PeterCxy/open-keychain
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases 1 Wiki Activity

Merge pull request #2053 from open-keychain/eddsa

Browse source 
add EdDSA support
This commit is contained in:
Vincent Breitmoser 2017-06-16 19:18:22 +02:00 committed by GitHub
parent dfdfd733f3 50d8cd0559
commit 5d104b9c17
16 changed files with 189 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java
View file

@ -533,6 +533,7 @@ public abstract class OperationResult implements Parcelable {
MSG_CR_ERROR_FLAGS_DSA (LogLevel.ERROR, R.string.msg_cr_error_flags_dsa),
MSG_CR_ERROR_FLAGS_ELGAMAL (LogLevel.ERROR, R.string.msg_cr_error_flags_elgamal),
MSG_CR_ERROR_FLAGS_ECDSA (LogLevel.ERROR, R.string.msg_cr_error_flags_ecdsa),
MSG_CR_ERROR_FLAGS_EDDSA (LogLevel.ERROR, R.string.msg_cr_error_flags_eddsa),
MSG_CR_ERROR_FLAGS_ECDH (LogLevel.ERROR, R.string.msg_cr_error_flags_ecdh),
// secret key modify

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
View file

@ -209,6 +209,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
mPrivateKey = mSecretKey.extractPrivateKey(keyDecryptor);
mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED;
} catch (PGPException e) {
Log.e(Constants.TAG, "Error extracting private key!", e);
return false;
}
if (mPrivateKey == null) {

18
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
View file

@ -45,6 +45,7 @@ import org.bouncycastle.bcpg.S2K;
import org.bouncycastle.bcpg.sig.Features;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.bouncycastle.bcpg.sig.RevocationReasonTags;
import org.bouncycastle.jcajce.provider.asymmetric.eddsa.spec.EdDSAGenParameterSpec;
import org.bouncycastle.jce.spec.ElGamalParameterSpec;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPKeyFlags;
@ -174,7 +175,7 @@ public class PgpKeyOperation {
log.add(LogType.MSG_CR_ERROR_NO_CURVE, indent);
return null;
}
} else {
} else if (add.getAlgorithm() != Algorithm.EDDSA) {
if (add.getKeySize() == null) {
log.add(LogType.MSG_CR_ERROR_NO_KEYSIZE, indent);
return null;
@ -241,6 +242,21 @@ public class PgpKeyOperation {
break;
}
case EDDSA: {
if ((add.getFlags() & (PGPKeyFlags.CAN_ENCRYPT_COMMS | PGPKeyFlags.CAN_ENCRYPT_STORAGE)) > 0) {
log.add(LogType.MSG_CR_ERROR_FLAGS_ECDSA, indent);
return null;
}
progress(R.string.progress_generating_eddsa, 30);
EdDSAGenParameterSpec edParamSpec =
new EdDSAGenParameterSpec("ed25519");
keyGen = KeyPairGenerator.getInstance("EdDSA", Constants.BOUNCY_CASTLE_PROVIDER_NAME);
keyGen.initialize(edParamSpec, new SecureRandom());
algorithm = PGPPublicKey.EDDSA;
break;
}
case ECDH: {
// make sure there are no sign or certify flags set
if ((add.getFlags() & (PGPKeyFlags.CAN_SIGN | PGPKeyFlags.CAN_CERTIFY)) > 0) {

3
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java
View file

@ -174,6 +174,9 @@ public class PgpSecurityConstants {
}
return null;
}
case PublicKeyAlgorithmTags.EDDSA: {
return null;
}
// ELGAMAL_GENERAL: deprecated in RFC 4880, use ELGAMAL_ENCRYPT
// DIFFIE_HELLMAN: unsure
// TODO specialize all cases!

1
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java
View file

@ -250,6 +250,7 @@ public class UncachedKeyRing {
PublicKeyAlgorithmTags.ECDSA, // 19
PublicKeyAlgorithmTags.ELGAMAL_GENERAL, // 20
// PublicKeyAlgorithmTags.DIFFIE_HELLMAN, // 21
PublicKeyAlgorithmTags.EDDSA, // 22
};
/** "Canonicalizes" a public key, removing inconsistencies in the process.

3
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java
View file

@ -223,7 +223,8 @@ public class UncachedPublicKey {
public boolean isEC() {
return getAlgorithm() == PGPPublicKey.ECDH
|| getAlgorithm() == PGPPublicKey.ECDSA;
|| getAlgorithm() == PGPPublicKey.ECDSA
|| getAlgorithm() == PGPPublicKey.EDDSA;
}
public byte[] getFingerprint() {

2
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java
View file

@ -290,7 +290,7 @@ public abstract class SaveKeyringParcel implements Parcelable {
// All supported algorithms
public enum Algorithm {
RSA, DSA, ELGAMAL, ECDSA, ECDH
RSA, DSA, ELGAMAL, ECDSA, ECDH, EDDSA
}
// All curves defined in the standard

10
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddSubkeyDialogFragment.java
View file

@ -62,7 +62,7 @@ public class AddSubkeyDialogFragment extends DialogFragment {
}
public enum SupportedKeyType {
RSA_2048, RSA_3072, RSA_4096, ECC_P256, ECC_P521
RSA_2048, RSA_3072, RSA_4096, ECC_P256, ECC_P521, EDDSA
}
private static final String ARG_WILL_BE_MASTER_KEY = "will_be_master_key";
@ -158,6 +158,8 @@ public class AddSubkeyDialogFragment extends DialogFragment {
R.string.ecc_p256), getResources().getString(R.string.ecc_p256_description_html)));
choices.add(new Choice<>(SupportedKeyType.ECC_P521, getResources().getString(
R.string.ecc_p521), getResources().getString(R.string.ecc_p521_description_html)));
choices.add(new Choice<>(SupportedKeyType.EDDSA, getResources().getString(
R.string.ecc_eddsa), getResources().getString(R.string.ecc_eddsa_description_html)));
TwoLineArrayAdapter adapter = new TwoLineArrayAdapter(context,
android.R.layout.simple_spinner_item, choices);
mKeyTypeSpinner.setAdapter(adapter);
@ -198,6 +200,9 @@ public class AddSubkeyDialogFragment extends DialogFragment {
if (mWillBeMasterKey) {
mUsageEncrypt.setEnabled(false);
}
} else if (keyType == SupportedKeyType.EDDSA) {
mUsageSignAndEncrypt.setEnabled(false);
mUsageEncrypt.setEnabled(false);
} else {
// need to enable if previously disabled for ECC masterkey
mUsageEncrypt.setEnabled(true);
@ -275,6 +280,9 @@ public class AddSubkeyDialogFragment extends DialogFragment {
}
break;
}
case EDDSA: {
algorithm = Algorithm.EDDSA;
}
}
// set flags

4
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java
View file

@ -110,6 +110,10 @@ public class KeyFormattingUtils {
return "ECDH (" + oidName + ")";
}
case PublicKeyAlgorithmTags.EDDSA: {
return "EdDSA";
}
default: {
if (context != null) {
algorithmStr = context.getResources().getString(R.string.unknown);

4
OpenKeychain/src/main/res/values/strings.xml
View file

@ -315,6 +315,8 @@
<string name="ecc_p384_description_html">"very tiny file size, considered secure until 2040 &lt;br/> &lt;u>experimental and not supported by all implementations&lt;/u>"</string>
<string name="ecc_p521">"ECC P-521"</string>
<string name="ecc_p521_description_html">"tiny file size, considered secure until 2040+ &lt;br/> &lt;u>experimental and not supported by all implementations&lt;/u>"</string>
<string name="ecc_eddsa">"ECC EdDSA"</string>
<string name="ecc_eddsa_description_html">"tiny file size, considered secure until 2040+ &lt;br/> &lt;u>experimental and not supported by all implementations&lt;/u>"</string>
<string name="usage_none">"None (subkey binding only)"</string>
<string name="usage_sign">"Sign"</string>
<string name="usage_encrypt">"Encrypt"</string>
@ -452,6 +454,7 @@
<string name="progress_generating_dsa">"generating new DSA key…"</string>
<string name="progress_generating_elgamal">"generating new ElGamal key…"</string>
<string name="progress_generating_ecdsa">"generating new ECDSA key…"</string>
<string name="progress_generating_eddsa">"generating new EdDSA key…"</string>
<string name="progress_generating_ecdh">"generating new ECDH key…"</string>
<string name="progress_modify">"modifying keyring…"</string>
@ -1084,6 +1087,7 @@
<string name="msg_cr_error_flags_dsa">"Bad key flags selected, DSA cannot be used for encryption!"</string>
<string name="msg_cr_error_flags_elgamal">"Bad key flags selected, ElGamal cannot be used for signing!"</string>
<string name="msg_cr_error_flags_ecdsa">"Bad key flags selected, ECDSA cannot be used for encryption!"</string>
<string name="msg_cr_error_flags_eddsa">"Bad key flags selected, EdDSA cannot be used for encryption!"</string>
<string name="msg_cr_error_flags_ecdh">"Bad key flags selected, ECDH cannot be used for signing!"</string>
<!-- modifySecretKeyRing -->

10
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/pgp/OpaqueKeyTest.java
View file

@ -42,9 +42,7 @@ public class OpaqueKeyTest {
@Test
public void testOpaqueSubKey__canonicalize__shouldFail() throws Exception {
// key from GnuPG's test suite, sample msg generated using GnuPG v2.1.18
// TODO use for actual tests once eddsa is supported!
UncachedKeyRing ring = readRingFromResource("/test-keys/eddsa-sample-1-pub.asc");
UncachedKeyRing ring = readRingFromResource("/test-keys/unknown-sample-1.pub");
OperationLog log = new OperationLog();
ring.canonicalize(log, 0);
@ -61,12 +59,12 @@ public class OpaqueKeyTest {
OperationLog log = new OperationLog();
ring.canonicalize(log, 0);
assertTrue(log.containsType(LogType.MSG_KC_ERROR_MASTER_ALGO));
assertTrue(log.containsType(LogType.MSG_KC_SUB_BAD));
}
@Test
public void testOpaqueSubKey__canonicalize__shouldStrip() throws Exception {
UncachedKeyRing ring = readRingFromResource("/test-keys/eddsa-subkey.pub.asc");
UncachedKeyRing ring = readRingFromResource("/test-keys/unknown-subkey.pub.asc");
OperationLog log = new OperationLog();
CanonicalizedKeyRing canonicalizedKeyRing = ring.canonicalize(log, 0);
@ -78,7 +76,7 @@ public class OpaqueKeyTest {
@Test
public void testOpaqueSubKey__reencode__shouldBeIdentical() throws Exception {
byte[] rawKeyData = TestDataUtil.readFully(
OpaqueKeyTest.class.getResourceAsStream("/test-keys/eddsa-subkey.pub.asc"));
OpaqueKeyTest.class.getResourceAsStream("/test-keys/unknown-subkey.pub.asc"));
UncachedKeyRing ring = UncachedKeyRing.decodeFromData(rawKeyData);

130
OpenKeychain/src/test/java/org/sufficientlysecure/keychain/provider/EddsaTest.java Normal file
View file

@ -0,0 +1,130 @@
/*
* Copyright (C) 2014 Dominik Schürmann <dominik@dominikschuermann.de>
* Copyright (C) 2014 Vincent Breitmoser <v.breitmoser@mugenguild.com>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.provider;
import java.io.ByteArrayOutputStream;
import java.io.InputStream;
import android.app.Application;
import org.bouncycastle.bcpg.sig.KeyFlags;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.openintents.openpgp.OpenPgpSignatureResult;
import org.robolectric.RuntimeEnvironment;
import org.robolectric.shadows.ShadowLog;
import org.robolectric.util.Util;
import org.sufficientlysecure.keychain.KeychainTestRunner;
import org.sufficientlysecure.keychain.operations.results.DecryptVerifyResult;
import org.sufficientlysecure.keychain.operations.results.OperationResult.OperationLog;
import org.sufficientlysecure.keychain.operations.results.PgpEditKeyResult;
import org.sufficientlysecure.keychain.operations.results.SaveKeyringResult;
import org.sufficientlysecure.keychain.pgp.CanonicalizedKeyRing;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyInputParcel;
import org.sufficientlysecure.keychain.pgp.PgpDecryptVerifyOperation;
import org.sufficientlysecure.keychain.pgp.PgpKeyOperation;
import org.sufficientlysecure.keychain.pgp.UncachedKeyRing;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.Algorithm;
import org.sufficientlysecure.keychain.service.SaveKeyringParcel.SubkeyAdd;
import static junit.framework.Assert.assertEquals;
import static junit.framework.Assert.assertFalse;
import static junit.framework.Assert.assertNotNull;
import static junit.framework.Assert.assertTrue;
@SuppressWarnings("WeakerAccess")
@RunWith(KeychainTestRunner.class)
public class EddsaTest {
private KeyWritableRepository keyRepository;
private Application context;
@BeforeClass
public static void setUpOnce() throws Exception {
ShadowLog.stream = System.out;
}
@Before
public void setUp() throws Exception {
context = RuntimeEnvironment.application;
keyRepository = KeyWritableRepository.createDatabaseReadWriteInteractor(context);
}
@Test
public void testGpgSampleSignature() throws Exception {
// key from GnuPG's test suite, sample msg generated using GnuPG v2.1.18
UncachedKeyRing ring = loadKeyringFromResource("/test-keys/eddsa-sample-1-pub.asc");
byte[] signedText = readBytesFromResource("/test-keys/eddsa-sample-msg.asc");
PgpDecryptVerifyInputParcel pgpDecryptVerifyInputParcel = PgpDecryptVerifyInputParcel.builder()
.setInputBytes(signedText).build();
PgpDecryptVerifyOperation decryptVerifyOperation = new PgpDecryptVerifyOperation(context, keyRepository, null);
DecryptVerifyResult result = decryptVerifyOperation.execute(pgpDecryptVerifyInputParcel, null);
assertTrue(result.success());
assertEquals(OpenPgpSignatureResult.RESULT_VALID_KEY_UNCONFIRMED, result.getSignatureResult().getResult());
assertEquals(ring.getMasterKeyId(), result.getSignatureResult().getKeyId());
}
@Test
public void testCreateEddsa() throws Exception {
SaveKeyringParcel.Builder builder = SaveKeyringParcel.buildNewKeyringParcel();
builder.addSubkeyAdd(SubkeyAdd.createSubkeyAdd(
Algorithm.EDDSA, 0, null, KeyFlags.CERTIFY_OTHER, 0L));
builder.addUserId("ed");
PgpKeyOperation op = new PgpKeyOperation(null);
PgpEditKeyResult result = op.createSecretKeyRing(builder.build());
assertTrue("initial test key creation must succeed", result.success());
assertNotNull("initial test key creation must succeed", result.getRing());
CanonicalizedKeyRing canonicalizedKeyRing = result.getRing().canonicalize(new OperationLog(), 0);
assertNotNull(canonicalizedKeyRing);
}
private UncachedKeyRing loadKeyringFromResource(String name) throws Exception {
UncachedKeyRing ring = readRingFromResource(name);
SaveKeyringResult saveKeyringResult = keyRepository.savePublicKeyRing(ring);
assertTrue(saveKeyringResult.success());
assertFalse(saveKeyringResult.getLog().containsWarnings());
return ring;
}
private byte[] readBytesFromResource(String name) throws Exception {
ByteArrayOutputStream baos = new ByteArrayOutputStream();
InputStream input = EddsaTest.class.getResourceAsStream(name);
Util.copy(input, baos);
return baos.toByteArray();
}
UncachedKeyRing readRingFromResource(String name) throws Exception {
return UncachedKeyRing.fromStream(EddsaTest.class.getResourceAsStream(name)).next();
}
}

11
OpenKeychain/src/test/resources/test-keys/eddsa-sample-msg.asc Normal file
View file

@ -0,0 +1,11 @@
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
eddsa sample signed msg
-----BEGIN PGP SIGNATURE-----
iHUEARYIAB0WIQTJWb26+jKi+JoVO2eM/eEhl5ZamgUCWJ+tFQAKCRCM/eEhl5Za
miuCAQCGGkrsyYxv1PkQM7GH8mMwqdHd5YAOQw6qNjTjVAQ+FgD7B7AhHQ0nFgWx
oXDm7HDBLRidPJ9u+Tb0yUid7NfyxQg=
=K4E/
-----END PGP SIGNATURE-----

BIN
OpenKeychain/src/test/resources/test-keys/unknown-sample-1.pub Normal file
View file

Binary file not shown.

BIN
OpenKeychain/src/test/resources/test-keys/unknown-subkey.pub.asc Normal file
View file

Binary file not shown.

2
extern/bouncycastle vendored

@ -1 +1 @@
Subproject commit 2f4b5a448c051ad980a437d7efbf4402b593f929
Subproject commit 1c44d1e9f5fd52dd515552ae000e44be5ee9f4a4