diff options
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java | 52 |
1 files changed, 34 insertions, 18 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java index 95937a233..36f31e20e 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/NfcKeyToCardOperation.java @@ -19,6 +19,7 @@ package org.sufficientlysecure.keychain.operations; import android.content.Context; +import org.spongycastle.bcpg.PublicKeyAlgorithmTags; import org.sufficientlysecure.keychain.operations.results.NfcKeyToCardResult; import org.sufficientlysecure.keychain.operations.results.OperationResult; import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey; @@ -26,6 +27,7 @@ import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing; import org.sufficientlysecure.keychain.pgp.Progressable; import org.sufficientlysecure.keychain.provider.ProviderHelper; import org.sufficientlysecure.keychain.service.input.RequiredInputParcel; +import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils; public class NfcKeyToCardOperation extends BaseOperation { public NfcKeyToCardOperation(Context context, ProviderHelper providerHelper, Progressable progressable) { @@ -43,32 +45,46 @@ public class NfcKeyToCardOperation extends BaseOperation { CanonicalizedSecretKeyRing keyRing = mProviderHelper.getCanonicalizedSecretKeyRing(masterKeyId); - log.add(OperationResult.LogType.MSG_KC_SECRET, indent); + log.add(OperationResult.LogType.MSG_KC_SECRET, indent, + KeyFormattingUtils.convertKeyIdToHex(masterKeyId)); // fetch the specific subkey CanonicalizedSecretKey subKey = keyRing.getSecretKey(subKeyId); - switch (subKey.getSecretKeyType()) { - case DIVERT_TO_CARD: - case GNU_DUMMY: { - throw new AssertionError( - "Cannot export GNU_DUMMY/DIVERT_TO_CARD key to a smart card!" - + " This is a programming error!"); - } + // Key algorithm must be RSA + int algorithm = subKey.getAlgorithm(); + if (algorithm != PublicKeyAlgorithmTags.RSA_ENCRYPT && + algorithm != PublicKeyAlgorithmTags.RSA_SIGN && + algorithm != PublicKeyAlgorithmTags.RSA_GENERAL) { + log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_ALGO, indent + 1); + return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log); + } - case PIN: - case PATTERN: - case PASSPHRASE: { - log.add(OperationResult.LogType.MSG_PSE_PENDING_NFC, indent); - return new NfcKeyToCardResult(log, RequiredInputParcel - .createNfcKeyToCardOperation(masterKeyId, subKeyId)); - } + // Key size must be 2048 + int keySize = subKey.getBitStrength(); + if (keySize != 2048) { + log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_SIZE, indent + 1); + return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log); + } - default: { - throw new AssertionError("Unhandled SecretKeyType! (should not happen)"); - } + // Secret key parts must be available + CanonicalizedSecretKey.SecretKeyType type = subKey.getSecretKeyType(); + if (type == CanonicalizedSecretKey.SecretKeyType.DIVERT_TO_CARD || + type == CanonicalizedSecretKey.SecretKeyType.GNU_DUMMY) { + log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_STRIPPED, indent + 1); + return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log); + } + if (type == CanonicalizedSecretKey.SecretKeyType.PIN || + type == CanonicalizedSecretKey.SecretKeyType.PATTERN || + type == CanonicalizedSecretKey.SecretKeyType.PASSPHRASE || + type == CanonicalizedSecretKey.SecretKeyType.PASSPHRASE_EMPTY) { + log.add(OperationResult.LogType.MSG_PSE_PENDING_NFC, indent); + return new NfcKeyToCardResult(log, RequiredInputParcel + .createNfcKeyToCardOperation(masterKeyId, subKeyId)); } + + throw new AssertionError("Unhandled SecretKeyType! (should not happen)"); } catch (ProviderHelper.NotFoundException e) { log.add(OperationResult.LogType.MSG_PSE_ERROR_UNLOCK, indent); return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log); |