From f45254cf0725c2d6ab95dcfa74300d0978853a63 Mon Sep 17 00:00:00 2001 From: David Hedberg Date: Sat, 27 Mar 2021 11:37:44 +0100 Subject: [PATCH] Only skip hashing when creating an EDDSA authentication signature --- .../jcajce/NfcSyncPGPContentSignerBuilder.java | 14 +++++++++++--- .../keychain/pgp/CanonicalizedSecretKey.java | 18 ++++++++++++------ 2 files changed, 23 insertions(+), 9 deletions(-) diff --git a/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java b/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java index 95580d07a..dd4db13c3 100644 --- a/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java +++ b/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java @@ -34,6 +34,7 @@ public class NfcSyncPGPContentSignerBuilder private int hashAlgorithm; private int keyAlgorithm; private long keyID; + private boolean isEdDsaAuthenticationSignature = false; private Map signedHashes; @@ -86,6 +87,13 @@ public class NfcSyncPGPContentSignerBuilder return this; } + public NfcSyncPGPContentSignerBuilder configureForEdDsaAuthenticationSignature() + { + isEdDsaAuthenticationSignature = true; + + return this; + } + public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey) throws PGPException { // NOTE: privateKey is null in this case! @@ -95,8 +103,8 @@ public class NfcSyncPGPContentSignerBuilder public PGPContentSigner build(final int signatureType, final long keyID) throws PGPException { - if (keyAlgorithm == PublicKeyAlgorithmTags.EDDSA) { - return buildEdDSASigner(signatureType, keyID); + if (isEdDsaAuthenticationSignature) { + return buildEdDSAAuthenticationSigner(signatureType, keyID); } final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm); @@ -146,7 +154,7 @@ public class NfcSyncPGPContentSignerBuilder }; } - public PGPContentSigner buildEdDSASigner(final int signatureType, final long keyID) + public PGPContentSigner buildEdDSAAuthenticationSigner(final int signatureType, final long keyID) throws PGPException { final ByteArrayOutputStream outputStream = new ByteArrayOutputStream(); diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java index 6ee583e8c..4c1e901d6 100644 --- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java +++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java @@ -255,14 +255,20 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey { private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map signedHashes) { - if ( - getAlgorithm() == PublicKeyAlgorithmTags.EDDSA - && mPrivateKeyState != PRIVATE_KEY_STATE_DIVERT_TO_CARD) { + if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) { // content signer feeding the input directly into the signature engine, // since EdDSA hashes the input anyway - return new EdDsaAuthenticationContentSignerBuilder( - mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm) - .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); + if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) { + return new NfcSyncPGPContentSignerBuilder( + mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm, + mSecretKey.getKeyID(), signedHashes) + .configureForEdDsaAuthenticationSignature() + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); + } else { + return new EdDsaAuthenticationContentSignerBuilder( + mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm) + .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME); + } } else { return getContentSignerBuilder(hashAlgorithm, signedHashes); }