integrate EdDSAAuthenticationSigner into default signer using enablePreHash parameter

2021-04-29 17:51:39 +02:00
parent 8c576682e1
commit f8724d3f42
3 changed files with 38 additions and 79 deletions
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedSecretKey.java
@@ -223,8 +223,8 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
        if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
            // use synchronous "NFC based" SignerBuilder
            return new NfcSyncPGPContentSignerBuilder(
-                    mSecretKey.getPublicKey().getAlgorithm(), hashAlgo,
-                    mSecretKey.getKeyID(), signedHashes)
+                    mSecretKey.getPublicKey().getAlgorithm(), mSecretKey.getKeyID(),
+                    true, hashAlgo, signedHashes)
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        } else {
            // content signer based on signing key algorithm and chosen hash algorithm
@@ -257,12 +257,11 @@ public class CanonicalizedSecretKey extends CanonicalizedPublicKey {
            byte[]> signedHashes) {
        if (getAlgorithm() == PublicKeyAlgorithmTags.EDDSA) {
            // content signer feeding the input directly into the signature engine,
-            // since EdDSA hashes the input anyway
+            // no pre-hashing for EdDSA!
            if (mPrivateKeyState == PRIVATE_KEY_STATE_DIVERT_TO_CARD) {
                return new NfcSyncPGPContentSignerBuilder(
-                        mSecretKey.getPublicKey().getAlgorithm(), hashAlgorithm,
-                        mSecretKey.getKeyID(), signedHashes)
-                        .configureForEdDsaAuthenticationSignature()
+                        mSecretKey.getPublicKey().getAlgorithm(), mSecretKey.getKeyID(),
+                        false, hashAlgorithm, signedHashes)
                        .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
            } else {
                return new EdDsaAuthenticationContentSignerBuilder(
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/PgpKeyOperation.java
@@ -1511,8 +1511,9 @@ public class PgpKeyOperation {
        if (divertToCard) {
            // use synchronous "NFC based" SignerBuilder
            builder = new NfcSyncPGPContentSignerBuilder(
-                    pKey.getAlgorithm(), PgpSecurityConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO,
-                    pKey.getKeyID(), cryptoInput.getCryptoData())
+                    pKey.getAlgorithm(), pKey.getKeyID(),
+                    true, PgpSecurityConstants.SECRET_KEY_BINDING_SIGNATURE_HASH_ALGO,
+                    cryptoInput.getCryptoData())
                    .setProvider(Constants.BOUNCY_CASTLE_PROVIDER_NAME);
        } else {
            // content signer based on signing key algorithm and chosen hash algorithm