateOnePassVersion(false).encode(bcpgOut);
}
} }
PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator(); PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
@ -436,11 +411,7 @@ public class PgpSignEncrypt {
// update signature buffer if signature is requested // update signature buffer if signature is requested
if (enableSignature) { if (enableSignature) {
if (mSignatureForceV3) { signatureGenerator.update(buffer, 0, n);
signatureV3Generator.update(buffer, 0, n);
} else {
signatureGenerator.update(buffer, 0, n);
}
} }
progress += n; progress += n;
@ -462,11 +433,7 @@ public class PgpSignEncrypt {
final BufferedReader reader = new BufferedReader(new InputStreamReader(in)); final BufferedReader reader = new BufferedReader(new InputStreamReader(in));
// update signature buffer with first line // update signature buffer with first line
if (mSignatureForceV3) { processLine(reader.readLine(), armorOut, signatureGenerator);
processLineV3(reader.readLine(), armorOut, signatureV3Generator);
} else {
processLine(reader.readLine(), armorOut, signatureGenerator);
}
while (true) { while (true) {
String line = reader.readLine(); String line = reader.readLine();
@ -480,13 +447,8 @@ public class PgpSignEncrypt {
armorOut.write(NEW_LINE); armorOut.write(NEW_LINE);
// update signature buffer with input line // update signature buffer with input line
if (mSignatureForceV3) { signatureGenerator.update(NEW_LINE);
signatureV3Generator.update(NEW_LINE); processLine(line, armorOut, signatureGenerator);
processLineV3(line, armorOut, signatureV3Generator);
} else {
signatureGenerator.update(NEW_LINE);
processLine(line, armorOut, signatureGenerator);
}
} }
armorOut.endClearText(); armorOut.endClearText();
@ -506,11 +468,7 @@ public class PgpSignEncrypt {
bcpgOut = new BCPGOutputStream(out); bcpgOut = new BCPGOutputStream(out);
} }
if (mSignatureForceV3) { signatureGenerator.generateOnePassVersion(false).encode(bcpgOut);
signatureV3Generator.generateOnePassVersion(false).encode(bcpgOut);
} else {
signatureGenerator.generateOnePassVersion(false).encode(bcpgOut);
}
PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator(); PGPLiteralDataGenerator literalGen = new PGPLiteralDataGenerator();
// file name not needed, so empty string // file name not needed, so empty string
@ -522,11 +480,7 @@ public class PgpSignEncrypt {
while ((n = in.read(buffer)) > 0) { while ((n = in.read(buffer)) > 0) {
pOut.write(buffer, 0, n); pOut.write(buffer, 0, n);
if (mSignatureForceV3) { signatureGenerator.update(buffer, 0, n);
signatureV3Generator.update(buffer, 0, n);
} else {
signatureGenerator.update(buffer, 0, n);
}
} }
literalGen.close(); literalGen.close();
@ -537,15 +491,11 @@ public class PgpSignEncrypt {
if (enableSignature) { if (enableSignature) {
updateProgress(R.string.progress_generating_signature, 95, 100); updateProgress(R.string.progress_generating_signature, 95, 100);
if (mSignatureForceV3) { try {
signatureV3Generator.generate().encode(pOut); signatureGenerator.generate().encode(pOut);
} else { } catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) {
try { // this secret key diverts to a OpenPGP card, throw exception with hash that will be signed
signatureGenerator.generate().encode(pOut); throw new NeedNfcDataException(e.hashToSign, e.creationTimestamp);
} catch (NfcSyncPGPContentSignerBuilder.NfcInteractionNeeded e) {
// this secret key diverts to a OpenPGP card, throw exception with hash that will be signed
throw new NeedNfcDataException(e.hashToSign, e.creationTimestamp);
}
} }
} }
@ -595,30 +545,4 @@ public class PgpSignEncrypt {
pSignatureGenerator.update(data); pSignatureGenerator.update(data);
} }
private static void processLineV3(final String pLine, final ArmoredOutputStream pArmoredOutput,
final PGPV3SignatureGenerator pSignatureGenerator)
throws IOException, SignatureException {
if (pLine == null) {
return;
}
final char[] chars = pLine.toCharArray();
int len = chars.length;
while (len > 0) {
if (!Character.isWhitespace(chars[len - 1])) {
break;
}
len--;
}
final byte[] data = pLine.substring(0, len).getBytes("UTF-8");
if (pArmoredOutput != null) {
pArmoredOutput.write(data);
}
pSignatureGenerator.update(data);
}
} }

View File

@ -12,7 +12,6 @@ import org.spongycastle.openpgp.PGPSignatureGenerator;
import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator;
import org.spongycastle.openpgp.PGPSignatureSubpacketVector; import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
import org.spongycastle.openpgp.PGPUtil; import org.spongycastle.openpgp.PGPUtil;
import org.spongycastle.openpgp.PGPV3SignatureGenerator;
import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor; import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor;
import org.spongycastle.openpgp.operator.PGPContentSignerBuilder; import org.spongycastle.openpgp.operator.PGPContentSignerBuilder;
import org.spongycastle.openpgp.operator.PublicKeyDataDecryptorFactory; import org.spongycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
@ -174,35 +173,6 @@ public class WrappedSecretKey extends WrappedPublicKey {
} }
} }
public PGPV3SignatureGenerator getV3SignatureGenerator(int hashAlgo, boolean cleartext)
throws PgpGeneralException {
// TODO: divert to card missing
if (mPrivateKeyState != PRIVATE_KEY_STATE_UNLOCKED) {
throw new PrivateKeyNotUnlockedException();
}
// content signer based on signing key algorithm and chosen hash algorithm
JcaPGPContentSignerBuilder contentSignerBuilder = new JcaPGPContentSignerBuilder(
mSecretKey.getPublicKey().getAlgorithm(), hashAlgo)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
int signatureType;
if (cleartext) {
// for sign-only ascii text
signatureType = PGPSignature.CANONICAL_TEXT_DOCUMENT;
} else {
signatureType = PGPSignature.BINARY_DOCUMENT;
}
try {
PGPV3SignatureGenerator signatureV3Generator = new PGPV3SignatureGenerator(contentSignerBuilder);
signatureV3Generator.init(signatureType, mPrivateKey);
return signatureV3Generator;
} catch(PGPException e) {
throw new PgpGeneralException("Error initializing signature!", e);
}
}
public PublicKeyDataDecryptorFactory getDecryptorFactory() { public PublicKeyDataDecryptorFactory getDecryptorFactory() {
// TODO: divert to card missing // TODO: divert to card missing
if (mPrivateKeyState != PRIVATE_KEY_STATE_UNLOCKED) { if (mPrivateKeyState != PRIVATE_KEY_STATE_UNLOCKED) {

View File

@ -208,7 +208,6 @@ public class OpenPgpService extends RemoteService {
inputData, os); inputData, os);
builder.setEnableAsciiArmorOutput(asciiArmor) builder.setEnableAsciiArmorOutput(asciiArmor)
.setSignatureHashAlgorithm(accSettings.getHashAlgorithm()) .setSignatureHashAlgorithm(accSettings.getHashAlgorithm())
.setSignatureForceV3(false)
.setSignatureMasterKeyId(accSettings.getKeyId()) .setSignatureMasterKeyId(accSettings.getKeyId())
.setSignaturePassphrase(passphrase) .setSignaturePassphrase(passphrase)
.setNfcState(nfcSignedHash, nfcCreationTimestamp); .setNfcState(nfcSignedHash, nfcCreationTimestamp);
@ -320,7 +319,6 @@ public class OpenPgpService extends RemoteService {
// sign and encrypt // sign and encrypt
builder.setSignatureHashAlgorithm(accSettings.getHashAlgorithm()) builder.setSignatureHashAlgorithm(accSettings.getHashAlgorithm())
.setSignatureForceV3(false)
.setSignatureMasterKeyId(accSettings.getKeyId()) .setSignatureMasterKeyId(accSettings.getKeyId())
.setSignaturePassphrase(passphrase); .setSignaturePassphrase(passphrase);
} else { } else {

View File

@ -245,7 +245,6 @@ public class KeychainIntentService extends IntentService
.setCompressionId(compressionId) .setCompressionId(compressionId)
.setSymmetricEncryptionAlgorithm( .setSymmetricEncryptionAlgorithm(
Preferences.getPreferences(this).getDefaultEncryptionAlgorithm()) Preferences.getPreferences(this).getDefaultEncryptionAlgorithm())
.setSignatureForceV3(Preferences.getPreferences(this).getForceV3Signatures())
.setEncryptionMasterKeyIds(encryptionKeyIds) .setEncryptionMasterKeyIds(encryptionKeyIds)
.setSymmetricPassphrase(symmetricPassphrase) .setSymmetricPassphrase(symmetricPassphrase)
.setSignatureMasterKeyId(signatureKeyId) .setSignatureMasterKeyId(signatureKeyId)

View File

@ -118,9 +118,6 @@ public class PreferencesActivity extends PreferenceActivity {
initializeAsciiArmor( initializeAsciiArmor(
(CheckBoxPreference) findPreference(Constants.Pref.DEFAULT_ASCII_ARMOR)); (CheckBoxPreference) findPreference(Constants.Pref.DEFAULT_ASCII_ARMOR));
initializeForceV3Signatures(
(CheckBoxPreference) findPreference(Constants.Pref.FORCE_V3_SIGNATURES));
initializeConcealPgpApplication( initializeConcealPgpApplication(
(CheckBoxPreference) findPreference(Constants.Pref.CONCEAL_PGP_APPLICATION)); (CheckBoxPreference) findPreference(Constants.Pref.CONCEAL_PGP_APPLICATION));
@ -265,9 +262,6 @@ public class PreferencesActivity extends PreferenceActivity {
initializeAsciiArmor( initializeAsciiArmor(
(CheckBoxPreference) findPreference(Constants.Pref.DEFAULT_ASCII_ARMOR)); (CheckBoxPreference) findPreference(Constants.Pref.DEFAULT_ASCII_ARMOR));
initializeForceV3Signatures(
(CheckBoxPreference) findPreference(Constants.Pref.FORCE_V3_SIGNATURES));
initializeConcealPgpApplication( initializeConcealPgpApplication(
(CheckBoxPreference) findPreference(Constants.Pref.CONCEAL_PGP_APPLICATION)); (CheckBoxPreference) findPreference(Constants.Pref.CONCEAL_PGP_APPLICATION));
} }
@ -391,18 +385,6 @@ public class PreferencesActivity extends PreferenceActivity {
}); });
} }
private static void initializeForceV3Signatures(final CheckBoxPreference mForceV3Signatures) {
mForceV3Signatures.setChecked(sPreferences.getForceV3Signatures());
mForceV3Signatures
.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {
public boolean onPreferenceChange(Preference preference, Object newValue) {
mForceV3Signatures.setChecked((Boolean) newValue);
sPreferences.setForceV3Signatures((Boolean) newValue);
return false;
}
});
}
private static void initializeConcealPgpApplication(final CheckBoxPreference mConcealPgpApplication) { private static void initializeConcealPgpApplication(final CheckBoxPreference mConcealPgpApplication) {
mConcealPgpApplication.setChecked(sPreferences.getConcealPgpApplication()); mConcealPgpApplication.setChecked(sPreferences.getConcealPgpApplication());
mConcealPgpApplication.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() { mConcealPgpApplication.setOnPreferenceChangeListener(new Preference.OnPreferenceChangeListener() {

View File

@ -122,7 +122,6 @@
<string name="label_passphrase_cache_ttl">Passphrase Cache</string> <string name="label_passphrase_cache_ttl">Passphrase Cache</string>
<string name="label_message_compression">Message Compression</string> <string name="label_message_compression">Message Compression</string>
<string name="label_file_compression">File Compression</string> <string name="label_file_compression">File Compression</string>
<string name="label_force_v3_signature">Force old OpenPGPv3 Signatures</string>
<string name="label_keyservers">Keyservers</string> <string name="label_keyservers">Keyservers</string>
<string name="label_key_id">Key ID</string> <string name="label_key_id">Key ID</string>
<string name="label_creation">Creation</string> <string name="label_creation">Creation</string>

View File

@ -16,7 +16,7 @@
--> -->
<PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android"> <PreferenceScreen xmlns:android="http://schemas.android.com/apk/res/android">
<PreferenceCategory android:title="@string/section_defaults" > <PreferenceCategory android:title="@string/section_defaults">
<org.sufficientlysecure.keychain.ui.widget.IntegerListPreference <org.sufficientlysecure.keychain.ui.widget.IntegerListPreference
android:key="defaultEncryptionAlgorithm" android:key="defaultEncryptionAlgorithm"
android:persistent="false" android:persistent="false"
@ -33,22 +33,16 @@
android:key="defaultFileCompression" android:key="defaultFileCompression"
android:persistent="false" android:persistent="false"
android:title="@string/label_file_compression" /> android:title="@string/label_file_compression" />
<CheckBoxPreference <CheckBoxPreference
android:key="defaultAsciiArmor" android:key="defaultAsciiArmor"
android:persistent="false" android:persistent="false"
android:title="@string/label_ascii_armor" /> android:title="@string/label_ascii_armor" />
</PreferenceCategory>
<PreferenceCategory android:title="@string/section_advanced">
<CheckBoxPreference <CheckBoxPreference
android:key="concealPgpApplication" android:key="concealPgpApplication"
android:persistent="false" android:persistent="false"
android:title="@string/label_conceal_pgp_application" android:title="@string/label_conceal_pgp_application"
android:summary="@string/label_conceal_pgp_application_summary" /> android:summary="@string/label_conceal_pgp_application_summary" />
</PreferenceCategory> </PreferenceCategory>
<PreferenceCategory android:title="@string/section_advanced" >
<CheckBoxPreference
android:key="forceV3Signatures"
android:persistent="false"
android:title="@string/label_force_v3_signature"/>
</PreferenceCategory>
</PreferenceScreen> </PreferenceScreen>