aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src/main
diff options
context:
space:
mode:
Diffstat (limited to 'OpenKeychain/src/main')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java4
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java8
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java4
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java3
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java2
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java41
6 files changed, 42 insertions, 20 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index 9d21e89b3..b529c4309 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -289,7 +289,7 @@ public class PgpDecryptVerify {
// allow only specific keys for decryption?
if (mAllowedKeyIds != null) {
- long masterKeyId = secretEncryptionKey.getRing().getMasterKeyId();
+ long masterKeyId = secretKeyRing.getMasterKeyId();
Log.d(Constants.TAG, "encData.getKeyID(): " + subKeyId);
Log.d(Constants.TAG, "mAllowedKeyIds: " + mAllowedKeyIds);
Log.d(Constants.TAG, "masterKeyId: " + masterKeyId);
@@ -418,7 +418,7 @@ public class PgpDecryptVerify {
log.add(LogType.MSG_DC_PENDING_NFC, indent +1);
DecryptVerifyResult result =
new DecryptVerifyResult(DecryptVerifyResult.RESULT_PENDING_NFC, log);
- result.setNfcState(e.encryptedSessionKey, mPassphrase);
+ result.setNfcState(secretEncryptionKey.getKeyId(), e.encryptedSessionKey, mPassphrase);
return result;
}
encryptedData = encryptedDataAsymmetric;
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java
index 4a0aec548..7fa1b7363 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/results/DecryptVerifyResult.java
@@ -35,6 +35,7 @@ public class DecryptVerifyResult extends OperationResult {
long mKeyIdPassphraseNeeded;
+ long mNfcSubKeyId;
byte[] mNfcSessionKey;
String mNfcPassphrase;
@@ -49,11 +50,16 @@ public class DecryptVerifyResult extends OperationResult {
mKeyIdPassphraseNeeded = keyIdPassphraseNeeded;
}
- public void setNfcState(byte[] sessionKey, String passphrase) {
+ public void setNfcState(long subKeyId, byte[] sessionKey, String passphrase) {
+ mNfcSubKeyId = subKeyId;
mNfcSessionKey = sessionKey;
mNfcPassphrase = passphrase;
}
+ public long getNfcSubKeyId() {
+ return mNfcSubKeyId;
+ }
+
public byte[] getNfcEncryptedSessionKey() {
return mNfcSessionKey;
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
index 6a2fe6f14..2cc7b0bbb 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFilesFragment.java
@@ -216,7 +216,7 @@ public class DecryptFilesFragment extends DecryptFragment {
startPassphraseDialog(Constants.key.symmetric);
} else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
DecryptVerifyResult.RESULT_PENDING_NFC) {
- startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+ startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
} else {
throw new RuntimeException("Unhandled pending result!");
}
@@ -290,7 +290,7 @@ public class DecryptFilesFragment extends DecryptFragment {
startPassphraseDialog(Constants.key.symmetric);
} else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
DecryptVerifyResult.RESULT_PENDING_NFC) {
- startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+ startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
} else {
throw new RuntimeException("Unhandled pending result!");
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
index c4c6c383e..31a307194 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptFragment.java
@@ -89,11 +89,12 @@ public abstract class DecryptFragment extends Fragment {
startActivityForResult(intent, REQUEST_CODE_PASSPHRASE);
}
- protected void startNfcDecrypt(String pin, byte[] encryptedSessionKey) {
+ protected void startNfcDecrypt(long subKeyId, String pin, byte[] encryptedSessionKey) {
// build PendingIntent for Yubikey NFC operations
Intent intent = new Intent(getActivity(), NfcActivity.class);
intent.setAction(NfcActivity.ACTION_DECRYPT_SESSION_KEY);
intent.putExtra(NfcActivity.EXTRA_DATA, new Intent()); // not used, only relevant to OpenPgpService
+ intent.putExtra(NfcActivity.EXTRA_KEY_ID, subKeyId);
intent.putExtra(NfcActivity.EXTRA_PIN, pin);
intent.putExtra(NfcActivity.EXTRA_NFC_ENC_SESSION_KEY, encryptedSessionKey);
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
index d69778fa0..134d26c8c 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptTextFragment.java
@@ -172,7 +172,7 @@ public class DecryptTextFragment extends DecryptFragment {
startPassphraseDialog(Constants.key.symmetric);
} else if ((pgpResult.getResult() & DecryptVerifyResult.RESULT_PENDING_NFC) ==
DecryptVerifyResult.RESULT_PENDING_NFC) {
- startNfcDecrypt(pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
+ startNfcDecrypt(pgpResult.getNfcSubKeyId(), pgpResult.getNfcPassphrase(), pgpResult.getNfcEncryptedSessionKey());
} else {
throw new RuntimeException("Unhandled pending result!");
}
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
index 163e9b253..4750d9840 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/NfcActivity.java
@@ -205,19 +205,6 @@ public class NfcActivity extends ActionBarActivity {
return;
}
- // If we were supplied with a key id for checking, do so
- if (mKeyId != null) {
- // We always check the master key id
- long keyId = nfcGetKeyId(mIsoDep, 0);
- // If it's wrong, just cancel
- if (keyId != mKeyId) {
- toast("NFC Tag has wrong key id!");
- setResult(RESULT_CANCELED, mServiceIntent);
- finish();
- return;
- }
- }
-
// Command APDU for VERIFY command (page 32)
String login =
"00" // CLA
@@ -234,6 +221,20 @@ public class NfcActivity extends ActionBarActivity {
}
if (ACTION_SIGN_HASH.equals(mAction)) {
+
+ // If we were supplied with a key id for checking, do so
+ if (mKeyId != null) {
+ // For signing, we check the master key
+ long keyId = nfcGetKeyId(mIsoDep, 0);
+ // If it's wrong, just cancel
+ if (keyId != mKeyId) {
+ toast("NFC Tag has wrong signing key id!");
+ setResult(RESULT_CANCELED, mServiceIntent);
+ finish();
+ return;
+ }
+ }
+
// returns signed hash
byte[] signedHash = nfcCalculateSignature(mHashToSign, mHashAlgo);
@@ -252,6 +253,20 @@ public class NfcActivity extends ActionBarActivity {
finish();
} else if (ACTION_DECRYPT_SESSION_KEY.equals(mAction)) {
+
+ // If we were supplied with a key id for checking, do so
+ if (mKeyId != null) {
+ // For decryption, we check the confidentiality key
+ long keyId = nfcGetKeyId(mIsoDep, 1);
+ // If it's wrong, just cancel
+ if (keyId != mKeyId) {
+ toast("NFC Tag has wrong encryption key id!");
+ setResult(RESULT_CANCELED, mServiceIntent);
+ finish();
+ return;
+ }
+ }
+
byte[] decryptedSessionKey = nfcDecryptSessionKey(mEncryptedSessionKey);
// give data through for new service call