Added S/MIME encryption algorithm selection

3 years ago · 6e694c7803
parent d077fa387a
commit 6e694c7803
5 changed files with 92 additions and 4 deletions
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@ -133,6 +133,7 @@ import com.google.android.material.bottomnavigation.BottomNavigationView;
 import com.google.android.material.bottomnavigation.LabelVisibilityMode;
 import com.google.android.material.snackbar.Snackbar;

+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
 import org.bouncycastle.cert.jcajce.JcaCertStore;
 import org.bouncycastle.cms.CMSAlgorithm;
 import org.bouncycastle.cms.CMSEnvelopedData;
@ -3575,7 +3576,25 @@ public class FragmentCompose extends FragmentBase {
                }
                CMSTypedData msg = new CMSProcessableFile(einput);

-                OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC)
+                // https://datatracker.ietf.org/doc/html/rfc5751#section-2.7
+                ASN1ObjectIdentifier encryptionOID;
+                String encryptAlgorithm = prefs.getString("encrypt_algo_smime", "AES128");
+                switch (encryptAlgorithm) {
+                    case "AES128":
+                        encryptionOID = CMSAlgorithm.AES128_CBC;
+                        break;
+                    case "AES192":
+                        encryptionOID = CMSAlgorithm.AES192_CBC;
+                        break;
+                    case "AES256":
+                        encryptionOID = CMSAlgorithm.AES256_CBC;
+                        break;
+                    default:
+                        encryptionOID = CMSAlgorithm.AES128_CBC;
+                }
+                Log.i("Encryption algorithm=" + encryptAlgorithm + " OID=" + encryptionOID);
+
+                OutputEncryptor encryptor = new JceCMSContentEncryptorBuilder(encryptionOID)
                        .build();
                CMSEnvelopedData cmsEnvelopedData = cmsEnvelopedDataGenerator
                        .generate(msg, encryptor);
--- a/app/src/main/java/eu/faircode/email/FragmentMessages.java
+++ b/app/src/main/java/eu/faircode/email/FragmentMessages.java
@ -7277,6 +7277,17 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
                                            InputStream is = recipientInfo.getContentStream(recipient).getContentStream();
                                            decodeMessage(context, is, message, args);
                                            decoded = true;
+
+                                            String algo;
+                                            try {
+                                                DefaultAlgorithmNameFinder af = new DefaultAlgorithmNameFinder();
+                                                algo = af.getAlgorithmName(envelopedData.getContentEncryptionAlgorithm());
+                                            } catch (Throwable ex) {
+                                                Log.e(ex);
+                                                algo = envelopedData.getEncryptionAlgOID();
+                                            }
+                                            Log.i("Encryption algo=" + algo);
+                                            args.putString("algo", algo);
                                        } catch (CMSException ex) {
                                            Log.w(ex);
                                        }
@ -7460,6 +7471,12 @@ public class FragmentMessages extends FragmentBase implements SharedPreferences.
                            Snackbar.make(view, Log.formatThrowable(ex), Snackbar.LENGTH_LONG)
                                    .setGestureInsetBottomIgnored(true).show();
                        }
+                } else if (EntityMessage.SMIME_SIGNENCRYPT.equals(type)) {
+                    String algo = args.getString("algo");
+                    if (!TextUtils.isEmpty(algo)) {
+                        Snackbar.make(view, algo, Snackbar.LENGTH_LONG)
+                                .setGestureInsetBottomIgnored(true).show();
+                    }
                }
            }

--- a/app/src/main/java/eu/faircode/email/FragmentOptionsEncryption.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOptionsEncryption.java
@ -81,6 +81,7 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
    private SwitchCompat swEncryptSubject;

    private Spinner spSignAlgoSmime;
+    private Spinner spEncryptAlgoSmime;
    private SwitchCompat swCheckCertificate;
    private Button btnManageCertificates;
    private Button btnImportKey;
@ -94,7 +95,7 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
    private final static String[] RESET_OPTIONS = new String[]{
            "sign_default", "encrypt_default", "auto_decrypt", "auto_undecrypt",
            "openpgp_provider", "autocrypt", "autocrypt_mutual", "encrypt_subject",
-            "sign_algo_smime", "check_certificate"
+            "sign_algo_smime", "encrypt_algo_smime", "check_certificate"
    };

    @Override
@ -121,6 +122,7 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
        swEncryptSubject = view.findViewById(R.id.swEncryptSubject);

        spSignAlgoSmime = view.findViewById(R.id.spSignAlgoSmime);
+        spEncryptAlgoSmime = view.findViewById(R.id.spEncryptAlgoSmime);
        swCheckCertificate = view.findViewById(R.id.swCheckCertificate);
        btnManageCertificates = view.findViewById(R.id.btnManageCertificates);
        btnImportKey = view.findViewById(R.id.btnImportKey);
@ -268,6 +270,19 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
            }
        });

+        spEncryptAlgoSmime.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
+            @Override
+            public void onItemSelected(AdapterView<?> adapterView, View view, int position, long id) {
+                String[] values = getResources().getStringArray(R.array.smimeEncryptAlgo);
+                prefs.edit().putString("encrypt_algo_smime", values[position]).apply();
+            }
+
+            @Override
+            public void onNothingSelected(AdapterView<?> parent) {
+                prefs.edit().remove("encrypt_algo_smime").apply();
+            }
+        });
+
        swCheckCertificate.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
            @Override
            public void onCheckedChanged(CompoundButton compoundButton, boolean checked) {
@ -432,6 +447,14 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
                break;
            }

+        String encryptAlgorithm = prefs.getString("encrypt_algo_smime", "AES128");
+        String[] smimeEncryptAlgo = getResources().getStringArray(R.array.smimeEncryptAlgo);
+        for (int pos = 0; pos < smimeEncryptAlgo.length; pos++)
+            if (smimeEncryptAlgo[pos].equals(encryptAlgorithm)) {
+                spEncryptAlgoSmime.setSelection(pos);
+                break;
+            }
+
        swCheckCertificate.setChecked(prefs.getBoolean("check_certificate", true));
    }

--- a/app/src/main/res/layout/fragment_options_encryption.xml
+++ b/app/src/main/res/layout/fragment_options_encryption.xml
@ -286,6 +286,28 @@
                    app:layout_constraintStart_toStartOf="parent"
                    app:layout_constraintTop_toBottomOf="@id/tvSignAlgoSmime" />

+                <eu.faircode.email.FixedTextView
+                    android:id="@+id/tvEncryptAlgoSmime"
+                    android:layout_width="0dp"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="12dp"
+                    android:layout_marginEnd="48dp"
+                    android:text="@string/title_advanced_encrypt_algo"
+                    android:textAppearance="@style/TextAppearance.AppCompat.Small"
+                    android:textColor="?android:attr/textColorPrimary"
+                    app:layout_constraintEnd_toEndOf="parent"
+                    app:layout_constraintStart_toStartOf="parent"
+                    app:layout_constraintTop_toBottomOf="@id/spSignAlgoSmime" />
+
+                <Spinner
+                    android:id="@+id/spEncryptAlgoSmime"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="12dp"
+                    android:entries="@array/smimeEncryptAlgo"
+                    app:layout_constraintStart_toStartOf="parent"
+                    app:layout_constraintTop_toBottomOf="@id/tvEncryptAlgoSmime" />
+
                <androidx.appcompat.widget.SwitchCompat
                    android:id="@+id/swCheckCertificate"
                    android:layout_width="0dp"
@ -295,7 +317,7 @@
                    android:text="@string/title_advanced_check_certificate"
                    app:layout_constraintEnd_toEndOf="parent"
                    app:layout_constraintStart_toStartOf="parent"
-                    app:layout_constraintTop_toBottomOf="@id/spSignAlgoSmime"
+                    app:layout_constraintTop_toBottomOf="@id/spEncryptAlgoSmime"
                    app:switchPadding="12dp" />

                <Button
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@ -585,7 +585,8 @@
    <string name="title_advanced_autocrypt">Use Autocrypt</string>
    <string name="title_advanced_autocrypt_mutual">Autocrypt mutual mode</string>
    <string name="title_advanced_encrypt_subject">Encrypt subject</string>
-    <string name="title_advanced_sign_algo">Signature algoritm</string>
+    <string name="title_advanced_sign_algo">Signature algorithm</string>
+    <string name="title_advanced_encrypt_algo">Encryption algorithm</string>
    <string name="title_advanced_check_certificate">Check public key on sending</string>
    <string name="title_advanced_manage_certificates">Manage public keys</string>
    <string name="title_advanced_import_key">Import private key</string>
@ -2027,6 +2028,12 @@
        <item>SHA512</item>
    </string-array>

+    <string-array name="smimeEncryptAlgo">
+        <item>AES128</item>
+        <item>AES192</item>
+        <item>AES256</item>
+    </string-array>
+
    <string name="fingerprint" translatable="false">17BA15C1AF55D925F98B99CEA4375D4CDF4C174B</string>
    <string name="fingerprint_amazon" translatable="false">200D0AA43A8ADBC7BB8237023C1553F4753CA7D2</string>
    <string name="public_key" translatable="false">MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFbxEbzL8u5accPGgBw/XdyiSS5BBE6ZQ9ELpKyJ/OQN+kdYniCAOw3lsQ/GuJScy4Y2HobqbBgLL8GLHG+Yu2EHC9dLjA3v2Mc25vvnfn86BsrpQvz1poN2n+roTBdq09FWbtebJ8m0hDBVmtfRi7RhTKIL4No3kodLhksdnucKjcFheubebWKgpmvbmw7NwuELhaZmyhw8WTtnQ4rZPMhjY1JJZgzwNExXgD7zzg4pJPkuQlfkuRkkvBpHpi3C7VDnYjrBlLHngI4wv3wxQBVwJqlvAT9PmX8dOVnTsWWdJdLQBZVWphuqVY54kjBIovN+o8w03WjsV9QiOQq+XwIDAQAB</string>