diff options
Diffstat (limited to 'OpenKeychain/src/main/java')
6 files changed, 53 insertions, 35 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java index 9c74cf9a8..e4ed50f8f 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java @@ -180,15 +180,10 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { * Returns a list of all supported hash algorithms. */ public LinkedList<Integer> getSupportedHashAlgorithms() { - LinkedList<Integer> supported = new LinkedList<>(); - // TODO: intersection between preferred hash algos of this key and PgpConstants.PREFERRED_HASH_ALGORITHMS // choose best algo - for (int currentInt : PgpConstants.PREFERRED_HASH_ALGORITHMS) { - supported.add(currentInt); - } - return supported; + return PgpConstants.sPreferredHashAlgorithms; } private PGPContentSignerBuilder getContentSignerBuilder(int hashAlgo, byte[] nfcSignedHash, diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java index 3ed1d9d11..2a6465232 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpConstants.java @@ -4,6 +4,8 @@ import org.spongycastle.bcpg.CompressionAlgorithmTags; import org.spongycastle.bcpg.HashAlgorithmTags; import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags; +import java.util.LinkedList; + public class PgpConstants { public static interface OpenKeychainSymmetricKeyAlgorithmTags extends SymmetricKeyAlgorithmTags { @@ -18,27 +20,45 @@ public class PgpConstants { public static final int USE_PREFERRED = -1; } - // most preferred is first - public static final int[] PREFERRED_SYMMETRIC_ALGORITHMS = new int[]{ - SymmetricKeyAlgorithmTags.AES_256, - SymmetricKeyAlgorithmTags.AES_192, - SymmetricKeyAlgorithmTags.AES_128, - SymmetricKeyAlgorithmTags.TWOFISH - }; + /* + * Most preferred is first + * These arrays are written as preferred algorithms into the keys on creation. + * Other implementations may choose to honor this selection. + * + * These lists also define the only algorithms which are used in OpenKeychain. + * We do not support algorithms such as MD5 + */ + + public static LinkedList<Integer> sPreferredSymmetricAlgorithms = new LinkedList<>(); + public static LinkedList<Integer> sPreferredHashAlgorithms = new LinkedList<>(); + public static LinkedList<Integer> sPreferredCompressionAlgorithms = new LinkedList<>(); - public static final int[] PREFERRED_HASH_ALGORITHMS = new int[]{ - HashAlgorithmTags.SHA256, - HashAlgorithmTags.SHA512, - HashAlgorithmTags.SHA384, - HashAlgorithmTags.SHA224, - HashAlgorithmTags.RIPEMD160 - }; + static { + sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.AES_256); + sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.AES_192); + sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.AES_128); + sPreferredSymmetricAlgorithms.add(SymmetricKeyAlgorithmTags.TWOFISH); - public static final int[] PREFERRED_COMPRESSION_ALGORITHMS = new int[]{ - CompressionAlgorithmTags.ZLIB, - CompressionAlgorithmTags.BZIP2, - CompressionAlgorithmTags.ZIP - }; + // NOTE: some implementations do not support SHA512, thus we choose SHA256 as default (Mailvelope?) + sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA256); + sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA512); + sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA384); + sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA224); + sPreferredHashAlgorithms.add(HashAlgorithmTags.SHA1); + sPreferredHashAlgorithms.add(HashAlgorithmTags.RIPEMD160); + + sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZLIB); + sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.BZIP2); + sPreferredCompressionAlgorithms.add(CompressionAlgorithmTags.ZIP); + } + + public static int[] getAsArray(LinkedList<Integer> list) { + int[] array = new int[list.size()]; + for (int i = 0; i < list.size(); i++) { + array[i] = list.get(i); // Watch out for NullPointerExceptions! + } + return array; + } /* * Note: s2kcount is a number between 0 and 0xff that controls the @@ -55,15 +75,15 @@ public class PgpConstants { * from http://kbsriram.com/2013/01/generating-rsa-keys-with-bouncycastle.html * * Bouncy Castle default: 0x60 - * kbsriram proposes 0xc0 - * we use 0x90, a good trade-off between usability and security against offline attacks + * kbsriram proposes: 0xc0 + * OpenKeychain: 0x90 */ public static final int SECRET_KEY_ENCRYPTOR_S2K_COUNT = 0x90; public static final int SECRET_KEY_ENCRYPTOR_HASH_ALGO = HashAlgorithmTags.SHA256; public static final int SECRET_KEY_ENCRYPTOR_SYMMETRIC_ALGO = SymmetricKeyAlgorithmTags.AES_256; public static final int SECRET_KEY_SIGNATURE_HASH_ALGO = HashAlgorithmTags.SHA256; - // NOTE: only SHA1 is supported for key checksum calculations. + // NOTE: only SHA1 is supported for key checksum calculations in OpenPGP, + // see http://tools.ietf.org/html/rfc488 0#section-5.5.3 public static final int SECRET_KEY_SIGNATURE_CHECKSUM_HASH_ALGO = HashAlgorithmTags.SHA1; - } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java index ac9acd41b..8fb5392e3 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java @@ -1213,9 +1213,12 @@ public class PgpKeyOperation { * error than be ignored. */ /* non-critical subpackets: */ - hashedPacketsGen.setPreferredSymmetricAlgorithms(false, PgpConstants.PREFERRED_SYMMETRIC_ALGORITHMS); - hashedPacketsGen.setPreferredHashAlgorithms(false, PgpConstants.PREFERRED_HASH_ALGORITHMS); - hashedPacketsGen.setPreferredCompressionAlgorithms(false, PgpConstants.PREFERRED_COMPRESSION_ALGORITHMS); + hashedPacketsGen.setPreferredSymmetricAlgorithms(false, + PgpConstants.getAsArray(PgpConstants.sPreferredSymmetricAlgorithms)); + hashedPacketsGen.setPreferredHashAlgorithms(false, + PgpConstants.getAsArray(PgpConstants.sPreferredHashAlgorithms)); + hashedPacketsGen.setPreferredCompressionAlgorithms(false, + PgpConstants.getAsArray(PgpConstants.sPreferredCompressionAlgorithms)); hashedPacketsGen.setPrimaryUserID(false, primary); /* critical subpackets: we consider those important for a modern pgp implementation */ diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java index 7d0949c6c..59b95bdba 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSignEncryptOperation.java @@ -227,7 +227,7 @@ public class PgpSignEncryptOperation extends BaseOperation { if (algo == PgpConstants.OpenKeychainSymmetricKeyAlgorithmTags.USE_PREFERRED) { // get most preferred // TODO: get from recipients - algo = PgpConstants.PREFERRED_SYMMETRIC_ALGORITHMS[0]; + algo = PgpConstants.sPreferredSymmetricAlgorithms.getFirst(); } // has Integrity packet enabled! JcePGPDataEncryptorBuilder encryptorBuilder = diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java index ac12faa3d..8b18d9353 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptFilesActivity.java @@ -205,7 +205,7 @@ public class EncryptFilesActivity extends EncryptActivity implements EncryptActi data.addOutputUris(mOutputUris); if (mUseCompression) { - data.setCompressionId(CompressionAlgorithmTags.ZLIB); + data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.getFirst()); } else { data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java index 9ec0bdd33..0f92bbb41 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/EncryptTextActivity.java @@ -198,7 +198,7 @@ public class EncryptTextActivity extends EncryptActivity implements EncryptActiv data.setCleartextSignature(true); if (mUseCompression) { - data.setCompressionId(CompressionAlgorithmTags.ZLIB); + data.setCompressionId(PgpConstants.sPreferredCompressionAlgorithms.getFirst()); } else { data.setCompressionId(CompressionAlgorithmTags.UNCOMPRESSED); } |