Merge branch 'pr-1699-1695-1702' into 'main'

majority of PGP pull requests

See merge request root/bc-java!15

Author: dghgit

pg/build.gradle

@@ -93,5 +93,6 @@ artifacts {
 test {
     forkEvery = 1;
     maxParallelForks = 8;
+    maxHeapSize = "3g";
 }
 

pg/src/main/java/org/bouncycastle/bcpg/AEADEncDataPacket.java

@@ -5,10 +5,13 @@
 import org.bouncycastle.util.Arrays;
 
 /**
- * Packet representing AEAD encrypted data. At the moment this appears to exist in the following
+ * Packet representing non-standard, LibrePGP OCB (AEAD) encrypted data. At the moment this appears to exist in the following
  * expired draft only, but it's appearing despite this.
+ * For standardized, interoperable OpenPGP AEAD encrypted data, see {@link SymmetricEncIntegrityPacket} of version
+ * {@link SymmetricEncIntegrityPacket#VERSION_2}.
  *
- * @ref https://datatracker.ietf.org/doc/html/draft-ietf-openpgp-rfc4880bis-04#section-5.16
+ * @see  <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-00.html#name-ocb-encrypted-data-packet-t">
+ *     LibrePGP - OCB Encrypted Data Packet</a>
  */
 public class AEADEncDataPacket
     extends InputStreamPacket
@@ -37,7 +40,7 @@ public AEADEncDataPacket(BCPGInputStream in,
         version = (byte)in.read();
         if (version != VERSION_1)
         {
-            throw new IllegalArgumentException("wrong AEAD packet version: " + version);
+            throw new UnsupportedPacketVersionException("wrong AEAD packet version: " + version);
         }
 
         algorithm = (byte)in.read();

pg/src/main/java/org/bouncycastle/bcpg/PublicKeyPacket.java

@@ -13,6 +13,7 @@ public class PublicKeyPacket
 {
     public static final int VERSION_3 = 3;
     public static final int VERSION_4 = 4;
+    public static final int LIBREPGP_5 = 5;
     public static final int VERSION_6 = 6;
 
     private int version;
@@ -43,6 +44,26 @@ public class PublicKeyPacket
         this(keyTag, in, false);
     }
 
+    /**
+     * Parse a {@link PublicKeyPacket} or {@link PublicSubkeyPacket} from an OpenPGP {@link BCPGInputStream}.
+     * If <pre>packetTypeID</pre> is {@link #PUBLIC_KEY}, the packet is a primary key.
+     * If instead it is {@link #PUBLIC_SUBKEY}, it is a subkey packet.
+     * If <pre>newPacketFormat</pre> is true, the packet format is remembered as {@link PacketFormat#CURRENT},
+     * otherwise as {@link PacketFormat#LEGACY}.
+     * @param keyTag packet type ID
+     * @param in packet input stream
+     * @param newPacketFormat packet format
+     * @throws IOException if the key packet cannot be parsed
+     *
+     * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-version-3-public-keys">
+     *     C-R - Version 3 Public Keys</a>
+     * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-version-4-public-keys">
+     *     C-R - Version 4 Public Keys</a>
+     * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-version-6-public-keys">
+     *     C-R - Version 6 Public Keys</a>
+     * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-01.html#name-public-key-packet-formats">
+     *     LibrePGP - Public-Key Packet Formats</a>
+     */
     PublicKeyPacket(
         int keyTag,
         BCPGInputStream in,
@@ -52,21 +73,42 @@ public class PublicKeyPacket
         super(keyTag, newPacketFormat);
 
         version = in.read();
-        time = ((long)in.read() << 24) | (in.read() << 16) | (in.read() << 8) | in.read();
+        if (version < 2 || version > VERSION_6)
+        {
+            throw new UnsupportedPacketVersionException("Unsupported Public Key Packet version encountered: " + version);
+        }
 
-        if (version <= VERSION_3)
+        time = ((long) in.read() << 24) | ((long) in.read() << 16) | ((long) in.read() << 8) | in.read();
+
+        if (version == 2 || version == VERSION_3)
         {
             validDays = (in.read() << 8) | in.read();
         }
 
         algorithm = (byte)in.read();
-        if (version == VERSION_6)
+        long keyOctets = -1;
+        
+        if (version == LIBREPGP_5 || version == VERSION_6)
         {
             // TODO: Use keyOctets to be able to parse unknown keys
-            long keyOctets = ((long)in.read() << 24) | ((long)in.read() << 16) | ((long)in.read() << 8) | in.read();
+            keyOctets = ((long)in.read() << 24) | ((long)in.read() << 16) | ((long)in.read() << 8) | in.read();
         }
 
-        switch (algorithm)
+        parseKey(in, algorithm, keyOctets);
+    }
+
+    /**
+     * Parse algorithm-specific public key material.
+     * @param in input stream which read just up to the public key material
+     * @param algorithmId public key algorithm ID
+     * @param optLen optional: Length of the public key material. -1 if not present.
+     * @throws IOException if the pk material cannot be parsed
+     */
+    private void parseKey(BCPGInputStream in, int algorithmId, long optLen)
+        throws IOException
+    {
+
+        switch (algorithmId)
         {
         case RSA_ENCRYPT:
         case RSA_GENERAL:
@@ -102,6 +144,12 @@ public class PublicKeyPacket
             key = new Ed448PublicBCPGKey(in);
             break;
         default:
+            if (version == VERSION_6 || version == LIBREPGP_5)
+            {
+                // with version 5 & 6, we can gracefully handle unknown key types, as the length is known.
+                key = new UnknownBCPGKey((int) optLen, in);
+                break;
+            }
             throw new IOException("unknown PGP public key algorithm encountered: " + algorithm);
         }
     }
@@ -112,7 +160,9 @@ public class PublicKeyPacket
      * @param algorithm
      * @param time
      * @param key
+     * @deprecated use versioned {@link #PublicKeyPacket(int, int, Date, BCPGKey)} instead
      */
+    @Deprecated
     public PublicKeyPacket(
         int algorithm,
         Date time,
@@ -184,13 +234,10 @@ public byte[] getEncodedContents()
 
         pOut.write(algorithm);
 
-        if (version == VERSION_6)
+        if (version == VERSION_6 || version == LIBREPGP_5)
         {
             int keyOctets = key.getEncoded().length;
-            pOut.write(keyOctets >> 24);
-            pOut.write(keyOctets >> 16);
-            pOut.write(keyOctets >> 8);
-            pOut.write(keyOctets);
+            StreamUtil.write4OctetLength(pOut, keyOctets);
         }
 
         pOut.writeObject((BCPGObject)key);

pg/src/main/java/org/bouncycastle/bcpg/PublicSubkeyPacket.java

@@ -31,7 +31,9 @@ public class PublicSubkeyPacket
      * @param algorithm
      * @param time
      * @param key
+     * @deprecated use versioned {@link #PublicSubkeyPacket(int, int, Date, BCPGKey)} instead
      */
+    @Deprecated
     public PublicSubkeyPacket(
         int       algorithm,
         Date      time,

pg/src/main/java/org/bouncycastle/bcpg/S2K.java

@@ -485,7 +485,7 @@ public Argon2Params(byte[] salt, int passes, int parallelism, int memSizeExp)
          */
         public static Argon2Params universallyRecommendedParameters()
         {
-            return new Argon2Params(1, 4, 21, new SecureRandom());
+            return new Argon2Params(1, 4, 21, CryptoServicesRegistrar.getSecureRandom());
         }
 
         /**
@@ -497,7 +497,7 @@ public static Argon2Params universallyRecommendedParameters()
          */
         public static Argon2Params memoryConstrainedParameters()
         {
-            return new Argon2Params(3, 4, 16, new SecureRandom());
+            return new Argon2Params(3, 4, 16, CryptoServicesRegistrar.getSecureRandom());
         }
 
         /**

pg/src/main/java/org/bouncycastle/bcpg/SecretKeyPacket.java

@@ -1,5 +1,6 @@
 package org.bouncycastle.bcpg;
 
+import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
 
@@ -96,8 +97,22 @@ public class SecretKeyPacket
     }
 
     /**
-     * @param in
-     * @throws IOException
+     * Parse a {@link SecretKeyPacket} or {@link SecretSubkeyPacket} from an OpenPGP {@link BCPGInputStream}.
+     * The return type depends on the <pre>packetTypeID</pre>:
+     * {@link PacketTags#SECRET_KEY} means the result is a {@link SecretKeyPacket}.
+     * {@link PacketTags#SECRET_SUBKEY} results in a {@link SecretSubkeyPacket}.
+     *
+     * @param keyTag packet type ID
+     * @param in packet input stream
+     * @param newPacketFormat packet format
+     * @throws IOException if the secret key packet cannot be parsed
+     *
+     * @see <a href="https://www.ietf.org/archive/id/draft-ietf-openpgp-crypto-refresh-13.html#name-secret-key-packet-formats">
+     *     C-R - Secret-Key Packet Formats</a>
+     * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-01.html#name-secret-key-packet-formats">
+     *     LibrePGP - Secret-Key Packet Formats</a>
+     * @see <a href="https://datatracker.ietf.org/doc/draft-dkg-openpgp-hardware-secrets/">
+     *     Hardware-Backed Secret Keys</a>
      */
     SecretKeyPacket(
         int keyTag,
@@ -119,10 +134,12 @@ public class SecretKeyPacket
         int version = pubKeyPacket.getVersion();
         s2kUsage = in.read();
 
-        if (version == 6 && s2kUsage != USAGE_NONE)
+        int conditionalParameterLength = -1;
+        if (version == PublicKeyPacket.LIBREPGP_5 || 
+           (version == PublicKeyPacket.VERSION_6 && s2kUsage != USAGE_NONE))
         {
             // TODO: Use length to parse unknown parameters
-            int conditionalParameterLength = in.read();
+            conditionalParameterLength = in.read();
         }
 
         if (s2kUsage == USAGE_CHECKSUM || s2kUsage == USAGE_SHA1 || s2kUsage == USAGE_AEAD)
@@ -137,40 +154,64 @@ public class SecretKeyPacket
         {
             aeadAlgorithm = in.read();
         }
-        if (s2kUsage == USAGE_CHECKSUM || s2kUsage == USAGE_SHA1 || s2kUsage == USAGE_AEAD)
+        if (version == PublicKeyPacket.VERSION_6 && (s2kUsage == USAGE_SHA1 || s2kUsage == USAGE_AEAD))
+        {
+            int s2KLen = in.read();
+            byte[] s2kBytes = new byte[s2KLen];
+            in.readFully(s2kBytes);
+
+            // TODO: catch UnsupportedPacketVersionException gracefully
+            s2k = new S2K(new ByteArrayInputStream(s2kBytes));
+        }
+        else
         {
-            if (version == PublicKeyPacket.VERSION_6)
+            if (s2kUsage == USAGE_CHECKSUM || s2kUsage == USAGE_SHA1 || s2kUsage == USAGE_AEAD)
             {
-                // TODO: Use length to parse unknown S2Ks
-                int s2kLen = in.read();
+                s2k = new S2K(in);
             }
-            s2k = new S2K(in);
         }
         if (s2kUsage == USAGE_AEAD)
         {
             iv = new byte[AEADUtils.getIVLength(aeadAlgorithm)];
             Streams.readFully(in, iv);
         }
-        boolean isGNUDummyNoPrivateKey = s2k != null
-            && s2k.getType() == S2K.GNU_DUMMY_S2K
-            && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY;
-        if (!(isGNUDummyNoPrivateKey))
+        else
         {
-            if (s2kUsage != 0 && iv == null)
+            boolean isGNUDummyNoPrivateKey = s2k != null
+                && s2k.getType() == S2K.GNU_DUMMY_S2K
+                && s2k.getProtectionMode() == S2K.GNU_PROTECTION_MODE_NO_PRIVATE_KEY;
+            if (!(isGNUDummyNoPrivateKey))
             {
-                if (encAlgorithm < 7)
-                {
-                    iv = new byte[8];
-                }
-                else
+                if (s2kUsage != USAGE_NONE && iv == null)
                 {
-                    iv = new byte[16];
+                    if (encAlgorithm < 7)
+                    {
+                        iv = new byte[8];
+                    } 
+                    else
+                    {
+                        iv = new byte[16];
+                    }
+                    in.readFully(iv, 0, iv.length);
                 }
-                in.readFully(iv, 0, iv.length);
             }
         }
-
-        this.secKeyData = in.readAll();
+        
+        if (version == PublicKeyPacket.LIBREPGP_5)
+        {
+            long keyOctetCount = ((long) in.read() << 24) | ((long) in.read() << 16) | ((long) in.read() << 8) | in.read();
+            if (s2kUsage == USAGE_CHECKSUM || s2kUsage == USAGE_NONE)
+            {
+                // encoded keyOctetCount does not contain checksum
+                keyOctetCount += 2;
+            }
+            this.secKeyData = new byte[(int) keyOctetCount];
+            in.readFully(secKeyData);
+        }
+        else
+        {
+            this.secKeyData = in.readAll();
+        }
     }
 
     /**
@@ -212,6 +253,18 @@ public SecretKeyPacket(
         this(SECRET_KEY, pubKeyPacket, encAlgorithm, 0, s2kUsage, s2k, iv, secKeyData);
     }
 
+    public SecretKeyPacket(
+        PublicKeyPacket pubKeyPacket,
+        int encAlgorithm,
+        int aeadAlgorithm,
+        int s2kUsage,
+        S2K s2k,
+        byte[] iv,
+        byte[] secKeyData)
+    {
+        this(SECRET_KEY, pubKeyPacket, encAlgorithm, aeadAlgorithm, s2kUsage, s2k, iv, secKeyData);
+    }
+
     SecretKeyPacket(
         int keyTag,
         PublicKeyPacket pubKeyPacket,
@@ -293,7 +346,8 @@ public byte[] getEncodedContents()
 
         // conditional parameters
         byte[] conditionalParameters = encodeConditionalParameters();
-        if (pubKeyPacket.getVersion() == PublicKeyPacket.VERSION_6 && s2kUsage != USAGE_NONE)
+        if (pubKeyPacket.getVersion() == PublicKeyPacket.LIBREPGP_5 || 
+           (pubKeyPacket.getVersion() == PublicKeyPacket.VERSION_6 && s2kUsage != USAGE_NONE))
         {
             pOut.write(conditionalParameters.length);
         }
@@ -302,6 +356,16 @@ public byte[] getEncodedContents()
         // encrypted secret key
         if (secKeyData != null && secKeyData.length > 0)
         {
+            if (pubKeyPacket.getVersion() == PublicKeyPacket.LIBREPGP_5)
+            {
+                int keyOctetCount = secKeyData.length;
+                // v5 keyOctetCount does not include checksum octets
+                if (s2kUsage == USAGE_CHECKSUM || s2kUsage == USAGE_NONE)
+                {
+                    keyOctetCount -= 2;
+                }
+                StreamUtil.write4OctetLength(pOut, keyOctetCount);
+            }
             pOut.write(secKeyData);
         }
 

pg/src/main/java/org/bouncycastle/bcpg/SecretSubkeyPacket.java

@@ -82,7 +82,7 @@ public SecretSubkeyPacket(
      * @param iv            optional iv for the AEAD algorithm or encryption algorithm
      * @param secKeyData    secret key data
      */
-    SecretSubkeyPacket(
+    public SecretSubkeyPacket(
         PublicKeyPacket pubKeyPacket,
         int encAlgorithm,
         int aeadAlgorithm,