Merge pull request #2679 from dhedberg/master

Only skip hashing when creating an EDDSA authentication signature
2021-03-27 19:17:53 +01:00 · 2021-03-27 19:17:53 +01:00 · 9ed56eed5e
commit 9ed56eed5e
parent 43b85e12ea f45254cf07
2 changed files with 23 additions and 9 deletions
--- a/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
+++ b/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java
@ -34,6 +34,7 @@ public class NfcSyncPGPContentSignerBuilder
    private int     hashAlgorithm;
    private int     keyAlgorithm;
    private long    keyID;
+    private boolean isEdDsaAuthenticationSignature = false;

    private Map signedHashes;

@ -86,6 +87,13 @@ public class NfcSyncPGPContentSignerBuilder
        return this;
    }

+    public NfcSyncPGPContentSignerBuilder configureForEdDsaAuthenticationSignature()
+    {
+        isEdDsaAuthenticationSignature = true;
+
+        return this;
+    }
+
    public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey)
        throws PGPException {
        // NOTE: privateKey is null in this case!
@ -95,8 +103,8 @@ public class NfcSyncPGPContentSignerBuilder
    public PGPContentSigner build(final int signatureType, final long keyID)
        throws PGPException
    {
-        if (keyAlgorithm == PublicKeyAlgorithmTags.EDDSA) {
-            return buildEdDSASigner(signatureType, keyID);
+        if (isEdDsaAuthenticationSignature) {
+            return buildEdDSAAuthenticationSigner(signatureType, keyID);
        }

        final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);
@ -146,7 +154,7 @@ public class NfcSyncPGPContentSignerBuilder
        };
    }

-    public PGPContentSigner buildEdDSASigner(final int signatureType, final long keyID)
+    public PGPContentSigner buildEdDSAAuthenticationSigner(final int signatureType, final long keyID)
        throws PGPException
    {
        final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@ -255,14 +255,20 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {

    private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map<ByteBuffer,
            byte[]> signedHashes) {
-        if (
-            getAlgorithm() == PublicKeyAlgorithmTags.EDDSA
-                && mPrivateKeyState != PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
+        if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) {
            // content signer feeding the input directly into the signature engine,
            // since EdDSA hashes the input anyway
-            return new EdDsaAuthenticationContentSignerBuilder(
-                    mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm)
-                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+            if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
+                return new NfcSyncPGPContentSignerBuilder(
+                        mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm,
+                        mSecretKey.getKeyID(), signedHashes)
+                        .configureForEdDsaAuthenticationSignature()
+                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+            } else {
+                return new EdDsaAuthenticationContentSignerBuilder(
+                        mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm)
+                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
+            }
        } else {
            return getContentSignerBuilder(hashAlgorithm, signedHashes);
        }