Skip to content

Commit fc8adcc

Browse files
committed
Avoid MPI encoding for Ed25519,Ed448 signatures
1 parent 87c7c97 commit fc8adcc

File tree

2 files changed

+16
-14
lines changed

2 files changed

+16
-14
lines changed

pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java

Lines changed: 1 addition & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -451,23 +451,14 @@ public byte[] getSignature()
451451
{
452452
signature = BigIntegers.asUnsignedByteArray(sigValues[0].getValue());
453453
}
454-
else if (getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY ||
455-
getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed25519)
454+
else if (getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY)
456455
{
457456
byte[] a = BigIntegers.asUnsignedByteArray(sigValues[0].getValue());
458457
byte[] b = BigIntegers.asUnsignedByteArray(sigValues[1].getValue());
459458
signature = new byte[Ed25519.SIGNATURE_SIZE];
460459
System.arraycopy(a, 0, signature, Ed25519.PUBLIC_KEY_SIZE - a.length, a.length);
461460
System.arraycopy(b, 0, signature, Ed25519.SIGNATURE_SIZE - b.length, b.length);
462461
}
463-
else if (getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed448)
464-
{
465-
byte[] a = BigIntegers.asUnsignedByteArray(sigValues[0].getValue());
466-
byte[] b = BigIntegers.asUnsignedByteArray(sigValues[1].getValue());
467-
signature = new byte[Ed448.SIGNATURE_SIZE];
468-
System.arraycopy(a, 0, signature, Ed448.PUBLIC_KEY_SIZE - a.length, a.length);
469-
System.arraycopy(b, 0, signature, Ed448.SIGNATURE_SIZE - b.length, b.length);
470-
}
471462
else
472463
{
473464
try

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureGenerator.java

Lines changed: 15 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -178,16 +178,20 @@ public PGPSignature generate()
178178
sigValues = new MPInteger[1];
179179
sigValues[0] = new MPInteger(new BigInteger(1, contentSigner.getSignature()));
180180
}
181-
else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY ||
182-
contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed25519 ||
183-
contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed448)
181+
else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY)
184182
{
185183
byte[] enc = contentSigner.getSignature();
186184
sigValues = new MPInteger[]{
187185
new MPInteger(new BigInteger(1, Arrays.copyOfRange(enc, 0, enc.length / 2))),
188186
new MPInteger(new BigInteger(1, Arrays.copyOfRange(enc, enc.length / 2, enc.length)))
189187
};
190188
}
189+
else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed25519 ||
190+
contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.Ed448)
191+
{
192+
// Contrary to EDDSA_LEGACY, the new PK algorithms Ed25519, Ed448 do not use MPI encoding
193+
sigValues = null;
194+
}
191195
else
192196
{
193197
sigValues = PGPUtil.dsaSigToMpi(contentSigner.getSignature());
@@ -199,7 +203,14 @@ else if (contentSigner.getKeyAlgorithm() == PublicKeyAlgorithmTags.EDDSA_LEGACY
199203
fingerPrint[0] = digest[0];
200204
fingerPrint[1] = digest[1];
201205

202-
return new PGPSignature(new SignaturePacket(sigType, contentSigner.getKeyID(), contentSigner.getKeyAlgorithm(), contentSigner.getHashAlgorithm(), hPkts, unhPkts, fingerPrint, sigValues));
206+
if (sigValues != null) {
207+
return new PGPSignature(new SignaturePacket(sigType, contentSigner.getKeyID(), contentSigner.getKeyAlgorithm(),
208+
contentSigner.getHashAlgorithm(), hPkts, unhPkts, fingerPrint, sigValues));
209+
} else {
210+
// Ed25519, Ed448 use raw encoding instead of MPI
211+
return new PGPSignature(new SignaturePacket(4, sigType, contentSigner.getKeyID(), contentSigner.getKeyAlgorithm(),
212+
contentSigner.getHashAlgorithm(), hPkts, unhPkts, fingerPrint, contentSigner.getSignature()));
213+
}
203214
}
204215

205216
/**

0 commit comments

Comments
 (0)