PeterCxy/open-keychain
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 1 Wiki Activity

Merge pull request #2226 from open-keychain/multi-passphrase

Browse source 
Handle decryption with multiple candidate keys
This commit is contained in:
Vincent Breitmoser 2018-01-12 15:10:25 +01:00 committed by GitHub
parent 4baa08b341 3bfb04f990
commit 510d7aa796
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
10 changed files with 262 additions and 172 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpDecryptVerifyOperation.java
View file

@ -78,6 +78,7 @@ import org.sufficientlysecure.keychain.provider.KeyWritableRepository;
import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRings;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequireAnyDecryptPassphraseBuilder;
import org.sufficientlysecure.keychain.ui.util.KeyFormattingUtils;
import org.sufficientlysecure.keychain.util.CharsetVerifier;
import org.sufficientlysecure.keychain.util.FileHelper;
@ -581,6 +582,8 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
Iterator<?> it = enc.getEncryptedDataObjects();
RequireAnyDecryptPassphraseBuilder requirePassphraseBuilder = new RequireAnyDecryptPassphraseBuilder();
// go through all objects and find one we can decrypt
while (it.hasNext()) {
Object obj = it.next();
@ -644,7 +647,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
passphrase = null;
} else if (secretKeyType == SecretKeyType.PASSPHRASE_EMPTY) {
passphrase = new Passphrase("");
} else if (cryptoInput.hasPassphrase()) {
} else if (cryptoInput.hasPassphraseForSubkey(subKeyId)) {
passphrase = cryptoInput.getPassphrase();
} else {
// if no passphrase was explicitly set try to get it from the cache service
@ -660,9 +663,8 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
// if passphrase was not cached, return here indicating that a passphrase is missing!
if (passphrase == null) {
log.add(LogType.MSG_DC_PENDING_PASSPHRASE, indent + 1);
return result.with(new DecryptVerifyResult(log,
RequiredInputParcel.createRequiredDecryptPassphrase(masterKeyId, subKeyId),
cryptoInput));
requirePassphraseBuilder.add(masterKeyId, subKeyId);
continue;
}
}
@ -708,7 +710,7 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
// if no passphrase is given, return here
// indicating that a passphrase is missing!
if (!cryptoInput.hasPassphrase()) {
if (!cryptoInput.hasPassphraseForSymmetric()) {
try {
passphrase = getCachedPassphrase(key.symmetric);
@ -736,6 +738,10 @@ public class PgpDecryptVerifyOperation extends BaseOperation<PgpDecryptVerifyInp
}
}
if (!asymmetricPacketFound && !requirePassphraseBuilder.isEmpty()) {
return result.with(new DecryptVerifyResult(log, requirePassphraseBuilder.build(), cryptoInput));
}
// More data, just acknowledge and ignore.
while (it.hasNext()) {
Object obj = it.next();

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
View file

@ -453,7 +453,7 @@ public class PgpKeyOperation {
}
// Do we require a passphrase? If so, pass it along
if (!isDivertToCard(masterSecretKey) && !cryptoInput.hasPassphrase()) {
if (!isDivertToCard(masterSecretKey) && !cryptoInput.hasPassphraseForSubkey(masterSecretKey.getKeyID())) {
log.add(LogType.MSG_MF_REQUIRE_PASSPHRASE, indent);
return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredSignPassphrase(
masterSecretKey.getKeyID(), masterSecretKey.getKeyID(),
@ -1276,7 +1276,7 @@ public class PgpKeyOperation {
return new PgpEditKeyResult(PgpEditKeyResult.RESULT_ERROR, log, null);
}
if (!cryptoInput.hasPassphrase()) {
if (!cryptoInput.hasPassphraseForSubkey(nonDummy.getKeyID())) {
log.add(LogType.MSG_MF_REQUIRE_PASSPHRASE, indent);
return new PgpEditKeyResult(log, RequiredInputParcel.createRequiredSignPassphrase(

6
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/OpenPgpService.java
View file

@ -162,7 +162,7 @@ public class OpenPgpService extends Service {
// override passphrase in input parcel if given by API call
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
inputParcel = inputParcel.withPassphrase(
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)), null);
}
// execute PGP operation!
@ -266,7 +266,7 @@ public class OpenPgpService extends Service {
// override passphrase in input parcel if given by API call
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
inputParcel = inputParcel.withPassphrase(
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)), null);
}
// TODO this is not correct!
@ -372,7 +372,7 @@ public class OpenPgpService extends Service {
// override passphrase in input parcel if given by API call
if (data.hasExtra(OpenPgpApi.EXTRA_PASSPHRASE)) {
cryptoInput = cryptoInput.withPassphrase(
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)));
new Passphrase(data.getCharArrayExtra(OpenPgpApi.EXTRA_PASSPHRASE)), null);
}
if (data.hasExtra(OpenPgpApi.EXTRA_DECRYPTION_RESULT)) {
OpenPgpDecryptionResult decryptionResult = data.getParcelableExtra(OpenPgpApi.EXTRA_DECRYPTION_RESULT);

48
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/CryptoInputParcel.java
View file

@ -40,10 +40,16 @@ public abstract class CryptoInputParcel implements Parcelable {
public abstract Date getSignatureTime();
@Nullable
public abstract Passphrase getPassphrase();
@Nullable
public abstract Long getPassphraseSubkey();
public abstract boolean isCachePassphrase();
public boolean hasPassphrase() {
return getPassphrase() != null;
public boolean hasPassphraseForSubkey(long subKeyId) {
return getPassphrase() != null && (getPassphraseSubkey() == null || getPassphraseSubkey() == subKeyId);
}
public boolean hasPassphraseForSymmetric() {
return getPassphrase() != null && getPassphraseSubkey() == null;
}
// used to supply an explicit proxy to operations that require it
@ -59,43 +65,43 @@ public abstract class CryptoInputParcel implements Parcelable {
public static CryptoInputParcel createCryptoInputParcel() {
return new AutoValue_CryptoInputParcel(null, null, true, null, Collections.<ByteBuffer,byte[]>emptyMap());
return new AutoValue_CryptoInputParcel(null, null, null, true, null, Collections.<ByteBuffer,byte[]>emptyMap());
}
public static CryptoInputParcel createCryptoInputParcel(Date signatureTime, Passphrase passphrase) {
if (signatureTime == null) {
signatureTime = new Date();
}
return new AutoValue_CryptoInputParcel(signatureTime, passphrase, true, null,
return new AutoValue_CryptoInputParcel(signatureTime, passphrase, null, true, null,
Collections.<ByteBuffer,byte[]>emptyMap());
}
public static CryptoInputParcel createCryptoInputParcel(Passphrase passphrase) {
return new AutoValue_CryptoInputParcel(null, passphrase, true, null, Collections.<ByteBuffer,byte[]>emptyMap());
return new AutoValue_CryptoInputParcel(null, passphrase, null, true, null, Collections.<ByteBuffer,byte[]>emptyMap());
}
public static CryptoInputParcel createCryptoInputParcel(Date signatureTime) {
if (signatureTime == null) {
signatureTime = new Date();
}
return new AutoValue_CryptoInputParcel(signatureTime, null, true, null,
return new AutoValue_CryptoInputParcel(signatureTime, null, null, true, null,
Collections.<ByteBuffer,byte[]>emptyMap());
}
public static CryptoInputParcel createCryptoInputParcel(ParcelableProxy parcelableProxy) {
return new AutoValue_CryptoInputParcel(null, null, true, parcelableProxy, new HashMap<ByteBuffer,byte[]>());
return new AutoValue_CryptoInputParcel(null, null, null, true, parcelableProxy, new HashMap<ByteBuffer,byte[]>());
}
public static CryptoInputParcel createCryptoInputParcel(Date signatureTime, boolean cachePassphrase) {
if (signatureTime == null) {
signatureTime = new Date();
}
return new AutoValue_CryptoInputParcel(signatureTime, null, cachePassphrase, null,
return new AutoValue_CryptoInputParcel(signatureTime, null, null, cachePassphrase, null,
new HashMap<ByteBuffer,byte[]>());
}
public static CryptoInputParcel createCryptoInputParcel(boolean cachePassphrase) {
return new AutoValue_CryptoInputParcel(null, null, cachePassphrase, null, new HashMap<ByteBuffer,byte[]>());
return new AutoValue_CryptoInputParcel(null, null, null, cachePassphrase, null, new HashMap<ByteBuffer,byte[]>());
}
// TODO get rid of this!
@ -105,8 +111,8 @@ public abstract class CryptoInputParcel implements Parcelable {
newCryptoData.put(ByteBuffer.wrap(hash), signedHash);
newCryptoData = Collections.unmodifiableMap(newCryptoData);
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), isCachePassphrase(),
getParcelableProxy(), newCryptoData);
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), getPassphraseSubkey(),
isCachePassphrase(), getParcelableProxy(), newCryptoData);
}
@CheckResult
@ -115,32 +121,32 @@ public abstract class CryptoInputParcel implements Parcelable {
newCryptoData.putAll(cachedSessionKeys);
newCryptoData = Collections.unmodifiableMap(newCryptoData);
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), isCachePassphrase(),
getParcelableProxy(), newCryptoData);
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), getPassphraseSubkey(),
isCachePassphrase(), getParcelableProxy(), newCryptoData);
}
@CheckResult
public CryptoInputParcel withPassphrase(Passphrase passphrase) {
return new AutoValue_CryptoInputParcel(getSignatureTime(), passphrase, isCachePassphrase(),
public CryptoInputParcel withPassphrase(Passphrase passphrase, Long subKeyId) {
return new AutoValue_CryptoInputParcel(getSignatureTime(), passphrase, subKeyId, isCachePassphrase(),
getParcelableProxy(), getCryptoData());
}
@CheckResult
public CryptoInputParcel withNoCachePassphrase() {
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), false, getParcelableProxy(),
getCryptoData());
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), getPassphraseSubkey(),
false, getParcelableProxy(), getCryptoData());
}
@CheckResult
public CryptoInputParcel withSignatureTime(Date signatureTime) {
return new AutoValue_CryptoInputParcel(signatureTime, getPassphrase(), isCachePassphrase(),
getParcelableProxy(), getCryptoData());
return new AutoValue_CryptoInputParcel(signatureTime, getPassphrase(), getPassphraseSubkey(),
isCachePassphrase(), getParcelableProxy(), getCryptoData());
}
@CheckResult
public CryptoInputParcel withParcelableProxy(ParcelableProxy parcelableProxy) {
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), isCachePassphrase(),
parcelableProxy, getCryptoData());
return new AutoValue_CryptoInputParcel(getSignatureTime(), getPassphrase(), getPassphraseSubkey(),
isCachePassphrase(), parcelableProxy, getCryptoData());
}
}

76
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/input/RequiredInputParcel.java
View file

@ -46,19 +46,25 @@ public class RequiredInputParcel implements Parcelable {
public final byte[][] mInputData;
public final int[] mSignAlgos;
private Long mMasterKeyId;
private Long mSubKeyId;
private long[] mMasterKeyIds;
private long[] mSubKeyIds;
public boolean mSkipCaching = false;
private RequiredInputParcel(RequiredInputType type, byte[][] inputData,
int[] signAlgos, Date signatureTime, Long masterKeyId, Long subKeyId) {
int[] signAlgos, Date signatureTime, long[] masterKeyIds, long[] subKeyIds) {
mType = type;
mInputData = inputData;
mSignAlgos = signAlgos;
mSignatureTime = signatureTime;
mMasterKeyId = masterKeyId;
mSubKeyId = subKeyId;
mMasterKeyIds = masterKeyIds;
mSubKeyIds = subKeyIds;
}
private RequiredInputParcel(RequiredInputType type, byte[][] inputData,
int[] signAlgos, Date signatureTime, Long masterKeyId, Long subKeyId) {
this(type, inputData, signAlgos, signatureTime, masterKeyId != null ? new long[] { masterKeyId } : null,
subKeyId != null ? new long[] { subKeyId } : null);
}
public RequiredInputParcel(Parcel source) {
@ -87,18 +93,26 @@ public class RequiredInputParcel implements Parcelable {
}
mSignatureTime = source.readInt() != 0 ? new Date(source.readLong()) : null;
mMasterKeyId = source.readInt() != 0 ? source.readLong() : null;
mSubKeyId = source.readInt() != 0 ? source.readLong() : null;
mMasterKeyIds = source.readInt() != 0 ? source.createLongArray() : null;
mSubKeyIds = source.readInt() != 0 ? source.createLongArray() : null;
mSkipCaching = source.readInt() != 0;
}
public Long getMasterKeyId() {
return mMasterKeyId;
return mMasterKeyIds == null ? null : mMasterKeyIds[0];
}
public Long getSubKeyId() {
return mSubKeyId;
return mSubKeyIds == null ? null : mSubKeyIds[0];
}
public long[] getMasterKeyIds() {
return mMasterKeyIds;
}
public long[] getSubKeyIds() {
return mSubKeyIds;
}
public static RequiredInputParcel createRetryUploadOperation() {
@ -134,7 +148,7 @@ public class RequiredInputParcel implements Parcelable {
public static RequiredInputParcel createSecurityTokenReset() {
return new RequiredInputParcel(RequiredInputType.SECURITY_TOKEN_RESET_CARD,
null, null, null, null, null);
null, null, null, (long[]) null, null);
}
public static RequiredInputParcel createRequiredAuthenticationPassphrase(
@ -157,18 +171,18 @@ public class RequiredInputParcel implements Parcelable {
public static RequiredInputParcel createRequiredSymmetricPassphrase() {
return new RequiredInputParcel(RequiredInputType.PASSPHRASE_SYMMETRIC,
null, null, null, null, null);
null, null, null, (long[]) null, null);
}
public static RequiredInputParcel createRequiredBackupCode() {
return new RequiredInputParcel(RequiredInputType.BACKUP_CODE,
null, null, null, null, null);
null, null, null, (long[]) null, null);
}
public static RequiredInputParcel createRequiredPassphrase(
RequiredInputParcel req) {
return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
null, null, req.mSignatureTime, req.mMasterKeyId, req.mSubKeyId);
null, null, req.mSignatureTime, req.mMasterKeyIds, req.mSubKeyIds);
}
@Override
@ -197,15 +211,15 @@ public class RequiredInputParcel implements Parcelable {
} else {
dest.writeInt(0);
}
if (mMasterKeyId != null) {
if (mMasterKeyIds != null) {
dest.writeInt(1);
dest.writeLong(mMasterKeyId);
dest.writeLongArray(mMasterKeyIds);
} else {
dest.writeInt(0);
}
if (mSubKeyId != null) {
if (mSubKeyIds != null) {
dest.writeInt(1);
dest.writeLong(mSubKeyId);
dest.writeLongArray(mSubKeyIds);
} else {
dest.writeInt(0);
}
@ -319,7 +333,7 @@ public class RequiredInputParcel implements Parcelable {
}
public void addAll(RequiredInputParcel input) {
if (!mMasterKeyId.equals(input.mMasterKeyId)) {
if (!mMasterKeyId.equals(input.mMasterKeyIds)) {
throw new AssertionError("Master keys must match, this is a programming error!");
}
if (input.mType != RequiredInputType.SECURITY_TOKEN_MOVE_KEY_TO_CARD) {
@ -335,4 +349,30 @@ public class RequiredInputParcel implements Parcelable {
}
public static class RequireAnyDecryptPassphraseBuilder {
private final ArrayList<Long> masterKeyIds = new ArrayList<>();
private final ArrayList<Long> subKeyIds = new ArrayList<>();
public RequiredInputParcel build() {
int numIds = masterKeyIds.size();
long[] masterKeyIdsArr = new long[numIds];
long[] subKeyIdsArr = new long[numIds];
for (int i = 0; i < numIds; i++) {
masterKeyIdsArr[i] = masterKeyIds.get(i);
subKeyIdsArr[i] = subKeyIds.get(i);
}
return new RequiredInputParcel(RequiredInputType.PASSPHRASE,
null, null, null, masterKeyIdsArr, subKeyIdsArr);
}
public void add(long masterKeyId, long subKeyId) {
masterKeyIds.add(masterKeyId);
subKeyIds.add(subKeyId);
}
public boolean isEmpty() {
return masterKeyIds.isEmpty();
}
}
}

251
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/PassphraseDialogActivity.java
View file

@ -25,6 +25,7 @@ import android.content.DialogInterface;
import android.content.Intent;
import android.os.AsyncTask;
import android.os.Bundle;
import android.os.SystemClock;
import android.support.annotation.NonNull;
import android.support.v4.app.DialogFragment;
import android.support.v4.app.FragmentActivity;
@ -117,7 +118,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
if (pubRing.getSecretKeyType(requiredInput.getSubKeyId()) == SecretKeyType.PASSPHRASE_EMPTY) {
// also return passphrase back to activity
Intent returnIntent = new Intent();
cryptoInputParcel = cryptoInputParcel.withPassphrase(new Passphrase(""));
cryptoInputParcel = cryptoInputParcel.withPassphrase(new Passphrase(""), requiredInput.getSubKeyId());
returnIntent.putExtra(RESULT_CRYPTO_INPUT, cryptoInputParcel);
setResult(RESULT_OK, returnIntent);
finish();
@ -231,40 +232,45 @@ public class PassphraseDialogActivity extends FragmentActivity {
hint = getString(R.string.label_passphrase);
} else {
try {
long subKeyId = mRequiredInput.getSubKeyId();
KeyRepository helper =
KeyRepository.create(getContext());
CachedPublicKeyRing cachedPublicKeyRing = helper.getCachedPublicKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(subKeyId));
// yes the inner try/catch block is necessary, otherwise the final variable
// above can't be statically verified to have been set in all cases because
// the catch clause doesn't return.
String mainUserId = cachedPublicKeyRing.getPrimaryUserIdWithFallback();
OpenPgpUtils.UserId mainUserIdSplit = KeyRing.splitUserId(mainUserId);
if (mainUserIdSplit.name != null) {
userId = mainUserIdSplit.name;
long[] subKeyIds = mRequiredInput.getSubKeyIds();
if (subKeyIds.length > 1) {
message = getString(R.string.passphrase_for_any);
hint = getString(R.string.label_passphrase);
} else {
userId = getString(R.string.user_id_no_name);
}
long subKeyId = subKeyIds[0];
keyType = cachedPublicKeyRing.getSecretKeyType(subKeyId);
switch (keyType) {
case PASSPHRASE:
message = getString(R.string.passphrase_for, userId);
hint = getString(R.string.label_passphrase);
break;
case DIVERT_TO_CARD:
message = getString(R.string.security_token_pin_for, userId);
hint = getString(R.string.label_pin);
break;
// special case: empty passphrase just returns the empty passphrase
case PASSPHRASE_EMPTY:
finishCaching(new Passphrase(""));
default:
throw new AssertionError("Unhandled SecretKeyType (should not happen)");
}
KeyRepository helper =
KeyRepository.create(getContext());
CachedPublicKeyRing cachedPublicKeyRing = helper.getCachedPublicKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(subKeyId));
// yes the inner try/catch block is necessary, otherwise the final variable
// above can't be statically verified to have been set in all cases because
// the catch clause doesn't return.
String mainUserId = cachedPublicKeyRing.getPrimaryUserIdWithFallback();
OpenPgpUtils.UserId mainUserIdSplit = KeyRing.splitUserId(mainUserId);
if (mainUserIdSplit.name != null) {
userId = mainUserIdSplit.name;
} else {
userId = getString(R.string.user_id_no_name);
}
keyType = cachedPublicKeyRing.getSecretKeyType(subKeyId);
switch (keyType) {
case PASSPHRASE:
message = getString(R.string.passphrase_for, userId);
hint = getString(R.string.label_passphrase);
break;
case DIVERT_TO_CARD:
message = getString(R.string.security_token_pin_for, userId);
hint = getString(R.string.label_pin);
break;
// special case: empty passphrase just returns the empty passphrase
case PASSPHRASE_EMPTY:
finishCaching(new Passphrase(""), subKeyId);
default:
throw new AssertionError("Unhandled SecretKeyType (should not happen)");
}
}
} catch (PgpKeyNotFoundException | KeyRepository.NotFoundException e) {
alert.setTitle(R.string.title_key_not_found);
alert.setMessage(getString(R.string.key_not_found, mRequiredInput.getSubKeyId()));
@ -420,7 +426,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
backupCodeInput.deleteCharAt(backupCodeInput.length() - 1);
Passphrase passphrase = new Passphrase(backupCodeInput.toString());
finishCaching(passphrase);
finishCaching(passphrase, null);
return;
}
@ -438,96 +444,107 @@ public class PassphraseDialogActivity extends FragmentActivity {
getString(R.string.passp_cache_notif_pwd), timeToLiveSeconds);
}
finishCaching(passphrase);
finishCaching(passphrase, null);
return;
}
mLayout.setDisplayedChild(1);
positive.setEnabled(false);
new AsyncTask<Void, Void, CanonicalizedSecretKey>() {
@Override
protected CanonicalizedSecretKey doInBackground(Void... params) {
try {
long timeBeforeOperation = System.currentTimeMillis();
Long subKeyId = mRequiredInput.getSubKeyId();
CanonicalizedSecretKeyRing secretKeyRing =
KeyRepository.create(getContext()).getCanonicalizedSecretKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(subKeyId));
CanonicalizedSecretKey secretKeyToUnlock =
secretKeyRing.getSecretKey(subKeyId);
// this is the operation may take a very long time (100ms to several seconds!)
boolean unlockSucceeded = secretKeyToUnlock.unlock(passphrase);
// if it didn't take that long, give the user time to appreciate the progress bar
long operationTime = System.currentTimeMillis() - timeBeforeOperation;
if (operationTime < 100) {
try {
Thread.sleep(100 - operationTime);
} catch (InterruptedException e) {
// ignore
}
}
return unlockSucceeded ? secretKeyToUnlock : null;
} catch (NotFoundException | PgpGeneralException e) {
Toast.makeText(getActivity(), R.string.error_could_not_extract_private_key,
Toast.LENGTH_SHORT).show();
getActivity().setResult(RESULT_CANCELED);
dismiss();
getActivity().finish();
return null;
}
}
/** Handle a good or bad passphrase. This happens in the UI thread! */
@Override
protected void onPostExecute(CanonicalizedSecretKey result) {
super.onPostExecute(result);
// if we were cancelled in the meantime, the result isn't relevant anymore
if (mIsCancelled) {
return;
}
// if the passphrase was wrong, reset and re-enable the dialogue
if (result == null) {
mPassphraseEditText.setText("");
mPassphraseEditText.setError(getString(R.string.wrong_passphrase));
mLayout.setDisplayedChild(0);
positive.setEnabled(true);
return;
}
// cache the new passphrase as specified in CryptoInputParcel
Log.d(Constants.TAG, "Everything okay!");
if (mRequiredInput.mSkipCaching) {
Log.d(Constants.TAG, "Not caching entered passphrase!");
} else {
Log.d(Constants.TAG, "Caching entered passphrase");
try {
PassphraseCacheService.addCachedPassphrase(getActivity(),
mRequiredInput.getMasterKeyId(), mRequiredInput.getSubKeyId(), passphrase,
result.getRing().getPrimaryUserIdWithFallback(), timeToLiveSeconds);
} catch (PgpKeyNotFoundException e) {
Log.e(Constants.TAG, "adding of a passphrase failed", e);
}
}
finishCaching(passphrase);
}
}.execute();
checkPassphraseAndFinishCaching(positive, passphrase, timeToLiveSeconds);
}
});
}
private void finishCaching(Passphrase passphrase) {
private void checkPassphraseAndFinishCaching(final Button positive, final Passphrase passphrase,
final int timeToLiveSeconds) {
mLayout.setDisplayedChild(1);
positive.setEnabled(false);
new AsyncTask<Void, Void, CanonicalizedSecretKey>() {
@Override
protected CanonicalizedSecretKey doInBackground(Void... params) {
try {
long timeBeforeOperation = SystemClock.elapsedRealtime();
CanonicalizedSecretKey canonicalizedSecretKey = null;
for (long subKeyId : mRequiredInput.getSubKeyIds()) {
CanonicalizedSecretKeyRing secretKeyRing =
KeyRepository.create(getContext()).getCanonicalizedSecretKeyRing(
KeychainContract.KeyRings.buildUnifiedKeyRingsFindBySubkeyUri(subKeyId));
CanonicalizedSecretKey secretKeyToUnlock =
secretKeyRing.getSecretKey(subKeyId);
// this is the operation may take a very long time (100ms to several seconds!)
boolean unlockSucceeded = secretKeyToUnlock.unlock(passphrase);
if (unlockSucceeded) {
canonicalizedSecretKey = secretKeyToUnlock;
}
}
// if it didn't take that long, give the user time to appreciate the progress bar
long operationTime = SystemClock.elapsedRealtime() - timeBeforeOperation;
if (operationTime < 100) {
try {
Thread.sleep(100 - operationTime);
} catch (InterruptedException e) {
// ignore
}
}
return canonicalizedSecretKey;
} catch (NotFoundException | PgpGeneralException e) {
Toast.makeText(getActivity(), R.string.error_could_not_extract_private_key,
Toast.LENGTH_SHORT).show();
getActivity().setResult(RESULT_CANCELED);
dismiss();
getActivity().finish();
return null;
}
}
/** Handle a good or bad passphrase. This happens in the UI thread! */
@Override
protected void onPostExecute(CanonicalizedSecretKey unlockedKey) {
super.onPostExecute(unlockedKey);
// if we were cancelled in the meantime, the result isn't relevant anymore
if (mIsCancelled) {
return;
}
// if the passphrase was wrong, reset and re-enable the dialogue
if (unlockedKey == null) {
mPassphraseEditText.setText("");
mPassphraseEditText.setError(getString(R.string.wrong_passphrase));
mLayout.setDisplayedChild(0);
positive.setEnabled(true);
return;
}
// cache the new passphrase as specified in CryptoInputParcel
Log.d(Constants.TAG, "Everything okay!");
if (mRequiredInput.mSkipCaching) {
Log.d(Constants.TAG, "Not caching entered passphrase!");
} else {
Log.d(Constants.TAG, "Caching entered passphrase");
try {
PassphraseCacheService.addCachedPassphrase(getActivity(),
unlockedKey.getRing().getMasterKeyId(), unlockedKey.getKeyId(), passphrase,
unlockedKey.getRing().getPrimaryUserIdWithFallback(), timeToLiveSeconds);
} catch (PgpKeyNotFoundException e) {
Log.e(Constants.TAG, "adding of a passphrase failed", e);
}
}
finishCaching(passphrase, unlockedKey.getKeyId());
}
}.execute();
}
private void finishCaching(Passphrase passphrase, Long subKeyId) {
// any indication this isn't needed anymore, don't do it.
if (mIsCancelled || getActivity() == null) {
return;
@ -535,7 +552,7 @@ public class PassphraseDialogActivity extends FragmentActivity {
CryptoInputParcel inputParcel = getArguments().getParcelable(EXTRA_CRYPTO_INPUT);
// noinspection ConstantConditions, we handle the non-null case in PassphraseDialogActivity.onCreate()
inputParcel = inputParcel.withPassphrase(passphrase);
inputParcel = inputParcel.withPassphrase(passphrase, subKeyId);
((PassphraseDialogActivity) getActivity()).handleResult(inputParcel);

1
OpenKeychain/src/main/res/values/strings.xml
View file

@ -328,6 +328,7 @@
<string name="passphrase_for_symmetric_encryption">"Enter password"</string>
<string name="passphrase_for_backup">"Enter backup code"</string>
<string name="passphrase_for">"Enter password for '%s'"</string>
<string name="passphrase_for_any">"Enter password"</string>
<string name="passphrase_keyboard_hint_alpha">"Switch to alphabetic keyboard"</string>
<string name="passphrase_keyboard_hint_numeric">"Switch to numeric keyboard"</string>
<string name="pin_for">"Enter PIN for '%s'"</string>

12
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/operations/AuthenticationOperationTest.java
View file

@ -175,7 +175,7 @@ public class AuthenticationOperationTest {
.createAuthenticationParcel(authData.build(), challenge);
CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel();
inputParcel = inputParcel.withPassphrase(mKeyPhrase);
inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId);
AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel);
@ -221,7 +221,7 @@ public class AuthenticationOperationTest {
.createAuthenticationParcel(authData.build(), challenge);
CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel();
inputParcel = inputParcel.withPassphrase(mKeyPhrase);
inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId);
AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel);
@ -267,7 +267,7 @@ public class AuthenticationOperationTest {
.createAuthenticationParcel(authData.build(), challenge);
CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel();
inputParcel = inputParcel.withPassphrase(mKeyPhrase);
inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId);
AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel);
@ -315,7 +315,7 @@ public class AuthenticationOperationTest {
.createAuthenticationParcel(authData.build(), challenge);
CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel();
inputParcel = inputParcel.withPassphrase(mKeyPhrase);
inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId);
AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel);
@ -364,7 +364,7 @@ public class AuthenticationOperationTest {
.createAuthenticationParcel(authData.build(), challenge);
CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel();
inputParcel = inputParcel.withPassphrase(mKeyPhrase);
inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId);
AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel);
@ -387,7 +387,7 @@ public class AuthenticationOperationTest {
.createAuthenticationParcel(authData.build(), challenge);
CryptoInputParcel inputParcel = CryptoInputParcel.createCryptoInputParcel();
inputParcel = inputParcel.withPassphrase(mKeyPhrase);
inputParcel = inputParcel.withPassphrase(mKeyPhrase, authSubKeyId);
AuthenticationResult result = op.execute(authData.build(), inputParcel, authenticationParcel);

20
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/PgpEncryptDecryptTest.java
View file

@ -58,6 +58,7 @@ import org.sufficientlysecure.keychain.provider.KeychainContract.KeyRingData;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyChange;
import org.sufficientlysecure.keychain.service.input.CryptoInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel;
import org.sufficientlysecure.keychain.service.input.RequiredInputParcel.RequiredInputType;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper;
import org.sufficientlysecure.keychain.support.KeyringTestingHelper.RawPacket;
@ -1064,6 +1065,25 @@ public class PgpEncryptDecryptTest {
Assert.assertEquals(1024, encryptionKeySecurityProblem.bitStrength);
}
@Test
public void testDecryptForTwoKeys() throws Exception {
InputStream in = getResourceAsStream("/test-ciphertexts/two_keys.asc");
ByteArrayOutputStream out = new ByteArrayOutputStream();
InputData data = new InputData(in, in.available());
PgpDecryptVerifyOperation op = operationWithFakePassphraseCache(null, null, null);
PgpDecryptVerifyInputParcel input = PgpDecryptVerifyInputParcel.builder().build();
DecryptVerifyResult result = op.execute(input, CryptoInputParcel.createCryptoInputParcel(), data, out);
RequiredInputParcel requiredInputParcel = result.getRequiredInputParcel();
Assert.assertNotNull(requiredInputParcel);
Assert.assertEquals(3, requiredInputParcel.getMasterKeyIds().length);
Assert.assertEquals(mStaticRing1.getMasterKeyId(), requiredInputParcel.getMasterKeyIds()[0]);
Assert.assertEquals(mStaticRing1.getMasterKeyId(), requiredInputParcel.getMasterKeyIds()[1]);
Assert.assertEquals(mStaticRing2.getMasterKeyId(), requiredInputParcel.getMasterKeyIds()[2]);
}
private PgpDecryptVerifyOperation operationWithFakePassphraseCache(
final Passphrase passphrase, final Long checkMasterKeyId, final Long checkSubKeyId) {

BIN
OpenKeychain/src/test/resources/test-ciphertexts/two_keys.asc Normal file
View file

Binary file not shown.