Merge branch '1809-pgp-librepgp-ocbencrypteddata' into 'main'

1809 pgp librepgp ocbencrypteddata See merge request root/bc-java!19
bcgit · Sep 12, 2024 · c005424 · c005424
2 parents 3c9c1fa + bb58c09
commit c005424
Show file tree

Hide file tree

Showing 8 changed files with 323 additions and 40 deletions.
diff --git a/pg/src/main/java/org/bouncycastle/bcpg/SymmetricKeyEncSessionPacket.java b/pg/src/main/java/org/bouncycastle/bcpg/SymmetricKeyEncSessionPacket.java
@@ -1,6 +1,5 @@
 package org.bouncycastle.bcpg;
 
-import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.EOFException;
 import java.io.IOException;
@@ -19,6 +18,7 @@ public class SymmetricKeyEncSessionPacket
 
  /**
  * Version 5 SKESK packet.
+ * LibrePGP only.
  * Used only with {@link AEADEncDataPacket AED} packets.
  */
  public static final int VERSION_5 = 5;
@@ -40,11 +40,12 @@ public class SymmetricKeyEncSessionPacket
  private byte[] authTag; // V5, V6
 
  public SymmetricKeyEncSessionPacket(
-  BCPGInputStream in)
-  throws IOException
+ BCPGInputStream in)
+ throws IOException
  {
  this(in, false);
  }
+
  public SymmetricKeyEncSessionPacket(
  BCPGInputStream in,
  boolean newPacketFormat)
@@ -63,30 +64,28 @@ public SymmetricKeyEncSessionPacket(
  }
  else if (version == VERSION_5 || version == VERSION_6)
  {
- // https://www.rfc-editor.org/rfc/rfc9580.html#section-5.3.2-3.2.1
- // SymAlg + AEADAlg + S2KCount + S2K + IV
- int next5Fields5Count = in.read();
+ int ivLen = 0;
+ if (version == VERSION_6)
+ {
+ // https://www.rfc-editor.org/rfc/rfc9580.html#section-5.3.2-3.2.1
+ // SymAlg + AEADAlg + S2KCount + S2K + IV
+ ivLen = in.read(); // next5Fields5Count
+ }
  encAlgorithm = in.read();
  aeadAlgorithm = in.read();
+ if (version == VERSION_6)
+ {
+ // https://www.rfc-editor.org/rfc/rfc9580.html#section-5.3.2-3.5.1
+ int s2kOctetCount = in.read();
+ ivLen = ivLen - 3 - s2kOctetCount;
+ }
+ else
+ {
+ ivLen = AEADUtils.getIVLength(aeadAlgorithm);
+ }
 
- // https://www.rfc-editor.org/rfc/rfc9580.html#section-5.3.2-3.5.1
- int s2kOctetCount = in.read();
-
- //TODO: use this line to replace the following code?
  s2k = new S2K(in);
-// s2kBytes = new byte[s2kOctetCount];
-// in.readFully(s2kBytes);
-// try
-// {
-// s2k = new S2K(new ByteArrayInputStream(s2kBytes));
-// }
-// catch (UnsupportedPacketVersionException e)
-// {
-//
-// // We gracefully catch the error.
-// }
-
- int ivLen = next5Fields5Count - 3 - s2kOctetCount;
+
  iv = new byte[ivLen]; // also called nonce
  if (in.read(iv) != iv.length)
  {
@@ -108,7 +107,6 @@ else if (version == VERSION_5 || version == VERSION_6)
  {
  throw new UnsupportedPacketVersionException("Unsupported PGP symmetric-key encrypted session key packet version encountered: " + version);
  }
-
  }
 
  /**
@@ -361,4 +359,4 @@ else if (version == VERSION_5 || version == VERSION_6)
 
  out.writePacket(hasNewPacketFormat(), SYMMETRIC_KEY_ENC_SESSION, bOut.toByteArray());
  }
-}
+}
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKey.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKey.java
@@ -70,7 +70,7 @@ else if (publicPk.getVersion() == PublicKeyPacket.VERSION_4)
  {
  this.keyID = Pack.bigEndianToLong(fingerprint, fingerprint.length - 8);
  }
- else if (publicPk.getVersion() == PublicKeyPacket.VERSION_6)
+ else if (publicPk.getVersion() == PublicKeyPacket.LIBREPGP_5 || publicPk.getVersion() == PublicKeyPacket.VERSION_6)
  {
  this.keyID = Pack.bigEndianToLong(fingerprint, 0);
  }

diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/RFC6637Utils.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/RFC6637Utils.java
@@ -115,8 +115,15 @@ public static byte[] createUserKeyingMaterial(PublicKeyPacket pubKeyData, KeyFin
  pOut.write(ecKey.getHashAlgorithm());
  pOut.write(ecKey.getSymmetricKeyAlgorithm());
  pOut.write(ANONYMOUS_SENDER);
- pOut.write(fingerPrintCalculator.calculateFingerprint(pubKeyData));
-
+ byte[] fp = fingerPrintCalculator.calculateFingerprint(pubKeyData);
+ if (pubKeyData.getVersion() == PublicKeyPacket.LIBREPGP_5)
+ {
+ pOut.write(fp, 0, 20);
+ }
+ else
+ {
+ pOut.write(fp);
+ }
  return pOut.toByteArray();
  }
 

diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPBEDataDecryptorFactory.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPBEDataDecryptorFactory.java
@@ -5,6 +5,7 @@
 import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket;
 import org.bouncycastle.bcpg.SymmetricKeyUtils;
+import org.bouncycastle.bcpg.UnsupportedPacketVersionException;
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
@@ -89,12 +90,24 @@ public byte[] recoverAEADEncryptedSessionData(SymmetricKeyEncSessionPacket keyDa
  }
 
  byte[] hkdfInfo = keyData.getAAData(); // Between v5 and v6, these bytes differ
- int kekLen = SymmetricKeyUtils.getKeyLengthInOctets(keyData.getEncAlgorithm());
 
- // HKDF
- // secretKey := HKDF_sha256(ikm, hkdfInfo).generate()
- byte[] kek = BcAEADUtil.generateHKDFBytes(ikm, null, hkdfInfo, kekLen);
- final KeyParameter secretKey = new KeyParameter(kek);
+ KeyParameter secretKey;
+ if (keyData.getVersion() == SymmetricKeyEncSessionPacket.VERSION_5)
+ {
+ secretKey = new KeyParameter(ikm);
+ }
+ else if (keyData.getVersion() == SymmetricKeyEncSessionPacket.VERSION_6)
+ {
+ // HKDF
+ // secretKey := HKDF_sha256(ikm, hkdfInfo).generate()
+ int kekLen = SymmetricKeyUtils.getKeyLengthInOctets(keyData.getEncAlgorithm());
+ byte[] kek = BcAEADUtil.generateHKDFBytes(ikm, null, hkdfInfo, kekLen);
+ secretKey = new KeyParameter(kek);
+ }
+ else
+ {
+ throw new UnsupportedPacketVersionException("Unsupported SKESK packet version encountered: " + keyData.getVersion());
+ }
 
  // AEAD
  AEADBlockCipher aead = BcAEADUtil.createAEADCipher(keyData.getEncAlgorithm(), keyData.getAeadAlgorithm());
@@ -149,4 +162,4 @@ public PGPDataDecryptor createDataDecryptor(SymmetricEncIntegrityPacket seipd, P
  {
  return BcAEADUtil.createOpenPgpV6DataDecryptor(seipd, sessionKey);
  }
-}
+}
diff --git a/...main/java/org/bouncycastle/openpgp/operator/jcajce/JcePBEDataDecryptorFactoryBuilder.java b/...main/java/org/bouncycastle/openpgp/operator/jcajce/JcePBEDataDecryptorFactoryBuilder.java
@@ -12,6 +12,7 @@
 import org.bouncycastle.bcpg.SymmetricEncIntegrityPacket;
 import org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket;
 import org.bouncycastle.bcpg.SymmetricKeyUtils;
+import org.bouncycastle.bcpg.UnsupportedPacketVersionException;
 import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
 import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
@@ -140,12 +141,24 @@ public byte[] recoverAEADEncryptedSessionData(SymmetricKeyEncSessionPacket keyDa
  }
 
  byte[] hkdfInfo = keyData.getAAData(); // between v5 and v6, these bytes differ
- int kekLen = SymmetricKeyUtils.getKeyLengthInOctets(keyData.getEncAlgorithm());
 
- // HKDF
- // secretKey := HKDF_sha256(ikm, hkdfInfo).generate()
- byte[] kek = JceAEADUtil.generateHKDFBytes(ikm, null, hkdfInfo, kekLen);
- final SecretKey secretKey = new SecretKeySpec(kek, PGPUtil.getSymmetricCipherName(keyData.getEncAlgorithm()));
+ SecretKey secretKey;
+ if (keyData.getVersion() == SymmetricKeyEncSessionPacket.VERSION_5)
+ {
+ secretKey = new SecretKeySpec(ikm, PGPUtil.getSymmetricCipherName(keyData.getEncAlgorithm()));
+ }
+ else if (keyData.getVersion() == SymmetricKeyEncSessionPacket.VERSION_6)
+ {
+ // HKDF
+ // secretKey := HKDF_sha256(ikm, hkdfInfo).generate()
+ int kekLen = SymmetricKeyUtils.getKeyLengthInOctets(keyData.getEncAlgorithm());
+ byte[] kek = JceAEADUtil.generateHKDFBytes(ikm, null, hkdfInfo, kekLen);
+ secretKey = new SecretKeySpec(kek, PGPUtil.getSymmetricCipherName(keyData.getEncAlgorithm()));
+ }
+ else
+ {
+ throw new UnsupportedPacketVersionException("Unsupported SKESK packet version encountered: " + keyData.getVersion());
+ }
 
  // AEAD
  Cipher aead = aeadHelper.createAEADCipher(keyData.getEncAlgorithm(), keyData.getAeadAlgorithm());
@@ -201,4 +214,4 @@ public PGPDataDecryptor createDataDecryptor(SymmetricEncIntegrityPacket seipd, P
  }
  };
  }
-}
+}
diff --git a/pg/src/test/java/org/bouncycastle/openpgp/test/PGPv5KeyTest.java b/pg/src/test/java/org/bouncycastle/openpgp/test/PGPv5KeyTest.java
@@ -90,6 +90,10 @@ private void parseAndEncodeKey()
  isEncodingEqual("Fingerprint mismatch for the subkey.",
  Hex.decode("E4557C2B02FFBF4B04F87401EC336AF7133D0F85BE7FD09BAEFD9CAEB8C93965"), it.next().getFingerprint());
 
+ it = secretKeys.getPublicKeys();
+ isEquals( "Primary key ID mismatch", 1816212655223104514L, it.next().getKeyID());
+ isEquals("Subkey ID mismatch", -1993550735865823413L, it.next().getKeyID());
+
  bOut = new ByteArrayOutputStream();
  BCPGOutputStream pOut = new BCPGOutputStream(bOut, PacketFormat.LEGACY);
  secretKeys.encode(pOut);