modified to use JCA.

dghgit · dghgit · commit 8ee89a48ea28 · 2025-02-01T09:39:10.000+11:00
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcePBEKeyEncryptionMethodGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcePBEKeyEncryptionMethodGenerator.java
@@ -1,5 +1,6 @@
 package org.bouncycastle.openpgp.operator.jcajce;
 
+import java.security.GeneralSecurityException;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Provider;
@@ -12,20 +13,18 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 
+import org.bouncycastle.bcpg.AEADAlgorithmTags;
 import org.bouncycastle.bcpg.S2K;
+import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
 import org.bouncycastle.bcpg.SymmetricKeyUtils;
-import org.bouncycastle.crypto.InvalidCipherTextException;
-import org.bouncycastle.crypto.modes.AEADCipher;
-import org.bouncycastle.crypto.params.AEADParameters;
-import org.bouncycastle.crypto.params.KeyParameter;
+import org.bouncycastle.jcajce.spec.AEADParameterSpec;
 import org.bouncycastle.jcajce.util.DefaultJcaJceHelper;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
 import org.bouncycastle.jcajce.util.ProviderJcaJceHelper;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPUtil;
 import org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator;
 import org.bouncycastle.openpgp.operator.PGPDigestCalculator;
-import org.bouncycastle.openpgp.operator.bc.BcAEADUtil;
 
 /**
  * JCE based generator for password based encryption (PBE) data protection methods.
@@ -152,26 +151,82 @@ protected byte[] encryptSessionInfo(int encAlgorithm, byte[] key, byte[] session
     }
 
     protected byte[] generateV6KEK(int kekAlgorithm, byte[] ikm, byte[] info)
-     {
-         return JceAEADUtil.generateHKDFBytes(ikm, null, info, SymmetricKeyUtils.getKeyLengthInOctets(kekAlgorithm));
-     }
-
-     protected byte[] getEskAndTag(int kekAlgorithm, int aeadAlgorithm, byte[] sessionKey, byte[] key, byte[] iv, byte[] info)
-         throws PGPException
-     {
-         AEADCipher aeadCipher = BcAEADUtil.createAEADCipher(kekAlgorithm, aeadAlgorithm);
-         aeadCipher.init(true, new AEADParameters(new KeyParameter(key), 128, iv, info));
-         int outLen = aeadCipher.getOutputSize(sessionKey.length);
-         byte[] eskAndTag = new byte[outLen];
-         int len = aeadCipher.processBytes(sessionKey, 0, sessionKey.length, eskAndTag, 0);
-         try
-         {
-             len += aeadCipher.doFinal(eskAndTag, len);
-         }
-         catch (InvalidCipherTextException e)
-         {
-             throw new PGPException("cannot encrypt session info", e);
-         }
-         return eskAndTag;
-     }
+    {
+        return JceAEADUtil.generateHKDFBytes(ikm, null, info, SymmetricKeyUtils.getKeyLengthInOctets(kekAlgorithm));
+    }
+
+    protected byte[] getEskAndTag(int kekAlgorithm, int aeadAlgorithm, byte[] sessionKey, byte[] key, byte[] iv, byte[] info)
+        throws PGPException
+    {
+        String algorithm = getBaseAEADAlgorithm(kekAlgorithm);
+
+        Cipher aeadCipher = createAEADCipher(algorithm, aeadAlgorithm);
+
+        try
+        {
+            aeadCipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key, algorithm), new AEADParameterSpec(iv, 128, info));
+            int outLen = aeadCipher.getOutputSize(sessionKey.length);
+            byte[] eskAndTag = new byte[outLen];
+
+            int len = aeadCipher.update(sessionKey, 0, sessionKey.length, eskAndTag, 0);
+
+            len += aeadCipher.doFinal(eskAndTag, len);
+
+            if (len < eskAndTag.length)
+            {
+                byte[] rv = new byte[len];
+                System.arraycopy(eskAndTag, 0, rv, 0, len);
+                return rv;
+            }
+
+            return eskAndTag;
+        }
+        catch (GeneralSecurityException e)
+        {
+            throw new PGPException("cannot encrypt session info", e);
+        }
+
+    }
+
+    public static String getBaseAEADAlgorithm(int encAlgorithm)
+        throws PGPException
+    {
+        if (encAlgorithm == SymmetricKeyAlgorithmTags.AES_128
+            || encAlgorithm == SymmetricKeyAlgorithmTags.AES_192
+            || encAlgorithm == SymmetricKeyAlgorithmTags.AES_256)
+        {
+            return "AES";
+        }
+        else if (encAlgorithm == SymmetricKeyAlgorithmTags.CAMELLIA_128
+            || encAlgorithm == SymmetricKeyAlgorithmTags.CAMELLIA_192
+            || encAlgorithm == SymmetricKeyAlgorithmTags.CAMELLIA_256)
+        {
+            return "Camellia";
+        }
+        throw new PGPException("AEAD only supported for AES and Camellia based algorithms");
+    }
+
+    public static Cipher createAEADCipher(String algorithm, int aeadAlgorithm)
+        throws PGPException
+    {
+        // Block Cipher must work on 16 byte blocks
+        try
+        {
+            switch (aeadAlgorithm)
+            {
+            case AEADAlgorithmTags.EAX:
+                return Cipher.getInstance(algorithm + "/EAX/NoPadding", "BC");
+            case AEADAlgorithmTags.OCB:
+                return Cipher.getInstance(algorithm + "/OCB/NoPadding", "BC");
+            case AEADAlgorithmTags.GCM:
+                return Cipher.getInstance(algorithm + "/GCM/NoPadding", "BC");
+            default:
+                throw new PGPException("unrecognised AEAD algorithm: " + aeadAlgorithm);
+            }
+        }
+        catch (GeneralSecurityException e)
+        {
+            throw new PGPException("unrecognised AEAD algorithm: " + e.getMessage(), e);
+        }
+    }
 }
