use only primary and mutually bound subkeys for fingerprint verification

author: Vincent Breitmoser <valodim@mugenguild.com> 2015-10-06 15:06:36 +0200
committer: Vincent Breitmoser <valodim@mugenguild.com> 2015-10-06 15:06:36 +0200
commit: 8f40c6df5108f30dc424e4d802f49f3392738724 (patch)
tree: 2d5c20bd06f2ae6f526e9d24a6a16d9384fa9a18
parent: dfc396a44cc84556ee190418a0a5bc5752b0f148 (diff)
download: open-keychain-8f40c6df5108f30dc424e4d802f49f3392738724.tar.gz
open-keychain-8f40c6df5108f30dc424e4d802f49f3392738724.tar.bz2
open-keychain-8f40c6df5108f30dc424e4d802f49f3392738724.zip
3 files changed, 11 insertions, 7 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
index 18a27dd96..6f1e78ce6 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedKeyRing.java
@@ -154,8 +154,13 @@ public abstract class CanonicalizedKeyRing extends KeyRing {
         return getRing().getEncoded();
     }
 
-    public boolean containsSubkey(String expectedFingerprint) {
+    /// Returns true iff the keyring contains a primary key or mutually bound subkey with the expected fingerprint
+    public boolean containsBoundSubkey(String expectedFingerprint) {
         for (CanonicalizedPublicKey key : publicKeyIterator()) {
+            boolean isMasterOrMutuallyBound = key.isMasterKey() || key.canSign();
+            if (!isMasterOrMutuallyBound) {
+                continue;
+            }
             if (KeyFormattingUtils.convertFingerprintToHex(
                     key.getFingerprint()).equalsIgnoreCase(expectedFingerprint)) {
                 return true;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
index a6823d3ac..375775ff1 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java
@@ -62,7 +62,6 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.Certs;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData;
 import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
 import org.sufficientlysecure.keychain.provider.KeychainContract.Keys;
-import org.sufficientlysecure.keychain.provider.KeychainContract.UserPackets;
 import org.sufficientlysecure.keychain.provider.KeychainContract.UpdatedKeys;
 import org.sufficientlysecure.keychain.remote.AccountSettings;
 import org.sufficientlysecure.keychain.remote.AppSettings;
@@ -968,7 +967,7 @@ public class ProviderHelper {
 
             // If we have an expected fingerprint, make sure it matches
             if (expectedFingerprint != null) {
-                if (!canPublicRing.containsSubkey(expectedFingerprint)) {
+                if (!canPublicRing.containsBoundSubkey(expectedFingerprint)) {
                     log(LogType.MSG_IP_FINGERPRINT_ERROR);
                     return new SaveKeyringResult(SaveKeyringResult.RESULT_ERROR, mLog, null);
                 } else {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java
index f7925b7f4..648c5f962 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateYubiKeyImportFragment.java
@@ -49,7 +49,7 @@ public class CreateYubiKeyImportFragment
         extends QueueingCryptoOperationFragment<ImportKeyringParcel, ImportKeyResult>
         implements NfcListenerFragment {
 
-    private static final String ARG_FINGERPRINT = "fingerprint";
+    private static final String ARG_FINGERPRINTS = "fingerprint";
     public static final String ARG_AID = "aid";
     public static final String ARG_USER_ID = "user_ids";
 
@@ -72,7 +72,7 @@ public class CreateYubiKeyImportFragment
         CreateYubiKeyImportFragment frag = new CreateYubiKeyImportFragment();
 
         Bundle args = new Bundle();
-        args.putByteArray(ARG_FINGERPRINT, scannedFingerprints);
+        args.putByteArray(ARG_FINGERPRINTS, scannedFingerprints);
         args.putByteArray(ARG_AID, nfcAid);
         args.putString(ARG_USER_ID, userId);
         frag.setArguments(args);
@@ -86,7 +86,7 @@ public class CreateYubiKeyImportFragment
 
         Bundle args = savedInstanceState != null ? savedInstanceState : getArguments();
 
-        mNfcFingerprints = args.getByteArray(ARG_FINGERPRINT);
+        mNfcFingerprints = args.getByteArray(ARG_FINGERPRINTS);
         mNfcAid = args.getByteArray(ARG_AID);
         mNfcUserId = args.getString(ARG_USER_ID);
 
@@ -149,7 +149,7 @@ public class CreateYubiKeyImportFragment
     public void onSaveInstanceState(Bundle args) {
         super.onSaveInstanceState(args);
 
-        args.putByteArray(ARG_FINGERPRINT, mNfcFingerprints);
+        args.putByteArray(ARG_FINGERPRINTS, mNfcFingerprints);
         args.putByteArray(ARG_AID, mNfcAid);
         args.putString(ARG_USER_ID, mNfcUserId);
     }
author	Vincent Breitmoser <valodim@mugenguild.com>	2015-10-06 15:06:36 +0200
committer	Vincent Breitmoser <valodim@mugenguild.com>	2015-10-06 15:06:36 +0200
commit	8f40c6df5108f30dc424e4d802f49f3392738724 (patch)
tree	2d5c20bd06f2ae6f526e9d24a6a16d9384fa9a18
parent	dfc396a44cc84556ee190418a0a5bc5752b0f148 (diff)
download	open-keychain-8f40c6df5108f30dc424e4d802f49f3392738724.tar.gz open-keychain-8f40c6df5108f30dc424e4d802f49f3392738724.tar.bz2 open-keychain-8f40c6df5108f30dc424e4d802f49f3392738724.zip