From bb0baa815e224004a72bee5ff1fad46c530df5d8 Mon Sep 17 00:00:00 2001 From: Ashley Hughes Date: Tue, 14 Jan 2014 15:03:35 +0000 Subject: check primary bindings --- .../keychain/pgp/PgpOperation.java | 75 +++++++++++++--------- 1 file changed, 45 insertions(+), 30 deletions(-) (limited to 'OpenPGP-Keychain/src') diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java index 804d22187..6f0821fdc 100644 --- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java +++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java @@ -33,7 +33,11 @@ import java.util.Iterator; import org.spongycastle.bcpg.ArmoredInputStream; import org.spongycastle.bcpg.ArmoredOutputStream; +import org.spongycastle.bcpg.BCPGInputStream; import org.spongycastle.bcpg.BCPGOutputStream; + +import org.spongycastle.bcpg.SignaturePacket; + import org.spongycastle.bcpg.SignatureSubpacket; import org.spongycastle.bcpg.SignatureSubpacketTags; import org.spongycastle.openpgp.PGPCompressedData; @@ -892,7 +896,11 @@ public class PgpOperation { boolean sig_isok = signature.verify(); - //We should only do the next part if the singing key was a subkey - not the master key! + //Now check binding signatures + boolean subkeyBinding_isok = false; + boolean tmp_subkeyBinding_isok = false; + boolean primkeyBinding_isok = false; + signatureKeyId = signature.getKeyID(); String userId = null; PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext, @@ -901,39 +909,46 @@ public class PgpOperation { if (signKeyRing != null) { mKey = PgpKeyHelper.getMasterKey(signKeyRing); } - Iterator itr = signatureKey.getSignatures(); - - boolean subkeyBinding_isok = false; - boolean tmp_subkeyBinding_isok = false; - boolean primkeyBinding_isok = false; - while (itr.hasNext()) { //what does gpg do if the subkey binding is wrong? - //gpg has an invalid subkey binding error on key import I think, but doesn't shout - //about keys without subkey signing. Can't get it to import a slightly broken one - //either, so we will err on bad subkey binding here. - PGPSignature sig = itr.next(); - if (sig.getKeyID() == mKey.getKeyID() && sig.getSignatureType() == PGPSignature.SUBKEY_BINDING) { - //check and if ok, check primary key binding. - sig.init(contentVerifierBuilderProvider, mKey); - tmp_subkeyBinding_isok = sig.verifyCertification(mKey, signatureKey); - if (tmp_subkeyBinding_isok) - subkeyBinding_isok = true; - if (tmp_subkeyBinding_isok) { - PGPSignatureSubpacketVector hPkts = sig.getHashedSubPackets(); - PGPSignatureSubpacketVector uhPkts = sig.getUnhashedSubPackets(); - if (hPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) { - SignatureSubpacket[] subsigpkts = hPkts.getSubpackets(SignatureSubpacketTags.EMBEDDED_SIGNATURE); - PGPSignature[] vals = new PGPSignature[subsigpkts.length]; - for (int i = 0; i < subsigpkts.length; i++) - { - vals[i] = (PGPSignature)subsigpkts[i]; - } - } - if (uhPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) { + if (signature.getKeyID() != mKey.getKeyID()) { + Iterator itr = signatureKey.getSignatures(); + + subkeyBinding_isok = false; + tmp_subkeyBinding_isok = false; + primkeyBinding_isok = false; + while (itr.hasNext()) { //what does gpg do if the subkey binding is wrong? + //gpg has an invalid subkey binding error on key import I think, but doesn't shout + //about keys without subkey signing. Can't get it to import a slightly broken one + //either, so we will err on bad subkey binding here. + PGPSignature sig = itr.next(); + if (sig.getKeyID() == mKey.getKeyID() && sig.getSignatureType() == PGPSignature.SUBKEY_BINDING) { + //check and if ok, check primary key binding. + sig.init(contentVerifierBuilderProvider, mKey); + tmp_subkeyBinding_isok = sig.verifyCertification(mKey, signatureKey); + if (tmp_subkeyBinding_isok) + subkeyBinding_isok = true; + if (tmp_subkeyBinding_isok) { + PGPSignatureSubpacketVector hPkts = sig.getHashedSubPackets(); + PGPSignatureSubpacketVector uhPkts = sig.getUnhashedSubPackets(); + if (uhPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) { + PGPSignatureList eSigList = uhPkts.getEmbeddedSignatures(); + for (int j = 0; j < eSigList.size(); ++j) { + PGPSignature emSig = eSigList.get(j); + emSig.init(contentVerifierBuilderProvider, signatureKey); + primkeyBinding_isok = emSig.verifyCertification(mKey, signatureKey); + if (primkeyBinding_isok) + break; + } + } + if (hPkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) { + } } } } + } else { //if the key used to make the signature was the master key, no need to check binding sigs + subkeyBinding_isok = true; + primkeyBinding_isok = true; } - returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & subkeyBinding_isok); + returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & subkeyBinding_isok & primkeyBinding_isok); updateProgress(R.string.progress_done, 100, 100); return returnData; -- cgit v1.2.3