Refactor in PGPKeyEncryptionMethodGenerator.open

gefeili · gefeili · commit 4926064c87c5 · 2024-12-13T15:06:05.000+10:30
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedDataGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPEncryptedDataGenerator.java
@@ -259,6 +259,26 @@ else if (directS2K)
         PGPDataEncryptor dataEncryptor = dataEncryptorBuilder.build(messageKey);
         digestCalc = dataEncryptor.getIntegrityCalculator();
         BCPGHeaderObject encOut;
+        int version = (dataEncryptor instanceof PGPAEADDataEncryptor ? (isV5StyleAEAD ? 5 : 6) : 4); // OpenPGP v4, v5 or v6
+        for (int i = 0; i < methods.size(); i++)
+        {
+            PGPKeyEncryptionMethodGenerator method = methods.get(i);
+            if (method instanceof PBEKeyEncryptionMethodGenerator)
+            {
+                PBEKeyEncryptionMethodGenerator mGen = (PBEKeyEncryptionMethodGenerator)method;
+                mGen.setKekAlgorithm(mGen.getSessionKeyWrapperAlgorithm(defAlgorithm));
+                if (version >= 5)
+                {
+                    mGen.setAEADAlgorithm(dataEncryptorBuilder.getAeadAlgorithm());
+                }
+                pOut.writePacket(mGen.generate(version, sessionInfo));
+            }
+            else if (method instanceof PublicKeyKeyEncryptionMethodGenerator)
+            {
+                PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator)method;
+                pOut.writePacket(mGen.generate(version != 6 ? PublicKeyEncSessionPacket.VERSION_3 : PublicKeyEncSessionPacket.VERSION_6, sessionInfo));
+            }
+        }
         try
         {
             // OpenPGP v5 or v6
@@ -269,25 +289,14 @@ else if (directS2K)
                 // data is encrypted by AEAD Encrypted Data packet (rfc4880bis10), so write v5 SKESK packet
                 if (isV5StyleAEAD)
                 {
-                    for (int i = 0; i < methods.size(); i++)
-                    {
-                        PGPKeyEncryptionMethodGenerator method = methods.get(i);
-                        writeOpenPGPv5ESKPacket(method, sessionInfo);
-                    }
                     byte[] iv = aeadDataEncryptor.getIV();
                     encOut = new AEADEncDataPacket(
                         dataEncryptorBuilder.getAlgorithm(), aeadDataEncryptor.getAEADAlgorithm(), aeadDataEncryptor.getChunkSize(), iv);
                     ivOrSaltLen = iv.length;
                 }
                 else // data is encrypted by v2 SEIPD (AEAD), so write v6 SKESK packet
                 {
-                    //https://www.rfc-editor.org/rfc/rfc9580.html#section-3.7.2.1 Table 2
                     //AEAD(HKDF(S2K(passphrase), info), secrets, packetprefix)
-                    for (int i = 0; i < methods.size(); i++)
-                    {
-                        PGPKeyEncryptionMethodGenerator method = methods.get(i);
-                        writeOpenPGPv6ESKPacket(method, sessionInfo);
-                    }
                     encOut = SymmetricEncIntegrityPacket.createVersion2Packet(
                         dataEncryptorBuilder.getAlgorithm(),
                         aeadDataEncryptor.getAEADAlgorithm(),
@@ -310,11 +319,6 @@ else if (directS2K)
             // OpenPGP v4
             else // data is encrypted by v1 SEIPD or SED packet, so write v4 SKESK packet
             {
-                for (int i = 0; i < methods.size(); i++)
-                {
-                    PGPKeyEncryptionMethodGenerator method = methods.get(i);
-                    writeOpenPGPv4ESKPacket(method, sessionInfo);
-                }
                 if (digestCalc != null)
                 {
                     encOut = SymmetricEncIntegrityPacket.createVersion1Packet();
@@ -368,89 +372,6 @@ else if (directS2K)
         }
     }
 
-    /**
-     * Write out a {@link org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket#VERSION_4 v4 SKESK} or
-     * {@link org.bouncycastle.bcpg.PublicKeyEncSessionPacket#VERSION_3 v3 PKESK} packet,
-     * depending on the method generator. This method is used by what can be referred to as OpenPGP v4.
-     *
-     * @param m           session key encryption method generator
-     * @param sessionInfo session info
-     * @throws IOException
-     * @throws PGPException
-     */
-    private void writeOpenPGPv4ESKPacket(PGPKeyEncryptionMethodGenerator m, byte[] sessionInfo)
-        throws IOException, PGPException
-    {
-        if (m instanceof PBEKeyEncryptionMethodGenerator)
-        {
-            PBEKeyEncryptionMethodGenerator mGen = (PBEKeyEncryptionMethodGenerator)m;
-            ContainedPacket esk = mGen.setKekAlgorithm(mGen.getSessionKeyWrapperAlgorithm(defAlgorithm))
-                .generate(SymmetricKeyEncSessionPacket.VERSION_4, sessionInfo);
-            pOut.writePacket(esk);
-        }
-        else if (m instanceof PublicKeyKeyEncryptionMethodGenerator)
-        {
-            PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator)m;
-            pOut.writePacket(mGen.generate(PublicKeyEncSessionPacket.VERSION_3, sessionInfo));
-        }
-    }
-
-    /**
-     * Write out a {@link org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket#VERSION_5 v5 SKESK} or
-     * {@link org.bouncycastle.bcpg.PublicKeyEncSessionPacket#VERSION_3 v3 PKESK} packet,
-     * depending on the method generator. This method is used by LibrePGP only.
-     *
-     * @param m           session key encryption method generator.
-     * @param sessionInfo session info
-     * @throws IOException
-     * @throws PGPException
-     */
-    private void writeOpenPGPv5ESKPacket(PGPKeyEncryptionMethodGenerator m, byte[] sessionInfo)
-        throws IOException, PGPException
-    {
-        if (m instanceof PBEKeyEncryptionMethodGenerator)
-        {
-            PBEKeyEncryptionMethodGenerator mGen = (PBEKeyEncryptionMethodGenerator)m;
-            ContainedPacket esk = mGen.setKekAlgorithm(mGen.getSessionKeyWrapperAlgorithm(defAlgorithm))
-                .setAEADAlgorithm(dataEncryptorBuilder.getAeadAlgorithm())
-                .generate(SymmetricKeyEncSessionPacket.VERSION_5, sessionInfo);
-            pOut.writePacket(esk);
-        }
-        else if (m instanceof PublicKeyKeyEncryptionMethodGenerator)
-        {
-            PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator)m;
-            pOut.writePacket(mGen.generate(PublicKeyEncSessionPacket.VERSION_3, sessionInfo));
-        }
-    }
-
-    /**
-     * Write out a {@link org.bouncycastle.bcpg.SymmetricKeyEncSessionPacket#VERSION_6 v6 SKESK} or
-     * {@link org.bouncycastle.bcpg.PublicKeyEncSessionPacket#VERSION_6 v6 PKESK} packet,
-     * depending on the method generator. This method is used by what can be referred to as OpenPGP v6.
-     *
-     * @param m             session key encryption method generator.
-     * @param sessionInfo   session info
-     * @throws IOException
-     * @throws PGPException
-     */
-    private void writeOpenPGPv6ESKPacket(PGPKeyEncryptionMethodGenerator m, byte[] sessionInfo)
-        throws IOException, PGPException
-    {
-        if (m instanceof PBEKeyEncryptionMethodGenerator)
-        {
-            PBEKeyEncryptionMethodGenerator mGen = (PBEKeyEncryptionMethodGenerator)m;
-            ContainedPacket esk = mGen.setKekAlgorithm(mGen.getSessionKeyWrapperAlgorithm(defAlgorithm))
-                .setAEADAlgorithm(dataEncryptorBuilder.getAeadAlgorithm())
-                .generate(SymmetricKeyEncSessionPacket.VERSION_6, sessionInfo);
-            pOut.writePacket(esk);
-        }
-        else if (m instanceof PublicKeyKeyEncryptionMethodGenerator)
-        {
-            PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator)m;
-            pOut.writePacket(mGen.generate(PublicKeyEncSessionPacket.VERSION_6, sessionInfo));
-        }
-    }
-
     /**
      * Create an OutputStream based on the configured methods to write a single encrypted object of
      * known length.
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/PBEKeyEncryptionMethodGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/PBEKeyEncryptionMethodGenerator.java
@@ -117,6 +117,9 @@ public PBEKeyEncryptionMethodGenerator setSessionKeyWrapperAlgorithm(int wrapAlg
         return this;
     }
 
+    /**
+     * the {@link SymmetricKeyAlgorithmTags encryption algorithm} being used to wrap the session key
+     * */
     public PBEKeyEncryptionMethodGenerator setKekAlgorithm(int kekAlgorithm)
     {
         this.kekAlgorithm = kekAlgorithm;
@@ -174,6 +177,33 @@ public byte[] getKey(int encAlgorithm)
         return PGPUtil.makeKeyFromPassPhrase(s2kDigestCalculator, encAlgorithm, s2k, passPhrase);
     }
 
+    /**
+     * Generates a version 4 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted
+     * session-key for this method.
+     * SKESKv4 packets are used by Symmetrically-Encrypted-Integrity-Protected-Data (SEIPD) packets
+     * of version 1, or by (deprecated) Symmetrically-Encrypted-Data (SED) packets.
+     * <p/>
+     * Generates a version 5 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted
+     * session-key for this method.
+     * SKESKv5 packets are used with {@link org.bouncycastle.bcpg.AEADEncDataPacket OCB-Encrypted Data (OED) packets}
+     * only.
+     * AEAD algorithm ID (MUST be {@link org.bouncycastle.bcpg.AEADAlgorithmTags#OCB})
+     * <p/>
+     * Generates a version 6 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted
+     * session-key for this method.
+     * SKESKv6 packets are used with Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets of
+     * version 2 only.
+     * A SKESKv6 packet MUST NOT precede a SEIPDv1, OED or SED packet.
+     * @param sessionInfo  session data generated by the encrypted data generator.
+     * @return a packet encoding the provided information and the configuration of this instance.
+     * @throws PGPException if an error occurs constructing the packet.
+     * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-version-4-symmetric-key-enc">
+     * RFC9580 - Symmetric-Key Encrypted Session-Key Packet version 4</a>
+     * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-02.html#section-5.3-8">
+     * LibrePGP - Symmetric-Key Encrypted Session-Key Packet version 5</a>
+     * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-version-6-symmetric-key-enc">
+     * RFC9580 - Symmetric-Key Encrypted Session-Key Packet version 6</a>
+     */
     public ContainedPacket generate(int version, byte[] sessionInfo)
         throws PGPException
     {
@@ -230,119 +260,6 @@ else if (version == SymmetricKeyEncSessionPacket.VERSION_5 || version == Symmetr
         throw new PGPException("Unexpected version number");
     }
 
-    /**
-     * Generates a version 4 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted
-     * session-key for this method.
-     * SKESKv4 packets are used by Symmetrically-Encrypted-Integrity-Protected-Data (SEIPD) packets
-     * of version 1, or by (deprecated) Symmetrically-Encrypted-Data (SED) packets.
-     * You MUST NOT use them when producing SEIPDv2 packets (use {@link #generateV6(int, int, byte[])}
-     * instead in that case).
-     *
-     * @param kekAlgorithm the {@link SymmetricKeyAlgorithmTags encryption algorithm} being used to
-     *                     wrap the session key
-     * @param sessionInfo  session data generated by the encrypted data generator.
-     * @return a packet encoding the provided information and the configuration of this instance.
-     * @throws PGPException if an error occurs constructing the packet.
-     * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-version-4-symmetric-key-enc">
-     * RFC9580 - Symmetric-Key Encrypted Session-Key Packet version 4</a>
-     */
-    public ContainedPacket generateV4(int kekAlgorithm, byte[] sessionInfo)
-        throws PGPException
-    {
-        if (sessionInfo == null)
-        {
-            return SymmetricKeyEncSessionPacket.createV4Packet(kekAlgorithm, s2k, null);
-        }
-
-        byte[] key = getKey(kekAlgorithm);
-        //
-        // the passed in session info has the an RSA/ElGamal checksum added to it, for PBE this is not included.
-        //
-        byte[] nSessionInfo = new byte[sessionInfo.length - 2];
-
-        System.arraycopy(sessionInfo, 0, nSessionInfo, 0, nSessionInfo.length);
-
-        return SymmetricKeyEncSessionPacket.createV4Packet(kekAlgorithm, s2k, encryptSessionInfo(kekAlgorithm, key, nSessionInfo));
-    }
-
-    /**
-     * Generates a version 5 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted
-     * session-key for this method.
-     * SKESKv5 packets are used with {@link org.bouncycastle.bcpg.AEADEncDataPacket OCB-Encrypted Data (OED) packets}
-     * only.
-     *
-     * @param kekAlgorithm  the {@link SymmetricKeyAlgorithmTags encryption algorithm} being used to
-     *                      wrap the session key
-     * @param aeadAlgorithm AEAD algorithm ID (MUST be {@link org.bouncycastle.bcpg.AEADAlgorithmTags#OCB})
-     * @param sessionInfo   session data generated by the encrypted data generator.
-     * @return a packet encoding the provided information and the configuration of this instance.
-     * @throws PGPException if an error occurs constructing the packet.
-     * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-02.html#section-5.3-8">
-     * LibrePGP - Symmetric-Key Encrypted Session-Key Packet version 5</a>
-     */
-    public ContainedPacket generateV5(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo)
-        throws PGPException
-    {
-        byte[] ikm = getKey(kekAlgorithm);
-        byte[] info = new byte[]{
-            (byte)0xC3,
-            (byte)SymmetricKeyEncSessionPacket.VERSION_5,
-            (byte)kekAlgorithm,
-            (byte)aeadAlgorithm
-        };
-
-        byte[] iv = new byte[AEADUtils.getIVLength(aeadAlgorithm)];
-        random.nextBytes(iv);
-
-        int tagLen = AEADUtils.getAuthTagLength(aeadAlgorithm);
-        byte[] sessionKey = getSessionKey(sessionInfo);
-        byte[] eskAndTag = getEskAndTag(kekAlgorithm, aeadAlgorithm, sessionKey, ikm, iv, info);
-        byte[] esk = Arrays.copyOfRange(eskAndTag, 0, eskAndTag.length - tagLen);
-        byte[] tag = Arrays.copyOfRange(eskAndTag, esk.length, eskAndTag.length);
-
-        return SymmetricKeyEncSessionPacket.createV5Packet(kekAlgorithm, aeadAlgorithm, iv, s2k, esk, tag);
-    }
-
-    /**
-     * Generates a version 6 Symmetric-Key-Encrypted-Session-Key (SKESK) packet, encoding the encrypted
-     * session-key for this method.
-     * SKESKv6 packets are used with Symmetrically-Encrypted Integrity-Protected Data (SEIPD) packets of
-     * version 2 only.
-     * A SKESKv6 packet MUST NOT precede a SEIPDv1, OED or SED packet.
-     *
-     * @param kekAlgorithm  the {@link SymmetricKeyAlgorithmTags encryption algorithm} being used to
-     *                      wrap the session key
-     * @param aeadAlgorithm AEAD algorithm ID
-     * @param sessionInfo   session data generated by the encrypted data generator.
-     * @return a packet encoding the provided information and the configuration of this instance.
-     * @throws PGPException if an error occurs constructing the packet.
-     * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-version-6-symmetric-key-enc">
-     * RFC9580 - Symmetric-Key Encrypted Session-Key Packet version 6</a>
-     */
-    public ContainedPacket generateV6(int kekAlgorithm, int aeadAlgorithm, byte[] sessionInfo)
-        throws PGPException
-    {
-        byte[] ikm = getKey(kekAlgorithm);
-        byte[] info = new byte[]{
-            (byte)0xC3,
-            (byte)SymmetricKeyEncSessionPacket.VERSION_6,
-            (byte)kekAlgorithm,
-            (byte)aeadAlgorithm
-        };
-        byte[] kek = generateV6KEK(kekAlgorithm, ikm, info);
-
-        byte[] iv = new byte[AEADUtils.getIVLength(aeadAlgorithm)];
-        random.nextBytes(iv);
-
-        int tagLen = AEADUtils.getAuthTagLength(aeadAlgorithm);
-        byte[] sk = getSessionKey(sessionInfo);
-        byte[] eskAndTag = getEskAndTag(kekAlgorithm, aeadAlgorithm, sk, kek, iv, info);
-        byte[] esk = Arrays.copyOfRange(eskAndTag, 0, eskAndTag.length - tagLen);
-        byte[] tag = Arrays.copyOfRange(eskAndTag, esk.length, eskAndTag.length);
-
-        return SymmetricKeyEncSessionPacket.createV6Packet(kekAlgorithm, aeadAlgorithm, iv, s2k, esk, tag);
-    }
-
     protected byte[] getSessionKey(byte[] sessionInfo)
     {
         byte[] sessionKey = new byte[sessionInfo.length - 3];
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/PublicKeyKeyEncryptionMethodGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/PublicKeyKeyEncryptionMethodGenerator.java
