1 files changed, 34 insertions, 18 deletions

diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java
index 95937a233..36f31e20e 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java
@@ -19,6 +19,7 @@ package org.sufficientlysecure.keychain.operations;
 
 import android.content.Context;
 
+import org.spongycastle.bcpg.PublicKeyAlgorithmTags;
 import org.sufficientlysecure.keychain.operations.results.NfcKeyToCardResult;
 import org.sufficientlysecure.keychain.operations.results.OperationResult;
 import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
@@ -26,6 +27,7 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
 import org.sufficientlysecure.keychain.pgp.Progressable;
 import org.sufficientlysecure.keychain.provider.ProviderHelper;
 import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
+import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
 
 public class NfcKeyToCardOperation extends BaseOperation {
     public NfcKeyToCardOperation(Context context, ProviderHelper providerHelper, Progressable progressable) {
@@ -43,32 +45,46 @@ public class NfcKeyToCardOperation extends BaseOperation {
             CanonicalizedSecretKeyRing keyRing =
                     mProviderHelper.getCanonicalizedSecretKeyRing(masterKeyId);
 
-            log.add(OperationResult.LogType.MSG_KC_SECRET, indent);
+            log.add(OperationResult.LogType.MSG_KC_SECRET, indent,
+                    KeyFormattingUtils.convertKeyIdToHex(masterKeyId));
 
             // fetch the specific subkey
             CanonicalizedSecretKey subKey = keyRing.getSecretKey(subKeyId);
 
-            switch (subKey.getSecretKeyType()) {
-                case DIVERT_TO_CARD:
-                case GNU_DUMMY: {
-                    throw new AssertionError(
-                            "Cannot export GNU_DUMMY/DIVERT_TO_CARD key to a smart card!"
-                                    + " This is a programming error!");
-                }
+            // Key algorithm must be RSA
+            int algorithm = subKey.getAlgorithm();
+            if (algorithm != PublicKeyAlgorithmTags.RSA_ENCRYPT &&
+                algorithm != PublicKeyAlgorithmTags.RSA_SIGN &&
+                algorithm != PublicKeyAlgorithmTags.RSA_GENERAL) {
+                log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_ALGO, indent + 1);
+                return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
+            }
 
-                case PIN:
-                case PATTERN:
-                case PASSPHRASE: {
-                    log.add(OperationResult.LogType.MSG_PSE_PENDING_NFC, indent);
-                    return new NfcKeyToCardResult(log, RequiredInputParcel
-                            .createNfcKeyToCardOperation(masterKeyId, subKeyId));
-                }
+            // Key size must be 2048
+            int keySize = subKey.getBitStrength();
+            if (keySize != 2048) {
+                log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_SIZE, indent + 1);
+                return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
+            }
 
-                default: {
-                    throw new AssertionError("Unhandled SecretKeyType! (should not happen)");
-                }
+            // Secret key parts must be available
+            CanonicalizedSecretKey.SecretKeyType type = subKey.getSecretKeyType();
+            if (type == CanonicalizedSecretKey.SecretKeyType.DIVERT_TO_CARD ||
+                type == CanonicalizedSecretKey.SecretKeyType.GNU_DUMMY) {
+                log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_STRIPPED, indent + 1);
+                return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
+            }
 
+            if (type == CanonicalizedSecretKey.SecretKeyType.PIN ||
+                type == CanonicalizedSecretKey.SecretKeyType.PATTERN ||
+                type == CanonicalizedSecretKey.SecretKeyType.PASSPHRASE ||
+                type == CanonicalizedSecretKey.SecretKeyType.PASSPHRASE_EMPTY) {
+                log.add(OperationResult.LogType.MSG_PSE_PENDING_NFC, indent);
+                return new NfcKeyToCardResult(log, RequiredInputParcel
+                        .createNfcKeyToCardOperation(masterKeyId, subKeyId));
             }
+
+            throw new AssertionError("Unhandled SecretKeyType! (should not happen)");
         } catch (ProviderHelper.NotFoundException e) {
             log.add(OperationResult.LogType.MSG_PSE_ERROR_UNLOCK, indent);
             return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);