Merge pull request #2679 from dhedberg/master
Only skip hashing when creating an EDDSA authentication signature
This commit is contained in:
commit
9ed56eed5e
|
@ -34,6 +34,7 @@ public class NfcSyncPGPContentSignerBuilder
|
||||||
private int hashAlgorithm;
|
private int hashAlgorithm;
|
||||||
private int keyAlgorithm;
|
private int keyAlgorithm;
|
||||||
private long keyID;
|
private long keyID;
|
||||||
|
private boolean isEdDsaAuthenticationSignature = false;
|
||||||
|
|
||||||
private Map signedHashes;
|
private Map signedHashes;
|
||||||
|
|
||||||
|
@ -86,6 +87,13 @@ public class NfcSyncPGPContentSignerBuilder
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public NfcSyncPGPContentSignerBuilder configureForEdDsaAuthenticationSignature()
|
||||||
|
{
|
||||||
|
isEdDsaAuthenticationSignature = true;
|
||||||
|
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey)
|
public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey)
|
||||||
throws PGPException {
|
throws PGPException {
|
||||||
// NOTE: privateKey is null in this case!
|
// NOTE: privateKey is null in this case!
|
||||||
|
@ -95,8 +103,8 @@ public class NfcSyncPGPContentSignerBuilder
|
||||||
public PGPContentSigner build(final int signatureType, final long keyID)
|
public PGPContentSigner build(final int signatureType, final long keyID)
|
||||||
throws PGPException
|
throws PGPException
|
||||||
{
|
{
|
||||||
if (keyAlgorithm == PublicKeyAlgorithmTags.EDDSA) {
|
if (isEdDsaAuthenticationSignature) {
|
||||||
return buildEdDSASigner(signatureType, keyID);
|
return buildEdDSAAuthenticationSigner(signatureType, keyID);
|
||||||
}
|
}
|
||||||
|
|
||||||
final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);
|
final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);
|
||||||
|
@ -146,7 +154,7 @@ public class NfcSyncPGPContentSignerBuilder
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
public PGPContentSigner buildEdDSASigner(final int signatureType, final long keyID)
|
public PGPContentSigner buildEdDSAAuthenticationSigner(final int signatureType, final long keyID)
|
||||||
throws PGPException
|
throws PGPException
|
||||||
{
|
{
|
||||||
final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
|
||||||
|
|
|
@ -255,14 +255,20 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
|
||||||
|
|
||||||
private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map<ByteBuffer,
|
private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map<ByteBuffer,
|
||||||
byte[]> signedHashes) {
|
byte[]> signedHashes) {
|
||||||
if (
|
if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) {
|
||||||
getAlgorithm() == PublicKeyAlgorithmTags.EDDSA
|
|
||||||
&& mPrivateKeyState != PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
|
|
||||||
// content signer feeding the input directly into the signature engine,
|
// content signer feeding the input directly into the signature engine,
|
||||||
// since EdDSA hashes the input anyway
|
// since EdDSA hashes the input anyway
|
||||||
return new EdDsaAuthenticationContentSignerBuilder(
|
if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
|
||||||
mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm)
|
return new NfcSyncPGPContentSignerBuilder(
|
||||||
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm,
|
||||||
|
mSecretKey.getKeyID(), signedHashes)
|
||||||
|
.configureForEdDsaAuthenticationSignature()
|
||||||
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||||
|
} else {
|
||||||
|
return new EdDsaAuthenticationContentSignerBuilder(
|
||||||
|
mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm)
|
||||||
|
.setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
|
||||||
|
}
|
||||||
} else {
|
} else {
|
||||||
return getContentSignerBuilder(hashAlgorithm, signedHashes);
|
return getContentSignerBuilder(hashAlgorithm, signedHashes);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue