use detached signatures

This commit is contained in:
Daniel Gultsch 2021-02-17 22:47:40 +01:00
parent 149224a073
commit 78901e3339
4 changed files with 288 additions and 261 deletions

View file

@ -6,10 +6,17 @@ import android.util.Log;
import androidx.annotation.StringRes; import androidx.annotation.StringRes;
import com.google.common.base.CharMatcher;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.io.BaseEncoding;
import org.openintents.openpgp.OpenPgpError; import org.openintents.openpgp.OpenPgpError;
import org.openintents.openpgp.OpenPgpSignatureResult; import org.openintents.openpgp.OpenPgpSignatureResult;
import org.openintents.openpgp.util.OpenPgpApi; import org.openintents.openpgp.util.OpenPgpApi;
import org.openintents.openpgp.util.OpenPgpApi.IOpenPgpCallback; import org.openintents.openpgp.util.OpenPgpApi.IOpenPgpCallback;
import org.openintents.openpgp.util.OpenPgpUtils;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
@ -18,6 +25,7 @@ import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.util.ArrayList;
import eu.siacs.conversations.Config; import eu.siacs.conversations.Config;
import eu.siacs.conversations.R; import eu.siacs.conversations.R;
@ -29,6 +37,7 @@ import eu.siacs.conversations.entities.Message;
import eu.siacs.conversations.persistance.FileBackend; import eu.siacs.conversations.persistance.FileBackend;
import eu.siacs.conversations.services.XmppConnectionService; import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.ui.UiCallback; import eu.siacs.conversations.ui.UiCallback;
import eu.siacs.conversations.utils.AsciiArmor;
public class PgpEngine { public class PgpEngine {
private final OpenPgpApi api; private final OpenPgpApi api;
@ -42,7 +51,7 @@ public class PgpEngine {
private static void logError(Account account, OpenPgpError error) { private static void logError(Account account, OpenPgpError error) {
if (error != null) { if (error != null) {
error.describeContents(); error.describeContents();
Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error '" + error.getMessage() + "' code=" + error.getErrorId()+" class="+error.getClass().getName()); Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error '" + error.getMessage() + "' code=" + error.getErrorId() + " class=" + error.getClass().getName());
} else { } else {
Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error with no message"); Log.d(Config.LOGTAG, account.getJid().asBareJid().toString() + ": OpenKeychain error with no message");
} }
@ -77,14 +86,14 @@ public class PgpEngine {
case OpenPgpApi.RESULT_CODE_SUCCESS: case OpenPgpApi.RESULT_CODE_SUCCESS:
try { try {
os.flush(); os.flush();
StringBuilder encryptedMessageBody = new StringBuilder(); final ArrayList<String> encryptedMessageBody = new ArrayList<>();
String[] lines = os.toString().split("\n"); final String[] lines = os.toString().split("\n");
for (int i = 2; i < lines.length - 1; ++i) { for (int i = 2; i < lines.length - 1; ++i) {
if (!lines[i].contains("Version")) { if (!lines[i].contains("Version")) {
encryptedMessageBody.append(lines[i].trim()); encryptedMessageBody.add(lines[i].trim());
} }
} }
message.setEncryptedBody(encryptedMessageBody.toString()); message.setEncryptedBody(Joiner.on('\n').join(encryptedMessageBody));
message.setEncryption(Message.ENCRYPTION_DECRYPTED); message.setEncryption(Message.ENCRYPTION_DECRYPTED);
mXmppConnectionService.sendMessage(message); mXmppConnectionService.sendMessage(message);
callback.success(message); callback.success(message);
@ -147,36 +156,26 @@ public class PgpEngine {
} }
} }
public long fetchKeyId(Account account, String status, String signature) { public long fetchKeyId(final Account account, final String status, final String signature) {
if ((signature == null) || (api == null)) { if (signature == null || api == null) {
return 0; return 0;
} }
if (status == null) { final Intent params = new Intent();
status = "";
}
final StringBuilder pgpSig = new StringBuilder();
pgpSig.append("-----BEGIN PGP SIGNED MESSAGE-----");
pgpSig.append('\n');
pgpSig.append('\n');
pgpSig.append(status);
pgpSig.append('\n');
pgpSig.append("-----BEGIN PGP SIGNATURE-----");
pgpSig.append('\n');
pgpSig.append('\n');
pgpSig.append(signature.replace("\n", "").trim());
pgpSig.append('\n');
pgpSig.append("-----END PGP SIGNATURE-----");
Intent params = new Intent();
params.setAction(OpenPgpApi.ACTION_DECRYPT_VERIFY); params.setAction(OpenPgpApi.ACTION_DECRYPT_VERIFY);
params.putExtra(OpenPgpApi.EXTRA_REQUEST_ASCII_ARMOR, true); try {
InputStream is = new ByteArrayInputStream(pgpSig.toString().getBytes()); params.putExtra(OpenPgpApi.RESULT_DETACHED_SIGNATURE, AsciiArmor.decode(signature));
ByteArrayOutputStream os = new ByteArrayOutputStream(); } catch (final IllegalArgumentException e) {
Intent result = api.executeApi(params, is, os); Log.d(Config.LOGTAG, "unable to parse signature", e);
return 0;
}
final InputStream is = new ByteArrayInputStream(Strings.nullToEmpty(status).getBytes());
final ByteArrayOutputStream os = new ByteArrayOutputStream();
final Intent result = api.executeApi(params, is, os);
switch (result.getIntExtra(OpenPgpApi.RESULT_CODE, switch (result.getIntExtra(OpenPgpApi.RESULT_CODE,
OpenPgpApi.RESULT_CODE_ERROR)) { OpenPgpApi.RESULT_CODE_ERROR)) {
case OpenPgpApi.RESULT_CODE_SUCCESS: case OpenPgpApi.RESULT_CODE_SUCCESS:
OpenPgpSignatureResult sigResult = result final OpenPgpSignatureResult sigResult = result.getParcelableExtra(OpenPgpApi.RESULT_SIGNATURE);
.getParcelableExtra(OpenPgpApi.RESULT_SIGNATURE); //TODO unsure that sigResult.getResult() is either 1, 2 or 3
if (sigResult != null) { if (sigResult != null) {
return sigResult.getKeyId(); return sigResult.getKeyId();
} else { } else {
@ -223,18 +222,17 @@ public class PgpEngine {
api.executeApiAsync(params, is, os, result -> { api.executeApiAsync(params, is, os, result -> {
switch (result.getIntExtra(OpenPgpApi.RESULT_CODE, 0)) { switch (result.getIntExtra(OpenPgpApi.RESULT_CODE, 0)) {
case OpenPgpApi.RESULT_CODE_SUCCESS: case OpenPgpApi.RESULT_CODE_SUCCESS:
StringBuilder signatureBuilder = new StringBuilder(); final ArrayList<String> signature = new ArrayList<>();
try { try {
os.flush(); os.flush();
String[] lines = os.toString().split("\n");
boolean sig = false; boolean sig = false;
for (String line : lines) { for (final String line : Splitter.on('\n').split(os.toString())) {
if (sig) { if (sig) {
if (line.contains("END PGP SIGNATURE")) { if (line.contains("END PGP SIGNATURE")) {
sig = false; sig = false;
} else { } else {
if (!line.contains("Version")) { if (!line.contains("Version")) {
signatureBuilder.append(line.trim()); signature.add(line.trim());
} }
} }
} }
@ -246,7 +244,7 @@ public class PgpEngine {
callback.error(R.string.openpgp_error, null); callback.error(R.string.openpgp_error, null);
return; return;
} }
callback.success(signatureBuilder.toString()); callback.success(Joiner.on('\n').join(signature));
return; return;
case OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED: case OpenPgpApi.RESULT_CODE_USER_INTERACTION_REQUIRED:
callback.userInputRequired(result.getParcelableExtra(OpenPgpApi.RESULT_INTENT), status); callback.userInputRequired(result.getParcelableExtra(OpenPgpApi.RESULT_INTENT), status);

View file

@ -2,6 +2,8 @@ package eu.siacs.conversations.parser;
import android.util.Log; import android.util.Log;
import org.openintents.openpgp.util.OpenPgpUtils;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.List; import java.util.List;
@ -17,6 +19,7 @@ import eu.siacs.conversations.entities.Presence;
import eu.siacs.conversations.generator.IqGenerator; import eu.siacs.conversations.generator.IqGenerator;
import eu.siacs.conversations.generator.PresenceGenerator; import eu.siacs.conversations.generator.PresenceGenerator;
import eu.siacs.conversations.services.XmppConnectionService; import eu.siacs.conversations.services.XmppConnectionService;
import eu.siacs.conversations.utils.CryptoHelper;
import eu.siacs.conversations.utils.XmppUri; import eu.siacs.conversations.utils.XmppUri;
import eu.siacs.conversations.xml.Element; import eu.siacs.conversations.xml.Element;
import eu.siacs.conversations.xml.Namespace; import eu.siacs.conversations.xml.Namespace;
@ -313,9 +316,10 @@ public class PresenceParser extends AbstractParser implements
PgpEngine pgp = mXmppConnectionService.getPgpEngine(); PgpEngine pgp = mXmppConnectionService.getPgpEngine();
Element x = packet.findChild("x", "jabber:x:signed"); Element x = packet.findChild("x", "jabber:x:signed");
if (pgp != null && x != null) { if (pgp != null && x != null) {
Element status = packet.findChild("status"); final String status = packet.findChildContent("status");
String msg = status != null ? status.getContent() : ""; final long keyId = pgp.fetchKeyId(account, status, x.getContent());
if (contact.setPgpKeyId(pgp.fetchKeyId(account, msg, x.getContent()))) { if (keyId != 0 && contact.setPgpKeyId(keyId)) {
Log.d(Config.LOGTAG,account.getJid().asBareJid()+": found OpenPGP key id for "+contact.getJid()+" "+OpenPgpUtils.convertKeyIdToHex(keyId));
mXmppConnectionService.syncRoster(account); mXmppConnectionService.syncRoster(account);
} }
} }

View file

@ -52,6 +52,8 @@ import androidx.appcompat.app.AlertDialog.Builder;
import androidx.appcompat.app.AppCompatDelegate; import androidx.appcompat.app.AppCompatDelegate;
import androidx.databinding.DataBindingUtil; import androidx.databinding.DataBindingUtil;
import com.google.common.base.Strings;
import java.io.IOException; import java.io.IOException;
import java.lang.ref.WeakReference; import java.lang.ref.WeakReference;
import java.util.ArrayList; import java.util.ArrayList;
@ -573,13 +575,7 @@ public abstract class XmppActivity extends ActionBarActivity {
if (account.getPgpId() == 0) { if (account.getPgpId() == 0) {
choosePgpSignId(account); choosePgpSignId(account);
} else { } else {
String status = null; final String status = Strings.nullToEmpty(account.getPresenceStatusMessage());
if (manuallyChangePresence()) {
status = account.getPresenceStatusMessage();
}
if (status == null) {
status = "";
}
xmppConnectionService.getPgpEngine().generateSignature(intent, account, status, new UiCallback<String>() { xmppConnectionService.getPgpEngine().generateSignature(intent, account, status, new UiCallback<String>() {
@Override @Override

View file

@ -0,0 +1,29 @@
package eu.siacs.conversations.utils;
import com.google.common.base.Joiner;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.io.BaseEncoding;
import java.util.List;
public class AsciiArmor {
public static byte[] decode(final String input) {
final List<String> lines = Splitter.on('\n').splitToList(Strings.nullToEmpty(input).trim());
if (lines.size() == 1) {
final String line = lines.get(0);
final String cleaned = line.substring(0, line.lastIndexOf("="));
return BaseEncoding.base64().decode(cleaned);
}
final String withoutChecksum;
if (Iterables.getLast(lines).charAt(0) == '=') {
withoutChecksum = Joiner.on("").join(lines.subList(0, lines.size() - 1));
} else {
withoutChecksum = Joiner.on("").join(lines);
}
return BaseEncoding.base64().decode(withoutChecksum);
}
}