Add check that proof & database fingerprints are the same

This commit is contained in:
Tim Bray 2014-11-21 19:44:05 -08:00
parent bbbc45e4e9
commit e72c082acd
2 changed files with 8 additions and 4 deletions

View File

@ -336,7 +336,8 @@ public class PgpDecryptVerify extends BaseOperation {
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build(); OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
|| signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) { && signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
Log.d(Constants.TAG, "STATUS IS " + signatureResult.getStatus());
log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent); log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent);
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
} }

View File

@ -30,7 +30,6 @@ import com.textuality.keybase.lib.Proof;
import com.textuality.keybase.lib.prover.Prover; import com.textuality.keybase.lib.prover.Prover;
import org.json.JSONObject; import org.json.JSONObject;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.spongycastle.openpgp.PGPUtil; import org.spongycastle.openpgp.PGPUtil;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.R;
@ -324,6 +323,11 @@ public class KeychainIntentService extends IntentService implements Progressable
sendProofError(prover.getLog(), getString(R.string.keybase_problem_fetching_evidence)); sendProofError(prover.getLog(), getString(R.string.keybase_problem_fetching_evidence));
return; return;
} }
String requiredFingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
if (!prover.checkFingerprint(requiredFingerprint)) {
sendProofError(getString(R.string.keybase_key_mismatch));
return;
}
String domain = prover.dnsTxtCheckRequired(); String domain = prover.dnsTxtCheckRequired();
if (domain != null) { if (domain != null) {
@ -361,13 +365,12 @@ public class KeychainIntentService extends IntentService implements Progressable
InputData inputData = createDecryptInputData(data); InputData inputData = createDecryptInputData(data);
OutputStream outStream = createCryptOutputStream(data); OutputStream outStream = createCryptOutputStream(data);
String fingerprint = data.getString(KEYBASE_REQUIRED_FINGERPRINT);
PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder( PgpDecryptVerify.Builder builder = new PgpDecryptVerify.Builder(
this, new ProviderHelper(this), this, this, new ProviderHelper(this), this,
inputData, outStream inputData, outStream
); );
builder.setSignedLiteralData(true).setRequiredSignerFingerprint(fingerprint); builder.setSignedLiteralData(true).setRequiredSignerFingerprint(requiredFingerprint);
DecryptVerifyResult decryptVerifyResult = builder.build().execute(); DecryptVerifyResult decryptVerifyResult = builder.build().execute();
outStream.close(); outStream.close();