Added option to select S/MIME sign algorithm

4 years ago · f75293f6a0
parent a999ae2e3b
commit f75293f6a0
4 changed files with 76 additions and 5 deletions
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@ -3422,14 +3422,28 @@ public class FragmentCompose extends FragmentBase {
                CMSSignedDataGenerator cmsGenerator = new CMSSignedDataGenerator();
                cmsGenerator.addCertificates(store);

+                String signAlgorithm = prefs.getString("sign_algo_smime", "SHA256");
+
+                // https://datatracker.ietf.org/doc/html/rfc5751#page-29
+                String micalg = signAlgorithm.toLowerCase(Locale.ROOT);
+                if (micalg.startsWith("sha"))
+                    micalg = micalg.substring(0, 3) + "-" + micalg.substring(3);
+
                String algorithm = privkey.getAlgorithm();
-                Log.i("Private key algorithm=" + algorithm);
+                if (TextUtils.isEmpty(algorithm) || "RSA".equals(algorithm))
+                    Log.i("Private key algorithm=" + algorithm);
+                else
+                    Log.e("Private key algorithm=" + algorithm);
+
                if (TextUtils.isEmpty(algorithm))
                    algorithm = "RSA";
                else if ("EC".equals(algorithm))
                    algorithm = "ECDSA";

-                ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256with" + algorithm)
+                algorithm = signAlgorithm + "with" + algorithm;
+                Log.i("Sign algorithm=" + algorithm);
+
+                ContentSigner contentSigner = new JcaContentSignerBuilder(algorithm)
                        .build(privkey);
                DigestCalculatorProvider digestCalculator = new JcaDigestCalculatorProviderBuilder()
                        .build();
@ -3451,7 +3465,7 @@ public class FragmentCompose extends FragmentBase {
                // Build signature
                if (EntityMessage.SMIME_SIGNONLY.equals(type)) {
                    ContentType ct = new ContentType("application/pkcs7-signature");
-                    ct.setParameter("micalg", "sha-256");
+                    ct.setParameter("micalg", micalg);

                    EntityAttachment sattachment = new EntityAttachment();
                    sattachment.message = draft.id;
--- a/app/src/main/java/eu/faircode/email/FragmentOptionsEncryption.java
+++ b/app/src/main/java/eu/faircode/email/FragmentOptionsEncryption.java
@ -80,6 +80,7 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
    private SwitchCompat swAutocryptMutual;
    private SwitchCompat swEncryptSubject;

+    private Spinner spSignAlgoSmime;
    private SwitchCompat swCheckCertificate;
    private Button btnManageCertificates;
    private Button btnImportKey;
@ -93,7 +94,7 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
    private final static String[] RESET_OPTIONS = new String[]{
            "sign_default", "encrypt_default", "auto_decrypt", "auto_undecrypt",
            "openpgp_provider", "autocrypt", "autocrypt_mutual", "encrypt_subject",
-            "check_certificate"
+            "sign_algo_smime", "check_certificate"
    };

    @Override
@ -119,6 +120,7 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
        swAutocryptMutual = view.findViewById(R.id.swAutocryptMutual);
        swEncryptSubject = view.findViewById(R.id.swEncryptSubject);

+        spSignAlgoSmime = view.findViewById(R.id.spSignAlgoSmime);
        swCheckCertificate = view.findViewById(R.id.swCheckCertificate);
        btnManageCertificates = view.findViewById(R.id.btnManageCertificates);
        btnImportKey = view.findViewById(R.id.btnImportKey);
@ -253,6 +255,19 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre

        // S/MIME

+        spSignAlgoSmime.setOnItemSelectedListener(new AdapterView.OnItemSelectedListener() {
+            @Override
+            public void onItemSelected(AdapterView<?> adapterView, View view, int position, long id) {
+                String[] values = getResources().getStringArray(R.array.smimeSignAlgo);
+                prefs.edit().putString("sign_algo_smime", values[position]).apply();
+            }
+
+            @Override
+            public void onNothingSelected(AdapterView<?> parent) {
+                prefs.edit().remove("sign_algo_smime").apply();
+            }
+        });
+
        swCheckCertificate.setOnCheckedChangeListener(new CompoundButton.OnCheckedChangeListener() {
            @Override
            public void onCheckedChanged(CompoundButton compoundButton, boolean checked) {
@ -409,6 +424,14 @@ public class FragmentOptionsEncryption extends FragmentBase implements SharedPre
        swAutocryptMutual.setEnabled(swAutocrypt.isChecked());
        swEncryptSubject.setChecked(prefs.getBoolean("encrypt_subject", false));

+        String signAlgorithm = prefs.getString("sign_algo_smime", "SHA256");
+        String[] smimeSignAlgo = getResources().getStringArray(R.array.smimeSignAlgo);
+        for (int pos = 0; pos < smimeSignAlgo.length; pos++)
+            if (smimeSignAlgo[pos].equals(signAlgorithm)) {
+                spSignAlgoSmime.setSelection(pos);
+                break;
+            }
+
        swCheckCertificate.setChecked(prefs.getBoolean("check_certificate", true));
    }

--- a/app/src/main/res/layout/fragment_options_encryption.xml
+++ b/app/src/main/res/layout/fragment_options_encryption.xml
@ -264,6 +264,28 @@
                    app:layout_constraintStart_toStartOf="parent"
                    app:layout_constraintTop_toTopOf="parent" />

+                <eu.faircode.email.FixedTextView
+                    android:id="@+id/tvSignAlgoSmime"
+                    android:layout_width="0dp"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="12dp"
+                    android:layout_marginEnd="48dp"
+                    android:text="@string/title_advanced_sign_algo"
+                    android:textAppearance="@style/TextAppearance.AppCompat.Small"
+                    android:textColor="?android:attr/textColorPrimary"
+                    app:layout_constraintEnd_toEndOf="parent"
+                    app:layout_constraintStart_toStartOf="parent"
+                    app:layout_constraintTop_toBottomOf="@id/tvCaptionSmime" />
+
+                <Spinner
+                    android:id="@+id/spSignAlgoSmime"
+                    android:layout_width="wrap_content"
+                    android:layout_height="wrap_content"
+                    android:layout_marginTop="12dp"
+                    android:entries="@array/smimeSignAlgo"
+                    app:layout_constraintStart_toStartOf="parent"
+                    app:layout_constraintTop_toBottomOf="@id/tvSignAlgoSmime" />
+
                <androidx.appcompat.widget.SwitchCompat
                    android:id="@+id/swCheckCertificate"
                    android:layout_width="0dp"
@ -273,7 +295,7 @@
                    android:text="@string/title_advanced_check_certificate"
                    app:layout_constraintEnd_toEndOf="parent"
                    app:layout_constraintStart_toStartOf="parent"
-                    app:layout_constraintTop_toBottomOf="@id/tvCaptionSmime"
+                    app:layout_constraintTop_toBottomOf="@id/spSignAlgoSmime"
                    app:switchPadding="12dp" />

                <Button
--- a/app/src/main/res/values/strings.xml
+++ b/app/src/main/res/values/strings.xml
@ -585,6 +585,7 @@
    <string name="title_advanced_autocrypt">Use Autocrypt</string>
    <string name="title_advanced_autocrypt_mutual">Autocrypt mutual mode</string>
    <string name="title_advanced_encrypt_subject">Encrypt subject</string>
+    <string name="title_advanced_sign_algo">Signature algoritm</string>
    <string name="title_advanced_check_certificate">Check public key on sending</string>
    <string name="title_advanced_manage_certificates">Manage public keys</string>
    <string name="title_advanced_import_key">Import private key</string>
@ -1260,6 +1261,7 @@
    <string name="title_signature_sender">Sender\'s address</string>
    <string name="title_signature_email">Signature\'s address</string>
    <string name="title_signature_mismatch">The email address of the sender and signature do not match</string>
+    <string name="title_signature_algorithm">Algorithm</string>
    <string name="title_signature_subject">Subject</string>
    <string name="title_signature_validity">Validity</string>
    <string name="title_signature_outdated">This public key is currently not valid</string>
@ -2015,6 +2017,16 @@
        <item>Name and email</item>
    </string-array>

+    <!-- https://www.bouncycastle.org/specifications.html -->
+    <string-array name="smimeSignAlgo">
+        <item>MD5</item>
+        <item>SHA1</item>
+        <item>SHA224</item>
+        <item>SHA256</item>
+        <item>SHA384</item>
+        <item>SHA512</item>
+    </string-array>
+
    <string name="fingerprint" translatable="false">17BA15C1AF55D925F98B99CEA4375D4CDF4C174B</string>
    <string name="fingerprint_amazon" translatable="false">200D0AA43A8ADBC7BB8237023C1553F4753CA7D2</string>
    <string name="public_key" translatable="false">MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAtFbxEbzL8u5accPGgBw/XdyiSS5BBE6ZQ9ELpKyJ/OQN+kdYniCAOw3lsQ/GuJScy4Y2HobqbBgLL8GLHG+Yu2EHC9dLjA3v2Mc25vvnfn86BsrpQvz1poN2n+roTBdq09FWbtebJ8m0hDBVmtfRi7RhTKIL4No3kodLhksdnucKjcFheubebWKgpmvbmw7NwuELhaZmyhw8WTtnQ4rZPMhjY1JJZgzwNExXgD7zzg4pJPkuQlfkuRkkvBpHpi3C7VDnYjrBlLHngI4wv3wxQBVwJqlvAT9PmX8dOVnTsWWdJdLQBZVWphuqVY54kjBIovN+o8w03WjsV9QiOQq+XwIDAQAB</string>