diff options
| author | Joey Castillo <jose.castillo@gmail.com> | 2015-05-13 14:29:51 -0400 |
|---|---|---|
| committer | Joey Castillo <jose.castillo@gmail.com> | 2015-05-13 17:56:17 -0400 |
| commit | bc48ce4210a01fb37146d210c10fb98abc15aa17 (patch) | |
| tree | 0bde985192c86043dfc705878050935c3c393ced | |
| parent | de2006a61f71ada64763112706b61bf51ae5f6e4 (diff) | |
| download | open-keychain-bc48ce4210a01fb37146d210c10fb98abc15aa17.tar.gz open-keychain-bc48ce4210a01fb37146d210c10fb98abc15aa17.tar.bz2 open-keychain-bc48ce4210a01fb37146d210c10fb98abc15aa17.zip | |
Add check for exporting two keys to same smart card slot.
3 files changed, 40 insertions, 0 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index f14589774..7f36aeb08 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -495,6 +495,8 @@ public abstract class OperationResult implements Parcelable { MSG_MF_ERROR_SIG (LogLevel.ERROR, R.string.msg_mf_error_sig), MSG_MF_ERROR_SUBKEY_MISSING(LogLevel.ERROR, R.string.msg_mf_error_subkey_missing), MSG_MF_ERROR_CONFLICTING_NFC_COMMANDS(LogLevel.ERROR, R.string.msg_mf_error_conflicting_nfc_commands), + MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT(LogLevel.ERROR, R.string.msg_mf_error_duplicate_keytocard_for_slot), + MSG_MF_ERROR_INVALID_FLAGS_FOR_KEYTOCARD(LogLevel.ERROR, R.string.msg_mf_error_invalid_flags_for_keytocard), MSG_MF_ERROR_BAD_NFC_ALGO(LogLevel.ERROR, R.string.edit_key_error_bad_nfc_algo), MSG_MF_ERROR_BAD_NFC_SIZE(LogLevel.ERROR, R.string.edit_key_error_bad_nfc_size), MSG_MF_ERROR_BAD_NFC_STRIPPED(LogLevel.ERROR, R.string.edit_key_error_bad_nfc_stripped), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index 566ffd44b..62809ca6b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -410,6 +410,10 @@ public class PgpKeyOperation { return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); } + // Ensure we don't have multiple keys for the same slot. + boolean hasSign = false; + boolean hasEncrypt = false; + boolean hasAuth = false; for(SaveKeyringParcel.SubkeyChange change : saveParcel.mChangeSubKeys) { if (change.mMoveKeyToCard) { // If this is a keytocard operation, see if it was completed: look for a hash @@ -424,6 +428,38 @@ public class PgpKeyOperation { change.mDummyDivert = serialNumber; } } + + if (change.mMoveKeyToCard) { + // Pending keytocard operation. Need to make sure that we don't have multiple + // subkeys pending for the same slot. + CanonicalizedSecretKey wsK = wsKR.getSecretKey(change.mKeyId); + + if ((wsK.canSign() || wsK.canCertify())) { + if (hasSign) { + log.add(LogType.MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } else { + hasSign = true; + } + } else if ((wsK.canEncrypt())) { + if (hasEncrypt) { + log.add(LogType.MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } else { + hasEncrypt = true; + } + } else if ((wsK.canAuthenticate())) { + if (hasAuth) { + log.add(LogType.MSG_MF_ERROR_DUPLICATE_KEYTOCARD_FOR_SLOT, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } else { + hasAuth = true; + } + } else { + log.add(LogType.MSG_MF_ERROR_INVALID_FLAGS_FOR_KEYTOCARD, indent + 1); + return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null); + } + } } if (isDummy(masterSecretKey) || saveParcel.isRestrictedOnly()) { diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml index 320f72b3e..d8cc845aa 100644 --- a/OpenKeychain/src/main/res/values/strings.xml +++ b/OpenKeychain/src/main/res/values/strings.xml @@ -929,6 +929,8 @@ <string name="msg_mf_error_sig">"Signature exception!"</string> <string name="msg_mf_error_subkey_missing">"Tried to operate on missing subkey %s!"</string> <string name="msg_mf_error_conflicting_nfc_commands">"Cannot move key to card in same operation that creates an on-card signature."</string> + <string name="msg_mf_error_duplicate_keytocard_for_slot">"Smart card supports only one slot per key type."</string> + <string name="msg_mf_error_invalid_flags_for_keytocard">"Inappropriate key flags for smart card key."</string> <string name="msg_mf_master">"Modifying master certifications"</string> <string name="msg_mf_notation_empty">"Adding empty notation packet"</string> <string name="msg_mf_notation_pin">"Adding PIN notation packet"</string> |