diff options
| author | Ashley Hughes <spirit.returned@gmail.com> | 2014-01-15 00:41:18 +0000 |
|---|---|---|
| committer | Ashley Hughes <spirit.returned@gmail.com> | 2014-01-15 00:41:18 +0000 |
| commit | 0bca0a4b08fc0be62c64d7f8b8185cf6db620ead (patch) | |
| tree | 2823136b76ae722ee3728365832cc587ba03d8ad | |
| parent | c95a52c07041371f54d6315bddc8a60fcac69245 (diff) | |
| download | open-keychain-0bca0a4b08fc0be62c64d7f8b8185cf6db620ead.tar.gz open-keychain-0bca0a4b08fc0be62c64d7f8b8185cf6db620ead.tar.bz2 open-keychain-0bca0a4b08fc0be62c64d7f8b8185cf6db620ead.zip | |
always check binding when verifying
| -rw-r--r-- | OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java | 30 |
1 files changed, 18 insertions, 12 deletions
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java index 90934cbd9..de1973702 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java @@ -764,11 +764,11 @@ public class PgpOperation { PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject(); PGPSignature messageSignature = signatureList.get(signatureIndex); - if (signature.verify(messageSignature)) { - returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, true); - } else { - returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, false); - } + + //Now check binding signatures + boolean keyBinding_isok = verifyKeyBinding(mContext, messageSignature, signatureKey); + boolean sig_isok = signature.verify(messageSignature); + returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, keyBinding_isok & sig_isok); } } @@ -897,9 +897,18 @@ public class PgpOperation { boolean sig_isok = signature.verify(); //Now check binding signatures - boolean keyBinding_isok = false; + boolean keyBinding_isok = verifyKeyBinding(mContext, signature, signatureKey); + + returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok); + + updateProgress(R.string.progress_done, 100, 100); + return returnData; + } - signatureKeyId = signature.getKeyID(); + public boolean verifyKeyBinding(Context mContext, PGPSignature signature, PGPPublicKey signatureKey) + { + long signatureKeyId = signature.getKeyID(); + boolean keyBinding_isok = false; String userId = null; PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext, signatureKeyId); @@ -912,13 +921,10 @@ public class PgpOperation { } else { //if the key used to make the signature was the master key, no need to check binding sigs keyBinding_isok = true; } - returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok); - - updateProgress(R.string.progress_done, 100, 100); - return returnData; + return keyBinding_isok; } - private boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey) + public boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey) { boolean subkeyBinding_isok = false; boolean tmp_subkeyBinding_isok = false; |