diff options
| author | Vincent Breitmoser <valodim@mugenguild.com> | 2015-09-06 00:59:12 +0200 |
|---|---|---|
| committer | Vincent Breitmoser <valodim@mugenguild.com> | 2015-09-06 00:59:12 +0200 |
| commit | d2ce770c1ab541aae20906c8e38056f24968aac4 (patch) | |
| tree | c683409c17c67ba8af80edc361ce07452b964288 /OpenKeychain/src/main/java | |
| parent | 8e60bf70a1ef6bd7be3220afc45c9a59c231d2d4 (diff) | |
| parent | afda9d86f84fcd36aad8de4a4e9c1fe12b6b042c (diff) | |
| download | open-keychain-d2ce770c1ab541aae20906c8e38056f24968aac4.tar.gz open-keychain-d2ce770c1ab541aae20906c8e38056f24968aac4.tar.bz2 open-keychain-d2ce770c1ab541aae20906c8e38056f24968aac4.zip | |
Merge branch 'master' of github.com:open-keychain/open-keychain
Diffstat (limited to 'OpenKeychain/src/main/java')
5 files changed, 42 insertions, 44 deletions
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java index 3fa549946..cbd8ce47a 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java @@ -23,6 +23,7 @@ import org.spongycastle.bcpg.HashAlgorithmTags; import org.spongycastle.bcpg.PublicKeyAlgorithmTags; import org.spongycastle.bcpg.SymmetricKeyAlgorithmTags; +import java.util.Arrays; import java.util.HashSet; /** @@ -42,24 +43,23 @@ public class PgpSecurityConstants { * Whitelist of accepted symmetric encryption algorithms * all other algorithms are rejected with OpenPgpDecryptionResult.RESULT_INSECURE */ - private static HashSet<Integer> sSymmetricAlgorithmsWhitelist = new HashSet<>(); - static { - // General remarks: We try to keep the whitelist short to reduce attack surface - // TODO: block IDEA?: Bad key schedule (weak keys), implementation difficulties (easy to make errors) - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.IDEA); - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.TRIPLE_DES); // a MUST in RFC - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.CAST5); // default in many gpg, pgp versions, 128 bit key - // BLOWFISH: Twofish is the successor - // SAFER: not used widely - // DES: < 128 bit security - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.AES_128); - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.AES_192); - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.AES_256); - sSymmetricAlgorithmsWhitelist.add(SymmetricKeyAlgorithmTags.TWOFISH); // 128 bit - // CAMELLIA_128: not used widely - // CAMELLIA_192: not used widely - // CAMELLIA_256: not used widely - } + private static HashSet<Integer> sSymmetricAlgorithmsWhitelist = new HashSet<>(Arrays.asList( + // General remarks: We try to keep the whitelist short to reduce attack surface + // TODO: block IDEA?: Bad key schedule (weak keys), implementation difficulties (easy to make errors) + SymmetricKeyAlgorithmTags.IDEA, + SymmetricKeyAlgorithmTags.TRIPLE_DES, // a MUST in RFC + SymmetricKeyAlgorithmTags.CAST5, // default in many gpg, pgp versions, 128 bit key + // BLOWFISH: Twofish is the successor + // SAFER: not used widely + // DES: < 128 bit security + SymmetricKeyAlgorithmTags.AES_128, + SymmetricKeyAlgorithmTags.AES_192, + SymmetricKeyAlgorithmTags.AES_256, + SymmetricKeyAlgorithmTags.TWOFISH // 128 bit + // CAMELLIA_128: not used widely + // CAMELLIA_192: not used widely + // CAMELLIA_256: not used widely + )); public static boolean isSecureSymmetricAlgorithm(int id) { return sSymmetricAlgorithmsWhitelist.contains(id); @@ -77,20 +77,19 @@ public class PgpSecurityConstants { * ((collision resistance of 112-bits)) * Implementations SHOULD NOT sign SHA-256 hashes. They MUST NOT default to signing SHA-256 hashes. */ - private static HashSet<Integer> sHashAlgorithmsWhitelist = new HashSet<>(); - static { - // MD5: broken - // SHA1: broken - // RIPEMD160: same security properties as SHA1 - // DOUBLE_SHA: not used widely - // MD2: not used widely - // TIGER_192: not used widely - // HAVAL_5_160: not used widely - sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA256); // compatibility for old Mailvelope versions - sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA384); - sHashAlgorithmsWhitelist.add(HashAlgorithmTags.SHA512); - // SHA224: Not used widely, Yahoo argues against it - } + private static HashSet<Integer> sHashAlgorithmsWhitelist = new HashSet<>(Arrays.asList( + // MD5: broken + // SHA1: broken + // RIPEMD160: same security properties as SHA1 + // DOUBLE_SHA: not used widely + // MD2: not used widely + // TIGER_192: not used widely + // HAVAL_5_160: not used widely + HashAlgorithmTags.SHA256, // compatibility for old Mailvelope versions + HashAlgorithmTags.SHA384, + HashAlgorithmTags.SHA512 + // SHA224: Not used widely, Yahoo argues against it + )); public static boolean isSecureHashAlgorithm(int id) { return sHashAlgorithmsWhitelist.contains(id); @@ -106,12 +105,11 @@ public class PgpSecurityConstants { * bitlength less than 1023 bits. * Implementations MUST NOT accept any RSA keys with bitlength less than 2047 bits after January 1, 2016. */ - private static HashSet<String> sCurveWhitelist = new HashSet<>(); - static { - sCurveWhitelist.add(NISTNamedCurves.getOID("P-256").getId()); - sCurveWhitelist.add(NISTNamedCurves.getOID("P-384").getId()); - sCurveWhitelist.add(NISTNamedCurves.getOID("P-521").getId()); - } + private static HashSet<String> sCurveWhitelist = new HashSet<>(Arrays.asList( + NISTNamedCurves.getOID("P-256").getId(), + NISTNamedCurves.getOID("P-384").getId(), + NISTNamedCurves.getOID("P-521").getId() + )); public static boolean isSecureKey(CanonicalizedPublicKey key) { switch (key.getAlgorithm()) { diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppsListFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppsListFragment.java index 2deb33a67..a1451fb09 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppsListFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/remote/ui/AppsListFragment.java @@ -243,7 +243,7 @@ public class AppsListFragment extends ListFragment implements null, isInstalled(packageName), 1, // registered! - R.drawable.ic_launcher // icon is retrieved later + R.mipmap.ic_launcher // icon is retrieved later }); break; } @@ -265,7 +265,7 @@ public class AppsListFragment extends ListFragment implements name, isInstalled(packageName), 1, // registered! - R.drawable.ic_launcher // icon is retrieved later + R.mipmap.ic_launcher // icon is retrieved later }); break; } diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeyserverSyncAdapterService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeyserverSyncAdapterService.java index 3243df1a8..8aebae7aa 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeyserverSyncAdapterService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/KeyserverSyncAdapterService.java @@ -427,7 +427,7 @@ public class KeyserverSyncAdapterService extends Service { private Notification getOrbotNoification(Context context) { NotificationCompat.Builder builder = new NotificationCompat.Builder(context); builder.setSmallIcon(R.drawable.ic_stat_notify_24dp) - .setLargeIcon(getBitmap(R.drawable.ic_launcher, context)) + .setLargeIcon(getBitmap(R.mipmap.ic_launcher, context)) .setContentTitle(context.getString(R.string.keyserver_sync_orbot_notif_title)) .setContentText(context.getString(R.string.keyserver_sync_orbot_notif_msg)) .setAutoCancel(true); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java index be269c66d..5d04317b3 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/PassphraseCacheService.java @@ -509,7 +509,7 @@ public class PassphraseCacheService extends Service { private Notification getNotification() { NotificationCompat.Builder builder = new NotificationCompat.Builder(this); builder.setSmallIcon(R.drawable.ic_stat_notify_24dp) - .setLargeIcon(getBitmap(R.drawable.ic_launcher, getBaseContext())) + .setLargeIcon(getBitmap(R.mipmap.ic_launcher, getBaseContext())) .setContentTitle(getResources().getQuantityString(R.plurals.passp_cache_notif_n_keys, mPassphraseCache.size(), mPassphraseCache.size())) .setContentText(getString(R.string.passp_cache_notif_click_to_clear)); @@ -601,4 +601,4 @@ public class PassphraseCacheService extends Service { this.passphrase = passphrase; } } -}
\ No newline at end of file +} diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java index 26e56280a..9c0122b7b 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/DecryptListFragment.java @@ -448,7 +448,7 @@ public class DecryptListFragment new Intent(intent) .setClass(activity, DisplayTextActivity.class) .putExtra(DisplayTextActivity.EXTRA_METADATA, result), - BuildConfig.APPLICATION_ID, R.string.view_internal, R.drawable.ic_launcher); + BuildConfig.APPLICATION_ID, R.string.view_internal, R.mipmap.ic_launcher); Intent chooserIntent = Intent.createChooser(intent, getString(R.string.intent_show)); chooserIntent.putExtra(Intent.EXTRA_INITIAL_INTENTS, |