fix: check if passphrase is necessary before asking for it

Updates #2836
android-password-store · Dec 25, 2023 · d8f76b3 · d8f76b3
1 parent 4c09adb
commit d8f76b3
Show file tree

Hide file tree

Showing 5 changed files with 33 additions and 1 deletion.
diff --git a/app/src/main/java/app/passwordstore/data/crypto/CryptoRepository.kt b/app/src/main/java/app/passwordstore/data/crypto/CryptoRepository.kt
@@ -45,6 +45,10 @@ constructor(
     out: ByteArrayOutputStream,
   ) = withContext(dispatcherProvider.io()) { decryptPgp(password, identities, message, out) }
 
+  fun isPasswordProtected(message: ByteArrayInputStream): Boolean {
+    return pgpCryptoHandler.isPassphraseProtected(message)
+  }
+
   suspend fun encrypt(
     identities: List<PGPIdentifier>,
     content: ByteArrayInputStream,

diff --git a/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt b/app/src/main/java/app/passwordstore/ui/crypto/DecryptActivity.kt
@@ -177,7 +177,7 @@ class DecryptActivity : BasePGPActivity() {
     }
   }
 
-  private fun askPassphrase(
+  private suspend fun askPassphrase(
     isError: Boolean,
     gpgIdentifiers: List<PGPIdentifier>,
     authResult: Result,
@@ -187,6 +187,14 @@ class DecryptActivity : BasePGPActivity() {
     } else {
       finish()
     }
+    if (
+      !repository.isPasswordProtected(
+        withContext(dispatcherProvider.io()) { File(fullPath).readBytes().inputStream() }
+      )
+    ) {
+      decryptWithPassphrase(password = "", gpgIdentifiers = gpgIdentifiers)
+      return
+    }
     val dialog = PasswordDialog()
     if (isError) {
       dialog.setError()

diff --git a/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoHandler.kt b/crypto/common/src/main/kotlin/app/passwordstore/crypto/CryptoHandler.kt
@@ -41,4 +41,10 @@ public interface CryptoHandler<Key, EncOpts : CryptoOptions, DecryptOpts : Crypt
 
   /** Given a [fileName], return whether this instance can handle it. */
   public fun canHandle(fileName: String): Boolean
+
+  /**
+   * Inspects the given encrypted [message] to notify user if a passphrase is necessary to decrypt
+   * it.
+   */
+  public fun isPassphraseProtected(message: InputStream): Boolean
 }
diff --git a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPKeyManager.kt b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPKeyManager.kt
@@ -139,6 +139,14 @@ constructor(
   /** @see KeyManager.getKeyById */
   override suspend fun getKeyId(key: PGPKey): PGPIdentifier? = tryGetId(key)
 
+  public suspend fun isPasswordProtected(key: PGPKey): Boolean {
+    val keyring = tryParseKeyring(key)
+    if (keyring is PGPSecretKeyRing) {
+      keyring.secretKey.keyEncryptionAlgorithm
+    }
+    return false
+  }
+
   /** Checks if [keyDir] exists and attempts to create it if not. */
   private fun keyDirExists(): Boolean {
     return keyDir.exists() || keyDir.mkdirs()

diff --git a/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt b/crypto/pgpainless/src/main/kotlin/app/passwordstore/crypto/PGPainlessCryptoHandler.kt
@@ -22,6 +22,7 @@ import org.bouncycastle.openpgp.PGPSecretKeyRingCollection
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.PGPainless
 import org.pgpainless.decryption_verification.ConsumerOptions
+import org.pgpainless.decryption_verification.MessageInspector
 import org.pgpainless.encryption_signing.EncryptionOptions
 import org.pgpainless.encryption_signing.ProducerOptions
 import org.pgpainless.exception.WrongPassphraseException
@@ -136,4 +137,9 @@ public class PGPainlessCryptoHandler @Inject constructor() :
   public override fun canHandle(fileName: String): Boolean {
     return fileName.substringAfterLast('.', "") == "gpg"
   }
+
+  public override fun isPassphraseProtected(message: InputStream): Boolean {
+    val info = MessageInspector.determineEncryptionInfoForMessage(message)
+    return info.isPassphraseEncrypted
+  }
 }