EdDSA keys compatible with Java

Identity.cpp

@@ -509,7 +509,7 @@ namespace data
 				m_Signer.reset (new i2p::crypto::RSASHA5124096Signer (m_SigningPrivateKey));
 			break;	
 			case SIGNING_KEY_TYPE_EDDSA_SHA512_ED25519:
-				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey));
+				m_Signer.reset (new i2p::crypto::EDDSA25519Signer (m_SigningPrivateKey, m_Public->GetStandardIdentity ().certificate - i2p::crypto::EDDSA25519_PUBLIC_KEY_LENGTH));
 			break;
 			default:
 				LogPrint (eLogError, "Identity: Signing key type ", (int)m_Public->GetSigningKeyType (), " is not supported");

Signature.cpp

@@ -467,17 +467,27 @@ namespace crypto
 		return GetEd25519 ()->Verify (m_PublicKey, digest, signature);
 	}
 
-	EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey)
+	EDDSA25519Signer::EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey)
 	{ 
 		// expand key
 		SHA512 (signingPrivateKey, EDDSA25519_PRIVATE_KEY_LENGTH, m_ExpandedPrivateKey);
 		m_ExpandedPrivateKey[0] &= 0xF8; // drop last 3 bits 
-		m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] &= 0x1F; // drop first 3 bits
+		m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] &= 0x3F; // drop first 2 bits
 		m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] |= 0x40; // set second bit
+		
 		// generate and encode public key
 		BN_CTX * ctx = BN_CTX_new ();	
 		auto publicKey = GetEd25519 ()->GeneratePublicKey (m_ExpandedPrivateKey, ctx);
 		GetEd25519 ()->EncodePublicKey (publicKey, m_PublicKeyEncoded, ctx);	
+		
+		if (signingPublicKey && memcmp (m_PublicKeyEncoded, signingPublicKey, EDDSA25519_PUBLIC_KEY_LENGTH))
+		{
+			// keys don't match, it means older key with 0x1F
+			LogPrint (eLogWarning, "Older EdDSA key detected");
+			m_ExpandedPrivateKey[EDDSA25519_PRIVATE_KEY_LENGTH - 1] &= 0xDF; // drop third bit 
+			publicKey = GetEd25519 ()->GeneratePublicKey (m_ExpandedPrivateKey, ctx);
+			GetEd25519 ()->EncodePublicKey (publicKey, m_PublicKeyEncoded, ctx);	
+		}
 		BN_CTX_free (ctx);
 	} 
 		

Signature.h

@@ -424,7 +424,8 @@ namespace crypto
 	{
 		public:
 
-			EDDSA25519Signer (const uint8_t * signingPrivateKey); 
+			EDDSA25519Signer (const uint8_t * signingPrivateKey, const uint8_t * signingPublicKey = nullptr); 
+			// we pass signingPublicKey to check if it matches private key 
 			void Sign (const uint8_t * buf, int len, uint8_t * signature) const; 
 			const uint8_t * GetPublicKey () const { return m_PublicKeyEncoded; };