From 0d93bbff758f1d76f688d79fdf7787d35920708b Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Fri, 11 Aug 2023 10:40:09 +0200 Subject: [PATCH] Reintroduce and deprecate old AEAD preferences methods. --- .../bcpg/SignatureSubpacketInputStream.java | 1 + .../bcpg/SignatureSubpacketTags.java | 4 +-- .../PGPSignatureSubpacketGenerator.java | 20 ++++++++++-- .../openpgp/PGPSignatureSubpacketVector.java | 32 ++++++++++++++++++- 4 files changed, 52 insertions(+), 5 deletions(-) diff --git a/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketInputStream.java b/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketInputStream.java index 7f34ca073b..f54e3be2bc 100644 --- a/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketInputStream.java +++ b/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketInputStream.java @@ -149,6 +149,7 @@ else if (flags[StreamUtil.flag_partial]) case PREFERRED_COMP_ALGS: case PREFERRED_HASH_ALGS: case PREFERRED_SYM_ALGS: + case PREFERRED_ENCRYPTION_MODES: return new PreferredAlgorithms(type, isCritical, isLongLength, data); case PREFERRED_AEAD_ALGORITHMS: return new PreferredAEADCiphersuites(isCritical, isLongLength, data); diff --git a/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketTags.java b/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketTags.java index 73456727b4..65f8c152fe 100644 --- a/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketTags.java +++ b/pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketTags.java @@ -30,8 +30,8 @@ public interface SignatureSubpacketTags int SIGNATURE_TARGET = 31; // signature target int EMBEDDED_SIGNATURE = 32; // embedded signature int ISSUER_FINGERPRINT = 33; // issuer key fingerprint -// public static final int PREFERRED_AEAD_ALGORITHMS = 34; // RESERVED since crypto-refresh-05 -int INTENDED_RECIPIENT_FINGERPRINT = 35; // intended recipient fingerprint + int PREFERRED_ENCRYPTION_MODES = 34; // draft-koch-openpgp-2015-rfc4880bis defines this packet for AEAD algorithms + int INTENDED_RECIPIENT_FINGERPRINT = 35; // intended recipient fingerprint int ATTESTED_CERTIFICATIONS = 37; // attested certifications (RESERVED) int KEY_BLOCK = 38; // Key Block (RESERVED) int PREFERRED_AEAD_ALGORITHMS = 39; // preferred AEAD algorithms diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java index 8cd8e29d8d..13eac160b6 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java @@ -193,11 +193,27 @@ public void setPreferredCompressionAlgorithms(boolean isCritical, int[] algorith /** * Specify the preferred AEAD algorithms of this key. + * This method of defining encryption mode preferences was introduced and deprecated in + * draft-koch-openpgp-2015-rfc4880bis for OpenPGP v5 keys. * - * @param isCritical true if should be treated as critical, false otherwise. + * @param isCritical true, if this packet should be treated as critical, false otherwise. + * @param algorithms array of algorithms in descending preference + * @deprecated use {@link #setPreferredAEADCiphersuites(boolean, PreferredAEADCiphersuites.Combination[])} instead + */ + @Deprecated + public void setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms) + { + packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_ENCRYPTION_MODES, isCritical, + algorithms)); + } + + /** + * Specify the preferred AEAD cipher suites of this key. + * + * @param isCritical true, if this packet should be treated as critical, false otherwise. * @param algorithms array of algorithms in descending preference */ - public void setPreferredAEADAlgorithms(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms) + public void setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms) { packets.add(new PreferredAEADCiphersuites(isCritical, algorithms)); } diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java index 2b9039aad5..248b777d43 100644 --- a/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java +++ b/pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java @@ -286,7 +286,37 @@ public int[] getPreferredCompressionAlgorithms() return ((PreferredAlgorithms)p).getPreferences(); } - public PreferredAEADCiphersuites getPreferredAEADAlgorithms() + /** + * Return an array containing the preferred AEAD encryption modes of the key. + * AEAD Encryption modes are defined in {@link org.bouncycastle.bcpg.AEADAlgorithmTags}. + *
+ * This packet type is defined in draft-koch-openpgp-2015-rfc4880bis. + * Recipients should ignore this packet and assume the recipient to prefer OCB. + * + * @return encryption modes + * @deprecated use {@link #getPreferredAEADCiphersuites()} instead. + */ + @Deprecated + public int[] getPreferredAEADAlgorithms() + { + SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.PREFERRED_ENCRYPTION_MODES); + + if (p == null) + { + return null; + } + + PreferredAlgorithms packet = (PreferredAlgorithms) p; + return packet.getPreferences(); + } + + /** + * Return an array containing preferred AEAD ciphersuites of the key. + * AEAD cipher suites are pairs of a symmetric algorithm and an AEAD algorithm. + * + * @return AEAD cipher suites + */ + public PreferredAEADCiphersuites getPreferredAEADCiphersuites() { SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);