Merge branch 'dhedberg-master'

2 years ago · 39ef489a92
parent e7b81717d4 c899e5ef2d
commit 39ef489a92
3 changed files with 70 additions and 11 deletions
--- a/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
+++ b/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
@ -7,12 +7,14 @@

 package org.bouncycastle.openpgp.operator.jcajce;

+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPrivateKey;
 import org.bouncycastle.openpgp.operator.PGPContentSigner;
 import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
 import org.bouncycastle.openpgp.operator.PGPDigestCalculator;

+import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
 import java.nio.ByteBuffer;
 import java.security.Provider;
@ -93,6 +95,10 @@ public class NfcSyncPGPContentSignerBuilder
    public PGPContentSigner build(final int signatureType, final long keyID)
        throws PGPException
    {
+        if (keyAlgorithm == PublicKeyAlgorithmTags.EDDSA) {
+            return buildEdDSASigner(signatureType, keyID);
+        }
+
        final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);

        return new PGPContentSigner()
@ -139,4 +145,56 @@ public class NfcSyncPGPContentSignerBuilder
            }
        };
    }
+
+    public PGPContentSigner buildEdDSASigner(final int signatureType, final long keyID)
+        throws PGPException
+    {
+        final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+
+        return new PGPContentSigner()
+        {
+            public int getType()
+            {
+                return signatureType;
+            }
+
+            public int getHashAlgorithm()
+            {
+                return hashAlgorithm;
+            }
+
+            public int getKeyAlgorithm()
+            {
+                return keyAlgorithm;
+            }
+
+            public long getKeyID()
+            {
+                return keyID;
+            }
+
+            public OutputStream getOutputStream()
+            {
+                return outputStream;
+            }
+
+            public byte[] getSignature() {
+                byte[] rawData = outputStream.toByteArray();
+
+                ByteBuffer buf = ByteBuffer.wrap(rawData);
+                if (signedHashes.containsKey(buf)) {
+                    return (byte[]) signedHashes.get(buf);
+                }
+                // catch this when signatureGenerator.generate() is executed and divert to card,
+                // when doing the operation again reuse creationTimestamp (this will be hashed)
+                throw new NfcInteractionNeeded(rawData, getHashAlgorithm());
+            }
+
+            public byte[] getDigest()
+            {
+                return outputStream.toByteArray();
+            }
+        };
+
+    }
 }
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@ -255,7 +255,9 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {

    private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map<ByteBuffer,
            byte[]> signedHashes) {
-        if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) {
+        if (
+            getAlgorithm() == PublicKeyAlgorithmTags.EDDSA
+                && mPrivateKeyState != PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
            // content signer feeding the input directly into the signature engine,
            // since EdDSA hashes the input anyway
            return new EdDsaAuthenticationContentSignerBuilder(
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SshPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SshPublicKey.java
@ -19,11 +19,13 @@ package org.sufficientlysecure.keychain.pgp;

 import org.bouncycastle.bcpg.DSAPublicBCPGKey;
 import org.bouncycastle.bcpg.ECPublicBCPGKey;
+import org.bouncycastle.bcpg.EdDSAPublicBCPGKey;
 import org.bouncycastle.bcpg.RSAPublicBCPGKey;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.ssh.key.SshDSAPublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshECDSAPublicKey;
+import org.sufficientlysecure.keychain.ssh.key.SshEd25519PublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshRSAPublicKey;
 import org.sufficientlysecure.keychain.ssh.utils.SshUtils;

@ -46,9 +48,8 @@ public class SshPublicKey {
                return encodeRSAKey(key);
            case PGPPublicKey.ECDSA:
                return encodeECKey(key);
-            // TODO
-//            case PGPPublicKey.EDDSA:
-//                return encodeEdDSAKey(key);
+            case PGPPublicKey.EDDSA:
+                return encodeEdDSAKey(key);
            case PGPPublicKey.DSA:
                return encodeDSAKey(key);
            default:
@ -73,15 +74,13 @@ public class SshPublicKey {
        return sshECDSAPublicKey.getPublicKeyBlob();
    }

+    private String encodeEdDSAKey(PGPPublicKey publicKey) {
+        EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();

+        SshEd25519PublicKey pubkey = new SshEd25519PublicKey(publicBCPGKey.getEdDSAEncodedPoint());

-//    private String encodeEdDSAKey(PGPPublicKey publicKey) {
-//        EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
-//
-//        SshEd25519PublicKey pubkey = new SshEd25519PublicKey(publicBCPGKey.getEdDSAEncodedPoint());
-//
-//        return pubkey.getPublicKeyBlob();
-//    }
+        return pubkey.getPublicKeyBlob();
+    }

    private String encodeDSAKey(PGPPublicKey publicKey) {
        DSAPublicBCPGKey publicBCPGKey = (DSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();