add support for EdDSA on security tokens (currently only gnuk)

2018-02-13 18:25:00 +01:00 · 2018-02-13 18:25:00 +01:00 · 56af349cf4
parent 982a0ce680
commit 56af349cf4
4 changed files with 55 additions and 5 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/EdDSAKeyFormat.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/EdDSAKeyFormat.java
@ -0,0 +1,41 @@
+/*
+ * Copyright (C) 2017 Schürmann & Breitmoser GbR
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+package org.sufficientlysecure.keychain.securitytoken;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTNamedCurves;
+import org.bouncycastle.asn1.x9.X9ECParameters;
+import org.bouncycastle.bcpg.sig.KeyFlags;
+import org.bouncycastle.math.ec.ECCurve;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
+import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
+
+
+// 4.3.3.6 Algorithm Attributes
+public class EdDSAKeyFormat extends KeyFormat {
+
+    public EdDSAKeyFormat() {
+        super(KeyFormatType.EdDSAKeyFormatType);
+    }
+
+    @Override
+    public void addToSaveKeyringParcel(SaveKeyringParcel.Builder builder, int keyFlags) {
+        builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(SaveKeyringParcel.Algorithm.EDDSA,
+                null, null, keyFlags, 0L));
+    }
+}
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyFormat.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/KeyFormat.java
@ -27,7 +27,8 @@ public abstract class KeyFormat {

    public enum KeyFormatType {
        RSAKeyFormatType,
-        ECKeyFormatType
+        ECKeyFormatType,
+        EdDSAKeyFormatType
    }

    private final KeyFormatType mKeyFormatType;
@ -53,7 +54,7 @@ public abstract class KeyFormat {
            case PublicKeyAlgorithmTags.ECDH:
            case PublicKeyAlgorithmTags.ECDSA:
                if (bytes.length < 2) {
-                    throw new IllegalArgumentException("Bad length for RSA attributes");
+                    throw new IllegalArgumentException("Bad length for EC attributes");
                }
                int len = bytes.length - 1;
                if (bytes[bytes.length - 1] == (byte)0xff) {
@ -65,6 +66,8 @@ public abstract class KeyFormat {
                System.arraycopy(bytes, 1, boid, 2, len);
                final ASN1ObjectIdentifier oid = ASN1ObjectIdentifier.getInstance(boid);
                return new ECKeyFormat(oid, ECKeyFormat.ECAlgorithmFormat.from(bytes[0], bytes[bytes.length - 1]));
+            case PublicKeyAlgorithmTags.EDDSA:
+                return new EdDSAKeyFormat();

            default:
                throw new IllegalArgumentException("Unsupported Algorithm id " + bytes[0]);
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenPsoSignTokenOp.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/securitytoken/operations/SecurityTokenPsoSignTokenOp.java
@ -108,6 +108,7 @@ public class SecurityTokenPsoSignTokenOp {
                data = prepareDsi(hash, hashAlgo);
                break;
            case ECKeyFormatType:
+            case EdDSAKeyFormatType:
                data = hash;
                break;
            default:
@ -128,7 +129,7 @@ public class SecurityTokenPsoSignTokenOp {
                }
                break;

-            case ECKeyFormatType:
+            case ECKeyFormatType: {
                // "plain" encoding, see https://github.com/open-keychain/open-keychain/issues/2108
                if (signature.length % 2 != 0) {
                    throw new IOException("Bad signature length!");
@ -142,8 +143,12 @@ public class SecurityTokenPsoSignTokenOp {
                final ByteArrayOutputStream baos = new ByteArrayOutputStream();
                ASN1OutputStream out = new ASN1OutputStream(baos);
                out.writeObject(new DERSequence(new ASN1Encodable[] { new ASN1Integer(br), new ASN1Integer(bs) }));
-            out.flush();
-            signature = baos.toByteArray();
+                out.flush();
+                signature = baos.toByteArray();
+                break;
+            }
+
+            case EdDSAKeyFormatType:
                break;
        }
        return signature;
--- a/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/ArmoredInputStreamTest.java
+++ b/OpenKeychain/src/test/java/org/sufficientlysecure/keychain/ArmoredInputStreamTest.java
@ -4,6 +4,7 @@ package org.sufficientlysecure.keychain;
 import java.io.InputStream;

 import org.bouncycastle.bcpg.ArmoredInputStream;
+import org.bouncycastle.util.encoders.Hex;
 import org.junit.Test;
 import org.junit.runner.RunWith;
 import org.sufficientlysecure.keychain.pgp.UncachedKeyringTest;