diff options
8 files changed, 38 insertions, 5 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index bf14a918b..606dd49d5 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -359,6 +359,7 @@ public abstract class OperationResult implements Parcelable { MSG_IS_SUBKEY_STRIPPED (LogLevel.DEBUG, R.string.msg_is_subkey_stripped), MSG_IS_SUBKEY_DIVERT (LogLevel.DEBUG, R.string.msg_is_subkey_divert), MSG_IS_SUBKEY_EMPTY (LogLevel.DEBUG, R.string.msg_is_subkey_empty), + MSG_IS_SUBKEY_PIN (LogLevel.DEBUG, R.string.msg_is_subkey_pin), MSG_IS_SUCCESS_IDENTICAL (LogLevel.OK, R.string.msg_is_success_identical), MSG_IS_SUCCESS (LogLevel.OK, R.string.msg_is_success), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java index f9fa41528..5c99a9854 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java @@ -49,6 +49,7 @@ import java.security.NoSuchAlgorithmException; import java.security.NoSuchProviderException; import java.security.SignatureException; import java.util.Date; +import java.util.HashMap; import java.util.LinkedList; import java.util.List; @@ -83,7 +84,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { } public enum SecretKeyType { - UNAVAILABLE(0), GNU_DUMMY(1), PASSPHRASE(2), PASSPHRASE_EMPTY(3), DIVERT_TO_CARD(4); + UNAVAILABLE(0), GNU_DUMMY(1), PASSPHRASE(2), PASSPHRASE_EMPTY(3), DIVERT_TO_CARD(4), PIN(5); final int mNum; @@ -101,6 +102,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { return PASSPHRASE_EMPTY; case 4: return DIVERT_TO_CARD; + case 5: + return PIN; // if this case happens, it's probably a check from a database value default: return UNAVAILABLE; @@ -135,6 +138,11 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { // It means the passphrase is empty return SecretKeyType.PASSPHRASE_EMPTY; } catch (PGPException e) { + HashMap<String,String> notation = getRing().getLocalNotationData(); + if (notation.containsKey("unlock.pin@sufficientlysecure.org") + && "1".equals(notation.get("unlock.pin@sufficientlysecure.org"))) { + return SecretKeyType.PIN; + } // Otherwise, it's just a regular ol' passphrase return SecretKeyType.PASSPHRASE; } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java index e20155cc6..eb589c3f9 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKeyRing.java @@ -26,6 +26,7 @@ import org.spongycastle.openpgp.PGPPrivateKey; import org.spongycastle.openpgp.PGPPublicKey; import org.spongycastle.openpgp.PGPSecretKey; import org.spongycastle.openpgp.PGPSecretKeyRing; +import org.spongycastle.openpgp.PGPSignature; import org.spongycastle.openpgp.operator.PBESecretKeyDecryptor; import org.spongycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder; import org.sufficientlysecure.keychain.Constants; @@ -36,6 +37,7 @@ import org.sufficientlysecure.keychain.util.IterableIterator; import org.sufficientlysecure.keychain.util.Log; import java.io.IOException; +import java.util.HashMap; import java.util.HashSet; import java.util.Iterator; @@ -130,4 +132,16 @@ public class CanonicalizedSecretKeyRing extends CanonicalizedKeyRing { }); } + public HashMap<String,String> getLocalNotationData() { + HashMap<String,String> result = new HashMap<String,String>(); + Iterator<PGPSignature> it = getRing().getPublicKey().getKeySignatures(); + while (it.hasNext()) { + WrappedSignature sig = new WrappedSignature(it.next()); + if (sig.isLocal()) { + result.putAll(sig.getNotation()); + } + } + return result; + } + } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 08d8164ca..6fedbc683 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -949,7 +949,7 @@ public class PgpKeyOperation { { // set subpackets PGPSignatureSubpacketGenerator hashedPacketsGen = new PGPSignatureSubpacketGenerator(); hashedPacketsGen.setExportable(false, false); - hashedPacketsGen.setNotationData(false, false, "pin@unlock.sufficientlysecure.org", "1"); + hashedPacketsGen.setNotationData(false, true, "unlock.pin@sufficientlysecure.org", "1"); sGen.setHashedSubpackets(hashedPacketsGen.generate()); } sGen.init(PGPSignature.DIRECT_KEY, masterPrivateKey); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java index 132a28604..c395ca52d 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedSignature.java @@ -242,15 +242,15 @@ public class WrappedSignature { return ! ((Exportable) p).isExportable(); } - public HashMap<String,byte[]> getNotation() { - HashMap<String,byte[]> result = new HashMap<String,byte[]>(); + public HashMap<String,String> getNotation() { + HashMap<String,String> result = new HashMap<String,String>(); // If there is any notation data if (mSig.getHashedSubPackets() != null && mSig.getHashedSubPackets().hasSubpacket(SignatureSubpacketTags.NOTATION_DATA)) { // Iterate over notation data for (NotationData data : mSig.getHashedSubPackets().getNotationDataOccurrences()) { - result.put(data.getNotationName(), data.getNotationValueBytes()); + result.put(data.getNotationName(), data.getNotationValue()); } } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java index 05dc99c5e..6daa26cd3 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/provider/ProviderHelper.java @@ -682,6 +682,11 @@ public class ProviderHelper { KeyFormattingUtils.convertKeyIdToHex(id) ); break; + case PIN: + log(LogType.MSG_IS_SUBKEY_PIN, + KeyFormattingUtils.convertKeyIdToHex(id) + ); + break; case GNU_DUMMY: log(LogType.MSG_IS_SUBKEY_STRIPPED, KeyFormattingUtils.convertKeyIdToHex(id) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java index deff648ba..4bd413778 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java @@ -170,6 +170,9 @@ public class PassphraseDialogActivity extends FragmentActivity { case PASSPHRASE: message = getString(R.string.passphrase_for, userId); break; + case PIN: + message = getString(R.string.pin_for, userId); + break; case DIVERT_TO_CARD: message = getString(R.string.yubikey_pin, userId); break; diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml index 52c75109a..f22e4f27a 100644 --- a/OpenKeychain/src/main/res/values/strings.xml +++ b/OpenKeychain/src/main/res/values/strings.xml @@ -205,6 +205,7 @@ <string name="passphrase_must_not_be_empty">"Please enter a passphrase."</string> <string name="passphrase_for_symmetric_encryption">"Symmetric encryption."</string> <string name="passphrase_for">"Enter passphrase for '%s'"</string> + <string name="pin_for">"Enter pin for '%s'"</string> <string name="yubikey_pin">"Enter PIN to access YubiKey for '%s'"</string> <string name="nfc_text">"Hold YubiKey against the back of your device."</string> <string name="file_delete_confirmation">"Are you sure you want to delete\n%s?"</string> @@ -696,6 +697,7 @@ <string name="msg_is_subkey_nonexistent">"Subkey %s unavailable in secret key"</string> <string name="msg_is_subkey_ok">"Marked secret subkey %s as available"</string> <string name="msg_is_subkey_empty">"Marked secret subkey %s as available, with empty passphrase"</string> + <string name="msg_is_subkey_pin">"Marked secret subkey %s as available, with pin passphrase"</string> <string name="msg_is_subkey_stripped">"Marked secret subkey %s as stripped"</string> <string name="msg_is_subkey_divert">"Marked secret subkey %s as 'divert to smartcard/NFC'"</string> <string name="msg_is_success_identical">"Keyring contains no new data, nothing to do"</string> |