diff options
author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-03-15 20:02:57 +0100 |
---|---|---|
committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-03-15 20:02:57 +0100 |
commit | 4afd6b881edfd0bc404734a4e8959a7a0fa785a7 (patch) | |
tree | 63a051fb595d168f8ddbfd76a51bb2319889d40b /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp | |
parent | ba7d8a58673d55660bc7faf68970229f17458514 (diff) | |
parent | db39b779c984a758e13adc16837893509f3b364f (diff) | |
download | open-keychain-4afd6b881edfd0bc404734a4e8959a7a0fa785a7.tar.gz open-keychain-4afd6b881edfd0bc404734a4e8959a7a0fa785a7.tar.bz2 open-keychain-4afd6b881edfd0bc404734a4e8959a7a0fa785a7.zip |
Merge branch 'development' into linked-identities
Conflicts:
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyActivity.java
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/ViewKeyFragment.java
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')
4 files changed, 31 insertions, 29 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java index 303070333..8104c5249 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java @@ -126,26 +126,27 @@ public class CanonicalizedPublicKey extends UncachedPublicKey { // the getValidSeconds method is unreliable for master keys. we need to iterate all // user ids, then use the most recent certification from a non-revoked user id if (isMasterKey()) { - Date latestCreation = null; seconds = 0; + long masterKeyId = getKeyId(); + + Date latestCreation = null; for (byte[] rawUserId : getUnorderedRawUserIds()) { Iterator<WrappedSignature> sigs = getSignaturesForRawId(rawUserId); + while (sigs.hasNext()) { + WrappedSignature sig = sigs.next(); + if (sig.getKeyId() != masterKeyId) { + continue; + } + if (sig.isRevocation()) { + continue; + } + + if (latestCreation == null || latestCreation.before(sig.getCreationTime())) { + latestCreation = sig.getCreationTime(); + seconds = sig.getKeyExpirySeconds(); + } - // there is always a certification, so this call is safe - WrappedSignature sig = sigs.next(); - - // we know a user id has at most two sigs: one certification, one revocation. - // if the sig is a revocation, or there is another sig (which is a revocation), - // the data in this uid is not relevant - if (sig.isRevocation() || sigs.hasNext()) { - continue; - } - - // this is our revocation, UNLESS there is a newer certificate! - if (latestCreation == null || latestCreation.before(sig.getCreationTime())) { - latestCreation = sig.getCreationTime(); - seconds = sig.getKeyExpirySeconds(); } } } else { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java index c3fccc789..ab91d7747 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java @@ -18,9 +18,7 @@ package org.sufficientlysecure.keychain.pgp; -import org.spongycastle.bcpg.HashAlgorithmTags; import org.spongycastle.bcpg.S2K; -import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags; import org.spongycastle.openpgp.PGPException; import org.spongycastle.openpgp.PGPPrivateKey; import org.spongycastle.openpgp.PGPPublicKey; @@ -31,7 +29,6 @@ import org.spongycastle.openpgp.PGPSignatureGenerator; import org.spongycastle.openpgp.PGPSignatureSubpacketGenerator; import org.spongycastle.openpgp.PGPSignatureSubpacketVector; import org.spongycastle.openpgp.PGPUserAttributeSubpacketVector; -import org.spongycastle.openpgp.PGPUtil; import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor; import org.spongycastle.openpgp.operator.PGPContentSignerBuilder; import org.spongycastle.openpgp.operator.PublicKeyDataDecryptorFactory; @@ -43,13 +40,11 @@ import org.spongycastle.openpgp.operator.jcajce.NfcSyncPublicKeyDataDecryptorFac import org.sufficientlysecure.keychain.Constants; import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; -import org.sufficientlysecure.keychain.util.IterableIterator; import org.sufficientlysecure.keychain.util.Log; import java.util.ArrayList; import java.util.Date; import java.util.HashMap; -import java.util.LinkedList; import java.util.List; /** @@ -287,9 +282,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { // create a signatureGenerator from the supplied masterKeyId and passphrase PGPSignatureGenerator signatureGenerator; { - // TODO: SHA256 fixed? - PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(PGPUtil.SHA256, - nfcSignedHash, nfcCreationTimestamp); + PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder( + PgpConstants.CERTIFY_HASH_ALGO, nfcSignedHash, nfcCreationTimestamp); signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); try { @@ -351,9 +345,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { // create a signatureGenerator from the supplied masterKeyId and passphrase PGPSignatureGenerator signatureGenerator; { - // TODO: SHA256 fixed? - PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(PGPUtil.SHA256, - nfcSignedHash, nfcCreationTimestamp); + PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder( + PgpConstants.CERTIFY_HASH_ALGO, nfcSignedHash, nfcCreationTimestamp); signatureGenerator = new PGPSignatureGenerator(contentSignerBuilder); try { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java index 46defebf7..ed4715681 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java @@ -104,8 +104,8 @@ public class OpenPgpSignatureResultBuilder { setUserIds(signingRing.getUnorderedUserIds()); // either master key is expired/revoked or this specific subkey is expired/revoked - setKeyExpired(signingRing.isExpired() || signingKey.isMaybeExpired()); - setKeyRevoked(signingRing.isRevoked() || signingKey.isMaybeRevoked()); + setKeyExpired(signingRing.isExpired() || signingKey.isExpired()); + setKeyRevoked(signingRing.isRevoked() || signingKey.isRevoked()); } public OpenPgpSignatureResult build() { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java index 90991ba15..f739b1e6d 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java @@ -53,11 +53,19 @@ public class PgpConstants { sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA1); sPreferredHashAlgorithms.add(HashAlgorithmTags.RIPEMD160); + /* + * Prefer ZIP + * "ZLIB provides no benefit over ZIP and is more malleable" + * - (OpenPGP WG mailinglist: "[openpgp] Intent to deprecate: Insecure primitives") + * BZIP2: very slow + */ + sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZIP); sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZLIB); sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.BZIP2); - sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZIP); } + public static final int CERTIFY_HASH_ALGO = HashAlgorithmTags.SHA256; + /* * Note: s2kcount is a number between 0 and 0xff that controls the * number of times to iterate the password hash before use. More |