1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
|
/*
* Copyright (C) 2015 Joey Castillo <joey@joeycastillo.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.operations;
import android.content.Context;
import org.spongycastle.bcpg.PublicKeyAlgorithmTags;
import org.sufficientlysecure.keychain.operations.results.NfcKeyToCardResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKey;
import org.sufficientlysecure.keychain.pgp.CanonicalizedSecretKeyRing;
import org.sufficientlysecure.keychain.pgp.Progressable;
import org.sufficientlysecure.keychain.provider.ProviderHelper;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
public class NfcKeyToCardOperation extends BaseOperation {
public NfcKeyToCardOperation(Context context, ProviderHelper providerHelper, Progressable progressable) {
super(context, providerHelper, progressable);
}
public NfcKeyToCardResult execute(long subKeyId) {
OperationResult.OperationLog log = new OperationResult.OperationLog();
int indent = 0;
long masterKeyId;
try {
// fetch the indicated master key id
masterKeyId = mProviderHelper.getMasterKeyId(subKeyId);
CanonicalizedSecretKeyRing keyRing =
mProviderHelper.getCanonicalizedSecretKeyRing(masterKeyId);
log.add(OperationResult.LogType.MSG_KC_SECRET, indent,
KeyFormattingUtils.convertKeyIdToHex(masterKeyId));
// fetch the specific subkey
CanonicalizedSecretKey subKey = keyRing.getSecretKey(subKeyId);
// Key algorithm must be RSA
int algorithm = subKey.getAlgorithm();
if (algorithm != PublicKeyAlgorithmTags.RSA_ENCRYPT &&
algorithm != PublicKeyAlgorithmTags.RSA_SIGN &&
algorithm != PublicKeyAlgorithmTags.RSA_GENERAL) {
log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_ALGO, indent + 1);
return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
}
// Key size must be 2048
int keySize = subKey.getBitStrength();
if (keySize != 2048) {
log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_SIZE, indent + 1);
return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
}
// Secret key parts must be available
CanonicalizedSecretKey.SecretKeyType type = subKey.getSecretKeyType();
if (type == CanonicalizedSecretKey.SecretKeyType.DIVERT_TO_CARD ||
type == CanonicalizedSecretKey.SecretKeyType.GNU_DUMMY) {
log.add(OperationResult.LogType.MSG_K2C_ERROR_BAD_STRIPPED, indent + 1);
return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
}
if (type == CanonicalizedSecretKey.SecretKeyType.PIN ||
type == CanonicalizedSecretKey.SecretKeyType.PATTERN ||
type == CanonicalizedSecretKey.SecretKeyType.PASSPHRASE ||
type == CanonicalizedSecretKey.SecretKeyType.PASSPHRASE_EMPTY) {
log.add(OperationResult.LogType.MSG_PSE_PENDING_NFC, indent);
return new NfcKeyToCardResult(log, RequiredInputParcel
.createNfcKeyToCardOperation(masterKeyId, subKeyId));
}
throw new AssertionError("Unhandled SecretKeyType! (should not happen)");
} catch (ProviderHelper.NotFoundException e) {
log.add(OperationResult.LogType.MSG_PSE_ERROR_UNLOCK, indent);
return new NfcKeyToCardResult(NfcKeyToCardResult.RESULT_ERROR, log);
}
}
}
|
