re-merge libkeychain

OpenKeychain/src/main/java/org/bouncycastle/openpgp/AuthenticationSignatureGenerator.java

@@ -0,0 +1,86 @@
+package org.bouncycastle.openpgp;
+
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.openpgp.operator.PGPContentSigner;
+import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
+
+import java.io.IOException;
+import java.io.OutputStream;
+
+/**
+ * Generator for authentication signatures.
+ */
+public class AuthenticationSignatureGenerator {
+    private OutputStream sigOut;
+    private PGPContentSignerBuilder contentSignerBuilder;
+    private PGPContentSigner contentSigner;
+    private int sigType;
+
+    /**
+     * Create a signature generator built on the passed in contentSignerBuilder.
+     *
+     * @param contentSignerBuilder builder to produce PGPContentSigner objects for generating signatures.
+     */
+    public AuthenticationSignatureGenerator(PGPContentSignerBuilder contentSignerBuilder) {
+        this.contentSignerBuilder = contentSignerBuilder;
+    }
+
+    /**
+     * Initialise the generator for signing.
+     *
+     * @param signatureType
+     * @param key
+     * @throws PGPException
+     */
+    public void init(int signatureType, PGPPrivateKey key) throws PGPException {
+        contentSigner = contentSignerBuilder.build(signatureType, key);
+        sigOut = contentSigner.getOutputStream();
+        sigType = contentSigner.getType();
+    }
+
+    public void update(byte b) {
+        byteUpdate(b);
+    }
+
+    public void update(byte[] b) {
+        update(b, 0, b.length);
+    }
+
+    public void update(byte[] b, int off, int len) {
+        blockUpdate(b, off, len);
+    }
+
+    private void byteUpdate(byte b) {
+        try {
+            sigOut.write(b);
+        } catch (IOException e) {
+            throw new PGPRuntimeOperationException(e.getMessage(), e);
+        }
+    }
+
+    private void blockUpdate(byte[] block, int off, int len) {
+        try {
+            sigOut.write(block, off, len);
+        } catch (IOException e) {
+            throw new PGPRuntimeOperationException(e.getMessage(), e);
+        }
+    }
+
+    /**
+     * Return the signature.
+     *
+     * @return byte[]
+     * @throws PGPException
+     */
+    public byte[] getSignature() throws PGPException {
+        if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.RSA_SIGN
+                || contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.RSA_GENERAL
+                || contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA
+                || contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.ECDSA
+                || contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.DSA) {
+            return contentSigner.getSignature();
+        } else {
+           throw new UnsupportedOperationException("Unsupported algorithm");
+        }
+    }
+}

OpenKeychain/src/main/java/org/bouncycastle/openpgp/jcajce/JcaSkipMarkerPGPObjectFactory.java

@@ -0,0 +1,38 @@
+/**
+ * Copyright (c) 2016 Vincent Breitmoser
+ *
+ * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
+ */
+
+package org.bouncycastle.openpgp.jcajce;
+
+
+import java.io.IOException;
+import java.io.InputStream;
+
+import org.bouncycastle.openpgp.PGPMarker;
+
+/** This class wraps the regular PGPObjectFactory, changing its behavior to
+ * ignore all PGPMarker packets it encounters while reading. These packets
+ * carry no semantics of their own, and should be ignored according to
+ * RFC 4880.
+ * 
+ * @see https://tools.ietf.org/html/rfc4880#section-5.8
+ * @see org.bouncycastle.openpgp.PGPMarker
+ * 
+ */
+public class JcaSkipMarkerPGPObjectFactory extends JcaPGPObjectFactory {
+
+    public JcaSkipMarkerPGPObjectFactory(InputStream in) {
+        super(in);
+    }
+
+    @Override
+    public Object nextObject() throws IOException {
+        Object o = super.nextObject();
+        while (o instanceof PGPMarker) {
+            o = super.nextObject();
+        }
+        return o;
+    }
+}

OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/CachingDataDecryptorFactory.java

@@ -0,0 +1,86 @@
+/*
+ * Copyright (c) 2013-2014 Philipp Jakubeit, Signe Rüsch, Dominik Schürmann
+ * Copyright (c) 2017 Vincent Breitmoser
+ *
+ * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
+ */
+
+package org.bouncycastle.openpgp.operator.jcajce;
+
+
+import java.nio.ByteBuffer;
+import java.util.Collections;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
+import org.bouncycastle.openpgp.operator.PGPDataDecryptor;
+import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
+
+public class CachingDataDecryptorFactory implements PublicKeyDataDecryptorFactory
+{
+    private final PublicKeyDataDecryptorFactory mWrappedDecryptor;
+    private final HashMap<ByteBuffer, byte[]> mSessionKeyCache;
+
+    private OperatorHelper mOperatorHelper;
+
+    public CachingDataDecryptorFactory(String providerName, Map<ByteBuffer, byte[]> sessionKeyCache)
+    {
+        this((PublicKeyDataDecryptorFactory) null, sessionKeyCache);
+
+        mOperatorHelper = new OperatorHelper(new NamedJcaJceHelper(providerName));
+    }
+
+    public CachingDataDecryptorFactory(PublicKeyDataDecryptorFactory wrapped,
+            Map<ByteBuffer, byte[]> sessionKeyCache)
+    {
+        mSessionKeyCache = new HashMap<>();
+        if (sessionKeyCache != null)
+        {
+            mSessionKeyCache.putAll(sessionKeyCache);
+        }
+
+        mWrappedDecryptor = wrapped;
+    }
+
+    public boolean hasCachedSessionData(PGPPublicKeyEncryptedData encData) throws PGPException {
+        ByteBuffer bi = ByteBuffer.wrap(encData.getSessionKey()[0]);
+        return mSessionKeyCache.containsKey(bi);
+    }
+
+    public Map<ByteBuffer, byte[]> getCachedSessionKeys() {
+        return Collections.unmodifiableMap(mSessionKeyCache);
+    }
+
+    public boolean canDecrypt() {
+        return mWrappedDecryptor != null;
+    }
+
+    @Override
+    public byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData) throws PGPException {
+        ByteBuffer bi = ByteBuffer.wrap(secKeyData[0]);  // encoded MPI
+        if (mSessionKeyCache.containsKey(bi)) {
+            return mSessionKeyCache.get(bi);
+        }
+
+        if (mWrappedDecryptor == null) {
+            throw new IllegalStateException("tried to decrypt without wrapped decryptor, this is a bug!");
+        }
+
+        byte[] sessionData = mWrappedDecryptor.recoverSessionData(keyAlgorithm, secKeyData);
+        mSessionKeyCache.put(bi, sessionData);
+        return sessionData;
+    }
+
+    @Override
+    public PGPDataDecryptor createDataDecryptor(boolean withIntegrityPacket, int encAlgorithm, byte[] key)
+            throws PGPException {
+        if (mWrappedDecryptor != null) {
+            return mWrappedDecryptor.createDataDecryptor(withIntegrityPacket, encAlgorithm, key);
+        }
+        return mOperatorHelper.createDataDecryptor(withIntegrityPacket, encAlgorithm, key);
+    }
+
+}

OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/EdDsaAuthenticationContentSignerBuilder.java

@@ -0,0 +1,101 @@
+package org.bouncycastle.openpgp.operator.jcajce;
+
+import org.bouncycastle.jcajce.provider.asymmetric.eddsa.EdDSAEngine;
+import org.bouncycastle.jcajce.provider.asymmetric.eddsa.spec.EdDSANamedCurveTable;
+import org.bouncycastle.jcajce.provider.asymmetric.eddsa.spec.EdDSAParameterSpec;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPRuntimeOperationException;
+import org.bouncycastle.openpgp.operator.PGPContentSigner;
+import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
+
+import java.io.ByteArrayOutputStream;
+import java.io.OutputStream;
+import java.security.*;
+
+public class EdDsaAuthenticationContentSignerBuilder implements PGPContentSignerBuilder {
+    private JcaPGPKeyConverter keyConverter = new JcaPGPKeyConverter();
+    private int hashAlgorithm;
+    private int keyAlgorithm;
+
+    public EdDsaAuthenticationContentSignerBuilder(int keyAlgorithm, int hashAlgorithm) {
+        this.keyAlgorithm = keyAlgorithm;
+        this.hashAlgorithm = hashAlgorithm;
+    }
+
+    public EdDsaAuthenticationContentSignerBuilder setProvider(Provider provider) {
+        keyConverter.setProvider(provider);
+        return this;
+    }
+
+    public EdDsaAuthenticationContentSignerBuilder setProvider(String providerName) {
+        keyConverter.setProvider(providerName);
+        return this;
+    }
+
+    private Signature createSignature() throws NoSuchAlgorithmException {
+        EdDSAParameterSpec spec = EdDSANamedCurveTable.getByName("Ed25519");
+        return new EdDSAEngine(MessageDigest.getInstance(spec.getHashAlgorithm()));
+    }
+
+    public PGPContentSigner build(final int signatureType, final long keyID, final PrivateKey privateKey)
+            throws PGPException {
+        Signature signatureEdDsa;
+        try {
+            signatureEdDsa = createSignature();
+        } catch (NoSuchAlgorithmException e) {
+            throw new PGPException("unable to create Signature.", e);
+        }
+        final Signature signature = signatureEdDsa;
+
+        final ByteArrayOutputStream dataOutputStream = new ByteArrayOutputStream();
+
+        try {
+            signature.initSign(privateKey);
+        } catch (InvalidKeyException e) {
+            throw new PGPException("invalid key.", e);
+        }
+
+        return new PGPContentSigner() {
+            public int getType() {
+                return signatureType;
+            }
+
+            public int getHashAlgorithm() {
+                return hashAlgorithm;
+            }
+
+            public int getKeyAlgorithm() {
+                return keyAlgorithm;
+            }
+
+            public long getKeyID() {
+                return keyID;
+            }
+
+            public OutputStream getOutputStream() {
+                return new SignatureOutputStream(signature);
+            }
+
+            public byte[] getSignature() {
+                try {
+                    return signature.sign();
+                } catch (SignatureException e) {
+                    throw new PGPRuntimeOperationException("Unable to create signature: " + e.getMessage(), e);
+                }
+            }
+
+            public byte[] getDigest() {
+                return null;
+            }
+        };
+    }
+
+    public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey) throws PGPException {
+        if (privateKey instanceof JcaPGPPrivateKey) {
+            return build(signatureType, privateKey.getKeyID(), ((JcaPGPPrivateKey) privateKey).getPrivateKey());
+        } else {
+            return build(signatureType, privateKey.getKeyID(), keyConverter.getPrivateKey(privateKey));
+        }
+    }
+}

OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/NfcSyncPGPContentSignerBuilder.java

@@ -0,0 +1,142 @@
+/**
+ * Copyright (c) 2013-2014 Philipp Jakubeit, Signe Rüsch, Dominik Schürmann
+ * Copyright (c) 2000-2013 The Legion of the Bouncy Castle Inc. (http://www.bouncycastle.org)
+ *
+ * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
+ */
+
+package org.bouncycastle.openpgp.operator.jcajce;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.operator.PGPContentSigner;
+import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
+import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
+
+import java.io.OutputStream;
+import java.nio.ByteBuffer;
+import java.security.Provider;
+import java.util.Map;
+
+
+/**
+ * This class is based on JcaPGPContentSignerBuilder.
+ *
+ * Instead of using a Signature object based on a privateKey, this class only calculates the digest
+ * of the output stream and gives the result back using a RuntimeException.
+ */
+public class NfcSyncPGPContentSignerBuilder
+    implements PGPContentSignerBuilder
+{
+    private JcaPGPDigestCalculatorProviderBuilder digestCalculatorProviderBuilder = new JcaPGPDigestCalculatorProviderBuilder();
+    private int     hashAlgorithm;
+    private int     keyAlgorithm;
+    private long    keyID;
+
+    private Map signedHashes;
+
+    public static class NfcInteractionNeeded extends RuntimeException
+    {
+        public byte[] hashToSign;
+        public int hashAlgo;
+
+        public NfcInteractionNeeded(byte[] hashToSign, int hashAlgo)
+        {
+            super("NFC interaction required!");
+            this.hashToSign = hashToSign;
+            this.hashAlgo = hashAlgo;
+        }
+    }
+
+    public NfcSyncPGPContentSignerBuilder(int keyAlgorithm, int hashAlgorithm, long keyID, Map signedHashes)
+    {
+        this.keyAlgorithm = keyAlgorithm;
+        this.hashAlgorithm = hashAlgorithm;
+        this.keyID = keyID;
+        this.signedHashes = signedHashes;
+    }
+
+    public NfcSyncPGPContentSignerBuilder setProvider(Provider provider)
+    {
+        digestCalculatorProviderBuilder.setProvider(provider);
+
+        return this;
+    }
+
+    public NfcSyncPGPContentSignerBuilder setProvider(String providerName)
+    {
+        digestCalculatorProviderBuilder.setProvider(providerName);
+
+        return this;
+    }
+
+    public NfcSyncPGPContentSignerBuilder setDigestProvider(Provider provider)
+    {
+        digestCalculatorProviderBuilder.setProvider(provider);
+
+        return this;
+    }
+
+    public NfcSyncPGPContentSignerBuilder setDigestProvider(String providerName)
+    {
+        digestCalculatorProviderBuilder.setProvider(providerName);
+
+        return this;
+    }
+
+    public PGPContentSigner build(final int signatureType, PGPPrivateKey privateKey)
+        throws PGPException {
+        // NOTE: privateKey is null in this case!
+        return build(signatureType, keyID);
+    }
+
+    public PGPContentSigner build(final int signatureType, final long keyID)
+        throws PGPException
+    {
+        final PGPDigestCalculator digestCalculator = digestCalculatorProviderBuilder.build().get(hashAlgorithm);
+
+        return new PGPContentSigner()
+        {
+            public int getType()
+            {
+                return signatureType;
+            }
+
+            public int getHashAlgorithm()
+            {
+                return hashAlgorithm;
+            }
+
+            public int getKeyAlgorithm()
+            {
+                return keyAlgorithm;
+            }
+
+            public long getKeyID()
+            {
+                return keyID;
+            }
+
+            public OutputStream getOutputStream()
+            {
+                return digestCalculator.getOutputStream();
+            }
+
+            public byte[] getSignature() {
+                byte[] digest = digestCalculator.getDigest();
+                ByteBuffer buf = ByteBuffer.wrap(digest);
+                if (signedHashes.containsKey(buf)) {
+                    return (byte[]) signedHashes.get(buf);
+                }
+                // catch this when signatureGenerator.generate() is executed and divert digest to card,
+                // when doing the operation again reuse creationTimestamp (this will be hashed)
+                throw new NfcInteractionNeeded(digest, getHashAlgorithm());
+            }
+
+            public byte[] getDigest()
+            {
+                return digestCalculator.getDigest();
+            }
+        };
+    }
+}

OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/SessionKeySecretKeyDecryptorBuilder.java

@@ -0,0 +1,116 @@
+/**
+ * Copyright (c) 2016 Vincent Breitmoser
+ *
+ * Licensed under the Bouncy Castle License (MIT license). See LICENSE file for details.
+ */
+
+package org.bouncycastle.openpgp.operator.jcajce;
+
+
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.Provider;
+
+import javax.crypto.BadPaddingException;
+import javax.crypto.Cipher;
+import javax.crypto.IllegalBlockSizeException;
+import javax.crypto.spec.IvParameterSpec;
+import org.bouncycastle.bcpg.S2K;
+import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
+import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
+import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
+import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
+
+
+/** This is a builder for a special PBESecretKeyDecryptor which is parametrized by a
+ * fixed session key, which is used in place of the one obtained from a passphrase.
+ */
+public class SessionKeySecretKeyDecryptorBuilder
+{
+    private OperatorHelper helper = new OperatorHelper(new DefaultJcaJceHelper());
+    private PGPDigestCalculatorProvider calculatorProvider;
+
+    private JcaPGPDigestCalculatorProviderBuilder calculatorProviderBuilder;
+
+    public SessionKeySecretKeyDecryptorBuilder()
+    {
+        this.calculatorProviderBuilder = new JcaPGPDigestCalculatorProviderBuilder();
+    }
+
+    public SessionKeySecretKeyDecryptorBuilder(PGPDigestCalculatorProvider calculatorProvider)
+    {
+        this.calculatorProvider = calculatorProvider;
+    }
+
+    public SessionKeySecretKeyDecryptorBuilder setProvider(Provider provider)
+    {
+        this.helper = new OperatorHelper(new ProviderJcaJceHelper(provider));
+
+        if (calculatorProviderBuilder != null)
+        {
+            calculatorProviderBuilder.setProvider(provider);
+        }
+
+        return this;
+    }
+
+    public SessionKeySecretKeyDecryptorBuilder setProvider(String providerName)
+    {
+        this.helper = new OperatorHelper(new NamedJcaJceHelper(providerName));
+
+        if (calculatorProviderBuilder != null)
+        {
+            calculatorProviderBuilder.setProvider(providerName);
+        }
+
+        return this;
+    }
+
+    public PBESecretKeyDecryptor build(final byte[] sessionKey)
+        throws PGPException
+    {
+        if (calculatorProvider == null)
+        {
+            calculatorProvider = calculatorProviderBuilder.build();
+        }
+
+        return new PBESecretKeyDecryptor(null, calculatorProvider)
+        {
+            @Override
+            public byte[] makeKeyFromPassPhrase(int keyAlgorithm, S2K s2k) throws PGPException {
+                return sessionKey;
+            }
+
+            public byte[] recoverKeyData(int encAlgorithm, byte[] key, byte[] iv, byte[] keyData, int keyOff, int keyLen)
+                throws PGPException
+            {
+                try
+                {
+                    Cipher c = helper.createCipher(PGPUtil.getSymmetricCipherName(encAlgorithm) + "/CFB/NoPadding");
+
+                    c.init(Cipher.DECRYPT_MODE, PGPUtil.makeSymmetricKey(encAlgorithm, key), new IvParameterSpec(iv));
+
+                    return c.doFinal(keyData, keyOff, keyLen);
+                }
+                catch (IllegalBlockSizeException e)
+                {
+                    throw new PGPException("illegal block size: " + e.getMessage(), e);
+                }
+                catch (BadPaddingException e)
+                {
+                    throw new PGPException("bad padding: " + e.getMessage(), e);
+                }
+                catch (InvalidAlgorithmParameterException e)
+                {
+                    throw new PGPException("invalid parameter: " + e.getMessage(), e);
+                }
+                catch (InvalidKeyException e)
+                {
+                    throw new PGPException("invalid key: " + e.getMessage(), e);
+                }
+            }
+        };
+    }
+}