Merge branch 'master' of https://github.com/dhedberg/open-keychain into dhedberg-master

OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java

@@ -7,12 +7,14 @@
 
 package org.bouncycastle.openpgp.operator.jcajce;
 
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPrivateKey;
 import org.bouncycastle.openpgp.operator.PGPContentSigner;
 import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
 import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
 
+import java.io.ByteArrayOutputStream;
 import java.io.OutputStream;
 import java.nio.ByteBuffer;
 import java.security.Provider;
@@ -93,6 +95,10 @@ public class NfcSyncPGPContentSignerBuilder
     public PGPContentSigner build(final int signatureType, final long keyID)
         throws PGPException
     {
+        if (keyAlgorithm == PublicKeyAlgorithmTags.EDDSA) {
+            return buildEdDSASigner(signatureType, keyID);
+        }
+
         final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);
 
         return new PGPContentSigner()
@@ -139,4 +145,56 @@ public class NfcSyncPGPContentSignerBuilder
             }
         };
     }
+
+    public PGPContentSigner buildEdDSASigner(final int signatureType, final long keyID)
+        throws PGPException
+    {
+        final ByteArrayOutputStream outputStream = new ByteArrayOutputStream();
+
+        return new PGPContentSigner()
+        {
+            public int getType()
+            {
+                return signatureType;
+            }
+
+            public int getHashAlgorithm()
+            {
+                return hashAlgorithm;
+            }
+
+            public int getKeyAlgorithm()
+            {
+                return keyAlgorithm;
+            }
+
+            public long getKeyID()
+            {
+                return keyID;
+            }
+
+            public OutputStream getOutputStream()
+            {
+                return outputStream;
+            }
+
+            public byte[] getSignature() {
+                byte[] rawData = outputStream.toByteArray();
+
+                ByteBuffer buf = ByteBuffer.wrap(rawData);
+                if (signedHashes.containsKey(buf)) {
+                    return (byte[]) signedHashes.get(buf);
+                }
+                // catch this when signatureGenerator.generate() is executed and divert to card,
+                // when doing the operation again reuse creationTimestamp (this will be hashed)
+                throw new NfcInteractionNeeded(rawData, getHashAlgorithm());
+            }
+
+            public byte[] getDigest()
+            {
+                return outputStream.toByteArray();
+            }
+        };
+
+    }
 }

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java

@@ -255,7 +255,9 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
 
     private PGPContentSignerBuilder getAuthenticationContentSignerBuilder(int hashAlgorithm, Map<ByteBuffer,
             byte[]> signedHashes) {
-        if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) {
+        if (
+            getAlgorithm() == PublicKeyAlgorithmTags.EDDSA
+                && mPrivateKeyState != PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
             // content signer feeding the input directly into the signature engine,
             // since EdDSA hashes the input anyway
             return new EdDsaAuthenticationContentSignerBuilder(

OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SshPublicKey.java

@@ -19,11 +19,13 @@ package org.sufficientlysecure.keychain.pgp;
 
 import org.bouncycastle.bcpg.DSAPublicBCPGKey;
 import org.bouncycastle.bcpg.ECPublicBCPGKey;
+import org.bouncycastle.bcpg.EdDSAPublicBCPGKey;
 import org.bouncycastle.bcpg.RSAPublicBCPGKey;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
 import org.sufficientlysecure.keychain.ssh.key.SshDSAPublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshECDSAPublicKey;
+import org.sufficientlysecure.keychain.ssh.key.SshEd25519PublicKey;
 import org.sufficientlysecure.keychain.ssh.key.SshRSAPublicKey;
 import org.sufficientlysecure.keychain.ssh.utils.SshUtils;
 
@@ -46,9 +48,8 @@ public class SshPublicKey {
                 return encodeRSAKey(key);
             case PGPPublicKey.ECDSA:
                 return encodeECKey(key);
-            // TODO
+            case PGPPublicKey.EDDSA:
-//            case PGPPublicKey.EDDSA:
+                return encodeEdDSAKey(key);
-//                return encodeEdDSAKey(key);
             case PGPPublicKey.DSA:
                 return encodeDSAKey(key);
             default:
@@ -73,15 +74,13 @@ public class SshPublicKey {
         return sshECDSAPublicKey.getPublicKeyBlob();
     }
 
+    private String encodeEdDSAKey(PGPPublicKey publicKey) {
+        EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
 
+        SshEd25519PublicKey pubkey = new SshEd25519PublicKey(publicBCPGKey.getEdDSAEncodedPoint());
 
-//    private String encodeEdDSAKey(PGPPublicKey publicKey) {
+        return pubkey.getPublicKeyBlob();
-//        EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
+    }
-//
-//        SshEd25519PublicKey pubkey = new SshEd25519PublicKey(publicBCPGKey.getEdDSAEncodedPoint());
-//
-//        return pubkey.getPublicKeyBlob();
-//    }
 
     private String encodeDSAKey(PGPPublicKey publicKey) {
         DSAPublicBCPGKey publicBCPGKey = (DSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();