@@ -256,72 +256,63 @@ else if (directS2K)
256256
257257 PGPDataEncryptor dataEncryptor = dataEncryptorBuilder .build (messageKey );
258258 digestCalc = dataEncryptor .getIntegrityCalculator ();
259-
260- for ( int i = 0 ; i < methods . size (); i ++)
259+ BCPGHeaderObject encOut ;
260+ try
261261 {
262- PGPKeyEncryptionMethodGenerator method = (PGPKeyEncryptionMethodGenerator )methods .get (i );
263262 // OpenPGP v5 or v6
264263 if (dataEncryptor instanceof PGPAEADDataEncryptor )
265264 {
266265 PGPAEADDataEncryptor aeadDataEncryptor = (PGPAEADDataEncryptor )dataEncryptor ;
266+ long ivOrSaltLen ;
267267 // data is encrypted by AEAD Encrypted Data packet (rfc4880bis10), so write v5 SKESK packet
268268 if (isV5StyleAEAD )
269269 {
270- writeOpenPGPv5ESKPacket (method , sessionInfo );
270+ for (int i = 0 ; i < methods .size (); i ++)
271+ {
272+ PGPKeyEncryptionMethodGenerator method = methods .get (i );
273+ writeOpenPGPv5ESKPacket (method , sessionInfo );
274+ }
275+ byte [] iv = aeadDataEncryptor .getIV ();
276+ encOut = new AEADEncDataPacket (
277+ dataEncryptorBuilder .getAlgorithm (), aeadDataEncryptor .getAEADAlgorithm (), aeadDataEncryptor .getChunkSize (), iv );
278+ ivOrSaltLen = iv .length ;
271279 }
272280 else // data is encrypted by v2 SEIPD (AEAD), so write v6 SKESK packet
273281 {
274282 //https://www.rfc-editor.org/rfc/rfc9580.html#section-3.7.2.1 Table 2
275283 //AEAD(HKDF(S2K(passphrase), info), secrets, packetprefix)
276- writeOpenPGPv6ESKPacket (method , aeadDataEncryptor .getAEADAlgorithm (), sessionInfo );
277- }
278- }
279- // OpenPGP v4
280- else // data is encrypted by v1 SEIPD or SED packet, so write v4 SKESK packet
281- {
282- writeOpenPGPv4ESKPacket (method , sessionInfo );
283- }
284- }
285-
286- try
287- {
288- BCPGHeaderObject encOut ;
289- if (dataEncryptor instanceof PGPAEADDataEncryptor )
290- {
291- PGPAEADDataEncryptor encryptor = (PGPAEADDataEncryptor )dataEncryptor ;
292- long ivOrSaltLen ;
293- // OpenPGP V5 style AEAD
294- if (isV5StyleAEAD )
295- {
296- byte [] iv = encryptor .getIV ();
297- encOut = new AEADEncDataPacket (
298- dataEncryptorBuilder .getAlgorithm (), encryptor .getAEADAlgorithm (), encryptor .getChunkSize (), iv );
299- ivOrSaltLen = iv .length ;
300- }
301- else // OpenPGP V6 style AEAD
302- {
284+ for (int i = 0 ; i < methods .size (); i ++)
285+ {
286+ PGPKeyEncryptionMethodGenerator method = methods .get (i );
287+ writeOpenPGPv6ESKPacket (method , aeadDataEncryptor .getAEADAlgorithm (), sessionInfo );
288+ }
303289 encOut = SymmetricEncIntegrityPacket .createVersion2Packet (
304290 dataEncryptorBuilder .getAlgorithm (),
305- encryptor .getAEADAlgorithm (),
306- encryptor .getChunkSize (),
291+ aeadDataEncryptor .getAEADAlgorithm (),
292+ aeadDataEncryptor .getChunkSize (),
307293 salt );
308294 ivOrSaltLen = salt .length ;
309295 }
310-
311- if (buffer != null )
296+ if (buffer == null )
312297 {
313- pOut = new ClosableBCPGOutputStream (out , encOut , buffer );
298+ long chunkLength = 1L << (aeadDataEncryptor .getChunkSize () + 6 );
299+ long tagLengths = ((length + chunkLength - 1 ) / chunkLength ) * 16 + 16 ; // data blocks + final tag
300+ pOut = new ClosableBCPGOutputStream (out , encOut , (length + tagLengths + 4 + ivOrSaltLen ));
314301 }
315302 else
316303 {
317- long chunkLength = 1L << (encryptor .getChunkSize () + 6 );
318- long tagLengths = ((length + chunkLength - 1 ) / chunkLength ) * 16 + 16 ; // data blocks + final tag
319- pOut = new ClosableBCPGOutputStream (out , encOut , (length + tagLengths + 4 + ivOrSaltLen ));
304+ pOut = new ClosableBCPGOutputStream (out , encOut , buffer );
320305 }
321306 genOut = cOut = dataEncryptor .getOutputStream (pOut );
322307 }
323- else
308+ // OpenPGP v4
309+ else // data is encrypted by v1 SEIPD or SED packet, so write v4 SKESK packet
324310 {
311+ for (int i = 0 ; i < methods .size (); i ++)
312+ {
313+ PGPKeyEncryptionMethodGenerator method = methods .get (i );
314+ writeOpenPGPv4ESKPacket (method , sessionInfo );
315+ }
325316 if (digestCalc != null )
326317 {
327318 encOut = SymmetricEncIntegrityPacket .createVersion1Packet ();
@@ -362,10 +353,13 @@ else if (directS2K)
362353 inLineIv [inLineIv .length - 2 ] = inLineIv [inLineIv .length - 4 ];
363354
364355 genOut .write (inLineIv );
365-
366356 }
367357 return new WrappedGeneratorStream (genOut , this );
368358 }
359+ catch (IOException e )
360+ {
361+ throw e ;
362+ }
369363 catch (Exception e )
370364 {
371365 throw new PGPException ("Exception creating cipher" , e );
@@ -393,7 +387,7 @@ private void writeOpenPGPv4ESKPacket(PGPKeyEncryptionMethodGenerator m, byte[] s
393387 }
394388 else if (m instanceof PublicKeyKeyEncryptionMethodGenerator )
395389 {
396- PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator ) m ;
390+ PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator )m ;
397391 pOut .writePacket (mGen .generateV3 (sessionInfo ));
398392 }
399393 }
@@ -422,7 +416,7 @@ private void writeOpenPGPv5ESKPacket(PGPKeyEncryptionMethodGenerator m, byte[] s
422416 }
423417 else if (m instanceof PublicKeyKeyEncryptionMethodGenerator )
424418 {
425- PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator ) m ;
419+ PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator )m ;
426420 pOut .writePacket (mGen .generateV3 (sessionInfo ));
427421 }
428422 }
@@ -452,7 +446,7 @@ private void writeOpenPGPv6ESKPacket(PGPKeyEncryptionMethodGenerator m, int aead
452446 }
453447 else if (m instanceof PublicKeyKeyEncryptionMethodGenerator )
454448 {
455- PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator ) m ;
449+ PublicKeyKeyEncryptionMethodGenerator mGen = (PublicKeyKeyEncryptionMethodGenerator )m ;
456450 pOut .writePacket (mGen .generateV6 (sessionInfo ));
457451 }
458452 }
0 commit comments