add EdDSA support

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/operations/results/OperationResult.java

@@ -533,6 +533,7 @@ public abstract class OperationResult implements Parcelable {
         MSG_CR_ERROR_FLAGS_DSA (LogLevel.ERROR, R.string.msg_cr_error_flags_dsa),
         MSG_CR_ERROR_FLAGS_ELGAMAL (LogLevel.ERROR, R.string.msg_cr_error_flags_elgamal),
         MSG_CR_ERROR_FLAGS_ECDSA (LogLevel.ERROR, R.string.msg_cr_error_flags_ecdsa),
+        MSG_CR_ERROR_FLAGS_EDDSA (LogLevel.ERROR, R.string.msg_cr_error_flags_eddsa),
         MSG_CR_ERROR_FLAGS_ECDH (LogLevel.ERROR, R.string.msg_cr_error_flags_ecdh),
 
         // secret key modify

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java

@@ -209,6 +209,7 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
             mPrivateKey = mSecretKey.extractPrivateKey(keyDecryptor);
             mPrivateKeyState = PRIVATE_KEY_STATE_UNLOCKED;
         } catch (PGPException e) {
+            Log.e(Constants.TAG, "Error extracting private key!", e);
             return false;
         }
         if (mPrivateKey == null) {

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java

@@ -45,6 +45,7 @@ import org.bouncycastle.bcpg.S2K;
 import org.bouncycastle.bcpg.sig.Features;
 import org.bouncycastle.bcpg.sig.KeyFlags;
 import org.bouncycastle.bcpg.sig.RevocationReasonTags;
+import org.bouncycastle.jcajce.provider.asymmetric.eddsa.spec.EdDSAGenParameterSpec;
 import org.bouncycastle.jce.spec.ElGamalParameterSpec;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPKeyFlags;
@@ -174,7 +175,7 @@ public class PgpKeyOperation {
                     log.add(LogType.MSG_CR_ERROR_NO_CURVE, indent);
                     return null;
                 }
-            } else {
+            } else if (add.getAlgorithm() != Algorithm.EDDSA) {
                 if (add.getKeySize() == null) {
                     log.add(LogType.MSG_CR_ERROR_NO_KEYSIZE, indent);
                     return null;
@@ -241,6 +242,21 @@ public class PgpKeyOperation {
                     break;
                 }
 
+                case EDDSA: {
+                    if ((add.getFlags() & (PGPKeyFlags.CAN_ENCRYPT_COMMS | PGPKeyFlags.CAN_ENCRYPT_STORAGE)) > 0) {
+                        log.add(LogType.MSG_CR_ERROR_FLAGS_ECDSA, indent);
+                        return null;
+                    }
+                    progress(R.string.progress_generating_eddsa, 30);
+                    EdDSAGenParameterSpec edParamSpec =
+                            new EdDSAGenParameterSpec("ed25519");
+                    keyGen = KeyPairGenerator.getInstance("EdDSA", Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+                    keyGen.initialize(edParamSpec, new SecureRandom());
+
+                    algorithm = PGPPublicKey.EDDSA;
+                    break;
+                }
+
                 case ECDH: {
                     // make sure there are no sign or certify flags set
                     if ((add.getFlags() & (PGPKeyFlags.CAN_SIGN | PGPKeyFlags.CAN_CERTIFY)) > 0) {

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpSecurityConstants.java

@@ -174,6 +174,9 @@ public class PgpSecurityConstants {
                 }
                 return null;
             }
+            case PublicKeyAlgorithmTags.EDDSA: {
+                return null;
+            }
             // ELGAMAL_GENERAL: deprecated in RFC 4880, use ELGAMAL_ENCRYPT
             // DIFFIE_HELLMAN: unsure
             // TODO specialize all cases!

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedKeyRing.java

@@ -250,6 +250,7 @@ public class UncachedKeyRing {
         PublicKeyAlgorithmTags.ECDSA, // 19
         PublicKeyAlgorithmTags.ELGAMAL_GENERAL, // 20
         // PublicKeyAlgorithmTags.DIFFIE_HELLMAN, // 21
+        PublicKeyAlgorithmTags.EDDSA, // 22
     };
 
     /** "Canonicalizes" a public key, removing inconsistencies in the process.

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/UncachedPublicKey.java

@@ -223,7 +223,8 @@ public class UncachedPublicKey {
 
     public boolean isEC() {
         return getAlgorithm() == PGPPublicKey.ECDH
-                || getAlgorithm() == PGPPublicKey.ECDSA;
+                || getAlgorithm() == PGPPublicKey.ECDSA
+                || getAlgorithm() == PGPPublicKey.EDDSA;
     }
 
     public byte[] getFingerprint() {

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/service/SaveKeyringParcel.java

@@ -290,7 +290,7 @@ public abstract class SaveKeyringParcel implements Parcelable {
 
     // All supported algorithms
     public enum Algorithm {
-        RSA, DSA, ELGAMAL, ECDSA, ECDH
+        RSA, DSA, ELGAMAL, ECDSA, ECDH, EDDSA
     }
 
     // All curves defined in the standard

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/dialog/AddSubkeyDialogFragment.java

@@ -62,7 +62,7 @@ public class AddSubkeyDialogFragment extends DialogFragment {
     }
 
     public enum SupportedKeyType {
-        RSA_2048, RSA_3072, RSA_4096, ECC_P256, ECC_P521
+        RSA_2048, RSA_3072, RSA_4096, ECC_P256, ECC_P521, EDDSA
     }
 
     private static final String ARG_WILL_BE_MASTER_KEY = "will_be_master_key";
@@ -158,6 +158,8 @@ public class AddSubkeyDialogFragment extends DialogFragment {
                     R.string.ecc_p256), getResources().getString(R.string.ecc_p256_description_html)));
             choices.add(new Choice<>(SupportedKeyType.ECC_P521, getResources().getString(
                     R.string.ecc_p521), getResources().getString(R.string.ecc_p521_description_html)));
+            choices.add(new Choice<>(SupportedKeyType.EDDSA, getResources().getString(
+                    R.string.ecc_eddsa), getResources().getString(R.string.ecc_eddsa_description_html)));
             TwoLineArrayAdapter adapter = new TwoLineArrayAdapter(context,
                     android.R.layout.simple_spinner_item, choices);
             mKeyTypeSpinner.setAdapter(adapter);
@@ -198,6 +200,9 @@ public class AddSubkeyDialogFragment extends DialogFragment {
                     if (mWillBeMasterKey) {
                         mUsageEncrypt.setEnabled(false);
                     }
+                } else if (keyType == SupportedKeyType.EDDSA) {
+                    mUsageSignAndEncrypt.setEnabled(false);
+                    mUsageEncrypt.setEnabled(false);
                 } else {
                     // need to enable if previously disabled for ECC masterkey
                     mUsageEncrypt.setEnabled(true);
@@ -275,6 +280,9 @@ public class AddSubkeyDialogFragment extends DialogFragment {
                             }
                             break;
                         }
+                        case EDDSA: {
+                            algorithm = Algorithm.EDDSA;
+                        }
                     }
 
                     // set flags

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/ui/util/KeyFormattingUtils.java

@@ -110,6 +110,10 @@ public class KeyFormattingUtils {
                 return "ECDH (" + oidName + ")";
             }
 
+            case PublicKeyAlgorithmTags.EDDSA: {
+                return "EdDSA";
+            }
+
             default: {
                 if (context != null) {
                     algorithmStr = context.getResources().getString(R.string.unknown);

OpenKeychain/src/main/res/values/strings.xml

@@ -315,6 +315,8 @@
     <string name="ecc_p384_description_html">"very tiny file size, considered secure until 2040 &lt;br/> &lt;u>experimental and not supported by all implementations&lt;/u>"</string>
     <string name="ecc_p521">"ECC P-521"</string>
     <string name="ecc_p521_description_html">"tiny file size, considered secure until 2040+ &lt;br/> &lt;u>experimental and not supported by all implementations&lt;/u>"</string>
+    <string name="ecc_eddsa">"ECC EdDSA"</string>
+    <string name="ecc_eddsa_description_html">"tiny file size, considered secure until 2040+ &lt;br/> &lt;u>experimental and not supported by all implementations&lt;/u>"</string>
     <string name="usage_none">"None (subkey binding only)"</string>
     <string name="usage_sign">"Sign"</string>
     <string name="usage_encrypt">"Encrypt"</string>
@@ -452,6 +454,7 @@
     <string name="progress_generating_dsa">"generating new DSA key…"</string>
     <string name="progress_generating_elgamal">"generating new ElGamal key…"</string>
     <string name="progress_generating_ecdsa">"generating new ECDSA key…"</string>
+    <string name="progress_generating_eddsa">"generating new EdDSA key…"</string>
     <string name="progress_generating_ecdh">"generating new ECDH key…"</string>
 
     <string name="progress_modify">"modifying keyring…"</string>
@@ -1084,6 +1087,7 @@
     <string name="msg_cr_error_flags_dsa">"Bad key flags selected, DSA cannot be used for encryption!"</string>
     <string name="msg_cr_error_flags_elgamal">"Bad key flags selected, ElGamal cannot be used for signing!"</string>
     <string name="msg_cr_error_flags_ecdsa">"Bad key flags selected, ECDSA cannot be used for encryption!"</string>
+    <string name="msg_cr_error_flags_eddsa">"Bad key flags selected, EdDSA cannot be used for encryption!"</string>
     <string name="msg_cr_error_flags_ecdh">"Bad key flags selected, ECDH cannot be used for signing!"</string>
 
     <!-- modifySecretKeyRing -->

extern/bouncycastle

@@ -1 +1 @@
-Subproject commit 2f4b5a448c051ad980a437d7efbf4402b593f929
+Subproject commit 1c44d1e9f5fd52dd515552ae000e44be5ee9f4a4