1
0
Fork 0
mirror of https://github.com/pgpainless/pgpainless.git synced 2024-12-22 10:57:58 +01:00

Kotlin conversion: HashContextSigning

This commit is contained in:
Paul Schaub 2023-09-26 14:47:05 +02:00
parent a50be47fa4
commit 53b1e3ff71
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
7 changed files with 222 additions and 331 deletions

View file

@ -1,66 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.encryption_signing;
import java.security.MessageDigest;
import java.util.List;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import org.bouncycastle.openpgp.PGPSecretKey;
import org.bouncycastle.openpgp.PGPSecretKeyRing;
import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.PGPSignatureGenerator;
import org.pgpainless.PGPainless;
import org.pgpainless.algorithm.SignatureType;
import org.pgpainless.key.info.KeyRingInfo;
import org.pgpainless.key.protection.SecretKeyRingProtector;
import org.pgpainless.key.protection.UnlockSecretKey;
import javax.annotation.Nonnull;
public class BcHashContextSigner {
public static PGPSignature signHashContext(@Nonnull MessageDigest hashContext,
@Nonnull SignatureType signatureType,
@Nonnull PGPSecretKeyRing secretKeys,
@Nonnull SecretKeyRingProtector protector)
throws PGPException {
KeyRingInfo info = PGPainless.inspectKeyRing(secretKeys);
List<PGPPublicKey> signingSubkeyCandidates = info.getSigningSubkeys();
PGPSecretKey signingKey = null;
for (PGPPublicKey signingKeyCandidate : signingSubkeyCandidates) {
signingKey = secretKeys.getSecretKey(signingKeyCandidate.getKeyID());
if (signingKey != null) {
break;
}
}
if (signingKey == null) {
throw new PGPException("Key does not contain suitable signing subkey.");
}
PGPPrivateKey privateKey = UnlockSecretKey.unlockSecretKey(signingKey, protector);
return signHashContext(hashContext, signatureType, privateKey);
}
/**
* Create an OpenPGP Signature over the given {@link MessageDigest} hash context.
*
* @param hashContext hash context
* @param privateKey signing-capable key
* @return signature
* @throws PGPException in case of an OpenPGP error
*/
static PGPSignature signHashContext(MessageDigest hashContext, SignatureType signatureType, PGPPrivateKey privateKey)
throws PGPException {
PGPSignatureGenerator sigGen = new PGPSignatureGenerator(
new BcPGPHashContextContentSignerBuilder(hashContext)
);
sigGen.init(signatureType.getCode(), privateKey);
return sigGen.generate();
}
}

View file

@ -1,174 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.encryption_signing;
import java.io.OutputStream;
import java.security.MessageDigest;
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
import org.bouncycastle.crypto.CipherParameters;
import org.bouncycastle.crypto.CryptoException;
import org.bouncycastle.crypto.DataLengthException;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters;
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters;
import org.bouncycastle.crypto.signers.DSADigestSigner;
import org.bouncycastle.crypto.signers.DSASigner;
import org.bouncycastle.crypto.signers.ECDSASigner;
import org.bouncycastle.crypto.signers.Ed25519Signer;
import org.bouncycastle.crypto.signers.Ed448Signer;
import org.bouncycastle.crypto.signers.RSADigestSigner;
import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.operator.PGPContentSigner;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
import org.bouncycastle.openpgp.operator.bc.BcPGPKeyConverter;
import org.bouncycastle.util.Arrays;
import org.pgpainless.algorithm.HashAlgorithm;
import org.pgpainless.algorithm.PublicKeyAlgorithm;
/**
* Implementation of {@link PGPContentSignerBuilder} using the BC API, which can be used to sign hash contexts.
* This can come in handy to sign data, which was already processed to calculate the hash context, without the
* need to process it again to calculate the OpenPGP signature.
*/
class BcPGPHashContextContentSignerBuilder extends PGPHashContextContentSignerBuilder {
private final BcPGPKeyConverter keyConverter = new BcPGPKeyConverter();
private final MessageDigest messageDigest;
private final HashAlgorithm hashAlgorithm;
BcPGPHashContextContentSignerBuilder(MessageDigest messageDigest) {
this.messageDigest = messageDigest;
this.hashAlgorithm = requireFromName(messageDigest.getAlgorithm());
}
private static HashAlgorithm requireFromName(String digestName) {
HashAlgorithm hashAlgorithm = HashAlgorithm.fromName(digestName);
if (hashAlgorithm == null) {
throw new IllegalArgumentException("Cannot recognize OpenPGP Hash Algorithm: " + digestName);
}
return hashAlgorithm;
}
@Override
public PGPContentSigner build(int signatureType, PGPPrivateKey privateKey) throws PGPException {
PublicKeyAlgorithm keyAlgorithm = PublicKeyAlgorithm.requireFromId(privateKey.getPublicKeyPacket().getAlgorithm());
AsymmetricKeyParameter privKeyParam = keyConverter.getPrivateKey(privateKey);
final Signer signer = createSigner(keyAlgorithm, messageDigest, privKeyParam);
signer.init(true, privKeyParam);
return new PGPContentSigner() {
public int getType() {
return signatureType;
}
public int getHashAlgorithm() {
return hashAlgorithm.getAlgorithmId();
}
public int getKeyAlgorithm() {
return keyAlgorithm.getAlgorithmId();
}
public long getKeyID() {
return privateKey.getKeyID();
}
public OutputStream getOutputStream() {
return new PGPHashContextContentSignerBuilder.SignerOutputStream(signer);
}
public byte[] getSignature() {
try {
return signer.generateSignature();
} catch (CryptoException e) {
throw new IllegalStateException("unable to create signature");
}
}
public byte[] getDigest() {
return messageDigest.digest();
}
};
}
static Signer createSigner(
PublicKeyAlgorithm keyAlgorithm,
MessageDigest messageDigest,
CipherParameters keyParam)
throws PGPException {
ExistingMessageDigest staticDigest = new ExistingMessageDigest(messageDigest);
switch (keyAlgorithm.getAlgorithmId()) {
case PublicKeyAlgorithmTags.RSA_GENERAL:
case PublicKeyAlgorithmTags.RSA_SIGN:
return new RSADigestSigner(staticDigest);
case PublicKeyAlgorithmTags.DSA:
return new DSADigestSigner(new DSASigner(), staticDigest);
case PublicKeyAlgorithmTags.ECDSA:
return new DSADigestSigner(new ECDSASigner(), staticDigest);
case PublicKeyAlgorithmTags.EDDSA:
if (keyParam instanceof Ed25519PrivateKeyParameters || keyParam instanceof Ed25519PublicKeyParameters) {
return new EdDsaSigner(new Ed25519Signer(), staticDigest);
}
return new EdDsaSigner(new Ed448Signer(new byte[0]), staticDigest);
default:
throw new PGPException("cannot recognise keyAlgorithm: " + keyAlgorithm);
}
}
// Copied from BCs BcImplProvider - required since BCs class is package visible only :/
private static class EdDsaSigner
implements Signer {
private final Signer signer;
private final Digest digest;
private final byte[] digBuf;
EdDsaSigner(Signer signer, Digest digest) {
this.signer = signer;
this.digest = digest;
this.digBuf = new byte[digest.getDigestSize()];
}
public void init(boolean forSigning, CipherParameters param) {
this.signer.init(forSigning, param);
this.digest.reset();
}
public void update(byte b) {
this.digest.update(b);
}
public void update(byte[] in, int off, int len) {
this.digest.update(in, off, len);
}
public byte[] generateSignature()
throws CryptoException, DataLengthException {
digest.doFinal(digBuf, 0);
signer.update(digBuf, 0, digBuf.length);
return signer.generateSignature();
}
public boolean verifySignature(byte[] signature) {
digest.doFinal(digBuf, 0);
signer.update(digBuf, 0, digBuf.length);
return signer.verifySignature(signature);
}
public void reset() {
Arrays.clear(digBuf);
signer.reset();
digest.reset();
}
}
}

View file

@ -1,83 +0,0 @@
// SPDX-FileCopyrightText: 2022 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.encryption_signing;
import java.io.OutputStream;
import java.security.MessageDigest;
import javax.annotation.Nonnull;
import org.bouncycastle.crypto.Digest;
import org.bouncycastle.crypto.Signer;
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
abstract class PGPHashContextContentSignerBuilder implements PGPContentSignerBuilder {
// Copied from BC, required since BCs class is package visible only
static class SignerOutputStream
extends OutputStream {
private Signer sig;
SignerOutputStream(Signer sig) {
this.sig = sig;
}
public void write(@Nonnull byte[] bytes, int off, int len) {
sig.update(bytes, off, len);
}
public void write(@Nonnull byte[] bytes) {
sig.update(bytes, 0, bytes.length);
}
public void write(int b) {
sig.update((byte) b);
}
}
static class ExistingMessageDigest implements Digest {
private final MessageDigest digest;
ExistingMessageDigest(MessageDigest messageDigest) {
this.digest = messageDigest;
}
@Override
public void update(byte in) {
digest.update(in);
}
@Override
public void update(byte[] in, int inOff, int len) {
digest.update(in, inOff, len);
}
@Override
public int doFinal(byte[] out, int outOff) {
byte[] hash = digest.digest();
System.arraycopy(hash, 0, out, outOff, hash.length);
return getDigestSize();
}
@Override
public void reset() {
// Nope!
// We cannot reset, since BCs signer classes are resetting in their init() methods, which would also reset
// the messageDigest, losing its state. This would shatter our intention.
}
@Override
public String getAlgorithmName() {
return digest.getAlgorithm();
}
@Override
public int getDigestSize() {
return digest.getDigestLength();
}
}
}

View file

@ -1,8 +0,0 @@
// SPDX-FileCopyrightText: 2018 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
/**
* Classes used to encrypt or sign data using OpenPGP.
*/
package org.pgpainless.encryption_signing;

View file

@ -0,0 +1,49 @@
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.encryption_signing
import org.bouncycastle.extensions.unlock
import org.bouncycastle.openpgp.PGPException
import org.bouncycastle.openpgp.PGPPrivateKey
import org.bouncycastle.openpgp.PGPSecretKeyRing
import org.bouncycastle.openpgp.PGPSignature
import org.bouncycastle.openpgp.PGPSignatureGenerator
import org.pgpainless.PGPainless
import org.pgpainless.algorithm.SignatureType
import org.pgpainless.key.protection.SecretKeyRingProtector
import java.security.MessageDigest
class BcHashContextSigner {
companion object {
@JvmStatic
fun signHashContext(hashContext: MessageDigest,
signatureType: SignatureType,
secretKey: PGPSecretKeyRing,
protector: SecretKeyRingProtector): PGPSignature {
val info = PGPainless.inspectKeyRing(secretKey)
return info.signingSubkeys.mapNotNull { info.getSecretKey(it.keyID) }.firstOrNull()
?.let { signHashContext(hashContext, signatureType, it.unlock(protector)) }
?: throw PGPException("Key does not contain suitable signing subkey.")
}
/**
* Create an OpenPGP Signature over the given [MessageDigest] hash context.
*
* @param hashContext hash context
* @param privateKey signing-capable key
* @return signature
* @throws PGPException in case of an OpenPGP error
*/
@JvmStatic
internal fun signHashContext(hashContext: MessageDigest,
signatureType: SignatureType,
privateKey: PGPPrivateKey): PGPSignature {
return PGPSignatureGenerator(BcPGPHashContextContentSignerBuilder(hashContext))
.apply { init(signatureType.code, privateKey) }
.generate()
}
}
}

View file

@ -0,0 +1,131 @@
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.encryption_signing
import org.bouncycastle.bcpg.PublicKeyAlgorithmTags
import org.bouncycastle.crypto.CipherParameters
import org.bouncycastle.crypto.CryptoException
import org.bouncycastle.crypto.Digest
import org.bouncycastle.crypto.Signer
import org.bouncycastle.crypto.params.Ed25519PrivateKeyParameters
import org.bouncycastle.crypto.params.Ed25519PublicKeyParameters
import org.bouncycastle.crypto.signers.DSADigestSigner
import org.bouncycastle.crypto.signers.DSASigner
import org.bouncycastle.crypto.signers.ECDSASigner
import org.bouncycastle.crypto.signers.Ed25519Signer
import org.bouncycastle.crypto.signers.Ed448Signer
import org.bouncycastle.crypto.signers.RSADigestSigner
import org.bouncycastle.openpgp.PGPException
import org.bouncycastle.openpgp.PGPPrivateKey
import org.bouncycastle.openpgp.operator.PGPContentSigner
import org.bouncycastle.openpgp.operator.bc.BcPGPKeyConverter
import org.pgpainless.algorithm.HashAlgorithm
import org.pgpainless.algorithm.PublicKeyAlgorithm
import java.io.OutputStream
import java.security.MessageDigest
/**
* Implementation of [PGPContentSignerBuilder] using the BC API, which can be used to sign hash contexts.
* This can come in handy to sign data, which was already processed to calculate the hash context, without the
* need to process it again to calculate the OpenPGP signature.
*/
class BcPGPHashContextContentSignerBuilder(
private val messageDigest: MessageDigest
) : PGPHashContextContentSignerBuilder() {
private val keyConverter = BcPGPKeyConverter()
private val _hashAlgorithm: HashAlgorithm
init {
_hashAlgorithm = requireFromName(messageDigest.algorithm)
}
override fun build(signatureType: Int, privateKey: PGPPrivateKey): PGPContentSigner {
val keyAlgorithm = PublicKeyAlgorithm.requireFromId(privateKey.publicKeyPacket.algorithm)
val privKeyParam = keyConverter.getPrivateKey(privateKey)
val signer = createSigner(keyAlgorithm, messageDigest, privKeyParam)
signer.init(true, privKeyParam)
return object : PGPContentSigner {
override fun getOutputStream(): OutputStream = SignerOutputStream(signer)
override fun getSignature(): ByteArray = try {
signer.generateSignature()
} catch (e : CryptoException) {
throw IllegalStateException("unable to create signature.", e)
}
override fun getDigest(): ByteArray = messageDigest.digest()
override fun getType(): Int = signatureType
override fun getHashAlgorithm(): Int = _hashAlgorithm.algorithmId
override fun getKeyAlgorithm(): Int = keyAlgorithm.algorithmId
override fun getKeyID(): Long = privateKey.keyID
}
}
companion object {
@JvmStatic
private fun requireFromName(digestName: String): HashAlgorithm {
val algorithm = HashAlgorithm.fromName(digestName)
require(algorithm != null) { "Cannot recognize OpenPGP Hash Algorithm: $digestName"}
return algorithm
}
@JvmStatic
private fun createSigner(keyAlgorithm: PublicKeyAlgorithm,
messageDigest: MessageDigest,
keyParam: CipherParameters): Signer {
val staticDigest = ExistingMessageDigest(messageDigest)
return when (keyAlgorithm.algorithmId) {
PublicKeyAlgorithmTags.RSA_GENERAL, PublicKeyAlgorithmTags.RSA_SIGN -> RSADigestSigner(staticDigest)
PublicKeyAlgorithmTags.DSA -> DSADigestSigner(DSASigner(), staticDigest)
PublicKeyAlgorithmTags.ECDSA -> DSADigestSigner(ECDSASigner(), staticDigest)
PublicKeyAlgorithmTags.EDDSA_LEGACY -> {
if (keyParam is Ed25519PrivateKeyParameters || keyParam is Ed25519PublicKeyParameters)
EdDsaSigner(Ed25519Signer(), staticDigest)
else EdDsaSigner(Ed448Signer(byteArrayOf()), staticDigest)
}
else -> throw PGPException("cannot recognize keyAlgorithm: $keyAlgorithm")
}
}
}
// Copied from BCs BcImplProvider - required since BCs class is package visible only :/
internal class EdDsaSigner(
private val signer: Signer,
private val digest: Digest
) : Signer {
private val digBuf: ByteArray = ByteArray(digest.digestSize)
override fun init(forSigning: Boolean, param: CipherParameters) {
signer.init(forSigning, param)
digest.reset()
}
override fun update(b: Byte) {
digest.update(b)
}
override fun update(b: ByteArray, off: Int, len: Int) {
digest.update(b, off, len)
}
override fun generateSignature(): ByteArray {
digest.doFinal(digBuf, 0)
signer.update(digBuf, 0, digBuf.size)
return signer.generateSignature()
}
override fun verifySignature(signature: ByteArray): Boolean {
digest.doFinal(digBuf, 0)
signer.update(digBuf, 0, digBuf.size)
return signer.verifySignature(signature)
}
override fun reset() {
digBuf.fill(0)
signer.reset()
digest.reset()
}
}
}

View file

@ -0,0 +1,42 @@
// SPDX-FileCopyrightText: 2023 Paul Schaub <vanitasvitae@fsfe.org>
//
// SPDX-License-Identifier: Apache-2.0
package org.pgpainless.encryption_signing
import org.bouncycastle.crypto.Digest
import org.bouncycastle.crypto.Signer
import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder
import java.io.OutputStream
import java.security.MessageDigest
abstract class PGPHashContextContentSignerBuilder : PGPContentSignerBuilder {
// Copied from BC, required since BCs class is package visible only
internal class SignerOutputStream(
private val signer: Signer
) : OutputStream() {
override fun write(p0: Int) = signer.update(p0.toByte())
override fun write(b: ByteArray) = signer.update(b, 0, b.size)
override fun write(b: ByteArray, off: Int, len: Int) = signer.update(b, off, len)
}
internal class ExistingMessageDigest(
private val digest: MessageDigest
) : Digest {
override fun getAlgorithmName(): String = digest.algorithm
override fun getDigestSize(): Int = digest.digestLength
override fun update(b: Byte) = digest.update(b)
override fun update(buf: ByteArray, inOff: Int, len: Int) = digest.update(buf)
override fun doFinal(out: ByteArray, outOff: Int): Int {
digest.digest().copyInto(out, outOff)
return digestSize
}
override fun reset() {
// Nope!
// We cannot reset, since BCs signer classes are resetting in their init() methods, which would also reset
// the messageDigest, losing its state. This would shatter our intention.
}
}
}