From edd98b0b57618194ea9ac7a0037fe4cb124e9a56 Mon Sep 17 00:00:00 2001
From: M66B <M66B@users.noreply.github.com>
Date: Sun, 27 Sep 2020 19:16:15 +0200
Subject: [PATCH] ECDSA S/MIME support

---
 .../eu/faircode/email/FragmentCompose.java    | 21 +++++++++++++++++--
 1 file changed, 19 insertions(+), 2 deletions(-)

diff --git a/app/src/main/java/eu/faircode/email/FragmentCompose.java b/app/src/main/java/eu/faircode/email/FragmentCompose.java
index efcd257459..e2a71056b5 100644
--- a/app/src/main/java/eu/faircode/email/FragmentCompose.java
+++ b/app/src/main/java/eu/faircode/email/FragmentCompose.java
@@ -127,7 +127,9 @@ import org.bouncycastle.cms.RecipientInfoGenerator;
 import org.bouncycastle.cms.SignerInfoGenerator;
 import org.bouncycastle.cms.jcajce.JcaSignerInfoGeneratorBuilder;
 import org.bouncycastle.cms.jcajce.JceCMSContentEncryptorBuilder;
+import org.bouncycastle.cms.jcajce.JceKeyAgreeRecipientInfoGenerator;
 import org.bouncycastle.cms.jcajce.JceKeyTransRecipientInfoGenerator;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
 import org.bouncycastle.operator.ContentSigner;
 import org.bouncycastle.operator.DigestCalculatorProvider;
 import org.bouncycastle.operator.OperatorCreationException;
@@ -159,6 +161,7 @@ import java.nio.charset.StandardCharsets;
 import java.security.GeneralSecurityException;
 import java.security.InvalidKeyException;
 import java.security.PrivateKey;
+import java.security.Security;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
 import java.text.Collator;
@@ -2720,6 +2723,8 @@ public class FragmentCompose extends FragmentBase {
                 Log.i("Private key algorithm=" + algorithm);
                 if (TextUtils.isEmpty(algorithm))
                     algorithm = "RSA";
+                else if ("EC".equals(algorithm))
+                    algorithm = "ECDSA";
 
                 ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256with" + algorithm)
                         .build(privkey);
@@ -2829,9 +2834,21 @@ public class FragmentCompose extends FragmentBase {
 
                 // Encrypt
                 CMSEnvelopedDataGenerator cmsEnvelopedDataGenerator = new CMSEnvelopedDataGenerator();
-                for (X509Certificate cert : certs) {
-                    RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert);
+                if ("EC".equals(privkey.getAlgorithm())) {
+                    Security.addProvider(new BouncyCastleProvider());
+                    JceKeyAgreeRecipientInfoGenerator gen = new JceKeyAgreeRecipientInfoGenerator(
+                            CMSAlgorithm.ECDH_SHA256KDF,
+                            privkey,
+                            chain[0].getPublicKey(),
+                            CMSAlgorithm.AES128_WRAP);
+                    for (X509Certificate cert : certs)
+                        gen.addRecipient(cert);
                     cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
+                } else {
+                    for (X509Certificate cert : certs) {
+                        RecipientInfoGenerator gen = new JceKeyTransRecipientInfoGenerator(cert);
+                        cmsEnvelopedDataGenerator.addRecipientInfoGenerator(gen);
+                    }
                 }
 
                 File einput = new File(context.getCacheDir(), "smime_encrypt." + draft.id);