From b89ba85313b6b78d2a699eb2e7be88ea9e2c1a93 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dominik=20Sch=C3=BCrmann?= Date: Thu, 5 Jan 2017 13:40:40 +0100 Subject: [PATCH] skip algorithm screen for security tokens version < 3.0 --- .../keychain/Constants.java | 24 +++++++++++++++++++ .../keychain/securitytoken/ECKeyFormat.java | 2 +- .../keychain/securitytoken/KeyFormat.java | 2 +- .../keychain/securitytoken/RSAKeyFormat.java | 2 +- .../keychain/ui/CreateKeyFinalFragment.java | 19 ++++++++------- .../ui/CreateSecurityTokenPinFragment.java | 10 +++++++- 6 files changed, 46 insertions(+), 13 deletions(-) diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java index d00d26a5d..7b99e5692 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/Constants.java @@ -19,7 +19,11 @@ package org.sufficientlysecure.keychain; import android.os.Environment; +import org.bouncycastle.bcpg.sig.KeyFlags; import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.sufficientlysecure.keychain.securitytoken.KeyFormat; +import org.sufficientlysecure.keychain.securitytoken.RSAKeyFormat; +import org.sufficientlysecure.keychain.service.SaveKeyringParcel; import java.io.File; import java.net.Proxy; @@ -158,4 +162,24 @@ public final class Constants { public static final long backup_code = -2; } + /** + * Default key configuration: 3072 bit RSA (certify, sign, encrypt) + */ + public static void addDefaultSubkeys(SaveKeyringParcel saveKeyringParcel) { + saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(SaveKeyringParcel.Algorithm.RSA, + 3072, null, KeyFlags.CERTIFY_OTHER, 0L)); + saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(SaveKeyringParcel.Algorithm.RSA, + 3072, null, KeyFlags.SIGN_DATA, 0L)); + saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(SaveKeyringParcel.Algorithm.RSA, + 3072, null, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE, 0L)); + } + + /** + * Default key format for OpenPGP smart cards v2: 2048 bit RSA (sign+certify, decrypt, auth) + */ + private static final int ELEN = 17; //65537 + public static final KeyFormat SECURITY_TOKEN_V2_SIGN = new RSAKeyFormat(2048, ELEN, RSAKeyFormat.RSAAlgorithmFormat.CRT_WITH_MODULUS); + public static final KeyFormat SECURITY_TOKEN_V2_DEC = new RSAKeyFormat(2048, ELEN, RSAKeyFormat.RSAAlgorithmFormat.CRT_WITH_MODULUS); + public static final KeyFormat SECURITY_TOKEN_V2_AUTH = new RSAKeyFormat(2048, ELEN, RSAKeyFormat.RSAAlgorithmFormat.CRT_WITH_MODULUS); + } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ECKeyFormat.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ECKeyFormat.java index a35bd79ea..88c9fe04c 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ECKeyFormat.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/ECKeyFormat.java @@ -74,7 +74,7 @@ public class ECKeyFormat extends KeyFormat { public final boolean isWithPubkey() { return mWithPubkey; } } - public void addToKeyring(SaveKeyringParcel keyring, int keyFlags) { + public void addToSaveKeyringParcel(SaveKeyringParcel keyring, int keyFlags) { final X9ECParameters params = NISTNamedCurves.getByOID(mECCurveOID); final ECCurve curve = params.getCurve(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyFormat.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyFormat.java index 4a81d46f2..6fdd91daa 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyFormat.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyFormat.java @@ -94,6 +94,6 @@ public abstract class KeyFormat { throw new IllegalArgumentException("Unsupported Algorithm id " + t); } - public abstract void addToKeyring(SaveKeyringParcel keyring, int keyFlags); + public abstract void addToSaveKeyringParcel(SaveKeyringParcel keyring, int keyFlags); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/RSAKeyFormat.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/RSAKeyFormat.java index 27b427443..38e446464 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/RSAKeyFormat.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/RSAKeyFormat.java @@ -82,7 +82,7 @@ public class RSAKeyFormat extends KeyFormat { } } - public void addToKeyring(SaveKeyringParcel keyring, int keyFlags) { + public void addToSaveKeyringParcel(SaveKeyringParcel keyring, int keyFlags) { keyring.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(SaveKeyringParcel.Algorithm.RSA, mModulusLength, null, keyFlags, 0L)); } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java index e5643c5c3..924a97df2 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateKeyFinalFragment.java @@ -41,6 +41,7 @@ import org.sufficientlysecure.keychain.operations.results.EditKeyResult; import org.sufficientlysecure.keychain.operations.results.OperationResult; import org.sufficientlysecure.keychain.operations.results.UploadResult; import org.sufficientlysecure.keychain.pgp.KeyRing; +import org.sufficientlysecure.keychain.pgp.PgpSecurityConstants; import org.sufficientlysecure.keychain.pgp.exception.PgpKeyNotFoundException; import org.sufficientlysecure.keychain.provider.CachedPublicKeyRing; import org.sufficientlysecure.keychain.provider.KeychainContract; @@ -283,19 +284,19 @@ public class CreateKeyFinalFragment extends Fragment { SaveKeyringParcel saveKeyringParcel = new SaveKeyringParcel(); if (createKeyActivity.mCreateSecurityToken) { - createKeyActivity.mSecurityTokenSign.addToKeyring(saveKeyringParcel, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); - createKeyActivity.mSecurityTokenDec.addToKeyring(saveKeyringParcel, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); - createKeyActivity.mSecurityTokenAuth.addToKeyring(saveKeyringParcel, KeyFlags.AUTHENTICATION); + if (createKeyActivity.mSecurityTokenSign == null) { + createKeyActivity.mSecurityTokenSign = Constants.SECURITY_TOKEN_V2_SIGN; + createKeyActivity.mSecurityTokenDec = Constants.SECURITY_TOKEN_V2_DEC; + createKeyActivity.mSecurityTokenAuth = Constants.SECURITY_TOKEN_V2_AUTH; + } + createKeyActivity.mSecurityTokenSign.addToSaveKeyringParcel(saveKeyringParcel, KeyFlags.SIGN_DATA | KeyFlags.CERTIFY_OTHER); + createKeyActivity.mSecurityTokenDec.addToSaveKeyringParcel(saveKeyringParcel, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE); + createKeyActivity.mSecurityTokenAuth.addToSaveKeyringParcel(saveKeyringParcel, KeyFlags.AUTHENTICATION); // use empty passphrase saveKeyringParcel.setNewUnlock(new ChangeUnlockParcel(new Passphrase())); } else { - saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, - 3072, null, KeyFlags.CERTIFY_OTHER, 0L)); - saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, - 3072, null, KeyFlags.SIGN_DATA, 0L)); - saveKeyringParcel.mAddSubKeys.add(new SaveKeyringParcel.SubkeyAdd(Algorithm.RSA, - 3072, null, KeyFlags.ENCRYPT_COMMS | KeyFlags.ENCRYPT_STORAGE, 0L)); + Constants.addDefaultSubkeys(saveKeyringParcel); if (createKeyActivity.mPassphrase != null) { saveKeyringParcel.setNewUnlock(new ChangeUnlockParcel(createKeyActivity.mPassphrase)); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java index ae8dbf3c6..f100ee8bc 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/CreateSecurityTokenPinFragment.java @@ -30,6 +30,7 @@ import android.widget.EditText; import android.widget.TextView; import org.sufficientlysecure.keychain.R; +import org.sufficientlysecure.keychain.securitytoken.SecurityTokenHelper; import org.sufficientlysecure.keychain.ui.CreateKeyActivity.FragAction; import org.sufficientlysecure.keychain.util.Passphrase; @@ -200,7 +201,14 @@ public class CreateSecurityTokenPinFragment extends Fragment { mCreateKeyActivity.mSecurityTokenPin = new Passphrase(mPin.getText().toString()); - CreateSecurityTokenAlgorithmFragment frag = CreateSecurityTokenAlgorithmFragment.newInstance(); + final double version = SecurityTokenHelper.parseOpenPgpVersion(mCreateKeyActivity.mSecurityTokenAid); + + Fragment frag; + if (version >= 3.0) { + frag = CreateSecurityTokenAlgorithmFragment.newInstance(); + } else { + frag = CreateKeyFinalFragment.newInstance(); + } hideKeyboard(); mCreateKeyActivity.loadFragment(frag, FragAction.TO_RIGHT); }