Avoid MPI encoding for Ed25519,Ed448 signatures

Author: vanitasvitae

pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java

@@ -451,23 +451,14 @@ public byte[] getSignature()
             {
                 signature = BigIntegers.asUnsignedByteArray(sigValues[0].getValue());
             }
-            else if (getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY ||
-                getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed25519)
+            else if (getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY)
             {
                 byte[] a = BigIntegers.asUnsignedByteArray(sigValues[0].getValue());
                 byte[] b = BigIntegers.asUnsignedByteArray(sigValues[1].getValue());
                 signature = new byte[Ed25519.SIGNATURE_SIZE];
                 System.arraycopy(a, 0, signature, Ed25519.PUBLIC_KEY_SIZE - a.length, a.length);
                 System.arraycopy(b, 0, signature, Ed25519.SIGNATURE_SIZE - b.length, b.length);
             }
-            else if (getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed448)
-            {
-                byte[] a = BigIntegers.asUnsignedByteArray(sigValues[0].getValue());
-                byte[] b = BigIntegers.asUnsignedByteArray(sigValues[1].getValue());
-                signature = new byte[Ed448.SIGNATURE_SIZE];
-                System.arraycopy(a, 0, signature, Ed448.PUBLIC_KEY_SIZE - a.length, a.length);
-                System.arraycopy(b, 0, signature, Ed448.SIGNATURE_SIZE - b.length, b.length);
-            }
             else
             {
                 try

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureGenerator.java

@@ -178,16 +178,20 @@ public PGPSignature generate()
             sigValues = new MPInteger[1];
             sigValues[0] = new MPInteger(new BigInteger(1, contentSigner.getSignature()));
         }
-        else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY ||
-            contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed25519 ||
-            contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed448)
+        else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY)
         {
             byte[] enc = contentSigner.getSignature();
             sigValues = new MPInteger[]{
                 new MPInteger(new BigInteger(1, Arrays.copyOfRange(enc, 0, enc.length / 2))),
                 new MPInteger(new BigInteger(1, Arrays.copyOfRange(enc, enc.length / 2, enc.length)))
             };
         }
+        else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed25519 ||
+            contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed448)
+        {
+            // Contrary to EDDSA_LEGACY, the new PK algorithms Ed25519, Ed448 do not use MPI encoding
+            sigValues = null;
+        }
         else
         {
             sigValues = PGPUtil.dsaSigToMpi(contentSigner.getSignature());
@@ -199,7 +203,14 @@ else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY
         fingerPrint[0] = digest[0];
         fingerPrint[1] = digest[1];
 
-        return new PGPSignature(new SignaturePacket(sigType, contentSigner.getKeyID(), contentSigner.getKeyAlgorithm(), contentSigner.getHashAlgorithm(), hPkts, unhPkts, fingerPrint, sigValues));
+        if (sigValues != null) {
+            return new PGPSignature(new SignaturePacket(sigType, contentSigner.getKeyID(), contentSigner.getKeyAlgorithm(),
+                    contentSigner.getHashAlgorithm(), hPkts, unhPkts, fingerPrint, sigValues));
+        } else {
+            // Ed25519, Ed448 use raw encoding instead of MPI
+            return new PGPSignature(new SignaturePacket(4, sigType, contentSigner.getKeyID(), contentSigner.getKeyAlgorithm(),
+                    contentSigner.getHashAlgorithm(), hPkts, unhPkts, fingerPrint, contentSigner.getSignature()));
+        }
     }
 
     /**