Implement proper methods for setting/getting preferred AEAD algorithms for OpenPGP and LibrePGP

vanitasvitae · vanitasvitae · commit d88202fdfeae · 2024-08-26T12:36:27.000+02:00
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java
@@ -15,8 +15,10 @@
 import org.bouncycastle.bcpg.sig.IssuerKeyID;
 import org.bouncycastle.bcpg.sig.KeyExpirationTime;
 import org.bouncycastle.bcpg.sig.KeyFlags;
+import org.bouncycastle.bcpg.sig.LibrePGPPreferredEncryptionModes;
 import org.bouncycastle.bcpg.sig.NotationData;
 import org.bouncycastle.bcpg.sig.PolicyURI;
+import org.bouncycastle.bcpg.sig.PreferredAEADCiphersuites;
 import org.bouncycastle.bcpg.sig.PreferredAlgorithms;
 import org.bouncycastle.bcpg.sig.PrimaryUserID;
 import org.bouncycastle.bcpg.sig.RegularExpression;
@@ -202,6 +204,54 @@ public void setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms)
             algorithms));
     }
 
+    /**
+     * Specify the preferred OpenPGP AEAD ciphersuites of this key.
+     *
+     * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-preferred-aead-ciphersuites">
+     *     RFC9580: Preferred AEAD Ciphersuites</a>
+     *
+     * @param isCritical true, if this packet should be treated as critical, false otherwise.
+     * @param algorithms array of algorithms in descending preference
+     */
+    public void setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms)
+    {
+        packets.add(new PreferredAEADCiphersuites(isCritical, algorithms));
+    }
+
+    /**
+     * Specify the preferred OpenPGP AEAD ciphersuites of this key.
+     *
+     * @see <a href="https://www.rfc-editor.org/rfc/rfc9580.html#name-preferred-aead-ciphersuites">
+     *     RFC9580: Preferred AEAD Ciphersuites</a>
+     *
+     * @param builder builder to build the ciphersuites packet from
+     */
+    public void setPreferredAEADCiphersuites(PreferredAEADCiphersuites.Builder builder)
+    {
+        packets.add(builder.build());
+    }
+
+    /**
+     * Set the preferred encryption modes for LibrePGP keys.
+     * Note: LibrePGP is not OpenPGP. An application strictly compliant to only the OpenPGP standard will not
+     * know how to handle LibrePGP encryption modes.
+     * The LibrePGP spec states that this subpacket shall be ignored and the application shall instead assume
+     * {@link org.bouncycastle.bcpg.AEADAlgorithmTags#OCB}.
+     *
+     * @see <a href="https://www.ietf.org/archive/id/draft-koch-librepgp-01.html#name-preferred-encryption-modes">
+     *     LibrePGP: Preferred Encryption Modes</a>
+     * @see org.bouncycastle.bcpg.AEADAlgorithmTags for possible algorithms
+     *
+     * @param isCritical whether the packet is critical
+     * @param algorithms list of algorithms
+     * @deprecated the use of this subpacket is deprecated in LibrePGP
+     */
+    @Deprecated
+    public void setPreferredLibrePgpEncryptionModes(boolean isCritical, int[] algorithms)
+    {
+        packets.add(new LibrePGPPreferredEncryptionModes(isCritical, algorithms));
+    }
+
     public void addPolicyURI(boolean isCritical, String policyUri)
     {
         packets.add(new PolicyURI(isCritical, policyUri));
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java
@@ -16,8 +16,10 @@
 import org.bouncycastle.bcpg.sig.IssuerKeyID;
 import org.bouncycastle.bcpg.sig.KeyExpirationTime;
 import org.bouncycastle.bcpg.sig.KeyFlags;
+import org.bouncycastle.bcpg.sig.LibrePGPPreferredEncryptionModes;
 import org.bouncycastle.bcpg.sig.NotationData;
 import org.bouncycastle.bcpg.sig.PolicyURI;
+import org.bouncycastle.bcpg.sig.PreferredAEADCiphersuites;
 import org.bouncycastle.bcpg.sig.PreferredAlgorithms;
 import org.bouncycastle.bcpg.sig.PrimaryUserID;
 import org.bouncycastle.bcpg.sig.RegularExpression;
@@ -297,6 +299,40 @@ public int[] getPreferredAEADAlgorithms()
         return ((PreferredAlgorithms)p).getPreferences();
     }
 
+    /**
+     * Return the preferred AEAD ciphersuites denoted in the signature.
+     *
+     * @return OpenPGP AEAD ciphersuites
+     */
+    public PreferredAEADCiphersuites getPreferredAEADCiphersuites()
+    {
+        SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);
+
+        if (p == null)
+        {
+            return null;
+        }
+        return (PreferredAEADCiphersuites) p;
+    }
+
+    /**
+     * Return the preferred LibrePGP encryption modes denoted in the signature.
+     * Note: The LibrePGP spec states that this subpacket shall be ignored and the application
+     * shall instead assume {@link org.bouncycastle.bcpg.AEADAlgorithmTags#OCB}.
+     *
+     * @return LibrePGP encryption modes
+     */
+    public int[] getPreferredLibrePgpEncryptionModes()
+    {
+        SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);
+
+        if (p == null)
+        {
+            return null;
+        }
+        return ((LibrePGPPreferredEncryptionModes) p).getPreferences();
+    }
+
     public int getKeyFlags()
     {
         SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.KEY_FLAGS);
