Add tests for PGPKeyEncryptionMethodGenerator and related classes

Author: gefeili

pg/src/main/java/org/bouncycastle/bcpg/SymmetricKeyEncSessionPacket.java

@@ -337,27 +337,21 @@ public void encode(
                 pOut.write(secKeyData);
             }
         }
-        else if (version == VERSION_5)
+        else
         {
-            pOut.write(encAlgorithm);
-            pOut.write(aeadAlgorithm);
-            pOut.writeObject(s2k);
-            pOut.write(iv);
-
-            if (secKeyData != null && secKeyData.length > 0)
+            int s2kLen = 0;
+            if (version == VERSION_6)
             {
-                pOut.write(secKeyData);
+                s2kLen = s2k.getEncoded().length;
+                int count = 1 + 1 + 1 + s2kLen + iv.length;
+                pOut.write(count); // len of 5 following fields
             }
-            pOut.write(authTag);
-        }
-        else if (version == VERSION_6)
-        {
-            int s2kLen = s2k.getEncoded().length;
-            int count = 1 + 1 + 1 + s2kLen + iv.length;
-            pOut.write(count); // len of 5 following fields
             pOut.write(encAlgorithm);
             pOut.write(aeadAlgorithm);
-            pOut.write(s2kLen);
+            if (version == VERSION_6)
+            {
+                pOut.write(s2kLen);
+            }
             pOut.writeObject(s2k);
             pOut.write(iv);
 

pg/src/main/java/org/bouncycastle/openpgp/operator/PublicKeyKeyEncryptionMethodGenerator.java

@@ -198,7 +198,7 @@ public ContainedPacket generate(PGPDataEncryptorBuilder dataEncryptorBuilder, by
             {
                 keyId = pubKey.getKeyID();
             }
-            byte[] encryptedSessionInfo = encryptSessionInfo(pubKey, sessionKey, (byte)dataEncryptorBuilder.getAlgorithm());
+            byte[] encryptedSessionInfo = encryptSessionInfo(pubKey, sessionKey, (byte)dataEncryptorBuilder.getAlgorithm(), true);
             byte[][] encodedEncSessionInfo = encodeEncryptedSessionInfo(encryptedSessionInfo);
             return PublicKeyEncSessionPacket.createV3PKESKPacket(keyId, pubKey.getAlgorithm(), encodedEncSessionInfo);
         }
@@ -218,21 +218,21 @@ public ContainedPacket generate(PGPDataEncryptorBuilder dataEncryptorBuilder, by
             }
             // In V6, do not include the symmetric-key algorithm in the session-info
 
-            byte[] encryptedSessionInfo = encryptSessionInfo(pubKey, sessionKey, (byte)0);
+            byte[] encryptedSessionInfo = encryptSessionInfo(pubKey, sessionKey, (byte)dataEncryptorBuilder.getAlgorithm(), false);
             byte[][] encodedEncSessionInfo = encodeEncryptedSessionInfo(encryptedSessionInfo);
             return PublicKeyEncSessionPacket.createV6PKESKPacket(keyVersion, keyFingerprint, pubKey.getAlgorithm(), encodedEncSessionInfo);
         }
     }
 
     protected byte[] createSessionInfo(
-        int algorithm,
+        byte algorithm,
         byte[] keyBytes)
     {
         byte[] sessionInfo;
         if (algorithm != 0)
         {
             sessionInfo = new byte[keyBytes.length + 3];
-            sessionInfo[0] = (byte)algorithm;
+            sessionInfo[0] = algorithm;
             System.arraycopy(keyBytes, 0, sessionInfo, 1, keyBytes.length);
             addCheckSum(sessionInfo, 1);
         }
@@ -245,7 +245,7 @@ protected byte[] createSessionInfo(
         return sessionInfo;
     }
 
-    protected void addCheckSum(byte[] sessionInfo, int pos)
+    private void addCheckSum(byte[] sessionInfo, int pos)
     {
         int check = 0;
 
@@ -261,43 +261,33 @@ protected void addCheckSum(byte[] sessionInfo, int pos)
     /**
      * Encrypt a session key using the recipients public key.
      *
-     * @param pubKey               recipients public key
-//     * @param fullSessionInfo      full session info (sym-alg-id + session-key + 2 octet checksum)
-//     * @param sessionInfoToEncrypt for v3: full session info; for v6: just the session-key
-     * @param optSymAlgId          for v3: session key algorithm ID; for v6: empty array
+     * @param pubKey      recipients public key
+     * @param sessionKey  session-key
+     * @param symAlgId for v3: session key algorithm ID; for v6: 0
      * @return encrypted session info
      * @throws PGPException
      */
     protected abstract byte[] encryptSessionInfo(PGPPublicKey pubKey,
                                                  byte[] sessionKey,
-                                                 byte optSymAlgId)
+                                                 byte symAlgId,
+                                                 boolean isV3)
         throws PGPException;
 
     protected static byte[] getSessionInfo(byte[] ephPubEncoding, byte optSymKeyAlgorithm, byte[] wrappedSessionKey)
     {
-        int len = ephPubEncoding.length + wrappedSessionKey.length + 2;
+        int len = ephPubEncoding.length + wrappedSessionKey.length + (optSymKeyAlgorithm == 0 ? 1 : 2);
         byte[] out = new byte[len];
         // ephemeral pub key
         System.arraycopy(ephPubEncoding, 0, out, 0, ephPubEncoding.length);
         // len of two/one next fields
-        out[ephPubEncoding.length] = (byte)(wrappedSessionKey.length + 1);
+        out[ephPubEncoding.length] = (byte)(len - ephPubEncoding.length - 1);
         // sym key alg
-        out[ephPubEncoding.length + 1] = optSymKeyAlgorithm;
+        if (optSymKeyAlgorithm != 0)
+        {
+            out[ephPubEncoding.length + 1] = optSymKeyAlgorithm;
+        }
         // wrapped session key
         System.arraycopy(wrappedSessionKey, 0, out, len - wrappedSessionKey.length, wrappedSessionKey.length);
         return out;
     }
-
-    protected static byte[] getSessionInfo(byte[] ephPubEncoding, byte[] wrappedSessionKey)
-    {
-        int len = ephPubEncoding.length + wrappedSessionKey.length + 1;
-        byte[] out = new byte[len];
-        // ephemeral pub key
-        System.arraycopy(ephPubEncoding, 0, out, 0, ephPubEncoding.length);
-        // len of two/one next fields
-        out[ephPubEncoding.length] = (byte)wrappedSessionKey.length;
-        // wrapped session key
-        System.arraycopy(wrappedSessionKey, 0, out, ephPubEncoding.length + 1, wrappedSessionKey.length);
-        return out;
-    }
 }

pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPublicKeyKeyEncryptionMethodGenerator.java

@@ -75,7 +75,7 @@ public BcPublicKeyKeyEncryptionMethodGenerator setSecureRandom(SecureRandom rand
     }
 
     @Override
-    protected byte[] encryptSessionInfo(PGPPublicKey pubKey, byte[] sessionKey, byte optSymAlgId)
+    protected byte[] encryptSessionInfo(PGPPublicKey pubKey, byte[] sessionKey, byte symAlgId, boolean isV3)
         throws PGPException
     {
         try
@@ -87,7 +87,7 @@ protected byte[] encryptSessionInfo(PGPPublicKey pubKey, byte[] sessionKey, byte
             if (pubKey.getAlgorithm() == PublicKeyAlgorithmTags.ECDH)
             {
                 ECDHPublicBCPGKey ecPubKey = (ECDHPublicBCPGKey)pubKeyPacket.getKey();
-                byte[] sessionInfo = createSessionInfo(optSymAlgId, sessionKey);
+                byte[] sessionInfo = createSessionInfo(isV3 ? symAlgId : (byte)0, sessionKey);
                 byte[] userKeyingMaterial = RFC6637Utils.createUserKeyingMaterial(pubKeyPacket, new BcKeyFingerprintCalculator());
 
                 // Legacy X25519
@@ -146,7 +146,7 @@ public void getEphPubEncoding(AsymmetricKeyParameter publicKey, byte[] ephPubEnc
                             ((X25519PublicKeyParameters)publicKey).encode(ephPubEncoding, 0);
                         }
                     },
-                    optSymAlgId);
+                    isV3 ? symAlgId : (byte)0);
             }
 
             // X448
@@ -162,7 +162,7 @@ public void getEphPubEncoding(AsymmetricKeyParameter publicKey, byte[] ephPubEnc
                             ((X448PublicKeyParameters)publicKey).encode(ephPubEncoding, 0);
                         }
                     },
-                    optSymAlgId);
+                    isV3 ? symAlgId : (byte)0);
             }
 
             // RSA / ElGamal etc.
@@ -171,7 +171,7 @@ public void getEphPubEncoding(AsymmetricKeyParameter publicKey, byte[] ephPubEnc
                 AsymmetricBlockCipher c = BcImplProvider.createPublicKeyCipher(pubKey.getAlgorithm());
 
                 c.init(true, new ParametersWithRandom(cryptoPublicKey, random));
-                byte[] sessionInfo = createSessionInfo(optSymAlgId, sessionKey);
+                byte[] sessionInfo = createSessionInfo(isV3 ? symAlgId : (byte)0, sessionKey);
 
                 return c.processBlock(sessionInfo, 0, sessionInfo.length);
             }
@@ -221,8 +221,8 @@ private byte[] encryptSessionInfoWithECDHKey(byte[] sessionInfo,
 
         // wrap the padded session info using the shared-secret public key
         // https://www.rfc-editor.org/rfc/rfc9580.html#section-11.5-16
-        return getSessionInfo(new MPInteger(new BigInteger(1, ephPubEncoding))
-            .getEncoded(), getWrapper(symmetricKeyAlgorithm, key, paddedSessionData));
+        return getSessionInfo(new MPInteger(new BigInteger(1, ephPubEncoding)).getEncoded(), (byte) 0,
+            getWrapper(symmetricKeyAlgorithm, key, paddedSessionData));
     }
 
     private byte[] encryptSessionInfoWithX25519X448Key(PublicKeyPacket pubKeyPacket,
@@ -246,10 +246,6 @@ private byte[] encryptSessionInfoWithX25519X448Key(PublicKeyPacket pubKeyPacket,
         KeyParameter key = new KeyParameter(RFC6637KDFCalculator.createKey(hashAlgorithm, symmetricKeyAlgorithm,
             Arrays.concatenate(ephPubEncoding, pubKeyPacket.getKey().getEncoded(), secret), "OpenPGP " + algorithmName));
 
-        if (optSymAlgId == 0)
-        {
-            return getSessionInfo(ephPubEncoding, getWrapper(symmetricKeyAlgorithm, key, sessionKey));
-        }
         return getSessionInfo(ephPubEncoding, optSymAlgId, getWrapper(symmetricKeyAlgorithm, key, sessionKey));
     }
 

pg/src/main/java/org/bouncycastle/openpgp/operator/jcajce/JcePublicKeyKeyEncryptionMethodGenerator.java

@@ -92,7 +92,8 @@ public JcePublicKeyKeyEncryptionMethodGenerator setSecureRandom(SecureRandom ran
 
     protected byte[] encryptSessionInfo(PGPPublicKey pubKey,
                                         byte[] sessionKey,
-                                        byte optSymAlgId)
+                                        byte optSymAlgId,
+                                        boolean isV3)
         throws PGPException
     {
         try
@@ -102,7 +103,7 @@ protected byte[] encryptSessionInfo(PGPPublicKey pubKey,
             // ECDH
             if (pubKey.getAlgorithm() == PublicKeyAlgorithmTags.ECDH)
             {
-                byte[] sessionInfo = createSessionInfo(optSymAlgId, sessionKey);
+                byte[] sessionInfo = createSessionInfo(isV3 ? optSymAlgId : (byte)0, sessionKey);
                 ECDHPublicBCPGKey ecKey = (ECDHPublicBCPGKey)pubKey.getPublicKeyPacket().getKey();
                 String keyEncryptionOID = RFC6637Utils.getKeyEncryptionOID(ecKey.getSymmetricKeyAlgorithm()).getId();
                 PublicKeyPacket pubKeyPacket = pubKey.getPublicKeyPacket();
@@ -111,7 +112,7 @@ protected byte[] encryptSessionInfo(PGPPublicKey pubKey,
                 if (JcaJcePGPUtil.isX25519(ecKey.getCurveOID()))
                 {
                     return encryptSessionInfoWithECDHKey(pubKeyPacket, "X25519", cryptoPublicKey, keyEncryptionOID,
-                        ecKey.getSymmetricKeyAlgorithm(), sessionInfo, RFC6637Utils.getXDHAlgorithm(pubKeyPacket),
+                        ecKey.getSymmetricKeyAlgorithm(), sessionInfo, RFC6637Utils.getXDHAlgorithm(pubKeyPacket), optSymAlgId,
                         new KeyPairGeneratorOperation()
                         {
                             @Override
@@ -135,7 +136,7 @@ public byte[] getEphPubEncoding(byte[] publicKeyData)
                 else if (ecKey.getCurveOID().equals(EdECObjectIdentifiers.id_X448))
                 {
                     return encryptSessionInfoWithECDHKey(pubKeyPacket, "X448", cryptoPublicKey, keyEncryptionOID,
-                        ecKey.getSymmetricKeyAlgorithm(), sessionInfo, RFC6637Utils.getXDHAlgorithm(pubKeyPacket),
+                        ecKey.getSymmetricKeyAlgorithm(), sessionInfo, RFC6637Utils.getXDHAlgorithm(pubKeyPacket), optSymAlgId,
                         new KeyPairGeneratorOperation()
                         {
                             @Override
@@ -159,7 +160,7 @@ public byte[] getEphPubEncoding(byte[] publicKeyData)
                 else
                 {
                     return encryptSessionInfoWithECDHKey(pubKeyPacket, "EC", cryptoPublicKey, keyEncryptionOID,
-                        ecKey.getSymmetricKeyAlgorithm(), sessionInfo, RFC6637Utils.getAgreementAlgorithm(pubKeyPacket),
+                        ecKey.getSymmetricKeyAlgorithm(), sessionInfo, RFC6637Utils.getAgreementAlgorithm(pubKeyPacket), optSymAlgId,
                         new KeyPairGeneratorOperation()
                         {
                             @Override
@@ -189,14 +190,14 @@ public byte[] getEphPubEncoding(byte[] ephPubEncoding)
             else if (pubKey.getAlgorithm() == PublicKeyAlgorithmTags.X25519)
             {
                 return encryptSessionInfoWithX25519X448Key(pubKey, "X25519", cryptoPublicKey, NISTObjectIdentifiers.id_aes128_wrap.getId(),
-                    SymmetricKeyAlgorithmTags.AES_128, sessionKey, "X25519withSHA256HKDF", 255, optSymAlgId);
+                    SymmetricKeyAlgorithmTags.AES_128, sessionKey, "X25519withSHA256HKDF", 255, optSymAlgId, isV3);
             }
 
             // X448
             else if (pubKey.getAlgorithm() == PublicKeyAlgorithmTags.X448)
             {
                 return encryptSessionInfoWithX25519X448Key(pubKey, "X448", cryptoPublicKey, NISTObjectIdentifiers.id_aes256_wrap.getId(),
-                    SymmetricKeyAlgorithmTags.AES_256, sessionKey, "X448withSHA512HKDF", 448, optSymAlgId);
+                    SymmetricKeyAlgorithmTags.AES_256, sessionKey, "X448withSHA512HKDF", 448, optSymAlgId, isV3);
             }
 
             // RSA / ElGamal etc.
@@ -205,7 +206,7 @@ else if (pubKey.getAlgorithm() == PublicKeyAlgorithmTags.X448)
                 Cipher c = helper.createPublicKeyCipher(pubKey.getAlgorithm());
 
                 c.init(Cipher.ENCRYPT_MODE, cryptoPublicKey, random);
-                byte[] sessionInfo = createSessionInfo(optSymAlgId, sessionKey);
+                byte[] sessionInfo = createSessionInfo(isV3 ? optSymAlgId : (byte)0, sessionKey);
                 return c.doFinal(sessionInfo);
             }
         }
@@ -245,7 +246,7 @@ private interface EphPubEncoding
     }
 
     private byte[] encryptSessionInfoWithECDHKey(PublicKeyPacket pubKeyPacket, String algorithmName, PublicKey cryptoPublicKey, String keyEncryptionOID,
-                                                 int symmetricKeyAlgorithm, byte[] sessionInfo, String agreementName, KeyPairGeneratorOperation kpOperation,
+                                                 int symmetricKeyAlgorithm, byte[] sessionInfo, String agreementName, byte symAlgId, KeyPairGeneratorOperation kpOperation,
                                                  EphPubEncoding getEncoding)
         throws GeneralSecurityException, IOException, PGPException
     {
@@ -264,8 +265,8 @@ private byte[] encryptSessionInfoWithECDHKey(PublicKeyPacket pubKeyPacket, Strin
 
         // wrap the padded session info using the shared-secret public key
         // https://www.rfc-editor.org/rfc/rfc9580.html#section-11.5-16
-        return getSessionInfo(new MPInteger(new BigInteger(1, ephPubEncoding))
-            .getEncoded(), getWrapper(symmetricKeyAlgorithm, sessionInfo[0], secret, paddedSessionData));
+        return getSessionInfo(new MPInteger(new BigInteger(1, ephPubEncoding)).getEncoded(),
+            (byte)0, getWrapper(symmetricKeyAlgorithm, symAlgId, secret, paddedSessionData));
     }
 
     /**
@@ -279,7 +280,7 @@ private byte[] encryptSessionInfoWithECDHKey(PublicKeyPacket pubKeyPacket, Strin
      */
     private byte[] encryptSessionInfoWithX25519X448Key(PGPPublicKey pgpPublicKey, String algorithmName, PublicKey cryptoPublicKey, String keyEncryptionOID,
                                                        int symmetricKeyAlgorithm, byte[] sessionKey, String agreementAlgorithmName, int keySize,
-                                                       byte optSymAlgId)
+                                                       byte optSymAlgId, boolean isV3)
         throws GeneralSecurityException, IOException, PGPException
     {
         KeyPairGenerator kpGen = helper.createKeyPairGenerator(algorithmName);
@@ -289,11 +290,7 @@ private byte[] encryptSessionInfoWithX25519X448Key(PGPPublicKey pgpPublicKey, St
         byte[] ephPubEncoding = SubjectPublicKeyInfo.getInstance(ephKP.getPublic().getEncoded()).getPublicKeyData().getBytes();
         HybridValueParameterSpec ukmSpec = JcaJcePGPUtil.getHybridValueParameterSpecWithPrepend(ephPubEncoding, pgpPublicKey.getPublicKeyPacket(), algorithmName);
         Key secret = JcaJcePGPUtil.getSecret(helper, cryptoPublicKey, keyEncryptionOID, agreementAlgorithmName, ukmSpec, ephKP.getPrivate());
-        if (optSymAlgId == 0)
-        {
-            return getSessionInfo(ephPubEncoding, getWrapper(symmetricKeyAlgorithm, optSymAlgId, secret, sessionKey));
-        }
-        return getSessionInfo(ephPubEncoding, optSymAlgId, getWrapper(symmetricKeyAlgorithm, optSymAlgId, secret, sessionKey));
+        return getSessionInfo(ephPubEncoding, isV3 ? optSymAlgId : (byte)0, getWrapper(symmetricKeyAlgorithm, optSymAlgId, secret, sessionKey));
     }
 
     private byte[] getWrapper(int symmetricKeyAlgorithm, byte optSymAlgId, Key secret, byte[] sessionData)