From 0bca0a4b08fc0be62c64d7f8b8185cf6db620ead Mon Sep 17 00:00:00 2001
From: Ashley Hughes <spirit.returned@gmail.com>
Date: Wed, 15 Jan 2014 00:41:18 +0000
Subject: always check binding when verifying

---
 .../keychain/pgp/PgpOperation.java                 | 30 +++++++++++++---------
 1 file changed, 18 insertions(+), 12 deletions(-)

diff --git a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
index 90934cbd9..de1973702 100644
--- a/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
+++ b/OpenPGP-Keychain/src/org/sufficientlysecure/keychain/pgp/PgpOperation.java
@@ -764,11 +764,11 @@ public class PgpOperation {
 
                 PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject();
                 PGPSignature messageSignature = signatureList.get(signatureIndex);
-                if (signature.verify(messageSignature)) {
-                    returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, true);
-                } else {
-                    returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, false);
-                }
+
+                //Now check binding signatures
+                boolean keyBinding_isok = verifyKeyBinding(mContext, messageSignature, signatureKey);
+                boolean sig_isok = signature.verify(messageSignature);
+                returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, keyBinding_isok & sig_isok);
             }
         }
 
@@ -897,9 +897,18 @@ public class PgpOperation {
         boolean sig_isok = signature.verify();
 
         //Now check binding signatures
-        boolean keyBinding_isok = false;
+        boolean keyBinding_isok = verifyKeyBinding(mContext, signature, signatureKey);
+
+        returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok);
+
+        updateProgress(R.string.progress_done, 100, 100);
+        return returnData;
+    }
 
-        signatureKeyId = signature.getKeyID();
+    public boolean verifyKeyBinding(Context mContext, PGPSignature signature, PGPPublicKey signatureKey)
+    {
+        long signatureKeyId = signature.getKeyID();
+        boolean keyBinding_isok = false;
         String userId = null;
         PGPPublicKeyRing signKeyRing = ProviderHelper.getPGPPublicKeyRingByKeyId(mContext,
                 signatureKeyId);
@@ -912,13 +921,10 @@ public class PgpOperation {
         } else { //if the key used to make the signature was the master key, no need to check binding sigs
             keyBinding_isok = true;
         }
-        returnData.putBoolean(KeychainIntentService.RESULT_SIGNATURE_SUCCESS, sig_isok & keyBinding_isok);
-
-        updateProgress(R.string.progress_done, 100, 100);
-        return returnData;
+        return keyBinding_isok;
     }
 
-    private boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey)
+    public boolean verifyKeyBinding(PGPPublicKey masterPublicKey, PGPPublicKey signingPublicKey)
     {
         boolean subkeyBinding_isok = false;
         boolean tmp_subkeyBinding_isok = false;
-- 
cgit v1.2.3