Merge branch 'master' of github.com:open-keychain/open-keychain

This commit is contained in:
Dominik Schürmann 2014-09-24 01:49:50 +02:00
commit f7d49a48cb
5 changed files with 62 additions and 32 deletions

View File

@ -199,14 +199,6 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo, byte[] nfcSignedHash, private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo, byte[] nfcSignedHash,
Date nfcCreationTimestamp) { Date nfcCreationTimestamp) {
if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) { if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
// to sign using nfc PgpSignEncrypt is executed two times.
// the first time it stops to return the PendingIntent for nfc connection and signing the hash
// the second time the signed hash is used.
// to get the same hash we cache the timestamp for the second round!
if (nfcCreationTimestamp == null) {
nfcCreationTimestamp = new Date();
}
// use synchronous "NFC based" SignerBuilder // use synchronous "NFC based" SignerBuilder
return new NfcSyncPGPContentSignerBuilder( return new NfcSyncPGPContentSignerBuilder(
mSecretKey.getPublicKey().getAlgorithm(), hashAlgo, mSecretKey.getPublicKey().getAlgorithm(), hashAlgo,
@ -226,6 +218,20 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) { if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
throw new PrivateKeyNotUnlockedException(); throw new PrivateKeyNotUnlockedException();
} }
if (nfcSignedHash != null && nfcCreationTimestamp == null) {
throw new PgpGeneralException("Got nfc hash without timestamp!!");
}
// We explicitly create a signature creation timestamp in this place.
// That way, we can inject an artificial one from outside, ie the one
// used in previous runs of this function.
if (nfcCreationTimestamp == null) {
// to sign using nfc PgpSignEncrypt is executed two times.
// the first time it stops to return the PendingIntent for nfc connection and signing the hash
// the second time the signed hash is used.
// to get the same hash we cache the timestamp for the second round!
nfcCreationTimestamp = new Date();
}
PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgo, PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgo,
nfcSignedHash, nfcCreationTimestamp); nfcSignedHash, nfcCreationTimestamp);
@ -244,10 +250,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator(); PGPSignatureSubpacketGenerator spGen = new PGPSignatureSubpacketGenerator();
spGen.setSignerUserID(false, mRing.getPrimaryUserIdWithFallback()); spGen.setSignerUserID(false, mRing.getPrimaryUserIdWithFallback());
if (nfcCreationTimestamp != null) { spGen.setSignatureCreationTime(false, nfcCreationTimestamp);
spGen.setSignatureCreationTime(false, nfcCreationTimestamp);
Log.d(Constants.TAG, "For NFC: set sig creation time to " + nfcCreationTimestamp);
}
signatureGenerator.setHashedSubpackets(spGen.generate()); signatureGenerator.setHashedSubpackets(spGen.generate());
return signatureGenerator; return signatureGenerator;
} catch (PGPException e) { } catch (PGPException e) {

View File

@ -77,6 +77,7 @@ import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date;
import java.util.List; import java.util.List;
import java.util.concurrent.atomic.AtomicBoolean; import java.util.concurrent.atomic.AtomicBoolean;
@ -133,6 +134,8 @@ public class KeychainIntentService extends IntentService implements Progressable
// encrypt // encrypt
public static final String ENCRYPT_SIGNATURE_MASTER_ID = "secret_key_id"; public static final String ENCRYPT_SIGNATURE_MASTER_ID = "secret_key_id";
public static final String ENCRYPT_SIGNATURE_KEY_PASSPHRASE = "secret_key_passphrase"; public static final String ENCRYPT_SIGNATURE_KEY_PASSPHRASE = "secret_key_passphrase";
public static final String ENCRYPT_SIGNATURE_NFC_TIMESTAMP = "signature_nfc_timestamp";
public static final String ENCRYPT_SIGNATURE_NFC_HASH = "signature_nfc_hash";
public static final String ENCRYPT_USE_ASCII_ARMOR = "use_ascii_armor"; public static final String ENCRYPT_USE_ASCII_ARMOR = "use_ascii_armor";
public static final String ENCRYPT_ENCRYPTION_KEYS_IDS = "encryption_keys_ids"; public static final String ENCRYPT_ENCRYPTION_KEYS_IDS = "encryption_keys_ids";
public static final String ENCRYPT_COMPRESSION_ID = "compression_id"; public static final String ENCRYPT_COMPRESSION_ID = "compression_id";
@ -256,6 +259,10 @@ public class KeychainIntentService extends IntentService implements Progressable
long sigMasterKeyId = data.getLong(ENCRYPT_SIGNATURE_MASTER_ID); long sigMasterKeyId = data.getLong(ENCRYPT_SIGNATURE_MASTER_ID);
String sigKeyPassphrase = data.getString(ENCRYPT_SIGNATURE_KEY_PASSPHRASE); String sigKeyPassphrase = data.getString(ENCRYPT_SIGNATURE_KEY_PASSPHRASE);
byte[] nfcHash = data.getByteArray(ENCRYPT_SIGNATURE_NFC_HASH);
Date nfcTimestamp = (Date) data.getSerializable(ENCRYPT_SIGNATURE_NFC_TIMESTAMP);
String symmetricPassphrase = data.getString(ENCRYPT_SYMMETRIC_PASSPHRASE); String symmetricPassphrase = data.getString(ENCRYPT_SYMMETRIC_PASSPHRASE);
boolean useAsciiArmor = data.getBoolean(ENCRYPT_USE_ASCII_ARMOR); boolean useAsciiArmor = data.getBoolean(ENCRYPT_USE_ASCII_ARMOR);
@ -296,6 +303,10 @@ public class KeychainIntentService extends IntentService implements Progressable
.setSignatureHashAlgorithm( .setSignatureHashAlgorithm(
Preferences.getPreferences(this).getDefaultHashAlgorithm()) Preferences.getPreferences(this).getDefaultHashAlgorithm())
.setAdditionalEncryptId(sigMasterKeyId); .setAdditionalEncryptId(sigMasterKeyId);
if (nfcHash != null && nfcTimestamp != null) {
builder.setNfcState(nfcHash, nfcTimestamp);
}
} catch (PgpGeneralException e) { } catch (PgpGeneralException e) {
// encrypt-only // encrypt-only
// TODO Just silently drop the requested signature? Shouldn't we throw here? // TODO Just silently drop the requested signature? Shouldn't we throw here?

View File

@ -4,6 +4,8 @@ import android.content.Intent;
import org.sufficientlysecure.keychain.nfc.NfcActivity; import org.sufficientlysecure.keychain.nfc.NfcActivity;
import java.util.Date;
public class EncryptActivity extends DrawerActivity { public class EncryptActivity extends DrawerActivity {
public static final int REQUEST_CODE_PASSPHRASE = 0x00008001; public static final int REQUEST_CODE_PASSPHRASE = 0x00008001;
@ -19,9 +21,10 @@ public class EncryptActivity extends DrawerActivity {
// build PendingIntent for Yubikey NFC operations // build PendingIntent for Yubikey NFC operations
Intent intent = new Intent(this, NfcActivity.class); Intent intent = new Intent(this, NfcActivity.class);
intent.setAction(NfcActivity.ACTION_SIGN_HASH); intent.setAction(NfcActivity.ACTION_SIGN_HASH);
// pass params through to activity that it can be returned again later to repeat pgp operation
intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
intent.putExtra(NfcActivity.EXTRA_PIN, pin); intent.putExtra(NfcActivity.EXTRA_PIN, pin);
intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign); intent.putExtra(NfcActivity.EXTRA_NFC_HASH_TO_SIGN, hashToSign);
intent.putExtra(NfcActivity.EXTRA_NFC_HASH_ALGO, hashAlgo); intent.putExtra(NfcActivity.EXTRA_NFC_HASH_ALGO, hashAlgo);
intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP); intent.addFlags(Intent.FLAG_ACTIVITY_SINGLE_TOP | Intent.FLAG_ACTIVITY_CLEAR_TOP);

View File

@ -28,6 +28,7 @@ import android.support.v4.app.Fragment;
import android.view.Menu; import android.view.Menu;
import android.view.MenuItem; import android.view.MenuItem;
import org.openintents.openpgp.util.OpenPgpApi;
import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R; import org.sufficientlysecure.keychain.R;
import org.sufficientlysecure.keychain.api.OpenKeychainIntents; import org.sufficientlysecure.keychain.api.OpenKeychainIntents;
@ -42,6 +43,7 @@ import org.sufficientlysecure.keychain.util.Log;
import org.sufficientlysecure.keychain.ui.util.Notify; import org.sufficientlysecure.keychain.ui.util.Notify;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Date;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
@ -70,6 +72,8 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
// TODO Constants.key.none? What's wrong with a null value? // TODO Constants.key.none? What's wrong with a null value?
private long mSigningKeyId = Constants.key.none; private long mSigningKeyId = Constants.key.none;
private String mSigningKeyPassphrase = null; private String mSigningKeyPassphrase = null;
private Date mNfcTimestamp = null;
private byte[] mNfcHash = null;
private String mPassphrase = ""; private String mPassphrase = "";
private boolean mShareAfterEncrypt = false; private boolean mShareAfterEncrypt = false;
private ArrayList<Uri> mInputUris; private ArrayList<Uri> mInputUris;
@ -202,28 +206,31 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
} else if ((pgpResult.getResult() & SignEncryptResult.RESULT_PENDING_NFC) == } else if ((pgpResult.getResult() & SignEncryptResult.RESULT_PENDING_NFC) ==
SignEncryptResult.RESULT_PENDING_NFC) { SignEncryptResult.RESULT_PENDING_NFC) {
// use after nfc sign mNfcTimestamp = pgpResult.getNfcTimestamp();
//// data.putExtra(OpenPgpApi.EXTRA_NFC_SIG_CREATION_TIMESTAMP, result.getNfcTimestamp().getTime());
startNfcSign("123456", pgpResult.getNfcHash(), pgpResult.getNfcAlgo()); startNfcSign("123456", pgpResult.getNfcHash(), pgpResult.getNfcAlgo());
} else { } else {
throw new RuntimeException("Unhandled pending result!"); throw new RuntimeException("Unhandled pending result!");
} }
} else if (pgpResult.success()) { } else {
if (mShareAfterEncrypt) { if (pgpResult.success()) {
// Share encrypted message/file if (mShareAfterEncrypt) {
startActivity(sendWithChooserExcludingEncrypt(message)); // Share encrypted message/file
startActivity(sendWithChooserExcludingEncrypt(message));
} else {
// Copy to clipboard
copyToClipboard(message);
pgpResult.createNotify(EncryptTextActivity.this).show();
// Notify.showNotify(EncryptTextActivity.this,
// R.string.encrypt_sign_clipboard_successful, Notify.Style.INFO);
}
} else { } else {
// Copy to clipboard
copyToClipboard(message);
pgpResult.createNotify(EncryptTextActivity.this).show(); pgpResult.createNotify(EncryptTextActivity.this).show();
// Notify.showNotify(EncryptTextActivity.this,
// R.string.encrypt_sign_clipboard_successful, Notify.Style.INFO);
} }
// reset parameters, TODO: better state saving? // no matter the result, reset parameters
mSigningKeyPassphrase = null; mSigningKeyPassphrase = null;
} else { mNfcHash = null;
pgpResult.createNotify(EncryptTextActivity.this).show(); mNfcTimestamp = null;
} }
} }
} }
@ -253,7 +260,7 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
case REQUEST_CODE_NFC: { case REQUEST_CODE_NFC: {
if (resultCode == RESULT_OK && data != null) { if (resultCode == RESULT_OK && data != null) {
mNfcHash = data.getByteArrayExtra(OpenPgpApi.EXTRA_NFC_SIGNED_HASH);
startEncrypt(); startEncrypt();
return; return;
} }
@ -292,6 +299,8 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv
data.putLongArray(KeychainIntentService.ENCRYPT_ENCRYPTION_KEYS_IDS, mEncryptionKeyIds); data.putLongArray(KeychainIntentService.ENCRYPT_ENCRYPTION_KEYS_IDS, mEncryptionKeyIds);
data.putString(KeychainIntentService.ENCRYPT_SIGNATURE_KEY_PASSPHRASE, mSigningKeyPassphrase); data.putString(KeychainIntentService.ENCRYPT_SIGNATURE_KEY_PASSPHRASE, mSigningKeyPassphrase);
data.putLongArray(KeychainIntentService.ENCRYPT_SIGNATURE_KEY_PASSPHRASE, mEncryptionKeyIds); data.putLongArray(KeychainIntentService.ENCRYPT_SIGNATURE_KEY_PASSPHRASE, mEncryptionKeyIds);
data.putSerializable(KeychainIntentService.ENCRYPT_SIGNATURE_NFC_TIMESTAMP, mNfcTimestamp);
data.putByteArray(KeychainIntentService.ENCRYPT_SIGNATURE_NFC_HASH, mNfcHash);
} }
return data; return data;
} }

View File

@ -88,11 +88,15 @@ public class ListAwareSwipeRefreshLayout extends NoScrollableSwipeRefreshLayout
*/ */
@Override @Override
public boolean onTouchEvent(MotionEvent event) { public boolean onTouchEvent(MotionEvent event) {
float ratioX = event.getX() / event.getDevice().getMotionRange(MotionEvent.AXIS_X).getMax(); // The device may be null. This actually happens
float ratioY = event.getY() / event.getDevice().getMotionRange(MotionEvent.AXIS_Y).getMax(); if (event.getDevice() != null) {
// if this is the upper right corner, don't handle as pull to refresh event // MotionEvent.AXIS_X is api level 12, for some reason, so we use a constant 0 here
if (ratioX > 0.85f && ratioY < 0.15f) { float ratioX = event.getX() / event.getDevice().getMotionRange(0).getMax();
return false; float ratioY = event.getY() / event.getDevice().getMotionRange(1).getMax();
// if this is the upper right corner, don't handle as pull to refresh event
if (ratioX > 0.85f && ratioY < 0.15f) {
return false;
}
} }
return super.onTouchEvent(event); return super.onTouchEvent(event);
} }