Merge pull request #2679 from dhedberg/master
Only skip hashing when creating an EDDSA authentication signature
This commit is contained in:
commit
9ed56eed5e
2 changed files with 23 additions and 9 deletions
|
@ -34,6 +34,7 @@ public class NfcSyncPGPContentSignerBuilder
|
|||
private int hashAlgorithm;
|
||||
private int keyAlgorithm;
|
||||
private long keyID;
|
||||
private boolean isEdDsaAuthenticationSignature = false;
|
||||
|
||||
private Map signedHashes;
|
||||
|
||||
|
@ -86,6 +87,13 @@ public class NfcSyncPGPContentSignerBuilder
|
|||
return this;
|
||||
}
|
||||
|
||||
public NfcSyncPGPContentSignerBuilder configureForEdDsaAuthenticationSignature()
|
||||
{
|
||||
isEdDsaAuthenticationSignature = true;
|
||||
|
||||
return this;
|
||||
}
|
||||
|
||||
public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey)
|
||||
throws PGPException {
|
||||
// NOTE: privateKey is null in this case!
|
||||
|
@ -95,8 +103,8 @@ public class NfcSyncPGPContentSignerBuilder
|
|||
public PGPContentSigner build(final int signatureType, final long keyID)
|
||||
throws PGPException
|
||||
{
|
||||
if (keyAlgorithm == PublicKeyAlgorithmTags.EDDSA) {
|
||||
return buildEdDSASigner(signatureType, keyID);
|
||||
if (isEdDsaAuthenticationSignature) {
|
||||
return buildEdDSAAuthenticationSigner(signatureType, keyID);
|
||||
}
|
||||
|
||||
final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);
|
||||
|
@ -146,7 +154,7 @@ public class NfcSyncPGPContentSignerBuilder
|
|||
};
|
||||
}
|
||||
|
||||
public PGPContentSigner buildEdDSASigner(final int signatureType, final long keyID)
|
||||
public PGPContentSigner buildEdDSAAuthenticationSigner(final int signatureType, final long keyID)
|
||||
throws PGPException
|
||||
{
|
||||
final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||
|
|
|
@ -255,14 +255,20 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
|
|||
|
||||
private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map<ByteBuffer,
|
||||
byte[]> signedHashes) {
|
||||
if (
|
||||
getAlgorithm() == PublicKeyAlgorithmTags.EDDSA
|
||||
&& mPrivateKeyState != PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
|
||||
if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) {
|
||||
// content signer feeding the input directly into the signature engine,
|
||||
// since EdDSA hashes the input anyway
|
||||
return new EdDsaAuthenticationContentSignerBuilder(
|
||||
mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm)
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
|
||||
return new NfcSyncPGPContentSignerBuilder(
|
||||
mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm,
|
||||
mSecretKey.getKeyID(), signedHashes)
|
||||
.configureForEdDsaAuthenticationSignature()
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
} else {
|
||||
return new EdDsaAuthenticationContentSignerBuilder(
|
||||
mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm)
|
||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||
}
|
||||
} else {
|
||||
return getContentSignerBuilder(hashAlgorithm, signedHashes);
|
||||
}
|
||||
|
|
Loading…
Add table
Reference in a new issue