Initial GnuDivertToCard format support. Relates to github #116

Author: dghgit

CONTRIBUTORS.html

@@ -564,6 +564,7 @@
 <li>zhsnew &lt;https://github.com/zhsnew&gt; - correct AsconCXof128 implementation and add test vectors</li>
 <li>mt-johan &lt;https://github.com/mt-johan&gt; - patch to preserve PRF on initializing from protectionAlgorithm with PBMAC1.</li>
 <li>oscerd &lt;https://github.com/oscerd&gt; - comment corrections in GMSSRootSig.java.</li>
+<li>Léonard Dallot &lt;[email protected]&gt; - initial patches for GNU PG Divert to card format support.</li>
 </ul>
 </body>
 </html>

pg/src/main/java/org/bouncycastle/bcpg/GnuExtendedS2K.java

@@ -0,0 +1,19 @@
+package org.bouncycastle.bcpg;
+
+/**
+ * Add a constructor fort GNU-extended S2K
+ * <p>
+ * This extension is documented on GnuPG documentation DETAILS file,
+ * section "GNU extensions to the S2K algorithm". Its support is
+ * already present in S2K class but lack for a constructor.
+ */
+public class GnuExtendedS2K
+    extends S2K
+{
+    public GnuExtendedS2K(int mode)
+    {
+        super(0x0);
+        this.type = GNU_DUMMY_S2K;
+        this.protectionMode = mode;
+    }
+}

pg/src/main/java/org/bouncycastle/openpgp/PGPSecretKey.java

@@ -36,6 +36,7 @@
 import org.bouncycastle.bcpg.X25519SecretBCPGKey;
 import org.bouncycastle.bcpg.X448SecretBCPGKey;
 import org.bouncycastle.gpg.SExprParser;
+import org.bouncycastle.openpgp.operator.GnuDivertToCardSecretKeyEncryptor;
 import org.bouncycastle.openpgp.operator.KeyFingerPrintCalculator;
 import org.bouncycastle.openpgp.operator.PBEProtectionRemoverFactory;
 import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptor;
@@ -552,7 +553,8 @@ public Iterator<PGPUserAttributeSubpacketVector> getUserAttributes()
         return pub.getUserAttributes();
     }
 
-    private byte[] extractKeyData(PBESecretKeyDecryptor decryptorFactory) throws PGPException
+    private byte[] extractKeyData(PBESecretKeyDecryptor decryptorFactory)
+        throws PGPException
     {
         byte[] encData = secret.getSecretKeyData();
 
@@ -887,7 +889,8 @@ public static PGPSecretKey copyWithNewPassword(
         byte[] keyData;
         int newEncAlgorithm = SymmetricKeyAlgorithmTags.NULL;
 
-        if (newKeyEncryptor == null || newKeyEncryptor.getAlgorithm() == SymmetricKeyAlgorithmTags.NULL)
+        if (newKeyEncryptor == null
+            || (newKeyEncryptor.getAlgorithm() == SymmetricKeyAlgorithmTags.NULL && !(newKeyEncryptor instanceof GnuDivertToCardSecretKeyEncryptor)))
         {
             s2kUsage = SecretKeyPacket.USAGE_NONE;
             if (key.secret.getS2KUsage() == SecretKeyPacket.USAGE_SHA1)   // SHA-1 hash, need to rewrite checksum
@@ -997,7 +1000,7 @@ public static PGPSecretKey copyWithNewPassword(
 
         SecretKeyPacket secret;
 
-        if (newKeyEncryptor!= null && newKeyEncryptor.getAeadAlgorithm() > 0)
+        if (newKeyEncryptor != null && newKeyEncryptor.getAeadAlgorithm() > 0)
         {
             s2kUsage = SecretKeyPacket.USAGE_AEAD;
             secret = generateSecretKeyPacket(!(key.secret instanceof SecretSubkeyPacket), key.secret.getPublicKeyPacket(), newEncAlgorithm, newKeyEncryptor.getAeadAlgorithm(), s2kUsage, s2k, iv, keyData);

pg/src/main/java/org/bouncycastle/openpgp/operator/GnuDivertToCardSecretKeyEncryptor.java

@@ -0,0 +1,54 @@
+package org.bouncycastle.openpgp.operator;
+
+import org.bouncycastle.bcpg.GnuExtendedS2K;
+import org.bouncycastle.bcpg.S2K;
+import org.bouncycastle.openpgp.PGPException;
+
+/**
+ * Secret key encryptor that allows to represent a secret key embedded
+ * on a smartcard, using GNU S2K extensions.
+ * <p>
+ * This extension is documented on GnuPG documentation DETAILS file,
+ * section "GNU extensions to the S2K algorithm".
+ */
+public class GnuDivertToCardSecretKeyEncryptor
+    extends PBESecretKeyEncryptor
+{
+    private byte[] serial;
+
+    public GnuDivertToCardSecretKeyEncryptor(PGPDigestCalculator s2kDigestCalculator, byte[] serial)
+    {
+        super(0, s2kDigestCalculator, 0, null, null);
+        this.s2k = new GnuExtendedS2K(S2K.GNU_PROTECTION_MODE_DIVERT_TO_CARD);
+        this.serial = new byte[serial.length + 1];
+        this.serial[0] = (byte)serial.length;
+        System.arraycopy(serial, 0, this.serial, 1, serial.length);
+    }
+
+    @Override
+    public byte[] encryptKeyData(byte[] key, byte[] keyData, int keyOff,
+                                 int keyLen)
+        throws PGPException
+    {
+        if (serial != null && serial.length > 16)
+        {
+            byte[] result = new byte[17];
+            System.arraycopy(serial, 0, result, 0, result.length);
+            return result;
+        }
+        return serial;
+    }
+
+    @Override
+    public byte[] getKey()
+        throws PGPException
+    {
+        return null;
+    }
+
+    @Override
+    public byte[] getCipherIV()
+    {
+        return new byte[0];
+    }
+}