moparisthebest/open-keychain
1
0
Fork 0
mirror of https://github.com/moparisthebest/open-keychain synced 2024-11-27 19:22:14 -05:00
Code Issues Releases Wiki Activity

add integrity check

Browse Source
This commit is contained in:
Dominik Schürmann 2014-02-18 22:59:00 +01:00
parent 9b4245739e
commit d23950f799
2 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
OpenPGP-Keychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpOperation.java
View File

@ -118,7 +118,7 @@ public class PgpOperation {
} }
} }
public void signAndEncrypt(boolean enableAsciiArmor, int compressionId, long[] encryptionKeyIds, public void signAndEncrypt(boolean enableAsciiArmorOutput, int compressionId, long[] encryptionKeyIds,
String encryptionPassphrase, int symmetricEncryptionAlgorithm, String encryptionPassphrase, int symmetricEncryptionAlgorithm,
long signatureKeyId, int signatureHashAlgorithm, long signatureKeyId, int signatureHashAlgorithm,
boolean signatureForceV3, String signaturePassphrase) boolean signatureForceV3, String signaturePassphrase)
@ -135,7 +135,7 @@ public class PgpOperation {
int signatureType; int signatureType;
// TODO: disable when encrypting??? // TODO: disable when encrypting???
if (enableAsciiArmor && enableSignature && !enableEncryption) { if (enableAsciiArmorOutput && enableSignature && !enableEncryption) {
signatureType = PGPSignature.CANONICAL_TEXT_DOCUMENT; signatureType = PGPSignature.CANONICAL_TEXT_DOCUMENT;
} else { } else {
signatureType = PGPSignature.BINARY_DOCUMENT; signatureType = PGPSignature.BINARY_DOCUMENT;
@ -144,7 +144,7 @@ public class PgpOperation {
ArmoredOutputStream armorOut = null; ArmoredOutputStream armorOut = null;
OutputStream out; OutputStream out;
OutputStream encryptionOut = null; OutputStream encryptionOut = null;
if (enableAsciiArmor) { if (enableAsciiArmorOutput) {
armorOut = new ArmoredOutputStream(mOutStream); armorOut = new ArmoredOutputStream(mOutStream);
armorOut.setHeader("Version", PgpHelper.getFullVersion(mContext)); armorOut.setHeader("Version", PgpHelper.getFullVersion(mContext));
out = armorOut; out = armorOut;
@ -182,9 +182,11 @@ public class PgpOperation {
// encrypt and compress input file content // encrypt and compress input file content
if (enableEncryption) { if (enableEncryption) {
JcePGPDataEncryptorBuilder encryptorBuilder = new JcePGPDataEncryptorBuilder( // has Integrity packet enabled!
symmetricEncryptionAlgorithm).setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME) JcePGPDataEncryptorBuilder encryptorBuilder =
.setWithIntegrityPacket(true); new JcePGPDataEncryptorBuilder(symmetricEncryptionAlgorithm)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME)
.setWithIntegrityPacket(true);
PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(encryptorBuilder); PGPEncryptedDataGenerator cPk = new PGPEncryptedDataGenerator(encryptorBuilder);
@ -192,8 +194,8 @@ public class PgpOperation {
// Symmetric encryption // Symmetric encryption
Log.d(Constants.TAG, "encryptionKeyIds length is 0 -> symmetric encryption"); Log.d(Constants.TAG, "encryptionKeyIds length is 0 -> symmetric encryption");
JcePBEKeyEncryptionMethodGenerator symmetricEncryptionGenerator = new JcePBEKeyEncryptionMethodGenerator( JcePBEKeyEncryptionMethodGenerator symmetricEncryptionGenerator =
encryptionPassphrase.toCharArray()); new JcePBEKeyEncryptionMethodGenerator(encryptionPassphrase.toCharArray());
cPk.addMethod(symmetricEncryptionGenerator); cPk.addMethod(symmetricEncryptionGenerator);
} else { } else {
// Asymmetric encryption // Asymmetric encryption
@ -201,8 +203,8 @@ public class PgpOperation {
PGPPublicKey key = PgpKeyHelper.getEncryptPublicKey(mContext, id); PGPPublicKey key = PgpKeyHelper.getEncryptPublicKey(mContext, id);
if (key != null) { if (key != null) {
JcePublicKeyKeyEncryptionMethodGenerator pubKeyEncryptionGenerator = new JcePublicKeyKeyEncryptionMethodGenerator( JcePublicKeyKeyEncryptionMethodGenerator pubKeyEncryptionGenerator =
key); new JcePublicKeyKeyEncryptionMethodGenerator(key);
cPk.addMethod(pubKeyEncryptionGenerator); cPk.addMethod(pubKeyEncryptionGenerator);
} }
} }
@ -227,8 +229,7 @@ public class PgpOperation {
signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder);
signatureGenerator.init(signatureType, signaturePrivateKey); signatureGenerator.init(signatureType, signaturePrivateKey);
String userId = PgpKeyHelper.getMainUserId(PgpKeyHelper String userId = PgpKeyHelper.getMainUserId(PgpKeyHelper.getMasterKey(signingKeyRing));
.getMasterKey(signingKeyRing));
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
spGen.setSignerUserID(false, userId); spGen.setSignerUserID(false, userId);
signatureGenerator.setHashedSubpackets(spGen.generate()); signatureGenerator.setHashedSubpackets(spGen.generate());
@ -283,7 +284,7 @@ public class PgpOperation {
} }
literalGen.close(); literalGen.close();
} else if (enableAsciiArmor && enableSignature && !enableEncryption && !enableCompression) { } else if (enableAsciiArmorOutput && enableSignature && !enableEncryption && !enableCompression) {
/* sign-only of ascii text */ /* sign-only of ascii text */
updateProgress(R.string.progress_signing, 40, 100); updateProgress(R.string.progress_signing, 40, 100);
@ -346,7 +347,7 @@ public class PgpOperation {
compressGen.close(); compressGen.close();
} }
} }
if (enableAsciiArmor) { if (enableAsciiArmorOutput) {
armorOut.close(); armorOut.close();
} }
@ -365,6 +366,7 @@ public class PgpOperation {
} }
} }
// TODO: merge this into signAndEncrypt method!
public void generateSignature(boolean armored, boolean binary, long signatureKeyId, public void generateSignature(boolean armored, boolean binary, long signatureKeyId,
String signaturePassPhrase, int hashAlgorithm, boolean forceV3Signature) String signaturePassPhrase, int hashAlgorithm, boolean forceV3Signature)
throws PgpGeneralException, PGPException, IOException, NoSuchAlgorithmException, throws PgpGeneralException, PGPException, IOException, NoSuchAlgorithmException,
@ -732,7 +734,7 @@ public class PgpOperation {
} }
} }
// TODO: add integrity somewhere // TODO: test if this integrity really check works!
if (encryptedData.isIntegrityProtected()) { if (encryptedData.isIntegrityProtected()) {
updateProgress(R.string.progress_verifying_integrity, 95, 100); updateProgress(R.string.progress_verifying_integrity, 95, 100);
@ -740,9 +742,11 @@ public class PgpOperation {
// passed // passed
} else { } else {
// failed // failed
throw new PgpGeneralException(mContext.getString(R.string.error_integrity_check_failed));
} }
} else { } else {
// no integrity check // no integrity check
Log.e(Constants.TAG, "No integrity check!");
} }
updateProgress(R.string.progress_done, 100, 100); updateProgress(R.string.progress_done, 100, 100);

1
OpenPGP-Keychain/src/main/res/values/strings.xml
View File

@ -274,6 +274,7 @@
<string name="error_no_signature_key">no signature key given</string> <string name="error_no_signature_key">no signature key given</string>
<string name="error_invalid_data">not valid encryption data</string> <string name="error_invalid_data">not valid encryption data</string>
<string name="error_corrupt_data">corrupt data</string> <string name="error_corrupt_data">corrupt data</string>
<string name="error_integrity_check_failed">integrity check failed! Data has been modified!</string>
<string name="error_no_symmetric_encryption_packet">couldn\'t find a packet with symmetric encryption</string> <string name="error_no_symmetric_encryption_packet">couldn\'t find a packet with symmetric encryption</string>
<string name="error_wrong_passphrase">wrong passphrase</string> <string name="error_wrong_passphrase">wrong passphrase</string>
<string name="error_saving_keys">error saving some keys</string> <string name="error_saving_keys">error saving some keys</string>