Add AbstractPublicKeyDataDecryptorFactory with common methods

vanitasvitae · vanitasvitae · commit c591392ad405 · 2024-08-10T12:23:02.000+02:00
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/AbstractPublicKeyDataDecryptorFactory.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/AbstractPublicKeyDataDecryptorFactory.java
@@ -0,0 +1,77 @@
+package org.bouncycastle.openpgp.operator;
+
+import org.bouncycastle.bcpg.InputStreamPacket;
+import org.bouncycastle.bcpg.PublicKeyAlgorithmTags;
+import org.bouncycastle.bcpg.PublicKeyEncSessionPacket;
+import org.bouncycastle.bcpg.SymmetricEncIntegrityPacket;
+import org.bouncycastle.bcpg.X25519PublicBCPGKey;
+import org.bouncycastle.bcpg.X448PublicBCPGKey;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.util.Arrays;
+
+public abstract class AbstractPublicKeyDataDecryptorFactory
+        implements PublicKeyDataDecryptorFactory
+{
+
+    protected byte[] prependSKAlgorithmToSessionData(PublicKeyEncSessionPacket pkesk,
+                                                   InputStreamPacket encData,
+                                                   byte[] decryptedSessionData)
+            throws PGPException
+    {
+        // V6 PKESK packets do not include the session key algorithm, so source it from the SEIPD2 instead
+        if (!containsSKAlg(pkesk.getVersion()))
+        {
+            if (!(encData instanceof SymmetricEncIntegrityPacket) ||
+                    ((SymmetricEncIntegrityPacket) encData).getVersion() != SymmetricEncIntegrityPacket.VERSION_2)
+            {
+                throw new PGPException("v6 PKESK packet MUST precede v2 SEIPD packet");
+            }
+
+            SymmetricEncIntegrityPacket seipd2 = (SymmetricEncIntegrityPacket) encData;
+            return Arrays.prepend(decryptedSessionData,
+                    (byte) (seipd2.getCipherAlgorithm() & 0xff));
+        }
+        // V3 PKESK does store the session key algorithm either encrypted or unencrypted, depending on the PK algorithm
+        else
+        {
+            switch (pkesk.getAlgorithm())
+            {
+                case PublicKeyAlgorithmTags.X25519:
+                    // X25519 does not encrypt SK algorithm
+                    return Arrays.prepend(decryptedSessionData,
+                            pkesk.getEncSessionKey()[0][X25519PublicBCPGKey.LENGTH + 1]);
+                case PublicKeyAlgorithmTags.X448:
+                    // X448 does not encrypt SK algorithm
+                    return Arrays.prepend(decryptedSessionData,
+                            pkesk.getEncSessionKey()[0][X448PublicBCPGKey.LENGTH + 1]);
+                default:
+                    // others already prepended session key algorithm to session key
+                    return decryptedSessionData;
+            }
+        }
+    }
+
+    protected boolean containsSKAlg(int pkeskVersion)
+    {
+        return pkeskVersion != PublicKeyEncSessionPacket.VERSION_6;
+    }
+
+    protected boolean confirmCheckSum(
+            byte[] sessionInfo, int algorithm)
+    {
+        // X25519, X448 does not include a checksum
+        if (algorithm == PublicKeyAlgorithmTags.X25519 || algorithm == PublicKeyAlgorithmTags.X448)
+        {
+            return true;
+        }
+
+        int check = 0;
+        for (int i = 1; i != sessionInfo.length - 2; i++)
+        {
+            check += sessionInfo[i] & 0xff;
+        }
+
+        return (sessionInfo[sessionInfo.length - 2] == (byte)(check >> 8))
+                && (sessionInfo[sessionInfo.length - 1] == (byte)(check));
+    }
+}
