diff options
author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-10-07 18:57:43 +0200 |
---|---|---|
committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-10-07 18:57:43 +0200 |
commit | f6de2712d3edef9837a53da5d78a9daa28639af4 (patch) | |
tree | 91918cac48f0e476d1f13e666d99fc50a3aa18f3 /OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp | |
parent | bafc10896922a50fb32d3eb105c389d863b53d20 (diff) | |
download | open-keychain-f6de2712d3edef9837a53da5d78a9daa28639af4.tar.gz open-keychain-f6de2712d3edef9837a53da5d78a9daa28639af4.tar.bz2 open-keychain-f6de2712d3edef9837a53da5d78a9daa28639af4.zip |
pgpdecryptverify: fix one pass signature check, actually use bracketed structure
Diffstat (limited to 'OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp')
-rw-r--r-- | OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java | 33 |
1 files changed, 29 insertions, 4 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java index 3bb442143..4f3f323a5 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java @@ -264,8 +264,20 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp updateProgress(R.string.progress_verifying_signature, 95, 100); log.add(LogType.MSG_VL_CLEAR_SIGNATURE_CHECK, indent + 1); - PGPSignatureList signatureList = (PGPSignatureList) pgpF.nextObject(); - PGPSignature messageSignature = signatureList.get(signatureData.signatureIndex); + o = pgpF.nextObject(); + if ( ! (o instanceof PGPSignatureList) ) { + log.add(LogType.MSG_VL_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + PGPSignatureList signatureList = (PGPSignatureList) o; + if (signatureList.size() <= signatureData.signatureIndex) { + log.add(LogType.MSG_VL_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + + // PGPOnePassSignature and PGPSignature packets are "bracketed", + // so we need to take the last-minus-index'th element here + PGPSignature messageSignature = signatureList.get(signatureList.size() -1 -signatureData.signatureIndex); // Verify signature and check binding signatures boolean validSignature = signature.verify(messageSignature); @@ -274,6 +286,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp } else { log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1); } + signatureResultBuilder.setValidSignature(validSignature); OpenPgpSignatureResult signatureResult = signatureResultBuilder.build(); @@ -578,8 +591,20 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp updateProgress(R.string.progress_verifying_signature, 90, 100); log.add(LogType.MSG_DC_CLEAR_SIGNATURE_CHECK, indent); - PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject(); - PGPSignature messageSignature = signatureList.get(signatureData.signatureIndex); + Object o = plainFact.nextObject(); + if ( ! (o instanceof PGPSignatureList) ) { + log.add(LogType.MSG_DC_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + PGPSignatureList signatureList = (PGPSignatureList) o; + if (signatureList.size() <= signatureData.signatureIndex) { + log.add(LogType.MSG_DC_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + + // PGPOnePassSignature and PGPSignature packets are "bracketed", + // so we need to take the last-minus-index'th element here + PGPSignature messageSignature = signatureList.get(signatureList.size() -1 - signatureData.signatureIndex); // Verify signature boolean validSignature = signature.verify(messageSignature); |