create generateHKDFBytes, isX25519. Refactor: makeKeyFromPassPhrase

Author: gefeili

pg/src/main/java/org/bouncycastle/bcpg/SymmetricKeyEncSessionPacket.java

@@ -71,6 +71,9 @@ else if (version == VERSION_5 || version == VERSION_6)
 
             // https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-07.html#section-5.3.2-3.5
             int s2kOctetCount = in.read();
+
+            //TODO: use this line to replace the following code?
+            //s2k = new S2K(in);
             s2kBytes = new byte[s2kOctetCount];
             in.readFully(s2kBytes);
             try

pg/src/main/java/org/bouncycastle/openpgp/operator/PGPUtil.java

@@ -94,6 +94,7 @@ else if (s2k.getHashAlgorithm() != digestCalculator.getAlgorithm())
 
         try
         {
+            byte[] iv = s2k != null? s2k.getIV() : null;
             while (generatedBytes < keyBytes.length)
             {
                 if (s2k != null)
@@ -103,8 +104,6 @@ else if (s2k.getHashAlgorithm() != digestCalculator.getAlgorithm())
                         dOut.write(0);
                     }
 
-                    byte[] iv = s2k.getIV();
-
                     switch (s2k.getType())
                     {
                     case S2K.SIMPLE:

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcAEADUtil.java

@@ -91,21 +91,25 @@ protected static long getChunkLength(int chunkSize)
      * @param salt       salt
      * @param hkdfInfo   HKDF info
      * @return message key and separate IV
-     * @throws PGPException
      */
     static byte[][] deriveMessageKeyAndIv(int aeadAlgo, int cipherAlgo, byte[] sessionKey, byte[] salt, byte[] hkdfInfo)
-        throws PGPException
+    {
+        int keyLen = SymmetricKeyUtils.getKeyLengthInOctets(cipherAlgo);
+        int ivLen = AEADUtils.getIVLength(aeadAlgo);
+        byte[] messageKeyAndIv = generateHKDFBytes(sessionKey, salt, hkdfInfo, keyLen + ivLen - 8);
+
+        return new byte[][]{Arrays.copyOfRange(messageKeyAndIv, 0, keyLen), Arrays.copyOfRange(messageKeyAndIv, keyLen, keyLen + ivLen)};
+    }
+
+    static byte[] generateHKDFBytes(byte[] sessionKey, byte[] salt, byte[] hkdfInfo, int len)
     {
         HKDFParameters hkdfParameters = new HKDFParameters(sessionKey, salt, hkdfInfo);
         HKDFBytesGenerator hkdfGen = new HKDFBytesGenerator(new SHA256Digest());
 
         hkdfGen.init(hkdfParameters);
-        int keyLen = SymmetricKeyUtils.getKeyLengthInOctets(cipherAlgo);
-        int ivLen = AEADUtils.getIVLength(aeadAlgo);
-        byte[] messageKeyAndIv = new byte[keyLen + ivLen - 8];
+        byte[] messageKeyAndIv = new byte[len];
         hkdfGen.generateBytes(messageKeyAndIv, 0, messageKeyAndIv.length);
-
-        return new byte[][]{Arrays.copyOfRange(messageKeyAndIv, 0, keyLen), Arrays.copyOfRange(messageKeyAndIv, keyLen, keyLen + ivLen)};
+        return messageKeyAndIv;
     }
 
     public static AEADBlockCipher createAEADCipher(int encAlgorithm, int aeadAlgorithm)

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPBEDataDecryptorFactory.java

@@ -8,12 +8,8 @@
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.engines.CamelliaEngine;
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
 import org.bouncycastle.crypto.modes.AEADBlockCipher;
 import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.HKDFParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPSessionKey;
@@ -94,13 +90,10 @@ public byte[] recoverAEADEncryptedSessionData(SymmetricKeyEncSessionPacket keyDa
 
         byte[] hkdfInfo = keyData.getAAData(); // Between v5 and v6, these bytes differ
         int kekLen = SymmetricKeyUtils.getKeyLengthInOctets(keyData.getEncAlgorithm());
-        byte[] kek = new byte[kekLen];
 
         // HKDF
         // secretKey := HKDF_sha256(ikm, hkdfInfo).generate()
-        HKDFBytesGenerator hkdfGen = new HKDFBytesGenerator(new SHA256Digest());
-        hkdfGen.init(new HKDFParameters(ikm, null, hkdfInfo));
-        hkdfGen.generateBytes(kek, 0, kek.length);
+        byte[] kek = BcAEADUtil.generateHKDFBytes(ikm, null, hkdfInfo, kekLen);
         final KeyParameter secretKey = new KeyParameter(kek);
 
         // AEAD

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPBEKeyEncryptionMethodGenerator.java

@@ -7,12 +7,8 @@
 import org.bouncycastle.crypto.BlockCipher;
 import org.bouncycastle.crypto.BufferedBlockCipher;
 import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.digests.SHA256Digest;
-import org.bouncycastle.crypto.engines.CamelliaEngine;
-import org.bouncycastle.crypto.generators.HKDFBytesGenerator;
 import org.bouncycastle.crypto.modes.AEADCipher;
 import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.HKDFParameters;
 import org.bouncycastle.crypto.params.KeyParameter;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator;
@@ -113,15 +109,8 @@ protected byte[] encryptSessionInfo(int encAlgorithm, byte[] key, byte[] session
     }
 
     protected byte[] generateV6KEK(int kekAlgorithm, byte[] ikm, byte[] info)
-        throws PGPException
     {
-        HKDFBytesGenerator hkdf = new HKDFBytesGenerator(new SHA256Digest());
-        hkdf.init(new HKDFParameters(ikm, null, info));
-
-        int kekLen = SymmetricKeyUtils.getKeyLengthInOctets(kekAlgorithm);
-        byte[] kek = new byte[kekLen];
-        hkdf.generateBytes(kek, 0, kek.length);
-        return kek;
+        return BcAEADUtil.generateHKDFBytes(ikm, null, info, SymmetricKeyUtils.getKeyLengthInOctets(kekAlgorithm));
     }
 
     protected byte[] getEskAndTag(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo, byte[] key, byte[] iv, byte[] info)

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPGPKeyConverter.java

@@ -122,7 +122,7 @@ public AsymmetricKeyParameter getPrivateKey(PGPPrivateKey privKey)
             {
                 ECDHPublicBCPGKey ecdhPub = (ECDHPublicBCPGKey)pubPk.getKey();
 
-                if (CryptlibObjectIdentifiers.curvey25519.equals(ecdhPub.getCurveOID()))
+                if (BcUtil.isX25519(ecdhPub.getCurveOID()))
                 {
                     return PrivateKeyFactory.createKey(getPrivateKeyInfo(EdECObjectIdentifiers.id_X25519,
                         Arrays.reverseInPlace(BigIntegers.asUnsignedByteArray(((ECSecretBCPGKey)privPk).getX()))));
@@ -209,7 +209,7 @@ public AsymmetricKeyParameter getPublicKey(PGPPublicKey publicKey)
             {
                 ECDHPublicBCPGKey ecdhK = (ECDHPublicBCPGKey)publicPk.getKey();
 
-                if (ecdhK.getCurveOID().equals(CryptlibObjectIdentifiers.curvey25519))
+                if (BcUtil.isX25519(ecdhK.getCurveOID()))
                 {
                     byte[] pEnc = BigIntegers.asUnsignedByteArray(ecdhK.getEncodedPoint());
                     // skip the 0x40 header byte.

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.java

@@ -3,7 +3,6 @@
 import java.io.IOException;
 import java.math.BigInteger;
 
-import org.bouncycastle.asn1.cryptlib.CryptlibObjectIdentifiers;
 import org.bouncycastle.bcpg.AEADEncDataPacket;
 import org.bouncycastle.bcpg.ECDHPublicBCPGKey;
 import org.bouncycastle.bcpg.HashAlgorithmTags;
@@ -110,7 +109,7 @@ else if (keyAlgorithm == PublicKeyAlgorithmTags.ECDH)
 
                 ECDHPublicBCPGKey ecPubKey = (ECDHPublicBCPGKey)pgpPrivKey.getPublicKeyPacket().getKey();
                 // XDH
-                if (ecPubKey.getCurveOID().equals(CryptlibObjectIdentifiers.curvey25519))
+                if (BcUtil.isX25519(ecPubKey.getCurveOID()))
                 {
                     if (pEnc.length != 1 + X25519PublicKeyParameters.KEY_SIZE || 0x40 != pEnc[0])
                     {

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPublicKeyKeyEncryptionMethodGenerator.java

@@ -4,7 +4,6 @@
 import java.math.BigInteger;
 import java.security.SecureRandom;
 
-import org.bouncycastle.asn1.cryptlib.CryptlibObjectIdentifiers;
 import org.bouncycastle.bcpg.ECDHPublicBCPGKey;
 import org.bouncycastle.bcpg.HashAlgorithmTags;
 import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
@@ -13,7 +12,6 @@
 import org.bouncycastle.crypto.AsymmetricBlockCipher;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPairGenerator;
-import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.KeyGenerationParameters;
 import org.bouncycastle.crypto.RawAgreement;
 import org.bouncycastle.crypto.Wrapper;
@@ -32,7 +30,6 @@
 import org.bouncycastle.crypto.params.X25519PublicKeyParameters;
 import org.bouncycastle.crypto.params.X448KeyGenerationParameters;
 import org.bouncycastle.crypto.params.X448PublicKeyParameters;
-import org.bouncycastle.internal.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKey;
 import org.bouncycastle.openpgp.operator.PGPPad;
@@ -86,7 +83,7 @@ protected byte[] encryptSessionInfo(PGPPublicKey pubKey, byte[] sessionInfo)
             {
                 ECDHPublicBCPGKey ecPubKey = (ECDHPublicBCPGKey)pubKeyPacket.getKey();
                 byte[] userKeyingMaterial = RFC6637Utils.createUserKeyingMaterial(pubKeyPacket, new BcKeyFingerprintCalculator());
-                if (ecPubKey.getCurveOID().equals(CryptlibObjectIdentifiers.curvey25519) || ecPubKey.getCurveOID().equals(EdECObjectIdentifiers.id_X25519))
+                if (BcUtil.isX25519(ecPubKey.getCurveOID()))
                 {
                     AsymmetricCipherKeyPair ephKp = getAsymmetricCipherKeyPair(new X25519KeyPairGenerator(), new X25519KeyGenerationParameters(random));
 

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcUtil.java

@@ -4,6 +4,8 @@
 import java.math.BigInteger;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.cryptlib.CryptlibObjectIdentifiers;
+import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.bcpg.AEADEncDataPacket;
@@ -125,4 +127,9 @@ static byte[] getSecret(RawAgreement agreement, AsymmetricKeyParameter privKey,
         agreement.calculateAgreement(ephPub, secret, 0);
         return secret;
     }
+
+    static boolean isX25519(ASN1ObjectIdentifier curveID)
+    {
+        return curveID.equals(CryptlibObjectIdentifiers.curvey25519) || curveID.equals(EdECObjectIdentifiers.id_X25519);
+    }
 }

pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcaJcePGPUtil.java

@@ -12,6 +12,8 @@
 import javax.crypto.spec.SecretKeySpec;
 
 import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.cryptlib.CryptlibObjectIdentifiers;
+import org.bouncycastle.asn1.edec.EdECObjectIdentifiers;
 import org.bouncycastle.asn1.x9.ECNamedCurveTable;
 import org.bouncycastle.asn1.x9.X9ECParameters;
 import org.bouncycastle.bcpg.PublicKeyPacket;
@@ -79,4 +81,9 @@ static Key getSecret(OperatorHelper helper, PublicKey cryptoPublicKey, String ke
         agreement.doPhase(cryptoPublicKey, true);
         return agreement.generateSecret(keyEncryptionOID);
     }
+
+    static boolean isX25519(ASN1ObjectIdentifier curveID)
+    {
+        return curveID.equals(CryptlibObjectIdentifiers.curvey25519) || curveID.equals(EdECObjectIdentifiers.id_X25519);
+    }
 }