aboutsummaryrefslogtreecommitdiffstats
path: root/OpenKeychain/src/main
diff options
context:
space:
mode:
authorVincent Breitmoser <valodim@mugenguild.com>2014-06-18 22:07:14 +0200
committerVincent Breitmoser <valodim@mugenguild.com>2014-06-19 00:14:28 +0200
commitb40b429bc0db920e36351a8fd4189e473dc554c5 (patch)
tree91a6718bfc416cd3948a71d987813504e616bdc6 /OpenKeychain/src/main
parent0db425b28981209136f738c3ddaac3e549779a88 (diff)
downloadopen-keychain-b40b429bc0db920e36351a8fd4189e473dc554c5.tar.gz
open-keychain-b40b429bc0db920e36351a8fd4189e473dc554c5.tar.bz2
open-keychain-b40b429bc0db920e36351a8fd4189e473dc554c5.zip
remove obsolete subkey binding check from signature verification
Diffstat (limited to 'OpenKeychain/src/main')
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java10
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java12
-rw-r--r--OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java105
3 files changed, 3 insertions, 124 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
index 5e49497c0..75f8bdb66 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/OpenPgpSignatureResultBuilder.java
@@ -35,7 +35,6 @@ public class OpenPgpSignatureResultBuilder {
private boolean mSignatureAvailable = false;
private boolean mKnownKey = false;
private boolean mValidSignature = false;
- private boolean mValidKeyBinding = false;
private boolean mIsSignatureKeyCertified = false;
public void signatureOnly(boolean signatureOnly) {
@@ -58,10 +57,6 @@ public class OpenPgpSignatureResultBuilder {
this.mValidSignature = validSignature;
}
- public void validKeyBinding(boolean validKeyBinding) {
- this.mValidKeyBinding = validKeyBinding;
- }
-
public void signatureKeyCertified(boolean isSignatureKeyCertified) {
this.mIsSignatureKeyCertified = isSignatureKeyCertified;
}
@@ -77,7 +72,7 @@ public class OpenPgpSignatureResultBuilder {
// valid sig!
if (mKnownKey) {
- if (mValidKeyBinding && mValidSignature) {
+ if (mValidSignature) {
result.setKeyId(mKeyId);
result.setUserId(mUserId);
@@ -89,8 +84,7 @@ public class OpenPgpSignatureResultBuilder {
result.setStatus(OpenPgpSignatureResult.SIGNATURE_SUCCESS_UNCERTIFIED);
}
} else {
- Log.d(Constants.TAG, "Error!\nvalidKeyBinding: " + mValidKeyBinding
- + "\nvalidSignature: " + mValidSignature);
+ Log.d(Constants.TAG, "Error! Invalid signature.");
result.setStatus(OpenPgpSignatureResult.SIGNATURE_ERROR);
}
} else {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
index c009d1b5c..a5ccfbd3b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerify.java
@@ -122,9 +122,6 @@ public class PgpDecryptVerify {
/**
* Allow these key ids alone for decryption.
* This means only ciphertexts encrypted for one of these private key can be decrypted.
- *
- * @param allowedKeyIds
- * @return
*/
public Builder setAllowedKeyIds(Set<Long> allowedKeyIds) {
this.mAllowedKeyIds = allowedKeyIds;
@@ -496,10 +493,7 @@ public class PgpDecryptVerify {
// Verify signature and check binding signatures
boolean validSignature = signature.verify(messageSignature);
- boolean validKeyBinding = signingRing.verifySubkeyBinding(signingKey);
-
signatureResultBuilder.validSignature(validSignature);
- signatureResultBuilder.validKeyBinding(validKeyBinding);
}
}
@@ -643,10 +637,8 @@ public class PgpDecryptVerify {
// Verify signature and check binding signatures
boolean validSignature = signature.verify();
- boolean validKeyBinding = signingRing.verifySubkeyBinding(signingKey);
signatureResultBuilder.validSignature(validSignature);
- signatureResultBuilder.validKeyBinding(validKeyBinding);
}
result.setSignatureResult(signatureResultBuilder.build());
@@ -657,10 +649,6 @@ public class PgpDecryptVerify {
/**
* Mostly taken from ClearSignedFileProcessor in Bouncy Castle
- *
- * @param sig
- * @param line
- * @throws SignatureException
*/
private static void processLine(PGPSignature sig, byte[] line)
throws SignatureException {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java
index 0bb84aee7..b2abf15a4 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedPublicKeyRing.java
@@ -1,24 +1,16 @@
package org.sufficientlysecure.keychain.pgp;
import org.spongycastle.bcpg.ArmoredOutputStream;
-import org.spongycastle.bcpg.SignatureSubpacketTags;
-import org.spongycastle.openpgp.PGPException;
import org.spongycastle.openpgp.PGPKeyRing;
import org.spongycastle.openpgp.PGPObjectFactory;
import org.spongycastle.openpgp.PGPPublicKey;
import org.spongycastle.openpgp.PGPPublicKeyRing;
-import org.spongycastle.openpgp.PGPSignature;
-import org.spongycastle.openpgp.PGPSignatureList;
-import org.spongycastle.openpgp.PGPSignatureSubpacketVector;
-import org.spongycastle.openpgp.operator.jcajce.JcaPGPContentVerifierBuilderProvider;
import org.sufficientlysecure.keychain.Constants;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import java.io.IOException;
-import java.security.SignatureException;
-import java.util.Arrays;
import java.util.Iterator;
public class WrappedPublicKeyRing extends WrappedKeyRing {
@@ -70,106 +62,11 @@ public class WrappedPublicKeyRing extends WrappedKeyRing {
}
return cKey;
}
- // TODO handle with proper exception
throw new PgpGeneralException("no encryption key available");
}
- public boolean verifySubkeyBinding(WrappedPublicKey cachedSubkey) {
- boolean validSubkeyBinding = false;
- boolean validTempSubkeyBinding = false;
- boolean validPrimaryKeyBinding = false;
-
- PGPPublicKey masterKey = getRing().getPublicKey();
- PGPPublicKey subKey = cachedSubkey.getPublicKey();
-
- // Is this the master key? Match automatically, then.
- if(Arrays.equals(masterKey.getFingerprint(), subKey.getFingerprint())) {
- return true;
- }
-
- JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
- new JcaPGPContentVerifierBuilderProvider()
- .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
-
- Iterator<PGPSignature> itr = subKey.getSignatures();
-
- while (itr.hasNext()) { //what does gpg do if the subkey binding is wrong?
- //gpg has an invalid subkey binding error on key import I think, but doesn't shout
- //about keys without subkey signing. Can't get it to import a slightly broken one
- //either, so we will err on bad subkey binding here.
- PGPSignature sig = itr.next();
- if (sig.getKeyID() == masterKey.getKeyID() &&
- sig.getSignatureType() == PGPSignature.SUBKEY_BINDING) {
- //check and if ok, check primary key binding.
- try {
- sig.init(contentVerifierBuilderProvider, masterKey);
- validTempSubkeyBinding = sig.verifyCertification(masterKey, subKey);
- } catch (PGPException e) {
- continue;
- } catch (SignatureException e) {
- continue;
- }
-
- if (validTempSubkeyBinding) {
- validSubkeyBinding = true;
- }
- if (validTempSubkeyBinding) {
- validPrimaryKeyBinding = verifyPrimaryKeyBinding(sig.getUnhashedSubPackets(),
- masterKey, subKey);
- if (validPrimaryKeyBinding) {
- break;
- }
- validPrimaryKeyBinding = verifyPrimaryKeyBinding(sig.getHashedSubPackets(),
- masterKey, subKey);
- if (validPrimaryKeyBinding) {
- break;
- }
- }
- }
- }
- return validSubkeyBinding && validPrimaryKeyBinding;
-
- }
-
- static boolean verifyPrimaryKeyBinding(PGPSignatureSubpacketVector pkts,
- PGPPublicKey masterPublicKey,
- PGPPublicKey signingPublicKey) {
- boolean validPrimaryKeyBinding = false;
- JcaPGPContentVerifierBuilderProvider contentVerifierBuilderProvider =
- new JcaPGPContentVerifierBuilderProvider()
- .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
- PGPSignatureList eSigList;
-
- if (pkts.hasSubpacket(SignatureSubpacketTags.EMBEDDED_SIGNATURE)) {
- try {
- eSigList = pkts.getEmbeddedSignatures();
- } catch (IOException e) {
- return false;
- } catch (PGPException e) {
- return false;
- }
- for (int j = 0; j < eSigList.size(); ++j) {
- PGPSignature emSig = eSigList.get(j);
- if (emSig.getSignatureType() == PGPSignature.PRIMARYKEY_BINDING) {
- try {
- emSig.init(contentVerifierBuilderProvider, signingPublicKey);
- validPrimaryKeyBinding = emSig.verifyCertification(masterPublicKey, signingPublicKey);
- if (validPrimaryKeyBinding) {
- break;
- }
- } catch (PGPException e) {
- continue;
- } catch (SignatureException e) {
- continue;
- }
- }
- }
- }
-
- return validPrimaryKeyBinding;
- }
-
public IterableIterator<WrappedPublicKey> publicKeyIterator() {
+ @SuppressWarnings("unchecked")
final Iterator<PGPPublicKey> it = getRing().getPublicKeys();
return new IterableIterator<WrappedPublicKey>(new Iterator<WrappedPublicKey>() {
@Override