Merge branch 'main' into pg-synchronize-bc_csharp

# Conflicts:
#	pg/src/main/java/org/bouncycastle/bcpg/BCPGOutputStream.java
#	pg/src/main/java/org/bouncycastle/bcpg/FingerprintUtil.java
#	pg/src/main/java/org/bouncycastle/bcpg/OnePassSignaturePacket.java
#	pg/src/main/java/org/bouncycastle/bcpg/SignaturePacket.java
#	pg/src/main/java/org/bouncycastle/bcpg/sig/IssuerKeyID.java

Author: gefeili

pg/src/main/java/org/bouncycastle/bcpg/AEADAlgorithmTags.java

@@ -1,8 +1,31 @@
 package org.bouncycastle.bcpg;
 
+/**
+ * AEAD Algorithm IDs.
+ * Crypto-Refresh (OpenPGP) defines IDs 1 through 3, while LibrePGP only defines 1 and 2.
+ * Further, the use of AEAD differs between C-R and LibrePGP.
+ *
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-aead-algorithms">
+ *     Crypto-Refresh: AEAD Algorithms</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-00.html#name-encryption-modes">
+ *     LibrePGP - Encryption Modes</a>
+ */
 public interface AEADAlgorithmTags
 {
-    int EAX = 1;    // EAX (IV len: 16 octets, Tag len: 16 octets)
-    int OCB = 2;    // OCB (IV len: 15 octets, Tag len: 16 octets)
-    int GCM = 3;    // GCM (IV len: 12 octets, Tag len: 16 octets)
+    /**
+     * EAX with 16-bit nonce/IV and 16-bit auth tag length.
+     */
+    int EAX = 1;
+    /**
+     * OCB with 15-bit nonce/IV and 16-bit auth tag length.
+     * C-R compliant implementations MUST implement OCB.
+     */
+    int OCB = 2;
+    /**
+     * GCM with 12-bit nonce/IV and 16-bit auth tag length.
+     * OpenPGP only.
+     */
+    int GCM = 3;
+
+    // 100 to 110: Experimental algorithms
 }

pg/src/main/java/org/bouncycastle/bcpg/AEADEncDataPacket.java

@@ -23,9 +23,16 @@ public class AEADEncDataPacket
     private final byte[] iv;
 
     public AEADEncDataPacket(BCPGInputStream in)
+            throws IOException
+    {
+        this(in, false);
+    }
+
+    public AEADEncDataPacket(BCPGInputStream in,
+                             boolean newPacketFormat)
         throws IOException
     {
-        super(in, AEAD_ENC_DATA);
+        super(in, AEAD_ENC_DATA, newPacketFormat);
 
         version = (byte)in.read();
         if (version != VERSION_1)

pg/src/main/java/org/bouncycastle/bcpg/BCPGInputStream.java

@@ -246,52 +246,52 @@ public Packet readPacket()
         switch (tag)
         {
         case RESERVED:
-            return new ReservedPacket(objStream);
+            return new ReservedPacket(objStream, newPacket);
         case PUBLIC_KEY_ENC_SESSION:
-            return new PublicKeyEncSessionPacket(objStream);
+            return new PublicKeyEncSessionPacket(objStream, newPacket);
         case SIGNATURE:
-            return new SignaturePacket(objStream);
+            return new SignaturePacket(objStream, newPacket);
         case SYMMETRIC_KEY_ENC_SESSION:
-            return new SymmetricKeyEncSessionPacket(objStream);
+            return new SymmetricKeyEncSessionPacket(objStream, newPacket);
         case ONE_PASS_SIGNATURE:
-            return new OnePassSignaturePacket(objStream);
+            return new OnePassSignaturePacket(objStream, newPacket);
         case SECRET_KEY:
-            return new SecretKeyPacket(objStream);
+            return new SecretKeyPacket(objStream, newPacket);
         case PUBLIC_KEY:
-            return new PublicKeyPacket(objStream);
+            return new PublicKeyPacket(objStream, newPacket);
         case SECRET_SUBKEY:
-            return new SecretSubkeyPacket(objStream);
+            return new SecretSubkeyPacket(objStream, newPacket);
         case COMPRESSED_DATA:
-            return new CompressedDataPacket(objStream);
+            return new CompressedDataPacket(objStream, newPacket);
         case SYMMETRIC_KEY_ENC:
-            return new SymmetricEncDataPacket(objStream);
+            return new SymmetricEncDataPacket(objStream, newPacket);
         case MARKER:
-            return new MarkerPacket(objStream);
+            return new MarkerPacket(objStream, newPacket);
         case LITERAL_DATA:
-            return new LiteralDataPacket(objStream);
+            return new LiteralDataPacket(objStream, newPacket);
         case TRUST:
-            return new TrustPacket(objStream);
+            return new TrustPacket(objStream, newPacket);
         case USER_ID:
-            return new UserIDPacket(objStream);
+            return new UserIDPacket(objStream, newPacket);
         case USER_ATTRIBUTE:
-            return new UserAttributePacket(objStream);
+            return new UserAttributePacket(objStream, newPacket);
         case PUBLIC_SUBKEY:
-            return new PublicSubkeyPacket(objStream);
+            return new PublicSubkeyPacket(objStream, newPacket);
         case SYM_ENC_INTEGRITY_PRO:
-            return new SymmetricEncIntegrityPacket(objStream);
+            return new SymmetricEncIntegrityPacket(objStream, newPacket);
         case MOD_DETECTION_CODE:
-            return new ModDetectionCodePacket(objStream);
+            return new ModDetectionCodePacket(objStream, newPacket);
         case AEAD_ENC_DATA:
-            return new AEADEncDataPacket(objStream);
+            return new AEADEncDataPacket(objStream, newPacket);
         case PADDING:
-            return new PaddingPacket(objStream);
+            return new PaddingPacket(objStream, newPacket);
         case EXPERIMENTAL_1:
         case EXPERIMENTAL_2:
         case EXPERIMENTAL_3:
         case EXPERIMENTAL_4:
-            return new ExperimentalPacket(tag, objStream);
+            return new ExperimentalPacket(tag, objStream, newPacket);
         default:
-            return new UnknownPacket(tag, objStream);
+            return new UnknownPacket(tag, objStream, newPacket);
         }
     }
 

pg/src/main/java/org/bouncycastle/bcpg/BCPGOutputStream.java

@@ -29,7 +29,7 @@ public static BCPGOutputStream wrap(OutputStream out)
     }
 
     OutputStream out;
-    private boolean useOldFormat;
+    private PacketFormat packetFormat;
     private byte[] partialBuffer;
     private int partialBufferLength;
     private int partialPower;
@@ -46,11 +46,11 @@ public static BCPGOutputStream wrap(OutputStream out)
     public BCPGOutputStream(
         OutputStream out)
     {
-        this(out, false);
+        this(out, PacketFormat.ROUNDTRIP);
     }
 
     /**
-     * Base constructor specifying whether or not to use packets in the new format
+     * Base constructor specifying whether to use packets in the new format
      * wherever possible.
      *
      * @param out           output stream to write encoded data to.
@@ -59,9 +59,16 @@ public BCPGOutputStream(
     public BCPGOutputStream(
         OutputStream out,
         boolean newFormatOnly)
+    {
+        this(out, newFormatOnly ? PacketFormat.CURRENT : PacketFormat.ROUNDTRIP);
+    }
+
+    public BCPGOutputStream(
+            OutputStream out,
+            PacketFormat packetFormat)
     {
         this.out = out;
-        this.useOldFormat = !newFormatOnly;
+        this.packetFormat = packetFormat;
     }
 
     /**
@@ -75,6 +82,7 @@ public BCPGOutputStream(
         throws IOException
     {
         this.out = out;
+        this.packetFormat = PacketFormat.LEGACY;
         this.writeHeader(tag, true, true, 0);
     }
 
@@ -95,6 +103,7 @@ public BCPGOutputStream(
         throws IOException
     {
         this.out = out;
+        this.packetFormat = oldFormat ? PacketFormat.LEGACY : PacketFormat.CURRENT;
 
         if (length > 0xFFFFFFFFL)
         {
@@ -122,6 +131,7 @@ public BCPGOutputStream(
         throws IOException
     {
         this.out = out;
+        this.packetFormat = PacketFormat.CURRENT;
 
         this.writeHeader(tag, false, false, length);
     }
@@ -141,6 +151,7 @@ public BCPGOutputStream(
         throws IOException
     {
         this.out = out;
+        this.packetFormat = PacketFormat.CURRENT;
         this.writeHeader(tag, false, true, 0);
 
         this.partialBuffer = buffer;
@@ -316,13 +327,26 @@ public void write(
         }
     }
 
+    /**
+     * Write a packet to the stream.
+     * @param p packet
+     * @throws IOException
+     */
     public void writePacket(
         ContainedPacket p)
         throws IOException
     {
         p.encode(this);
     }
 
+    /**
+     * Write a packet to the stream.
+     * The packet will use the old encoding format if {@link #packetFormat} is {@link PacketFormat#LEGACY}, otherwise
+     * it will be encoded using the new packet format.
+     * @param tag packet tag
+     * @param body packet body
+     * @throws IOException
+     */
     void writeShort(short n)
         throws IOException
     {
@@ -344,10 +368,41 @@ void writePacket(
         byte[] body)
         throws IOException
     {
-        this.writeHeader(tag, useOldFormat, false, body.length);
+        this.writeHeader(tag, packetFormat == PacketFormat.LEGACY, false, body.length);
         this.write(body);
     }
 
+    /**
+     * Write a packet.
+     * The packet format will be chosen primarily based on {@link #packetFormat}.
+     * If {@link #packetFormat} is {@link PacketFormat#CURRENT}, the packet will be encoded using the new format.
+     * If it is {@link PacketFormat#LEGACY}, the packet will use old encoding format.
+     * If it is {@link PacketFormat#ROUNDTRIP}, then the format will be determined by objectPrefersNewPacketFormat.
+     *
+     * @param objectPrefersNewPacketFormat whether the packet prefers to be encoded using the new packet format
+     * @param tag packet tag
+     * @param body packet body
+     * @throws IOException
+     */
+    void writePacket(
+            boolean objectPrefersNewPacketFormat,
+            int tag,
+            byte[] body)
+            throws IOException
+    {
+        boolean oldPacketFormat = packetFormat == PacketFormat.LEGACY ||
+                (packetFormat == PacketFormat.ROUNDTRIP && !objectPrefersNewPacketFormat);
+        this.writeHeader(tag, oldPacketFormat, false, body.length);
+        this.write(body);
+    }
+
+    /**
+     * Write a packet, forcing the packet format to be either old or new.
+     * @param tag packet tag
+     * @param body packet body
+     * @param oldFormat if true, old format is forced, else force new format
+     * @throws IOException
+     */
     void writePacket(
         int tag,
         byte[] body,
@@ -395,4 +450,5 @@ public void close()
         out.flush();
         out.close();
     }
+
 }

pg/src/main/java/org/bouncycastle/bcpg/CompressedDataPacket.java

@@ -11,10 +11,18 @@ public class CompressedDataPacket
     int    algorithm;
 
     CompressedDataPacket(
-        BCPGInputStream    in)
+            BCPGInputStream    in)
+            throws IOException
+    {
+        this(in, false);
+    }
+
+    CompressedDataPacket(
+        BCPGInputStream    in,
+        boolean newPacketFormat)
         throws IOException
     {
-        super(in, COMPRESSED_DATA);
+        super(in, COMPRESSED_DATA, newPacketFormat);
 
         algorithm = in.read();
     }

pg/src/main/java/org/bouncycastle/bcpg/CompressionAlgorithmTags.java

@@ -1,7 +1,14 @@
 package org.bouncycastle.bcpg;
 
 /**
- * Basic tags for compression algorithms
+ * Basic tags for compression algorithms.
+ *
+ * @see <a href="https://www.rfc-editor.org/rfc/rfc4880.html#section-9.3">
+ *     RFC4880 - Compression Algorithms</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-00.html#name-compression-algorithms">
+ *     LibrePGP - Compression Algorithms</a>
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-compression-algorithms">
+ *     Crypto-Refresh - Compression Algorithms</a>
  */
 public interface CompressionAlgorithmTags
 {

pg/src/main/java/org/bouncycastle/bcpg/ContainedPacket.java

@@ -12,21 +12,30 @@ public abstract class ContainedPacket
     extends Packet
     implements Encodable
 {
+
     ContainedPacket(int packetTag)
     {
-        super(packetTag);
+        this(packetTag, false);
+    }
+
+    ContainedPacket(int packetTag, boolean newPacketFormat)
+    {
+        super(packetTag, newPacketFormat);
     }
 
     public byte[] getEncoded()
         throws IOException
     {
-        ByteArrayOutputStream    bOut = new ByteArrayOutputStream();
-        BCPGOutputStream         pOut = new BCPGOutputStream(bOut);
-        
-        pOut.writePacket(this);
+        return getEncoded(PacketFormat.ROUNDTRIP);
+    }
 
+    public byte[] getEncoded(PacketFormat format)
+            throws IOException
+    {
+        ByteArrayOutputStream bOut = new ByteArrayOutputStream();
+        BCPGOutputStream pOut = new BCPGOutputStream(bOut, format);
+        pOut.writePacket(this);
         pOut.close();
-
         return bOut.toByteArray();
     }
 

pg/src/main/java/org/bouncycastle/bcpg/ECDHPublicBCPGKey.java

@@ -7,7 +7,17 @@
 import org.bouncycastle.math.ec.ECPoint;
 
 /**
- * base class for an ECDH Public Key.
+ * Base class for an ECDH Public Key.
+ * This type is for use with {@link PublicKeyAlgorithmTags#ECDH}.
+ * The specific curve is identified by providing an OID.
+ * Regarding X25519, X448, consider the following:
+ * Modern implementations use dedicated key types {@link X25519PublicBCPGKey}, {@link X448PublicBCPGKey} along with
+ * dedicated algorithm tags {@link PublicKeyAlgorithmTags#X25519}, {@link PublicKeyAlgorithmTags#X448}.
+ * If you want to be compatible with legacy applications however, you should use this class instead.
+ * Note though, that for v6 keys, {@link X25519PublicBCPGKey} or {@link X448PublicBCPGKey} MUST be used for X25519, X448.
+ *
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-algorithm-specific-part-for-ecd">
+ *     Crypto-Refresh - Algorithm-Specific Parts for ECDH Keys</a>
  */
 public class ECDHPublicBCPGKey
     extends ECPublicBCPGKey

pg/src/main/java/org/bouncycastle/bcpg/ECDSAPublicBCPGKey.java

@@ -7,7 +7,11 @@
 import org.bouncycastle.math.ec.ECPoint;
 
 /**
- * base class for an ECDSA Public Key.
+ * Base class for an ECDSA Public Key.
+ * This type is used with {@link PublicKeyAlgorithmTags#ECDSA} and the curve is identified by providing an OID.
+ *
+ * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-algorithm-specific-part-for-ec">
+ *     Crypto-Refresh - Algorithm-Specific Parts for ECDSA Keys</a>
  */
 public class ECDSAPublicBCPGKey
     extends ECPublicBCPGKey

pg/src/main/java/org/bouncycastle/bcpg/ECPublicBCPGKey.java

@@ -8,7 +8,8 @@
 import org.bouncycastle.math.ec.ECPoint;
 
 /**
- * base class for an EC Public Key.
+ * Base class for an EC Public Key.
+ * For subclasses, see {@link ECDHPublicBCPGKey}, {@link ECDSAPublicBCPGKey} or {@link EdDSAPublicBCPGKey}.
  */
 public abstract class ECPublicBCPGKey
     extends BCPGObject