From a230c48393392a1aa3ef865df9a55cbf0f5047eb Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Sun, 30 Jun 2024 18:55:27 +0200 Subject: [PATCH] Adapt changes to PGPSignatureGenerator --- .../encryption_signing/BcHashContextSigner.kt | 11 ++++++++--- .../pgpainless/encryption_signing/SigningOptions.kt | 6 +++--- .../org/pgpainless/key/generation/KeyRingBuilder.kt | 5 +++-- .../key/util/PublicKeyParameterValidationUtil.kt | 3 ++- .../signature/builder/AbstractSignatureBuilder.kt | 3 ++- .../KeyWithUnknownSecretKeyEncryptionMethodTest.kt | 1 - 6 files changed, 18 insertions(+), 11 deletions(-) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt index 47aed2be..aab8b8c1 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/BcHashContextSigner.kt @@ -7,6 +7,7 @@ package org.pgpainless.encryption_signing import java.security.MessageDigest import org.bouncycastle.openpgp.PGPException import org.bouncycastle.openpgp.PGPPrivateKey +import org.bouncycastle.openpgp.PGPPublicKey import org.bouncycastle.openpgp.PGPSecretKeyRing import org.bouncycastle.openpgp.PGPSignature import org.bouncycastle.openpgp.PGPSignatureGenerator @@ -29,7 +30,9 @@ class BcHashContextSigner { return info.signingSubkeys .mapNotNull { info.getSecretKey(it.keyID) } .firstOrNull() - ?.let { signHashContext(hashContext, signatureType, it.unlock(protector)) } + ?.let { + signHashContext(hashContext, signatureType, it.unlock(protector), it.publicKey) + } ?: throw PGPException("Key does not contain suitable signing subkey.") } @@ -45,9 +48,11 @@ class BcHashContextSigner { internal fun signHashContext( hashContext: MessageDigest, signatureType: SignatureType, - privateKey: PGPPrivateKey + privateKey: PGPPrivateKey, + publicKey: PGPPublicKey ): PGPSignature { - return PGPSignatureGenerator(BcPGPHashContextContentSignerBuilder(hashContext)) + return PGPSignatureGenerator( + BcPGPHashContextContentSignerBuilder(hashContext), publicKey) .apply { init(signatureType.code, privateKey) } .generate() } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt index 1e8cd545..15d494c1 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/encryption_signing/SigningOptions.kt @@ -385,7 +385,7 @@ class SigningOptions { val generator: PGPSignatureGenerator = createSignatureGenerator( signingSubkey, - signingKey.getPublicKey(signingSubkey.keyID).version, + signingKey.getPublicKey(signingSubkey.keyID), hashAlgorithm, signatureType) @@ -429,7 +429,7 @@ class SigningOptions { @Throws(PGPException::class) private fun createSignatureGenerator( privateKey: PGPPrivateKey, - signatureVersion: Int, + publicKey: PGPPublicKey, hashAlgorithm: HashAlgorithm, signatureType: DocumentSignatureType ): PGPSignatureGenerator { @@ -437,7 +437,7 @@ class SigningOptions { .getPGPContentSignerBuilder( privateKey.publicKeyPacket.algorithm, hashAlgorithm.algorithmId) .let { csb -> - PGPSignatureGenerator(csb, signatureVersion).also { + PGPSignatureGenerator(csb, publicKey).also { it.init(signatureType.signatureType.code, privateKey) } } diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt index 05adf7d9..16b25bd3 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/generation/KeyRingBuilder.kt @@ -94,7 +94,7 @@ class KeyRingBuilder : KeyRingBuilderInterface { requireNotNull(primaryKeySpec) { "Primary Key spec required." } val certKey = generateKeyPair(primaryKeySpec!!) val signer = buildContentSigner(certKey) - val signatureGenerator = PGPSignatureGenerator(signer) + val signatureGenerator = PGPSignatureGenerator(signer, certKey.publicKey) val hashedSubPacketGenerator = primaryKeySpec!!.subpacketGenerator hashedSubPacketGenerator.setIssuerFingerprintAndKeyId(certKey.publicKey) @@ -206,7 +206,8 @@ class KeyRingBuilder : KeyRingBuilderInterface { return hashedSubpackets } - val bindingSignatureGenerator = PGPSignatureGenerator(buildContentSigner(subKey)) + val bindingSignatureGenerator = + PGPSignatureGenerator(buildContentSigner(subKey), subKey.publicKey) bindingSignatureGenerator.init(SignatureType.PRIMARYKEY_BINDING.code, subKey.privateKey) val primaryKeyBindingSig = bindingSignatureGenerator.generateCertification(primaryKey.publicKey, subKey.publicKey) diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/PublicKeyParameterValidationUtil.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/PublicKeyParameterValidationUtil.kt index a1e79bf3..107f3383 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/PublicKeyParameterValidationUtil.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/util/PublicKeyParameterValidationUtil.kt @@ -226,7 +226,8 @@ class PublicKeyParameterValidationUtil { PGPSignatureGenerator( getInstance() .getPGPContentSignerBuilder( - requireFromId(publicKey.algorithm), HashAlgorithm.SHA256)) + requireFromId(publicKey.algorithm), HashAlgorithm.SHA256), + publicKey) return try { signatureGenerator .apply { diff --git a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt index eaf05df1..25b1e6ed 100644 --- a/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt +++ b/pgpainless-core/src/main/kotlin/org/pgpainless/signature/builder/AbstractSignatureBuilder.kt @@ -111,7 +111,8 @@ abstract class AbstractSignatureBuilder>( PGPSignatureGenerator( ImplementationFactory.getInstance() .getPGPContentSignerBuilder( - publicSigningKey.algorithm, hashAlgorithm.algorithmId)) + publicSigningKey.algorithm, hashAlgorithm.algorithmId), + publicSigningKey) .apply { setUnhashedSubpackets(SignatureSubpacketsHelper.toVector(_unhashedSubpackets)) setHashedSubpackets(SignatureSubpacketsHelper.toVector(_hashedSubpackets)) diff --git a/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithUnknownSecretKeyEncryptionMethodTest.kt b/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithUnknownSecretKeyEncryptionMethodTest.kt index 471101f3..52372413 100644 --- a/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithUnknownSecretKeyEncryptionMethodTest.kt +++ b/pgpainless-core/src/test/kotlin/org/pgpainless/key/KeyWithUnknownSecretKeyEncryptionMethodTest.kt @@ -6,7 +6,6 @@ package org.pgpainless.key import org.junit.jupiter.api.Assertions.assertEquals import org.junit.jupiter.api.Assertions.assertNotNull -import org.junit.jupiter.api.Disabled import org.junit.jupiter.api.Test import org.pgpainless.PGPainless