cthrace/open-keychain
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sshauthentication-api v1 support

Browse Source
This commit is contained in:
Christian Hagau
2017-10-05 00:00:00 +00:00
parent 83ab483fc7
commit 2619cb1db3
57 changed files with 3954 additions and 79 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
View File

@@ -19,14 +19,6 @@
package org.sufficientlysecure.keychain.pgp;
import java.io.IOException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
import org.bouncycastle.asn1.ASN1ObjectIdentifier;
import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
import org.bouncycastle.bcpg.ECDHPublicBCPGKey;
@@ -45,6 +37,14 @@ import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.util.IterableIterator;
import org.sufficientlysecure.keychain.util.Log;
import java.io.IOException;
import java.security.PublicKey;
import java.security.interfaces.ECPublicKey;
import java.util.Calendar;
import java.util.Date;
import java.util.GregorianCalendar;
import java.util.Iterator;
/** Wrapper for a PGPPublicKey.
*
* The methods implemented in this class are a thin layer over
@@ -211,18 +211,22 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
return !isRevoked() && !isExpired();
}
// For use only in card export; returns the public key.
// For use in key export only; returns the public key in a JCA compatible format.
public PublicKey getJcaPublicKey() throws PgpGeneralException {
JcaPGPKeyConverter keyConverter = new JcaPGPKeyConverter();
PublicKey publicKey;
try {
publicKey = keyConverter.getPublicKey(mPublicKey);
} catch (PGPException e) {
throw new PgpGeneralException("Error converting public key: "+ e.getMessage(), e);
}
return publicKey;
}
// For use in card export only; returns the public key in a JCA compatible format.
public ECPublicKey getSecurityTokenECPublicKey()
throws PgpGeneralException {
JcaPGPKeyConverter keyConverter = new JcaPGPKeyConverter();
PublicKey retVal;
try {
retVal = keyConverter.getPublicKey(mPublicKey);
} catch (PGPException e) {
throw new PgpGeneralException("Error converting public key!", e);
}
return (ECPublicKey) retVal;
return (ECPublicKey) getJcaPublicKey();
}
public ASN1ObjectIdentifier getSecurityTokenHashAlgorithm()

21
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
View File

@@ -28,6 +28,7 @@ import java.util.Map;
import org.bouncycastle.bcpg.S2K;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.openpgp.PGPAuthenticationSignatureGenerator;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPSecretKey;
@@ -252,6 +253,26 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
}
}
public PGPAuthenticationSignatureGenerator getAuthenticationSignatureGenerator(int hashAlgorithm,
Map<ByteBuffer, byte[]> signedHashes)
throws PgpGeneralException {
if (mPrivateKeyState == PRIVATE_KEY_STATE_LOCKED) {
throw new PrivateKeyNotUnlockedException();
}
PGPContentSignerBuilder contentSignerBuilder = getContentSignerBuilder(hashAlgorithm, signedHashes);
try {
PGPAuthenticationSignatureGenerator signatureGenerator = new PGPAuthenticationSignatureGenerator(contentSignerBuilder);
signatureGenerator.init(PGPSignature.BINARY_DOCUMENT, mPrivateKey);
return signatureGenerator;
} catch (PGPException e) {
// TODO: simply throw PGPException!
throw new PgpGeneralException("Error initializing signature!", e);
}
}
public PGPSignatureGenerator getDataSignatureGenerator(int hashAlgo, boolean cleartext,
Map<ByteBuffer, byte[]> signedHashes, Date creationTimestamp)
throws PgpGeneralException {

130
OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/SshPublicKey.java Normal file
View File

@@ -0,0 +1,130 @@
/*
* Copyright (C) 2017 Christian Hagau <ach@hagau.se>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.sufficientlysecure.keychain.pgp;
import org.bouncycastle.bcpg.DSAPublicBCPGKey;
import org.bouncycastle.bcpg.ECPublicBCPGKey;
import org.bouncycastle.bcpg.EdDSAPublicBCPGKey;
import org.bouncycastle.bcpg.RSAPublicBCPGKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.sufficientlysecure.keychain.pgp.exception.PgpGeneralException;
import org.sufficientlysecure.keychain.ssh.key.SshDSAPublicKey;
import org.sufficientlysecure.keychain.ssh.key.SshECDSAPublicKey;
import org.sufficientlysecure.keychain.ssh.key.SshEd25519PublicKey;
import org.sufficientlysecure.keychain.ssh.key.SshRSAPublicKey;
public class SshPublicKey {
private final static String TAG = "SshPublicKey";
private CanonicalizedPublicKey mPublicKey;
public SshPublicKey(CanonicalizedPublicKey publicKey) {
mPublicKey = publicKey;
}
public String getEncodedKey() throws PgpGeneralException {
PGPPublicKey key = mPublicKey.getPublicKey();
switch (key.getAlgorithm()) {
case PGPPublicKey.RSA_GENERAL:
return encodeRSAKey(key);
case PGPPublicKey.ECDSA:
return encodeECKey(key);
case PGPPublicKey.EDDSA:
return encodeEdDSAKey(key);
case PGPPublicKey.DSA:
return encodeDSAKey(key);
default:
break;
}
throw new PgpGeneralException("Unknown algorithm");
}
private String encodeRSAKey(PGPPublicKey publicKey) {
RSAPublicBCPGKey publicBCPGKey = (RSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
SshRSAPublicKey pubkey = new SshRSAPublicKey(publicBCPGKey.getPublicExponent(), publicBCPGKey.getModulus());
return pubkey.getPublicKeyBlob();
}
private String encodeECKey(PGPPublicKey publicKey) {
ECPublicBCPGKey publicBCPGKey = (ECPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
String curveName = getCurveName(publicBCPGKey);
SshECDSAPublicKey sshECDSAPublicKey = new SshECDSAPublicKey(curveName, publicBCPGKey.getEncodedPoint());
return sshECDSAPublicKey.getPublicKeyBlob();
}
private String getCurveName(ECPublicBCPGKey publicBCPGKey) {
String curveOid = publicBCPGKey.getCurveOID().getId();
// see RFC5656 section 10.{1,2}
switch (curveOid) {
// REQUIRED curves
case "1.2.840.10045.3.1.7":
return "nistp256";
case "1.3.132.0.34":
return "nistp384";
case "1.3.132.0.35":
return "nistp521";
// RECOMMENDED curves
case "1.3.132.0.1":
return "1.3.132.0.1";
case "1.2.840.10045.3.1.1":
return "1.2.840.10045.3.1.1";
case "1.3.132.0.33":
return "1.3.132.0.33";
case "1.3.132.0.26":
return "1.3.132.0.26";
case "1.3.132.0.27":
return "1.3.132.0.27";
case "1.3.132.0.16":
return "1.3.132.0.16";
case "1.3.132.0.36":
return "1.3.132.0.36";
case "1.3.132.0.37":
return "1.3.132.0.37";
case "1.3.132.0.38":
return "1.3.132.0.38";
default:
return null;
}
}
private String encodeEdDSAKey(PGPPublicKey publicKey) {
EdDSAPublicBCPGKey publicBCPGKey = (EdDSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
SshEd25519PublicKey pubkey = new SshEd25519PublicKey(publicBCPGKey.getEdDSAEncodedPoint());
return pubkey.getPublicKeyBlob();
}
private String encodeDSAKey(PGPPublicKey publicKey) {
DSAPublicBCPGKey publicBCPGKey = (DSAPublicBCPGKey) publicKey.getPublicKeyPacket().getKey();
SshDSAPublicKey sshDSAPublicKey = new SshDSAPublicKey(publicBCPGKey.getP(),
publicBCPGKey.getQ(),
publicBCPGKey.getG(),
publicBCPGKey.getY());
return sshDSAPublicKey.getPublicKeyBlob();
}
}