subkey binding check, start primary binding check

author: Ashley Hughes <spirit.returned@gmail.com> 2014-01-14 00:30:58 +0000
committer: Ashley Hughes <spirit.returned@gmail.com> 2014-01-14 00:30:58 +0000
commit: 2b71b12b24e6f5c8f8193513ae0d81fb159d519d (patch)
tree: e8d6337c7d774dcd958ae6ded4791098bd9c564c
parent: 036480a210f0a2439a1c8dfbd06d32180fb26f8c (diff)
download: open-keychain-2b71b12b24e6f5c8f8193513ae0d81fb159d519d.tar.gz
open-keychain-2b71b12b24e6f5c8f8193513ae0d81fb159d519d.tar.bz2
open-keychain-2b71b12b24e6f5c8f8193513ae0d81fb159d519d.zip
1 files changed, 47 insertions, 1 deletions
diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
index 755537012..804d22187 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
@@ -34,6 +34,8 @@ import java.util.Iterator;
 import org.spongycastle.bcpg.ArmoredInputStream;
 import org.spongycastle.bcpg.ArmoredOutputStream;
 import org.spongycastle.bcpg.BCPGOutputStream;
+import org.spongycastle.bcpg.SignatureSubpacket;
+import org.spongycastle.bcpg.SignatureSubpacketTags;
 import org.spongycastle.openpgp.PGPCompressedData;
 import org.spongycastle.openpgp.PGPCompressedDataGenerator;
 import org.spongycastle.openpgp.PGPEncryptedData;
@@ -56,6 +58,7 @@ import org.spongycastle.openpgp.PGPSignature;
 import org.spongycastle.openpgp.PGPSignatureGenerator;
 import org.spongycastle.openpgp.PGPSignatureList;
 import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator;
+import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
 import org.spongycastle.openpgp.PGPUtil;
 import org.spongycastle.openpgp.PGPV3SignatureGenerator;
 import org.spongycastle.openpgp.operator.PBEDataDecryptorFactory;
@@ -887,7 +890,50 @@ public class PgpOperation {
             } while (lookAhead != -1);
         }
 
-        returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, signature.verify());
+        boolean sig_isok = signature.verify();
+
+        //We should only do the next part if the singing key was a subkey - not the master key!
+        signatureKeyId = signature.getKeyID();
+        String userId = null;
+        PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
+                signatureKeyId);
+        PGPPublicKey mKey = null;
+        if (signKeyRing != null) {
+            mKey = PgpKeyHelper.getMasterKey(signKeyRing);
+        }
+        Iterator<PGPSignature> itr = signatureKey.getSignatures();
+
+        boolean subkeyBinding_isok = false;
+        boolean tmp_subkeyBinding_isok = false;
+        boolean primkeyBinding_isok = false;
+        while (itr.hasNext()) { //what does gpg do if the subkey binding is wrong?
+            //gpg has an invalid subkey binding error on key import I think, but doesn't shout
+            //about keys without subkey signing. Can't get it to import a slightly broken one
+            //either, so we will err on bad subkey binding here.
+            PGPSignature sig = itr.next();
+            if (sig.getKeyID() == mKey.getKeyID() && sig.getSignatureType() == PGPSignature.SUBKEY_BINDING) {
+                //check and if ok, check primary key binding.
+                sig.init(contentVerifierBuilderProvider, mKey);
+                tmp_subkeyBinding_isok = sig.verifyCertification(mKey, signatureKey);
+                if (tmp_subkeyBinding_isok)
+                    subkeyBinding_isok = true;
+                if (tmp_subkeyBinding_isok) {
+                    PGPSignatureSubpacketVector hPkts = sig.getHashedSubPackets();
+                    PGPSignatureSubpacketVector uhPkts = sig.getUnhashedSubPackets();
+                    if (hPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
+                        SignatureSubpacket[] subsigpkts = hPkts.getSubpackets(SignatureSubpacketTags.EMBEDDED_SIGNATURE);
+			PGPSignature[] vals = new PGPSignature[subsigpkts.length];
+			for (int i = 0; i < subsigpkts.length; i++)
+			{
+			    vals[i] = (PGPSignature)subsigpkts[i];
+			}
+                    }
+                    if (uhPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
+                    }
+                }
+            }
+        }
+        returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & subkeyBinding_isok);
 
         updateProgress(R.string.progress_done, 100, 100);
         return returnData;
author	Ashley Hughes <spirit.returned@gmail.com>	2014-01-14 00:30:58 +0000
committer	Ashley Hughes <spirit.returned@gmail.com>	2014-01-14 00:30:58 +0000
commit	2b71b12b24e6f5c8f8193513ae0d81fb159d519d (patch)
tree	e8d6337c7d774dcd958ae6ded4791098bd9c564c
parent	036480a210f0a2439a1c8dfbd06d32180fb26f8c (diff)
download	open-keychain-2b71b12b24e6f5c8f8193513ae0d81fb159d519d.tar.gz open-keychain-2b71b12b24e6f5c8f8193513ae0d81fb159d519d.tar.bz2 open-keychain-2b71b12b24e6f5c8f8193513ae0d81fb159d519d.zip