use detached signatures

This commit is contained in:
Daniel Gultsch 2021-02-17 22:47:40 +01:00
parent 149224a073
commit 78901e3339
4 changed files with 288 additions and 261 deletions

View File

@ -6,10 +6,17 @@ import android.util.Log;
import androidx.annotation.StringRes;
import com.google.common.base.CharMatcher;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.io.BaseEncoding;
import org.openintents.openpgp.OpenPgpError;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.openintents.openpgp.util.OpenPgpApi;
import org.openintents.openpgp.util.OpenPgpApi.IOpenPgpCallback;
import org.openintents.openpgp.util.OpenPgpUtils;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
@ -18,6 +25,7 @@ import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.ArrayList;
import eu.siacs.conversations.Config;
import eu.siacs.conversations.R;
@ -29,6 +37,7 @@ import eu.siacs.conversations.entities.Message;
import eu.siacs.conversations.persistance.FileBackend;
import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.ui.UiCallback;
import eu.siacs.conversations.utils.AsciiArmor;
public class PgpEngine {
private final OpenPgpApi api;
@ -42,7 +51,7 @@ public class PgpEngine {
private static void logError(Account account, OpenPgpError error) {
if (error != null) {
error.describeContents();
Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error '" + error.getMessage() + "' code=" + error.getErrorId()+" class="+error.getClass().getName());
Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error '" + error.getMessage() + "' code=" + error.getErrorId() + " class=" + error.getClass().getName());
} else {
Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error with no message");
}
@ -77,14 +86,14 @@ public class PgpEngine {
case OpenPgpApi.RESULT_CODE_SUCCESS:
try {
os.flush();
StringBuilder encryptedMessageBody = new StringBuilder();
String[] lines = os.toString().split("\n");
final ArrayList<String> encryptedMessageBody = new ArrayList<>();
final String[] lines = os.toString().split("\n");
for (int i = 2; i < lines.length - 1; ++i) {
if (!lines[i].contains("Version")) {
encryptedMessageBody.append(lines[i].trim());
encryptedMessageBody.add(lines[i].trim());
}
}
message.setEncryptedBody(encryptedMessageBody.toString());
message.setEncryptedBody(Joiner.on('\n').join(encryptedMessageBody));
message.setEncryption(Message.ENCRYPTION_DECRYPTED);
mXmppConnectionService.sendMessage(message);
callback.success(message);
@ -147,36 +156,26 @@ public class PgpEngine {
}
}
public long fetchKeyId(Account account, String status, String signature) {
if ((signature == null) || (api == null)) {
public long fetchKeyId(final Account account, final String status, final String signature) {
if (signature == null || api == null) {
return 0;
}
if (status == null) {
status = "";
}
final StringBuilder pgpSig = new StringBuilder();
pgpSig.append("-----BEGIN PGP SIGNED MESSAGE-----");
pgpSig.append('\n');
pgpSig.append('\n');
pgpSig.append(status);
pgpSig.append('\n');
pgpSig.append("-----BEGIN PGP SIGNATURE-----");
pgpSig.append('\n');
pgpSig.append('\n');
pgpSig.append(signature.replace("\n", "").trim());
pgpSig.append('\n');
pgpSig.append("-----END PGP SIGNATURE-----");
Intent params = new Intent();
final Intent params = new Intent();
params.setAction(OpenPgpApi.ACTION_DECRYPT_VERIFY);
params.putExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true);
InputStream is = new ByteArrayInputStream(pgpSig.toString().getBytes());
ByteArrayOutputStream os = new ByteArrayOutputStream();
Intent result = api.executeApi(params, is, os);
try {
params.putExtra(OpenPgpApi.RESULT_DETACHED_SIGNATURE, AsciiArmor.decode(signature));
} catch (final IllegalArgumentException e) {
Log.d(Config.LOGTAG, "unable to parse signature", e);
return 0;
}
final InputStream is = new ByteArrayInputStream(Strings.nullToEmpty(status).getBytes());
final ByteArrayOutputStream os = new ByteArrayOutputStream();
final Intent result = api.executeApi(params, is, os);
switch (result.getIntExtra(OpenPgpApi.RESULT_CODE,
OpenPgpApi.RESULT_CODE_ERROR)) {
case OpenPgpApi.RESULT_CODE_SUCCESS:
OpenPgpSignatureResult sigResult = result
.getParcelableExtra(OpenPgpApi.RESULT_SIGNATURE);
final OpenPgpSignatureResult sigResult = result.getParcelableExtra(OpenPgpApi.RESULT_SIGNATURE);
//TODO unsure that sigResult.getResult() is either 1, 2 or 3
if (sigResult != null) {
return sigResult.getKeyId();
} else {
@ -223,18 +222,17 @@ public class PgpEngine {
api.executeApiAsync(params, is, os, result -> {
switch (result.getIntExtra(OpenPgpApi.RESULT_CODE, 0)) {
case OpenPgpApi.RESULT_CODE_SUCCESS:
StringBuilder signatureBuilder = new StringBuilder();
final ArrayList<String> signature = new ArrayList<>();
try {
os.flush();
String[] lines = os.toString().split("\n");
boolean sig = false;
for (String line : lines) {
for (final String line : Splitter.on('\n').split(os.toString())) {
if (sig) {
if (line.contains("END PGP SIGNATURE")) {
sig = false;
} else {
if (!line.contains("Version")) {
signatureBuilder.append(line.trim());
signature.add(line.trim());
}
}
}
@ -246,7 +244,7 @@ public class PgpEngine {
callback.error(R.string.openpgp_error, null);
return;
}
callback.success(signatureBuilder.toString());
callback.success(Joiner.on('\n').join(signature));
return;
case OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED:
callback.userInputRequired(result.getParcelableExtra(OpenPgpApi.RESULT_INTENT), status);

View File

@ -2,6 +2,8 @@ package eu.siacs.conversations.parser;
import android.util.Log;
import org.openintents.openpgp.util.OpenPgpUtils;
import java.util.ArrayList;
import java.util.List;
@ -17,6 +19,7 @@ import eu.siacs.conversations.entities.Presence;
import eu.siacs.conversations.generator.IqGenerator;
import eu.siacs.conversations.generator.PresenceGenerator;
import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.XmppUri;
import eu.siacs.conversations.xml.Element;
import eu.siacs.conversations.xml.Namespace;
@ -313,9 +316,10 @@ public class PresenceParser extends AbstractParser implements
PgpEngine pgp = mXmppConnectionService.getPgpEngine();
Element x = packet.findChild("x", "jabber:x:signed");
if (pgp != null && x != null) {
Element status = packet.findChild("status");
String msg = status != null ? status.getContent() : "";
if (contact.setPgpKeyId(pgp.fetchKeyId(account, msg, x.getContent()))) {
final String status = packet.findChildContent("status");
final long keyId = pgp.fetchKeyId(account, status, x.getContent());
if (keyId != 0 && contact.setPgpKeyId(keyId)) {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+": found OpenPGP key id for "+contact.getJid()+" "+OpenPgpUtils.convertKeyIdToHex(keyId));
mXmppConnectionService.syncRoster(account);
}
}

View File

@ -52,6 +52,8 @@ import androidx.appcompat.app.AlertDialog.Builder;
import androidx.appcompat.app.AppCompatDelegate;
import androidx.databinding.DataBindingUtil;
import com.google.common.base.Strings;
import java.io.IOException;
import java.lang.ref.WeakReference;
import java.util.ArrayList;
@ -573,13 +575,7 @@ public abstract class XmppActivity extends ActionBarActivity {
if (account.getPgpId() == 0) {
choosePgpSignId(account);
} else {
String status = null;
if (manuallyChangePresence()) {
status = account.getPresenceStatusMessage();
}
if (status == null) {
status = "";
}
final String status = Strings.nullToEmpty(account.getPresenceStatusMessage());
xmppConnectionService.getPgpEngine().generateSignature(intent, account, status, new UiCallback<String>() {
@Override

View File

@ -0,0 +1,29 @@
package eu.siacs.conversations.utils;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.io.BaseEncoding;
import java.util.List;
public class AsciiArmor {
public static byte[] decode(final String input) {
final List<String> lines = Splitter.on('\n').splitToList(Strings.nullToEmpty(input).trim());
if (lines.size() == 1) {
final String line = lines.get(0);
final String cleaned = line.substring(0, line.lastIndexOf("="));
return BaseEncoding.base64().decode(cleaned);
}
final String withoutChecksum;
if (Iterables.getLast(lines).charAt(0) == '=') {
withoutChecksum = Joiner.on("").join(lines.subList(0, lines.size() - 1));
} else {
withoutChecksum = Joiner.on("").join(lines);
}
return BaseEncoding.base64().decode(withoutChecksum);
}
}