aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorDominik Schürmann <dominik@dominikschuermann.de>2015-07-25 14:32:47 +0200
committerDominik Schürmann <dominik@dominikschuermann.de>2015-08-09 21:49:56 +0200
commit57378be1c07893e2231e485d6289d53d522aa7d5 (patch)
tree294ff6ef9983441d0edacd2e85cb4bb7bccfb513
parentdc81e0254cc1ea91e8553c39e53489998fe079d9 (diff)
downloadopen-keychain-57378be1c07893e2231e485d6289d53d522aa7d5.zip
open-keychain-57378be1c07893e2231e485d6289d53d522aa7d5.tar.gz
open-keychain-57378be1c07893e2231e485d6289d53d522aa7d5.tar.bz2
Introduce constants in OpenPgpSignature and DecryptionResult for unsigned/unencrypted content, update API, introduce simple checks for insecure symmetric algos
-rw-r--r--.gitmodules4
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java32
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java2
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java91
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java130
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java68
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java14
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java18
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java22
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java4
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java86
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java72
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java14
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java12
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java10
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java106
-rw-r--r--OpenKeychain/src/main/res/values/strings.xml4
-rw-r--r--OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java14
m---------extern/openpgp-api-lib0
19 files changed, 427 insertions, 276 deletions
diff --git a/.gitmodules b/.gitmodules
index 9d4e0f9..0855c2f 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -4,11 +4,11 @@
ignore = dirty
[submodule "extern/openpgp-api-lib"]
path = extern/openpgp-api-lib
- url = https://github.com/open-keychain/openpgp-api-lib.git
+ url = https://github.com/open-keychain/openpgp-api.git
ignore = dirty
[submodule "extern/openkeychain-api-lib"]
path = extern/openkeychain-api-lib
- url = https://github.com/open-keychain/openkeychain-api-lib.git
+ url = https://github.com/open-keychain/openkeychain-intents.git
ignore = dirty
[submodule "extern/KeybaseLib"]
path = extern/KeybaseLib
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
index f9a738d..e8be9fa 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/DecryptVerifyResult.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2014-2015 Dominik Schürmann <dominik@dominikschuermann.de>
* Copyright (C) 2014 Vincent Breitmoser <v.breitmoser@mugenguild.com>
*
* This program is free software: you can redistribute it and/or modify
@@ -20,6 +20,7 @@ package org.sufficientlysecure.keychain.operations.results;
import android.os.Parcel;
+import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpMetadata;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
@@ -31,7 +32,8 @@ public class DecryptVerifyResult extends InputPendingResult {
public static final int RESULT_KEY_DISALLOWED = RESULT_ERROR + 32;
OpenPgpSignatureResult mSignatureResult;
- OpenPgpMetadata mDecryptMetadata;
+ OpenPgpDecryptionResult mDecryptionResult;
+ OpenPgpMetadata mDecryptionMetadata;
// This holds the charset which was specified in the ascii armor, if specified
// https://tools.ietf.org/html/rfc4880#page56
String mCharset;
@@ -52,7 +54,8 @@ public class DecryptVerifyResult extends InputPendingResult {
public DecryptVerifyResult(Parcel source) {
super(source);
mSignatureResult = source.readParcelable(OpenPgpSignatureResult.class.getClassLoader());
- mDecryptMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
+ mDecryptionResult = source.readParcelable(OpenPgpDecryptionResult.class.getClassLoader());
+ mDecryptionMetadata = source.readParcelable(OpenPgpMetadata.class.getClassLoader());
mCachedCryptoInputParcel = source.readParcelable(CryptoInputParcel.class.getClassLoader());
}
@@ -69,6 +72,14 @@ public class DecryptVerifyResult extends InputPendingResult {
mSignatureResult = signatureResult;
}
+ public OpenPgpDecryptionResult getDecryptionResult() {
+ return mDecryptionResult;
+ }
+
+ public void setDecryptionResult(OpenPgpDecryptionResult decryptionResult) {
+ mDecryptionResult = decryptionResult;
+ }
+
public CryptoInputParcel getCachedCryptoInputParcel() {
return mCachedCryptoInputParcel;
}
@@ -77,12 +88,12 @@ public class DecryptVerifyResult extends InputPendingResult {
mCachedCryptoInputParcel = cachedCryptoInputParcel;
}
- public OpenPgpMetadata getDecryptMetadata() {
- return mDecryptMetadata;
+ public OpenPgpMetadata getDecryptionMetadata() {
+ return mDecryptionMetadata;
}
- public void setDecryptMetadata(OpenPgpMetadata decryptMetadata) {
- mDecryptMetadata = decryptMetadata;
+ public void setDecryptionMetadata(OpenPgpMetadata decryptMetadata) {
+ mDecryptionMetadata = decryptMetadata;
}
public String getCharset () {
@@ -107,9 +118,10 @@ public class DecryptVerifyResult extends InputPendingResult {
public void writeToParcel(Parcel dest, int flags) {
super.writeToParcel(dest, flags);
- dest.writeParcelable(mSignatureResult, 0);
- dest.writeParcelable(mDecryptMetadata, 0);
- dest.writeParcelable(mCachedCryptoInputParcel, 0);
+ dest.writeParcelable(mSignatureResult, flags);
+ dest.writeParcelable(mDecryptionResult, flags);
+ dest.writeParcelable(mDecryptionMetadata, flags);
+ dest.writeParcelable(mCachedCryptoInputParcel, flags);
}
public static final Creator<DecryptVerifyResult> CREATOR = new Creator<DecryptVerifyResult>() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
index 31a3925..4aa05c9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -184,7 +184,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
// TODO: intersection between preferred hash algos of this key and PgpConstants.PREFERRED_HASH_ALGORITHMS
// choose best algo
- return PgpConstants.sPreferredHashAlgorithms;
+ return new ArrayList<>();
}
private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo,
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
index ed47156..9d059b5 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
@@ -30,7 +30,6 @@ import java.util.ArrayList;
*/
public class OpenPgpSignatureResultBuilder {
// OpenPgpSignatureResult
- private boolean mSignatureOnly = false;
private String mPrimaryUserId;
private ArrayList<String> mUserIds = new ArrayList<>();
private long mKeyId;
@@ -42,10 +41,7 @@ public class OpenPgpSignatureResultBuilder {
private boolean mIsSignatureKeyCertified = false;
private boolean mIsKeyRevoked = false;
private boolean mIsKeyExpired = false;
-
- public void setSignatureOnly(boolean signatureOnly) {
- this.mSignatureOnly = signatureOnly;
- }
+ private boolean mInsecure = false;
public void setPrimaryUserId(String userId) {
this.mPrimaryUserId = userId;
@@ -63,6 +59,10 @@ public class OpenPgpSignatureResultBuilder {
this.mValidSignature = validSignature;
}
+ public void setInsecure(boolean insecure) {
+ this.mInsecure = insecure;
+ }
+
public void setSignatureKeyCertified(boolean isSignatureKeyCertified) {
this.mIsSignatureKeyCertified = isSignatureKeyCertified;
}
@@ -87,6 +87,10 @@ public class OpenPgpSignatureResultBuilder {
return mValidSignature;
}
+ public boolean isInsecure() {
+ return mInsecure;
+ }
+
public void initValid(CanonicalizedPublicKeyRing signingRing,
CanonicalizedPublicKey signingKey) {
setSignatureAvailable(true);
@@ -109,47 +113,50 @@ public class OpenPgpSignatureResultBuilder {
}
public OpenPgpSignatureResult build() {
- if (mSignatureAvailable) {
- OpenPgpSignatureResult result = new OpenPgpSignatureResult();
- result.setSignatureOnly(mSignatureOnly);
-
- // valid sig!
- if (mKnownKey) {
- if (mValidSignature) {
- result.setKeyId(mKeyId);
- result.setPrimaryUserId(mPrimaryUserId);
- result.setUserIds(mUserIds);
-
- if (mIsKeyRevoked) {
- Log.d(Constants.TAG, "SIGNATURE_KEY_REVOKED");
- result.setStatus(OpenPgpSignatureResult.SIGNATURE_KEY_REVOKED);
- } else if (mIsKeyExpired) {
- Log.d(Constants.TAG, "SIGNATURE_KEY_EXPIRED");
- result.setStatus(OpenPgpSignatureResult.SIGNATURE_KEY_EXPIRED);
- } else if (mIsSignatureKeyCertified) {
- Log.d(Constants.TAG, "SIGNATURE_SUCCESS_CERTIFIED");
- result.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED);
- } else {
- Log.d(Constants.TAG, "SIGNATURE_SUCCESS_UNCERTIFIED");
- result.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
- }
- } else {
- Log.d(Constants.TAG, "Error! Invalid signature.");
- result.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
- }
- } else {
- result.setKeyId(mKeyId);
-
- Log.d(Constants.TAG, "SIGNATURE_KEY_MISSING");
- result.setStatus(OpenPgpSignatureResult.SIGNATURE_KEY_MISSING);
- }
+ OpenPgpSignatureResult result = new OpenPgpSignatureResult();
+ if (!mSignatureAvailable) {
+ Log.d(Constants.TAG, "RESULT_NO_SIGNATURE");
+ result.setResult(OpenPgpSignatureResult.RESULT_NO_SIGNATURE);
return result;
- } else {
- Log.d(Constants.TAG, "no signature found!");
+ }
+
+ if (!mKnownKey) {
+ result.setKeyId(mKeyId);
- return null;
+ Log.d(Constants.TAG, "RESULT_KEY_MISSING");
+ result.setResult(OpenPgpSignatureResult.RESULT_KEY_MISSING);
+ return result;
+ }
+
+ if (!mValidSignature) {
+ Log.d(Constants.TAG, "RESULT_INVALID_SIGNATURE");
+ result.setResult(OpenPgpSignatureResult.RESULT_INVALID_SIGNATURE);
+ return result;
}
+
+ result.setKeyId(mKeyId);
+ result.setPrimaryUserId(mPrimaryUserId);
+ result.setUserIds(mUserIds);
+
+ if (mIsKeyRevoked) {
+ Log.d(Constants.TAG, "RESULT_INVALID_KEY_REVOKED");
+ result.setResult(OpenPgpSignatureResult.RESULT_INVALID_KEY_REVOKED);
+ } else if (mIsKeyExpired) {
+ Log.d(Constants.TAG, "RESULT_INVALID_KEY_EXPIRED");
+ result.setResult(OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED);
+ } else if (mInsecure) {
+ Log.d(Constants.TAG, "RESULT_INVALID_INSECURE");
+ result.setResult(OpenPgpSignatureResult.RESULT_INVALID_INSECURE);
+ } else if (mIsSignatureKeyCertified) {
+ Log.d(Constants.TAG, "RESULT_VALID_CONFIRMED");
+ result.setResult(OpenPgpSignatureResult.RESULT_VALID_CONFIRMED);
+ } else {
+ Log.d(Constants.TAG, "RESULT_VALID_UNCONFIRMED");
+ result.setResult(OpenPgpSignatureResult.RESULT_VALID_UNCONFIRMED);
+ }
+
+ return result;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java
index f739b1e..7c00992 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java
@@ -21,51 +21,96 @@ import org.spongycastle.bcpg.CompressionAlgorithmTags;
import org.spongycastle.bcpg.HashAlgorithmTags;
import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags;
-import java.util.ArrayList;
+import java.util.HashSet;
+/**
+ * NIST requirements for 2011-2030 (http://www.keylength.com/en/4/):
+ * - RSA: 2048 bit
+ * - ECC: 224 bit
+ * - Symmetric: 3TDEA
+ * - Digital Signature (hash A): SHA-224 - SHA-512
+ */
public class PgpConstants {
- public static ArrayList<Integer> sPreferredSymmetricAlgorithms = new ArrayList<>();
- public static ArrayList<Integer> sPreferredHashAlgorithms = new ArrayList<>();
- public static ArrayList<Integer> sPreferredCompressionAlgorithms = new ArrayList<>();
+// public interface MIN_REQUIREMENT {
+// int MIN_BITS;
+// int BINDING_SIGNATURE_HASH_ALGO; // for User IDs, subkeys,...
+// int SYMMETRIC_ALGO;
+// }
+ // https://tools.ietf.org/html/rfc6637#section-13
+
- // TODO: use hashmaps for contains in O(1) and intersections!
+ // PgpDecryptVerify: Secure Algorithms Whitelist
+ // all other algorithms will be rejected with OpenPgpDecryptionResult.RESULT_INSECURE
+ public static HashSet<Integer> sSymmetricAlgorithmsWhitelist = new HashSet<>();
+ static {
+ sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.AES_256);
+ sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.AES_192);
+ sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.AES_128);
+ sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.TWOFISH);
+ }
+
+ // all other algorithms will be rejected with OpenPgpSignatureResult.RESULT_INVALID_INSECURE
+ public static HashSet<Integer> sHashAlgorithmsWhitelist = new HashSet<>();
+ static {
+ sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA256);
+ sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA512);
+ sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA384);
+ sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA224);
+ sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA1);
+ sHashAlgorithmsWhitelist.add(HashAlgorithmTags.RIPEMD160);
+ }
/*
* Most preferred is first
* These arrays are written as preferred algorithms into the keys on creation.
* Other implementations may choose to honor this selection.
- *
- * These lists also define the only algorithms which are used in OpenKeychain.
- * We do not support algorithms such as MD5
*/
- static {
- sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.AES_256);
- sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.AES_192);
- sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.AES_128);
- sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.TWOFISH);
-
- // NOTE: some implementations do not support SHA512, thus we choose SHA256 as default (Mailvelope?)
- sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA256);
- sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA512);
- sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA384);
- sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA224);
- sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA1);
- sPreferredHashAlgorithms.add(HashAlgorithmTags.RIPEMD160);
-
- /*
- * Prefer ZIP
- * "ZLIB provides no benefit over ZIP and is more malleable"
- * - (OpenPGP WG mailinglist: "[openpgp] Intent to deprecate: Insecure primitives")
- * BZIP2: very slow
- */
- sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZIP);
- sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZLIB);
- sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.BZIP2);
- }
+ public static final int[] PREFERRED_SYMMETRIC_ALGORITHMS = new int[]{
+ SymmetricKeyAlgorithmTags.AES_256,
+ SymmetricKeyAlgorithmTags.AES_192,
+ SymmetricKeyAlgorithmTags.AES_128,
+ SymmetricKeyAlgorithmTags.TWOFISH
+ };
+
+ // NOTE: some implementations do not support SHA512, thus we choose SHA256 as default (Mailvelope?)
+ public static final int[] PREFERRED_HASH_ALGORITHMS = new int[]{
+ HashAlgorithmTags.SHA256,
+ HashAlgorithmTags.SHA512,
+ HashAlgorithmTags.SHA384,
+ HashAlgorithmTags.SHA224,
+ };
+
+ /*
+ * Prefer ZIP
+ * "ZLIB provides no benefit over ZIP and is more malleable"
+ * - (OpenPGP WG mailinglist: "[openpgp] Intent to deprecate: Insecure primitives")
+ * BZIP2: very slow
+ */
+ public static final int[] PREFERRED_COMPRESSION_ALGORITHMS = new int[]{
+ CompressionAlgorithmTags.ZIP,
+ CompressionAlgorithmTags.ZLIB,
+ CompressionAlgorithmTags.BZIP2
+ };
public static final int CERTIFY_HASH_ALGO = HashAlgorithmTags.SHA256;
+
+ public static final int DEFAULT_SYMMETRIC_ALGORITHM = SymmetricKeyAlgorithmTags.AES_256;
+ public interface OpenKeychainSymmetricKeyAlgorithmTags extends SymmetricKeyAlgorithmTags {
+ int USE_DEFAULT = -1;
+ }
+
+ public static final int DEFAULT_HASH_ALGORITHM = HashAlgorithmTags.SHA256;
+ public interface OpenKeychainHashAlgorithmTags extends HashAlgorithmTags {
+ int USE_DEFAULT = -1;
+ }
+
+ public static final int DEFAULT_COMPRESSION_ALGORITHM = CompressionAlgorithmTags.ZIP;
+ public interface OpenKeychainCompressionAlgorithmTags extends CompressionAlgorithmTags {
+ int USE_DEFAULT = -1;
+ }
+
/*
* Note: s2kcount is a number between 0 and 0xff that controls the
* number of times to iterate the password hash before use. More
@@ -87,28 +132,9 @@ public class PgpConstants {
public static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90;
public static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256;
public static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256;
- public static final int SECRET_KEY_SIGNATURE_HASH_ALGO = HashAlgorithmTags.SHA256;
+ public static final int SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO = HashAlgorithmTags.SHA256;
// NOTE: only SHA1 is supported for key checksum calculations in OpenPGP,
// see http://tools.ietf.org/html/rfc488 0#section-5.5.3
public static final int SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO = HashAlgorithmTags.SHA1;
- public static interface OpenKeychainSymmetricKeyAlgorithmTags extends SymmetricKeyAlgorithmTags {
- public static final int USE_PREFERRED = -1;
- }
-
- public static interface OpenKeychainHashAlgorithmTags extends HashAlgorithmTags {
- public static final int USE_PREFERRED = -1;
- }
-
- public static interface OpenKeychainCompressionAlgorithmTags extends CompressionAlgorithmTags {
- public static final int USE_PREFERRED = -1;
- }
-
- public static int[] getAsArray(ArrayList<Integer> list) {
- int[] array = new int[list.size()];
- for (int i = 0; i < list.size(); i++) {
- array[i] = list.get(i);
- }
- return array;
- }
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index e264b46..d40bad3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -22,6 +22,7 @@ import android.content.Context;
import android.support.annotation.NonNull;
import android.webkit.MimeTypeMap;
+import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpMetadata;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.spongycastle.bcpg.ArmoredInputStream;
@@ -283,10 +284,6 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
PGPSignatureList signatureList = (PGPSignatureList) pgpF.nextObject();
PGPSignature messageSignature = signatureList.get(signatureIndex);
- // these are not cleartext signatures!
- // TODO: what about binary signatures?
- signatureResultBuilder.setSignatureOnly(false);
-
// Verify signature and check binding signatures
boolean validSignature = signature.verify(messageSignature);
if (validSignature) {
@@ -298,8 +295,8 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
OpenPgpSignatureResult signatureResult = signatureResultBuilder.build();
- if (signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED
- && signatureResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED) {
+ if (signatureResult.getResult() != OpenPgpSignatureResult.RESULT_VALID_CONFIRMED
+ && signatureResult.getResult() != OpenPgpSignatureResult.RESULT_VALID_UNCONFIRMED) {
log.add(LogType.MSG_VL_ERROR_INTEGRITY_CHECK, indent);
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
}
@@ -309,9 +306,10 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
log.add(LogType.MSG_VL_OK, indent);
// Return a positive result, with metadata and verification info
- DecryptVerifyResult result =
- new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
+ DecryptVerifyResult result = new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
result.setSignatureResult(signatureResult);
+ result.setDecryptionResult(
+ new OpenPgpDecryptionResult(OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED));
return result;
}
@@ -322,6 +320,8 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
PgpDecryptVerifyInputParcel input, CryptoInputParcel cryptoInput,
InputStream in, OutputStream out, int indent) throws IOException, PGPException {
+ OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
+ OpenPgpDecryptionResult decryptionResult = new OpenPgpDecryptionResult();
OperationLog log = new OperationLog();
log.add(LogType.MSG_DC, indent);
@@ -614,15 +614,16 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
log.add(LogType.MSG_DC_ERROR_NO_KEY, indent + 1);
return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
}
+ decryptionResult.setResult(OpenPgpDecryptionResult.RESULT_ENCRYPTED);
- // Warn about old encryption algorithms!
- if (!PgpConstants.sPreferredSymmetricAlgorithms.contains(symmetricEncryptionAlgo)) {
+ // Check for insecure encryption algorithms!
+ if (!PgpConstants.sSymmetricAlgorithmsWhitelist.contains(symmetricEncryptionAlgo)) {
log.add(LogType.MSG_DC_OLD_SYMMETRIC_ENCRYPTION_ALGO, indent + 1);
+ decryptionResult.setResult(OpenPgpDecryptionResult.RESULT_INSECURE);
}
JcaPGPObjectFactory plainFact = new JcaPGPObjectFactory(clear);
Object dataChunk = plainFact.nextObject();
- OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
int signatureIndex = -1;
CanonicalizedPublicKeyRing signingRing = null;
CanonicalizedPublicKey signingKey = null;
@@ -752,7 +753,7 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
DecryptVerifyResult result =
new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
result.setCharset(charset);
- result.setDecryptMetadata(metadata);
+ result.setDecryptionMetadata(metadata);
return result;
}
@@ -809,11 +810,9 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject();
PGPSignature messageSignature = signatureList.get(signatureIndex);
- // these are not cleartext signatures!
// TODO: what about binary signatures?
- signatureResultBuilder.setSignatureOnly(false);
- // Verify signature and check binding signatures
+ // Verify signature
boolean validSignature = signature.verify(messageSignature);
if (validSignature) {
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_OK, indent + 1);
@@ -821,10 +820,10 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
}
- // Don't allow verification of old hash algorithms!
- if (!PgpConstants.sPreferredHashAlgorithms.contains(signature.getHashAlgorithm())) {
- validSignature = false;
+ // check for insecure hash algorithms
+ if (!PgpConstants.sHashAlgorithmsWhitelist.contains(signature.getHashAlgorithm())) {
log.add(LogType.MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO, indent + 1);
+ signatureResultBuilder.setInsecure(true);
}
signatureResultBuilder.setValidSignature(validSignature);
@@ -852,7 +851,7 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
Log.d(Constants.TAG, "MDC fail");
if (!signatureResultBuilder.isValidSignature()) {
log.add(LogType.MSG_DC_ERROR_INTEGRITY_MISSING, indent);
- return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log);
+ decryptionResult.setResult(OpenPgpDecryptionResult.RESULT_INSECURE);
}
}
@@ -861,12 +860,12 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
log.add(LogType.MSG_DC_OK, indent);
// Return a positive result, with metadata and verification info
- DecryptVerifyResult result =
- new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
+ DecryptVerifyResult result = new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
result.setCachedCryptoInputParcel(cryptoInput);
- result.setDecryptMetadata(metadata);
result.setSignatureResult(signatureResultBuilder.build());
result.setCharset(charset);
+ result.setDecryptionResult(decryptionResult);
+ result.setDecryptionMetadata(metadata);
return result;
}
@@ -885,8 +884,6 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
OperationLog log = new OperationLog();
OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
- // cleartext signatures are never encrypted ;)
- signatureResultBuilder.setSignatureOnly(true);
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -956,10 +953,10 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
}
- // Don't allow verification of old hash algorithms!
- if (!PgpConstants.sPreferredHashAlgorithms.contains(signature.getHashAlgorithm())) {
- validSignature = false;
+ // check for insecure hash algorithms
+ if (!PgpConstants.sHashAlgorithmsWhitelist.contains(signature.getHashAlgorithm())) {
log.add(LogType.MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO, indent + 1);
+ signatureResultBuilder.setInsecure(true);
}
signatureResultBuilder.setValidSignature(validSignature);
@@ -981,8 +978,10 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
clearText.length);
DecryptVerifyResult result = new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
- result.setDecryptMetadata(metadata);
result.setSignatureResult(signatureResultBuilder.build());
+ result.setDecryptionResult(
+ new OpenPgpDecryptionResult(OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED));
+ result.setDecryptionMetadata(metadata);
return result;
}
@@ -994,8 +993,6 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
OperationLog log = new OperationLog();
OpenPgpSignatureResultBuilder signatureResultBuilder = new OpenPgpSignatureResultBuilder();
- // detached signatures are never encrypted
- signatureResultBuilder.setSignatureOnly(true);
updateProgress(R.string.progress_processing_signature, 0, 100);
InputStream detachedSigIn = new ByteArrayInputStream(input.getDetachedSignature());
@@ -1050,9 +1047,6 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
updateProgress(R.string.progress_verifying_signature, 90, 100);
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_CHECK, indent);
- // these are not cleartext signatures!
- signatureResultBuilder.setSignatureOnly(false);
-
// Verify signature and check binding signatures
boolean validSignature = signature.verify();
if (validSignature) {
@@ -1061,10 +1055,10 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1);
}
- // Don't allow verification of old hash algorithms!
- if (!PgpConstants.sPreferredHashAlgorithms.contains(signature.getHashAlgorithm())) {
- validSignature = false;
+ // check for insecure hash algorithms
+ if (!PgpConstants.sHashAlgorithmsWhitelist.contains(signature.getHashAlgorithm())) {
log.add(LogType.MSG_DC_ERROR_UNSUPPORTED_HASH_ALGO, indent + 1);
+ signatureResultBuilder.setInsecure(true);
}
signatureResultBuilder.setValidSignature(validSignature);
@@ -1076,6 +1070,8 @@ public class PgpDecryptVerify extends BaseOperation<PgpDecryptVerifyInputParcel>
DecryptVerifyResult result = new DecryptVerifyResult(DecryptVerifyResult.RESULT_OK, log);
result.setSignatureResult(signatureResultBuilder.build());
+ result.setDecryptionResult(
+ new OpenPgpDecryptionResult(OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED));
return result;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
index c82cbce..a7eead9 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -1206,7 +1206,7 @@ public class PgpKeyOperation {
// add packet with EMPTY notation data (updates old one, but will be stripped later)
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
- PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
+ PgpConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
{ // set subpackets
@@ -1233,7 +1233,7 @@ public class PgpKeyOperation {
// add packet with "pin" notation data
PGPContentSignerBuilder signerBuilder = new JcaPGPContentSignerBuilder(
masterPrivateKey.getPublicKeyPacket().getAlgorithm(),
- PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
+ PgpConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
PGPSignatureGenerator sGen = new PGPSignatureGenerator(signerBuilder);
{ // set subpackets
@@ -1440,13 +1440,13 @@ public class PgpKeyOperation {
if (divertToCard) {
// use synchronous "NFC based" SignerBuilder
builder = new NfcSyncPGPContentSignerBuilder(
- pKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO,
+ pKey.getAlgorithm(), PgpConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO,
pKey.getKeyID(), cryptoInput.getCryptoData())
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
} else {
// content signer based on signing key algorithm and chosen hash algorithm
builder = new JcaPGPContentSignerBuilder(
- pKey.getAlgorithm(), PgpConstants.SECRET_KEY_SIGNATURE_HASH_ALGO)
+ pKey.getAlgorithm(), PgpConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO)
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
}
@@ -1472,11 +1472,11 @@ public class PgpKeyOperation {
*/
/* non-critical subpackets: */
hashedPacketsGen.setPreferredSymmetricAlgorithms(false,
- PgpConstants.getAsArray(PgpConstants.sPreferredSymmetricAlgorithms));
+ PgpConstants.PREFERRED_SYMMETRIC_ALGORITHMS);
hashedPacketsGen.setPreferredHashAlgorithms(false,
- PgpConstants.getAsArray(PgpConstants.sPreferredHashAlgorithms));
+ PgpConstants.PREFERRED_HASH_ALGORITHMS);
hashedPacketsGen.setPreferredCompressionAlgorithms(false,
- PgpConstants.getAsArray(PgpConstants.sPreferredCompressionAlgorithms));
+ PgpConstants.PREFERRED_COMPRESSION_ALGORITHMS);
hashedPacketsGen.setPrimaryUserID(false, primary);
/* critical subpackets: we consider those important for a modern pgp implementation */
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
index fa62687..44e4b92 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptInputParcel.java
@@ -30,13 +30,13 @@ public class PgpSignEncryptInputParcel implements Parcelable {
protected String mVersionHeader = null;
protected boolean mEnableAsciiArmorOutput = false;
- protected int mCompressionId = CompressionAlgorithmTags.UNCOMPRESSED;
+ protected int mCompressionAlgorithm = CompressionAlgorithmTags.UNCOMPRESSED;
protected long[] mEncryptionMasterKeyIds = null;
protected Passphrase mSymmetricPassphrase = null;
- protected int mSymmetricEncryptionAlgorithm = PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED;
+ protected int mSymmetricEncryptionAlgorithm = PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT;
protected long mSignatureMasterKeyId = Constants.key.none;
protected Long mSignatureSubKeyId = null;
- protected int mSignatureHashAlgorithm = PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED;
+ protected int mSignatureHashAlgorithm = PgpConstants.OpenKeychainHashAlgorithmTags.USE_DEFAULT;
protected long mAdditionalEncryptId = Constants.key.none;
protected boolean mFailOnMissingEncryptionKeyIds = false;
protected String mCharset;
@@ -55,7 +55,7 @@ public class PgpSignEncryptInputParcel implements Parcelable {
// we do all of those here, so the PgpSignEncryptInput class doesn't have to be parcelable
mVersionHeader = source.readString();
mEnableAsciiArmorOutput = source.readInt() == 1;
- mCompressionId = source.readInt();
+ mCompressionAlgorithm = source.readInt();
mEncryptionMasterKeyIds = source.createLongArray();
mSymmetricPassphrase = source.readParcelable(loader);
mSymmetricEncryptionAlgorithm = source.readInt();
@@ -79,7 +79,7 @@ public class PgpSignEncryptInputParcel implements Parcelable {
public void writeToParcel(Parcel dest, int flags) {
dest.writeString(mVersionHeader);
dest.writeInt(mEnableAsciiArmorOutput ? 1 : 0);
- dest.writeInt(mCompressionId);
+ dest.writeInt(mCompressionAlgorithm);
dest.writeLongArray(mEncryptionMasterKeyIds);
dest.writeParcelable(mSymmetricPassphrase, 0);
dest.writeInt(mSymmetricEncryptionAlgorithm);
@@ -174,12 +174,12 @@ public class PgpSignEncryptInputParcel implements Parcelable {
return this;
}
- public int getCompressionId() {
- return mCompressionId;
+ public int getCompressionAlgorithm() {
+ return mCompressionAlgorithm;
}
- public PgpSignEncryptInputParcel setCompressionId(int compressionId) {
- mCompressionId = compressionId;
+ public PgpSignEncryptInputParcel setCompressionAlgorithm(int compressionAlgorithm) {
+ mCompressionAlgorithm = compressionAlgorithm;
return this;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
index 8fb41a9..a2c5fa3 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java
@@ -124,7 +124,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
boolean enableSignature = input.getSignatureMasterKeyId() != Constants.key.none;
boolean enableEncryption = ((input.getEncryptionMasterKeyIds() != null && input.getEncryptionMasterKeyIds().length > 0)
|| input.getSymmetricPassphrase() != null);
- boolean enableCompression = (input.getCompressionId() != CompressionAlgorithmTags.UNCOMPRESSED);
+ boolean enableCompression = (input.getCompressionAlgorithm() != CompressionAlgorithmTags.UNCOMPRESSED);
Log.d(Constants.TAG, "enableSignature:" + enableSignature
+ "\nenableEncryption:" + enableEncryption
@@ -229,9 +229,11 @@ public class PgpSignEncryptOperation extends BaseOperation {
// Use preferred hash algo
int requestedAlgorithm = input.getSignatureHashAlgorithm();
ArrayList<Integer> supported = signingKey.getSupportedHashAlgorithms();
- if (requestedAlgorithm == PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED) {
+ if (requestedAlgorithm == PgpConstants.OpenKeychainHashAlgorithmTags.USE_DEFAULT) {
+ input.setSignatureHashAlgorithm(PgpConstants.DEFAULT_HASH_ALGORITHM);
+ // TODO
// get most preferred
- input.setSignatureHashAlgorithm(supported.get(0));
+// input.setSignatureHashAlgorithm(supported.get(0));
} else if (!supported.contains(requestedAlgorithm)) {
log.add(LogType.MSG_PSE_ERROR_HASH_ALGO, indent);
return new PgpSignEncryptResult(PgpSignEncryptResult.RESULT_ERROR, log);
@@ -245,10 +247,10 @@ public class PgpSignEncryptOperation extends BaseOperation {
// Use preferred encryption algo
int algo = input.getSymmetricEncryptionAlgorithm();
- if (algo == PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED) {
+ if (algo == PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT) {
// get most preferred
// TODO: get from recipients
- algo = PgpConstants.sPreferredSymmetricAlgorithms.get(0);
+ algo = PgpConstants.DEFAULT_SYMMETRIC_ALGORITHM;
}
// has Integrity packet enabled!
JcePGPDataEncryptorBuilder encryptorBuilder =
@@ -341,7 +343,13 @@ public class PgpSignEncryptOperation extends BaseOperation {
if (enableCompression) {
log.add(LogType.MSG_PSE_COMPRESSING, indent);
- compressGen = new PGPCompressedDataGenerator(input.getCompressionId());
+
+ // Use preferred compression algo
+ int algo = input.getCompressionAlgorithm();
+ if (algo == PgpConstants.OpenKeychainCompressionAlgorithmTags.USE_DEFAULT) {
+ algo = PgpConstants.DEFAULT_COMPRESSION_ALGORITHM;
+ }
+ compressGen = new PGPCompressedDataGenerator(algo);
bcpgOut = new BCPGOutputStream(compressGen.open(encryptionOut));
} else {
bcpgOut = new BCPGOutputStream(encryptionOut);
@@ -464,7 +472,7 @@ public class PgpSignEncryptOperation extends BaseOperation {
InputStream in = inputData.getInputStream();
if (enableCompression) {
- compressGen = new PGPCompressedDataGenerator(input.getCompressionId());
+ compressGen = new PGPCompressedDataGenerator(input.getCompressionAlgorithm());
bcpgOut = new BCPGOutputStream(compressGen.open(out));
} else {
bcpgOut = new BCPGOutputStream(out);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index ed17de4..9abdbf8 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -1434,9 +1434,9 @@ public class ProviderHelper {
// DEPRECATED and thus hardcoded
values.put(KeychainContract.ApiAccounts.COMPRESSION, CompressionAlgorithmTags.ZLIB);
values.put(KeychainContract.ApiAccounts.ENCRYPTION_ALGORITHM,
- PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+ PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT);
values.put(KeychainContract.ApiAccounts.HASH_ALORITHM,
- PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED);
+ PgpConstants.OpenKeychainHashAlgorithmTags.USE_DEFAULT);
return values;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
index 2568d68..6f841fe 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2013-2014 Dominik Schürmann <dominik@dominikschuermann.de>
+ * Copyright (C) 2013-2015 Dominik Schürmann <dominik@dominikschuermann.de>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -24,9 +24,11 @@ import android.database.Cursor;
import android.net.Uri;
import android.os.IBinder;
import android.os.ParcelFileDescriptor;
+import android.os.Parcelable;
import android.text.TextUtils;
import org.openintents.openpgp.IOpenPgpService;
+import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpError;
import org.openintents.openpgp.OpenPgpMetadata;
import org.openintents.openpgp.OpenPgpSignatureResult;
@@ -247,7 +249,7 @@ public class OpenPgpService extends RemoteService {
.setCleartextSignature(cleartextSign)
.setDetachedSignature(!cleartextSign)
.setVersionHeader(null)
- .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED);
+ .setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_DEFAULT);
Intent signKeyIdIntent = getSignKeyMasterId(data);
// NOTE: Fallback to return account settings (Old API)
@@ -390,8 +392,8 @@ public class OpenPgpService extends RemoteService {
PgpSignEncryptInputParcel pseInput = new PgpSignEncryptInputParcel();
pseInput.setEnableAsciiArmorOutput(asciiArmor)
.setVersionHeader(null)
- .setCompressionId(compressionId)
- .setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED)
+ .setCompressionAlgorithm(compressionId)
+ .setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT)
.setEncryptionMasterKeyIds(keyIds)
.setFailOnMissingEncryptionKeyIds(true);
@@ -420,7 +422,7 @@ public class OpenPgpService extends RemoteService {
}
// sign and encrypt
- pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_PREFERRED)
+ pseInput.setSignatureHashAlgorithm(PgpConstants.OpenKeychainHashAlgorithmTags.USE_DEFAULT)
.setAdditionalEncryptId(signKeyId); // add sign key for encryption
}
@@ -540,10 +542,10 @@ public class OpenPgpService extends RemoteService {
// allow only private keys associated with accounts of this app
// no support for symmetric encryption
PgpDecryptVerifyInputParcel input = new PgpDecryptVerifyInputParcel()
- .setAllowSymmetricDecryption(false)
- .setAllowedKeyIds(allowedKeyIds)
- .setDecryptMetadataOnly(decryptMetadataOnly)
- .setDetachedSignature(detachedSignature);
+ .setAllowSymmetricDecryption(false)
+ .setAllowedKeyIds(allowedKeyIds)
+ .setDecryptMetadataOnly(decryptMetadataOnly)
+ .setDetachedSignature(detachedSignature);
DecryptVerifyResult pgpResult = op.execute(input, cryptoInput, inputData, outputStream);
@@ -562,40 +564,55 @@ public class OpenPgpService extends RemoteService {
Intent result = new Intent();
OpenPgpSignatureResult signatureResult = pgpResult.getSignatureResult();
- // TODO: currently RESULT_TYPE_UNENCRYPTED_UNSIGNED is never returned
- // instead an error is returned when no pgp data has been found
- int resultType = OpenPgpApi.RESULT_TYPE_UNENCRYPTED_UNSIGNED;
- if (signatureResult != null) {
- resultType |= OpenPgpApi.RESULT_TYPE_SIGNED;
- if (!signatureResult.isSignatureOnly()) {
- resultType |= OpenPgpApi.RESULT_TYPE_ENCRYPTED;
+
+ result.putExtra(OpenPgpApi.RESULT_SIGNATURE, signatureResult);
+
+ if (signatureResult.getResult() == OpenPgpSignatureResult.RESULT_KEY_MISSING) {
+ // If signature is unknown we return an _additional_ PendingIntent
+ // to retrieve the missing key
+ result.putExtra(OpenPgpApi.RESULT_INTENT, getKeyserverPendingIntent(data, signatureResult.getKeyId()));
+ } else {
+ // If signature key is known, return PendingIntent to show key
+ result.putExtra(OpenPgpApi.RESULT_INTENT, getShowKeyPendingIntent(signatureResult.getKeyId()));
+ }
+
+ if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 5) {
+ // RESULT_INVALID_KEY_REVOKED and RESULT_INVALID_KEY_EXPIRED have been added in version 5
+ if (signatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_REVOKED
+ || signatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED) {
+ signatureResult.setResult(OpenPgpSignatureResult.RESULT_INVALID_SIGNATURE);
+ }
+ }
+
+ if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 6) {
+ // RESULT_INVALID_INSECURE has been added in version 6, fallback to RESULT_INVALID_SIGNATURE
+ if (signatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_INSECURE) {
+ signatureResult.setResult(OpenPgpSignatureResult.RESULT_INVALID_SIGNATURE);
}
- result.putExtra(OpenPgpApi.RESULT_SIGNATURE, signatureResult);
+ // RESULT_NO_SIGNATURE has been added in version 6, before the signatureResult was null
+ if (signatureResult.getResult() == OpenPgpSignatureResult.RESULT_NO_SIGNATURE) {
+ result.putExtra(OpenPgpApi.RESULT_SIGNATURE, (Parcelable[]) null);
+ }
- if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) < 5) {
- // SIGNATURE_KEY_REVOKED and SIGNATURE_KEY_EXPIRED have been added in version 5
- if (signatureResult.getStatus() == OpenPgpSignatureResult.SIGNATURE_KEY_REVOKED
- || signatureResult.getStatus() == OpenPgpSignatureResult.SIGNATURE_KEY_EXPIRED) {
- signatureResult.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
- }
+ OpenPgpDecryptionResult decryptionResult = pgpResult.getDecryptionResult();
+ if (decryptionResult.getResult() != OpenPgpDecryptionResult.RESULT_ENCRYPTED
+ && signatureResult.getResult() != OpenPgpSignatureResult.RESULT_NO_SIGNATURE) {
+ // not encrypted and signed, set deprecated signatureOnly variable
+ signatureResult.setSignatureOnly(true);
}
+ }
- if (signatureResult.getStatus() == OpenPgpSignatureResult.SIGNATURE_KEY_MISSING) {
- // If signature is unknown we return an _additional_ PendingIntent
- // to retrieve the missing key
- result.putExtra(OpenPgpApi.RESULT_INTENT, getKeyserverPendingIntent(data, signatureResult.getKeyId()));
- } else {
- // If signature key is known, return PendingIntent to show key
- result.putExtra(OpenPgpApi.RESULT_INTENT, getShowKeyPendingIntent(signatureResult.getKeyId()));
+ if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) >= 6) {
+ OpenPgpDecryptionResult decryptionResult = pgpResult.getDecryptionResult();
+ if (decryptionResult != null) {
+ result.putExtra(OpenPgpApi.RESULT_DECRYPTION, decryptionResult);
}
- } else {
- resultType |= OpenPgpApi.RESULT_TYPE_ENCRYPTED;
}
- result.putExtra(OpenPgpApi.RESULT_TYPE, resultType);
+
if (data.getIntExtra(OpenPgpApi.EXTRA_API_VERSION, -1) >= 4) {
- OpenPgpMetadata metadata = pgpResult.getDecryptMetadata();
+ OpenPgpMetadata metadata = pgpResult.getDecryptionMetadata();
if (metadata != null) {
result.putExtra(OpenPgpApi.RESULT_METADATA, metadata);
}
@@ -647,6 +664,7 @@ public class OpenPgpService extends RemoteService {
}
}
}
+
}
private Intent getKeyImpl(Intent data) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index aaf337f..37dd6af 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -36,6 +36,7 @@ import android.widget.LinearLayout;
import android.widget.TextView;
import android.widget.ViewAnimator;
+import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.R;
@@ -208,37 +209,50 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager.
mDecryptVerifyResult = decryptVerifyResult;
mSignatureResult = decryptVerifyResult.getSignatureResult();
+ OpenPgpDecryptionResult decryptionResult = decryptVerifyResult.getDecryptionResult();
mResultLayout.setVisibility(View.VISIBLE);
- // unsigned data
- if (mSignatureResult == null) {
+ switch (decryptionResult.getResult()) {
+ case OpenPgpDecryptionResult.RESULT_ENCRYPTED: {
+ mEncryptionText.setText(R.string.decrypt_result_encrypted);
+ KeyFormattingUtils.setStatusImage(getActivity(), mEncryptionIcon, mEncryptionText, State.ENCRYPTED);
+ break;
+ }
+
+ case OpenPgpDecryptionResult.RESULT_INSECURE: {
+ mEncryptionText.setText(R.string.decrypt_result_insecure);
+ KeyFormattingUtils.setStatusImage(getActivity(), mEncryptionIcon, mEncryptionText, State.INSECURE);
+ break;
+ }
+
+ default:
+ case OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED: {
+ mEncryptionText.setText(R.string.decrypt_result_not_encrypted);
+ KeyFormattingUtils.setStatusImage(getActivity(), mEncryptionIcon, mEncryptionText, State.NOT_ENCRYPTED);
+ break;
+ }
+ }
+
+ if (mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_NO_SIGNATURE) {
+ // no signature
setSignatureLayoutVisibility(View.GONE);
mSignatureText.setText(R.string.decrypt_result_no_signature);
KeyFormattingUtils.setStatusImage(getActivity(), mSignatureIcon, mSignatureText, State.NOT_SIGNED);
- mEncryptionText.setText(R.string.decrypt_result_encrypted);
- KeyFormattingUtils.setStatusImage(getActivity(), mEncryptionIcon, mEncryptionText, State.ENCRYPTED);
getLoaderManager().destroyLoader(LOADER_ID_UNIFIED);
showErrorOverlay(false);
onVerifyLoaded(true);
-
- return;
- }
-
- if (mSignatureResult.isSignatureOnly()) {
- mEncryptionText.setText(R.string.decrypt_result_not_encrypted);
- KeyFormattingUtils.setStatusImage(getActivity(), mEncryptionIcon, mEncryptionText, State.NOT_ENCRYPTED);
} else {
- mEncryptionText.setText(R.string.decrypt_result_encrypted);
- KeyFormattingUtils.setStatusImage(getActivity(), mEncryptionIcon, mEncryptionText, State.ENCRYPTED);
- }
+ // signature present
- getLoaderManager().restartLoader(LOADER_ID_UNIFIED, null, this);
+ // after loader is restarted signature results are checked
+ getLoaderManager().restartLoader(LOADER_ID_UNIFIED, null, this);
+ }
}
private void setSignatureLayoutVisibility(int visibility) {
@@ -313,8 +327,9 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager.
// NOTE: Don't use revoked and expired fields from database, they don't show
// revoked/expired subkeys
- boolean isRevoked = mSignatureResult.getStatus() == OpenPgpSignatureResult.SIGNATURE_KEY_REVOKED;
- boolean isExpired = mSignatureResult.getStatus() == OpenPgpSignatureResult.SIGNATURE_KEY_EXPIRED;
+ boolean isRevoked = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_REVOKED;
+ boolean isExpired = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED;
+ boolean isInsecure = mSignatureResult.getResult() == OpenPgpSignatureResult.RESULT_INVALID_INSECURE;
boolean isVerified = data.getInt(INDEX_VERIFIED) > 0;
boolean isYours = data.getInt(INDEX_HAS_ANY_SECRET) != 0;
@@ -338,6 +353,17 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager.
onVerifyLoaded(true);
+ } else if (isInsecure) {
+ mSignatureText.setText(R.string.decrypt_result_insecure_cryptography);
+ KeyFormattingUtils.setStatusImage(getActivity(), mSignatureIcon, mSignatureText, State.INSECURE);
+
+ setSignatureLayoutVisibility(View.VISIBLE);
+ setShowAction(signatureKeyId);
+
+ showErrorOverlay(false);
+
+ onVerifyLoaded(true);
+
} else if (isYours) {
mSignatureText.setText(R.string.decrypt_result_signature_secret);
@@ -389,9 +415,9 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager.
final long signatureKeyId = mSignatureResult.getKeyId();
- int result = mSignatureResult.getStatus();
- if (result != OpenPgpSignatureResult.SIGNATURE_KEY_MISSING
- && result != OpenPgpSignatureResult.SIGNATURE_ERROR) {
+ int result = mSignatureResult.getResult();
+ if (result != OpenPgpSignatureResult.RESULT_KEY_MISSING
+ && result != OpenPgpSignatureResult.RESULT_INVALID_SIGNATURE) {
Log.e(Constants.TAG, "got missing status for non-missing key, shouldn't happen!");
}
@@ -409,9 +435,9 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager.
getActivity(), mSignatureResult.getKeyId()));
}
- switch (mSignatureResult.getStatus()) {
+ switch (mSignatureResult.getResult()) {
- case OpenPgpSignatureResult.SIGNATURE_KEY_MISSING: {
+ case OpenPgpSignatureResult.RESULT_KEY_MISSING: {
mSignatureText.setText(R.string.decrypt_result_signature_missing_key);
KeyFormattingUtils.setStatusImage(getActivity(), mSignatureIcon, mSignatureText, State.UNKNOWN_KEY);
@@ -433,7 +459,7 @@ public abstract class DecryptFragment extends Fragment implements LoaderManager.
break;
}
- case OpenPgpSignatureResult.SIGNATURE_ERROR: {
+ case OpenPgpSignatureResult.RESULT_INVALID_SIGNATURE: {
mSignatureText.setText(R.string.decrypt_result_invalid_signature);
KeyFormattingUtils.setStatusImage(getActivity(), mSignatureIcon, mSignatureText, State.INVALID);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java
index 5675898..f57d2d0 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java
@@ -321,11 +321,11 @@ public class DecryptListFragment
protected Drawable doInBackground(Void... params) {
Context context = getActivity();
- if (result.getDecryptMetadata() == null || context == null) {
+ if (result.getDecryptionMetadata() == null || context == null) {
return null;
}
- String type = result.getDecryptMetadata().getMimeType();
+ String type = result.getDecryptionMetadata().getMimeType();
Uri outputUri = mOutputUris.get(uri);
if (type == null || outputUri == null) {
return null;
@@ -368,7 +368,7 @@ public class DecryptListFragment
OpenPgpSignatureResult sigResult = result.getSignatureResult();
if (sigResult != null) {
final long keyId = sigResult.getKeyId();
- if (sigResult.getStatus() != OpenPgpSignatureResult.SIGNATURE_KEY_MISSING) {
+ if (sigResult.getResult() != OpenPgpSignatureResult.RESULT_KEY_MISSING) {
onKeyClick = new OnClickListener() {
@Override
public void onClick(View view) {
@@ -384,7 +384,7 @@ public class DecryptListFragment
}
}
- if (result.success() && result.getDecryptMetadata() != null) {
+ if (result.success() && result.getDecryptionMetadata() != null) {
onFileClick = new OnClickListener() {
@Override
public void onClick(View view) {
@@ -425,7 +425,7 @@ public class DecryptListFragment
return;
}
- final OpenPgpMetadata metadata = result.getDecryptMetadata();
+ final OpenPgpMetadata metadata = result.getDecryptionMetadata();
// text/plain is a special case where we extract the uri content into
// the EXTRA_TEXT extra ourselves, and display a chooser which includes
@@ -529,7 +529,7 @@ public class DecryptListFragment
activity.startActivity(intent);
return true;
case R.id.decrypt_save:
- OpenPgpMetadata metadata = result.getDecryptMetadata();
+ OpenPgpMetadata metadata = result.getDecryptionMetadata();
if (metadata == null) {
return true;
}
@@ -724,7 +724,7 @@ public class DecryptListFragment
KeyFormattingUtils.setStatus(mContext, holder, model.mResult);
- final OpenPgpMetadata metadata = model.mResult.getDecryptMetadata();
+ final OpenPgpMetadata metadata = model.mResult.getDecryptionMetadata();
String filename;
if (metadata == null) {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
index 3dc9387..7bf662d 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesFragment.java
@@ -553,14 +553,18 @@ public class EncryptFilesFragment
data.addInputUris(mFilesAdapter.getAsArrayList());
if (mUseCompression) {
- data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.get(0));
+ data.setCompressionAlgorithm(
+ PgpConstants.OpenKeychainCompressionAlgorithmTags.USE_DEFAULT);
} else {
- data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
+ data.setCompressionAlgorithm(
+ PgpConstants.OpenKeychainCompressionAlgorithmTags.UNCOMPRESSED);
}
data.setHiddenRecipients(mHiddenRecipients);
data.setEnableAsciiArmorOutput(mAfterEncryptAction == AfterEncryptAction.COPY || mUseArmor);
- data.setSymmetricEncryptionAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
- data.setSignatureHashAlgorithm(PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+ data.setSymmetricEncryptionAlgorithm(
+ PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT);
+ data.setSignatureHashAlgorithm(
+ PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT);
EncryptActivity encryptActivity = (EncryptActivity) getActivity();
EncryptModeFragment modeFragment = encryptActivity.getModeFragment();
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
index 32257eb..60a2c99 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextFragment.java
@@ -223,15 +223,17 @@ public class EncryptTextFragment
data.setCleartextSignature(true);
if (mUseCompression) {
- data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.get(0));
+ data.setCompressionAlgorithm(
+ PgpConstants.OpenKeychainCompressionAlgorithmTags.USE_DEFAULT);
} else {
- data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED);
+ data.setCompressionAlgorithm(
+ PgpConstants.OpenKeychainCompressionAlgorithmTags.UNCOMPRESSED);
}
data.setHiddenRecipients(mHiddenRecipients);
data.setSymmetricEncryptionAlgorithm(
- PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+ PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT);
data.setSignatureHashAlgorithm(
- PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED);
+ PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_DEFAULT);
// Always use armor for messages
data.setEnableAsciiArmorOutput(true);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
index 224e008..9984c24 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
@@ -28,6 +28,7 @@ import android.view.View;
import android.widget.ImageView;
import android.widget.TextView;
+import org.openintents.openpgp.OpenPgpDecryptionResult;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.spongycastle.asn1.ASN1ObjectIdentifier;
import org.spongycastle.asn1.nist.NISTNamedCurves;
@@ -40,7 +41,6 @@ import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
import org.sufficientlysecure.keychain.pgp.KeyRing;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Curve;
-import org.sufficientlysecure.keychain.ui.util.FormattingUtils;
import org.sufficientlysecure.keychain.util.Log;
import java.nio.ByteBuffer;
@@ -408,7 +408,8 @@ public class KeyFormattingUtils {
UNVERIFIED,
UNKNOWN_KEY,
INVALID,
- NOT_SIGNED
+ NOT_SIGNED,
+ INSECURE
}
public static void setStatusImage(Context context, ImageView statusIcon, State state) {
@@ -443,18 +444,33 @@ public class KeyFormattingUtils {
@SuppressWarnings("deprecation") // context.getDrawable is api lvl 21, need to use deprecated
public static void setStatus(Context context, StatusHolder holder, DecryptVerifyResult result) {
- OpenPgpSignatureResult signatureResult = result.getSignatureResult();
-
if (holder.hasEncrypt()) {
+ OpenPgpDecryptionResult decryptionResult = result.getDecryptionResult();
+
int encText, encIcon, encColor;
- if (signatureResult != null && signatureResult.isSignatureOnly()) {
- encIcon = R.drawable.status_lock_open_24dp;
- encText = R.string.decrypt_result_not_encrypted;
- encColor = R.color.key_flag_red;
- } else {
- encIcon = R.drawable.status_lock_closed_24dp;
- encText = R.string.decrypt_result_encrypted;
- encColor = R.color.key_flag_green;
+
+ switch (decryptionResult.getResult()) {
+ case OpenPgpDecryptionResult.RESULT_ENCRYPTED: {
+ encText = R.string.decrypt_result_encrypted;
+ encIcon = R.drawable.status_lock_closed_24dp;
+ encColor = R.color.key_flag_green;
+ break;
+ }
+
+ case OpenPgpDecryptionResult.RESULT_INSECURE: {
+ encText = R.string.decrypt_result_insecure;
+ encIcon = R.drawable.status_signature_invalid_cutout_24dp;
+ encColor = R.color.key_flag_red;
+ break;
+ }
+
+ default:
+ case OpenPgpDecryptionResult.RESULT_NOT_ENCRYPTED: {
+ encText = R.string.decrypt_result_not_encrypted;
+ encIcon = R.drawable.status_lock_open_24dp;
+ encColor = R.color.key_flag_red;
+ break;
+ }
}
int encColorRes = context.getResources().getColor(encColor);
@@ -464,22 +480,27 @@ public class KeyFormattingUtils {
holder.getEncryptionStatusText().setTextColor(encColorRes);
}
+ OpenPgpSignatureResult signatureResult = result.getSignatureResult();
+
int sigText, sigIcon, sigColor;
int sigActionText, sigActionIcon;
- if (signatureResult == null) {
+ switch (signatureResult.getResult()) {
- sigText = R.string.decrypt_result_no_signature;
- sigIcon = R.drawable.status_signature_invalid_cutout_24dp;
- sigColor = R.color.key_flag_gray;
+ case OpenPgpSignatureResult.RESULT_NO_SIGNATURE: {
+ // no signature
- // won't be used, but makes compiler happy
- sigActionText = 0;
- sigActionIcon = 0;
+ sigText = R.string.decrypt_result_no_signature;
+ sigIcon = R.drawable.status_signature_invalid_cutout_24dp;
+ sigColor = R.color.key_flag_gray;
- } else switch (signatureResult.getStatus()) {
+ // won't be used, but makes compiler happy
+ sigActionText = 0;
+ sigActionIcon = 0;
+ break;
+ }
- case OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED: {
+ case OpenPgpSignatureResult.RESULT_VALID_CONFIRMED: {
sigText = R.string.decrypt_result_signature_certified;
sigIcon = R.drawable.status_signature_verified_cutout_24dp;
sigColor = R.color.key_flag_green;
@@ -489,7 +510,7 @@ public class KeyFormattingUtils {
break;
}
- case OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED: {
+ case OpenPgpSignatureResult.RESULT_VALID_UNCONFIRMED: {
sigText = R.string.decrypt_result_signature_uncertified;
sigIcon = R.drawable.status_signature_unverified_cutout_24dp;
sigColor = R.color.key_flag_orange;
@@ -499,7 +520,7 @@ public class KeyFormattingUtils {
break;
}
- case OpenPgpSignatureResult.SIGNATURE_KEY_REVOKED: {
+ case OpenPgpSignatureResult.RESULT_INVALID_KEY_REVOKED: {
sigText = R.string.decrypt_result_signature_revoked_key;
sigIcon = R.drawable.status_signature_revoked_cutout_24dp;
sigColor = R.color.key_flag_red;
@@ -509,7 +530,7 @@ public class KeyFormattingUtils {
break;
}
- case OpenPgpSignatureResult.SIGNATURE_KEY_EXPIRED: {
+ case OpenPgpSignatureResult.RESULT_INVALID_KEY_EXPIRED: {
sigText = R.string.decrypt_result_signature_expired_key;
sigIcon = R.drawable.status_signature_expired_cutout_24dp;
sigColor = R.color.key_flag_red;
@@ -519,7 +540,7 @@ public class KeyFormattingUtils {
break;
}
- case OpenPgpSignatureResult.SIGNATURE_KEY_MISSING: {
+ case OpenPgpSignatureResult.RESULT_KEY_MISSING: {
sigText = R.string.decrypt_result_signature_missing_key;
sigIcon = R.drawable.status_signature_unknown_cutout_24dp;
sigColor = R.color.key_flag_red;
@@ -529,8 +550,18 @@ public class KeyFormattingUtils {
break;
}
+ case OpenPgpSignatureResult.RESULT_INVALID_INSECURE: {
+ sigText = R.string.decrypt_result_insecure_cryptography;
+ sigIcon = R.drawable.status_signature_invalid_cutout_24dp;
+ sigColor = R.color.key_flag_red;
+
+ sigActionText = R.string.decrypt_result_action_show;
+ sigActionIcon = R.drawable.ic_vpn_key_grey_24dp;
+ break;
+ }
+
default:
- case OpenPgpSignatureResult.SIGNATURE_ERROR: {
+ case OpenPgpSignatureResult.RESULT_INVALID_SIGNATURE: {
sigText = R.string.decrypt_result_invalid_signature;
sigIcon = R.drawable.status_signature_invalid_cutout_24dp;
sigColor = R.color.key_flag_red;
@@ -548,7 +579,8 @@ public class KeyFormattingUtils {
holder.getSignatureStatusText().setText(sigText);
holder.getSignatureStatusText().setTextColor(sigColorRes);
- if (signatureResult != null) {
+ if (signatureResult.getResult() != OpenPgpSignatureResult.RESULT_NO_SIGNATURE) {
+ // has a signature, thus display layouts
holder.getSignatureLayout().setVisibility(View.VISIBLE);
@@ -556,7 +588,7 @@ public class KeyFormattingUtils {
holder.getSignatureAction().setCompoundDrawablesWithIntrinsicBounds(
0, 0, sigActionIcon, 0);
- String userId = signatureResult.getPrimaryUserId();
+ String userId = result.getSignatureResult().getPrimaryUserId();
KeyRing.UserId userIdSplit = KeyRing.splitUserId(userId);
if (userIdSplit.name != null) {
holder.getSignatureUserName().setText(userIdSplit.name);
@@ -687,6 +719,24 @@ public class KeyFormattingUtils {
}
break;
}
+ case INSECURE: {
+ if (big) {
+ statusIcon.setImageDrawable(
+ context.getResources().getDrawable(R.drawable.status_signature_invalid_cutout_96dp));
+ } else {
+ statusIcon.setImageDrawable(
+ context.getResources().getDrawable(R.drawable.status_signature_invalid_cutout_24dp));
+ }
+ if (color == KeyFormattingUtils.DEFAULT_COLOR) {
+ color = R.color.key_flag_red;
+ }
+ statusIcon.setColorFilter(context.getResources().getColor(color),
+ PorterDuff.Mode.SRC_IN);
+ if (statusText != null) {
+ statusText.setTextColor(context.getResources().getColor(color));
+ }
+ break;
+ }
case NOT_ENCRYPTED: {
statusIcon.setImageDrawable(
context.getResources().getDrawable(R.drawable.status_lock_open_24dp));
diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml
index ddf10c9..144617c 100644
--- a/OpenKeychain/src/main/res/values/strings.xml
+++ b/OpenKeychain/src/main/res/values/strings.xml
@@ -343,6 +343,7 @@
<!-- results shown after decryption/verification -->
<string name="decrypt_result_no_signature">"Not Signed"</string>
<string name="decrypt_result_invalid_signature">"Invalid signature!"</string>
+ <string name="decrypt_result_insecure_cryptography">"Invalid signature (Insecure Cryptography)!"</string>
<string name="decrypt_result_signature_uncertified">"Signed by <b>unconfirmed</b> key"</string>
<string name="decrypt_result_signature_secret">"Signed by your key"</string>
<string name="decrypt_result_signature_certified">"Signed by confirmed key"</string>
@@ -351,6 +352,7 @@
<string name="decrypt_result_signature_missing_key">"Signed by <b>unknown public key</b>"</string>
<string name="decrypt_result_encrypted">"Encrypted"</string>
<string name="decrypt_result_not_encrypted">"Not Encrypted"</string>
+ <string name="decrypt_result_insecure">"Insecure Encryption"</string>
<string name="decrypt_result_action_show">"Show"</string>
<string name="decrypt_result_action_Lookup">"Lookup"</string>
<string name="decrypt_invalid_text">"Either the signature is invalid or the key has been revoked. You cannot be sure who wrote the text. Do you still want to display it?"</string>
@@ -1163,7 +1165,7 @@
<string name="msg_dc_trail_sym">"Encountered trailing, symmetrically encrypted data"</string>
<string name="msg_dc_trail_unknown">"Encountered trailing data of unknown type"</string>
<string name="msg_dc_unlocking">"Unlocking secret key"</string>
- <string name="msg_dc_old_symmetric_encryption_algo">"Potentially insecure encryption algorithm has been used!"</string>
+ <string name="msg_dc_old_symmetric_encryption_algo">"Insecure encryption algorithm has been used!"</string>
<!-- Messages for VerifySignedLiteralData operation -->
<string name="msg_vl">"Starting signature check"</string>
diff --git a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
index edd7880..af00c06 100644
--- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
+++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
@@ -191,7 +191,7 @@ public class PgpEncryptDecryptTest {
Assert.assertEquals("cached session keys must be empty",
0, cryptoInput.getCryptoData().size());
- OpenPgpMetadata metadata = result.getDecryptMetadata();
+ OpenPgpMetadata metadata = result.getDecryptionMetadata();
Assert.assertEquals("filesize must be correct",
out.toByteArray().length, metadata.getOriginalSize());
}
@@ -297,7 +297,7 @@ public class PgpEncryptDecryptTest {
Assert.assertEquals("must have one cached session key",
1, cryptoInput.getCryptoData().size());
- OpenPgpMetadata metadata = result.getDecryptMetadata();
+ OpenPgpMetadata metadata = result.getDecryptionMetadata();
Assert.assertEquals("filesize must be correct",
out.toByteArray().length, metadata.getOriginalSize());
@@ -486,7 +486,7 @@ public class PgpEncryptDecryptTest {
out.toByteArray(), plaintext.getBytes());
Assert.assertNull("signature should be empty", result.getSignatureResult());
- OpenPgpMetadata metadata = result.getDecryptMetadata();
+ OpenPgpMetadata metadata = result.getDecryptionMetadata();
Assert.assertEquals("filesize must be correct",
out.toByteArray().length, metadata.getOriginalSize());
}
@@ -604,9 +604,9 @@ public class PgpEncryptDecryptTest {
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertEquals("signature should be verified and certified",
- OpenPgpSignatureResult.SIGNATURE_SUCCESS_CERTIFIED, result.getSignatureResult().getStatus());
+ OpenPgpSignatureResult.RESULT_VALID_CONFIRMED, result.getSignatureResult().getResult());
- OpenPgpMetadata metadata = result.getDecryptMetadata();
+ OpenPgpMetadata metadata = result.getDecryptionMetadata();
Assert.assertEquals("filesize must be correct",
out.toByteArray().length, metadata.getOriginalSize());
}
@@ -631,8 +631,8 @@ public class PgpEncryptDecryptTest {
Assert.assertArrayEquals("decrypted ciphertext with cached passphrase should equal plaintext",
out.toByteArray(), plaintext.getBytes());
Assert.assertEquals("signature key should be missing",
- OpenPgpSignatureResult.SIGNATURE_KEY_MISSING,
- result.getSignatureResult().getStatus());
+ OpenPgpSignatureResult.RESULT_KEY_MISSING,
+ result.getSignatureResult().getResult());
}
}
diff --git a/extern/openpgp-api-lib b/extern/openpgp-api-lib
-Subproject 5a24bb3428e89d394861d71bd50b46d941d6c87
+Subproject b42636ec3ec63bef61af264a0a9b09998db8186