diff options
Diffstat (limited to 'OpenKeychain/src')
3 files changed, 35 insertions, 6 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java index 00c88089a..3b65d9fb1 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java @@ -661,6 +661,7 @@ public abstract class OperationResult implements Parcelable { MSG_DC_ERROR_INPUT (LogLevel.ERROR, R.string.msg_dc_error_input), MSG_DC_ERROR_NO_DATA (LogLevel.ERROR, R.string.msg_dc_error_no_data), MSG_DC_ERROR_NO_KEY (LogLevel.ERROR, R.string.msg_dc_error_no_key), + MSG_DC_ERROR_NO_SIGNATURE (LogLevel.ERROR, R.string.msg_dc_error_no_signature), MSG_DC_ERROR_PGP_EXCEPTION (LogLevel.ERROR, R.string.msg_dc_error_pgp_exception), MSG_DC_INTEGRITY_CHECK_OK (LogLevel.INFO, R.string.msg_dc_integrity_check_ok), MSG_DC_OK_META_ONLY (LogLevel.OK, R.string.msg_dc_ok_meta_only), @@ -687,6 +688,7 @@ public abstract class OperationResult implements Parcelable { MSG_VL_ERROR_MISSING_SIGLIST (LogLevel.ERROR, R.string.msg_vl_error_no_siglist), MSG_VL_ERROR_MISSING_LITERAL (LogLevel.ERROR, R.string.msg_vl_error_missing_literal), MSG_VL_ERROR_MISSING_KEY (LogLevel.ERROR, R.string.msg_vl_error_wrong_key), + MSG_VL_ERROR_NO_SIGNATURE (LogLevel.ERROR, R.string.msg_vl_error_no_signature), MSG_VL_CLEAR_SIGNATURE_CHECK (LogLevel.DEBUG, R.string.msg_vl_clear_signature_check), MSG_VL_ERROR_INTEGRITY_CHECK (LogLevel.ERROR, R.string.msg_vl_error_integrity_check), MSG_VL_OK (LogLevel.OK, R.string.msg_vl_ok), diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java index 3bb442143..4f3f323a5 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java @@ -264,8 +264,20 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp updateProgress(R.string.progress_verifying_signature, 95, 100); log.add(LogType.MSG_VL_CLEAR_SIGNATURE_CHECK, indent + 1); - PGPSignatureList signatureList = (PGPSignatureList) pgpF.nextObject(); - PGPSignature messageSignature = signatureList.get(signatureData.signatureIndex); + o = pgpF.nextObject(); + if ( ! (o instanceof PGPSignatureList) ) { + log.add(LogType.MSG_VL_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + PGPSignatureList signatureList = (PGPSignatureList) o; + if (signatureList.size() <= signatureData.signatureIndex) { + log.add(LogType.MSG_VL_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + + // PGPOnePassSignature and PGPSignature packets are "bracketed", + // so we need to take the last-minus-index'th element here + PGPSignature messageSignature = signatureList.get(signatureList.size() -1 -signatureData.signatureIndex); // Verify signature and check binding signatures boolean validSignature = signature.verify(messageSignature); @@ -274,6 +286,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp } else { log.add(LogType.MSG_DC_CLEAR_SIGNATURE_BAD, indent + 1); } + signatureResultBuilder.setValidSignature(validSignature); OpenPgpSignatureResult signatureResult = signatureResultBuilder.build(); @@ -578,8 +591,20 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp updateProgress(R.string.progress_verifying_signature, 90, 100); log.add(LogType.MSG_DC_CLEAR_SIGNATURE_CHECK, indent); - PGPSignatureList signatureList = (PGPSignatureList) plainFact.nextObject(); - PGPSignature messageSignature = signatureList.get(signatureData.signatureIndex); + Object o = plainFact.nextObject(); + if ( ! (o instanceof PGPSignatureList) ) { + log.add(LogType.MSG_DC_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + PGPSignatureList signatureList = (PGPSignatureList) o; + if (signatureList.size() <= signatureData.signatureIndex) { + log.add(LogType.MSG_DC_ERROR_NO_SIGNATURE, indent); + return new DecryptVerifyResult(DecryptVerifyResult.RESULT_ERROR, log); + } + + // PGPOnePassSignature and PGPSignature packets are "bracketed", + // so we need to take the last-minus-index'th element here + PGPSignature messageSignature = signatureList.get(signatureList.size() -1 - signatureData.signatureIndex); // Verify signature boolean validSignature = signature.verify(messageSignature); diff --git a/OpenKeychain/src/main/res/values/strings.xml b/OpenKeychain/src/main/res/values/strings.xml index e39132f42..7ed79e7d7 100644 --- a/OpenKeychain/src/main/res/values/strings.xml +++ b/OpenKeychain/src/main/res/values/strings.xml @@ -1174,6 +1174,7 @@ <string name="msg_dc_error_input">"Error opening input data stream!"</string> <string name="msg_dc_error_no_data">"No encrypted data found in stream!"</string> <string name="msg_dc_error_no_key">"No encrypted data with known secret key found in stream!"</string> + <string name="msg_dc_error_no_signature">"Missing signature data!"</string> <string name="msg_dc_error_pgp_exception">"Encountered OpenPGP Exception during operation!"</string> <string name="msg_dc_integrity_check_ok">"Integrity check OK!"</string> <string name="msg_dc_ok_meta_only">"Only metadata was requested, skipping decryption"</string> @@ -1197,8 +1198,9 @@ <!-- Messages for VerifySignedLiteralData operation --> <string name="msg_vl">"Starting signature check"</string> - <string name="msg_vl_error_no_siglist">"No signature list in signed literal data"</string> - <string name="msg_vl_error_wrong_key">"Message not signed with right key"</string> + <string name="msg_vl_error_no_siglist">"No signature list in signed literal data!"</string> + <string name="msg_vl_error_wrong_key">"Message not signed with expected key!"</string> + <string name="msg_vl_error_no_signature">"Missing signature data!"</string> <string name="msg_vl_error_missing_literal">"No payload in signed literal data"</string> <string name="msg_vl_clear_meta_file">"Filename: %s"</string> <string name="msg_vl_clear_meta_mime">"MIME type: %s"</string> |