Skip to content

Commit

Permalink
revert the wrong commit #1768 Implement message decryption using SEIP…
Browse files Browse the repository at this point in the history 
…Dv2 and PKESKv6 packets
  • Loading branch information
gefeili committed Sep 5, 2024
1 parent 1232b9f commit 6114940
Show file tree
Hide file tree
Showing 11 changed files with 203 additions and 899 deletions.
11 changes: 0 additions & 11 deletions pg/src/main/java/org/bouncycastle/bcpg/PublicKeyEncSessionPacket.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -60,23 +60,12 @@ else if (version == VERSION_6)
// anon recipient
keyVersion = 0;
keyFingerprint = new byte[0];
keyID = 0L;
}
else
{
keyVersion = in.read();
keyFingerprint = new byte[keyInfoLen - 1];
in.readFully(keyFingerprint);
// Derived key-ID from fingerprint
// TODO: Replace with getKeyIdentifier
if (keyVersion == PublicKeyPacket.VERSION_4)
{
keyID = FingerprintUtil.keyIdFromV4Fingerprint(keyFingerprint);
}
else
{
keyID = FingerprintUtil.keyIdFromV6Fingerprint(keyFingerprint);
}
}
}
else
Expand Down
90 changes: 12 additions & 78 deletions pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,13 +72,13 @@ public int getSymmetricAlgorithm(
{
if (keyData.getVersion() == PublicKeyEncSessionPacket.VERSION_3)
{
byte[] plain = dataDecryptorFactory.recoverSessionData(keyData, encData);
byte[] plain = dataDecryptorFactory.recoverSessionData(keyData.getAlgorithm(), keyData.getEncSessionKey());
// symmetric cipher algorithm is stored in first octet of session data
return plain[0];
}
else if (keyData.getVersion() == PublicKeyEncSessionPacket.VERSION_6)
{
// PKESK v6 stores the cipher algorithm in the SEIPD v2 packet fields.
// PKESK v5 stores the cipher algorithm in the SEIPD v2 packet fields.
return ((SymmetricEncIntegrityPacket)encData).getCipherAlgorithm();
}
else
Expand All @@ -98,57 +98,16 @@ public PGPSessionKey getSessionKey(
PublicKeyDataDecryptorFactory dataDecryptorFactory)
throws PGPException
{
byte[] sessionInfo = dataDecryptorFactory.recoverSessionData(keyData, encData);

// Confirm and discard checksum
if (containsChecksum(keyData.getAlgorithm()))
{
if (!confirmCheckSum(sessionInfo))
{
throw new PGPException("Key checksum failed.");
}
sessionInfo = Arrays.copyOf(sessionInfo, sessionInfo.length - 2);
}

byte[] sessionKey = Arrays.copyOfRange(sessionInfo, 1, sessionInfo.length);
int algorithm;

// OCB (LibrePGP v5 style AEAD)
if (encData instanceof AEADEncDataPacket)
byte[] sessionData = dataDecryptorFactory.recoverSessionData(keyData.getAlgorithm(), keyData.getEncSessionKey());
if (keyData.getAlgorithm() == PublicKeyAlgorithmTags.X25519 || keyData.getAlgorithm() == PublicKeyAlgorithmTags.X448)
{
algorithm = ((AEADEncDataPacket) encData).getAlgorithm();
}

// SEIPD (OpenPGP v4 / OpenPGP v6)
else if (encData instanceof SymmetricEncIntegrityPacket)
{
SymmetricEncIntegrityPacket seipd = (SymmetricEncIntegrityPacket) encData;
if (seipd.getVersion() == SymmetricEncIntegrityPacket.VERSION_1)
{
algorithm = sessionInfo[0];
}
else if (seipd.getVersion() == SymmetricEncIntegrityPacket.VERSION_2)
{
algorithm = seipd.getCipherAlgorithm();
}
else
{
throw new UnsupportedPacketVersionException("Unsupported SEIPD packet version: " + seipd.getVersion());
}
return new PGPSessionKey(sessionData[0] & 0xff, Arrays.copyOfRange(sessionData, 1, sessionData.length));
}
// SED (Legacy, no integrity protection!)
else
if (!confirmCheckSum(sessionData))
{
algorithm = sessionInfo[0];
throw new PGPKeyValidationException("key checksum failed");
}

return new PGPSessionKey(algorithm & 0xff, sessionKey);
}

private boolean containsChecksum(int algorithm)
{
return algorithm != PublicKeyAlgorithmTags.X25519 &&
algorithm != PublicKeyAlgorithmTags.X448;
return new PGPSessionKey(sessionData[0] & 0xff, Arrays.copyOfRange(sessionData, 1, sessionData.length - 2));
}

/**
Expand Down Expand Up @@ -210,38 +169,13 @@ private InputStream getDataStream(
}
else
{
boolean withIntegrityPacket = encData instanceof SymmetricEncIntegrityPacket;

if (encData instanceof SymmetricEncIntegrityPacket)
{
SymmetricEncIntegrityPacket seipd = (SymmetricEncIntegrityPacket) encData;
// SEIPD v1 (OpenPGP v4)
if (seipd.getVersion() == SymmetricEncIntegrityPacket.VERSION_1)
{
PGPDataDecryptor dataDecryptor = dataDecryptorFactory.createDataDecryptor(true, sessionKey.getAlgorithm(), sessionKey.getKey());

BCPGInputStream encIn = encData.getInputStream();
PGPDataDecryptor dataDecryptor = dataDecryptorFactory.createDataDecryptor(withIntegrityPacket, sessionKey.getAlgorithm(), sessionKey.getKey());

processSymmetricEncIntegrityPacketDataStream(true, dataDecryptor, encIn);
}
// SEIPD v2 (OpenPGP v6 AEAD)
else
{
PGPDataDecryptor dataDecryptor = dataDecryptorFactory.createDataDecryptor(seipd, sessionKey);

BCPGInputStream encIn = encData.getInputStream();

encStream = new BCPGInputStream(dataDecryptor.getInputStream(encIn));
}
}
// SED (Symmetrically Encrypted Data without Integrity Protection; Deprecated)
else
{
PGPDataDecryptor dataDecryptor = dataDecryptorFactory.createDataDecryptor(false, sessionKey.getAlgorithm(), sessionKey.getKey());

BCPGInputStream encIn = encData.getInputStream();
BCPGInputStream encIn = encData.getInputStream();

processSymmetricEncIntegrityPacketDataStream(false, dataDecryptor, encIn);
}
processSymmetricEncIntegrityPacketDataStream(withIntegrityPacket, dataDecryptor, encIn);

//
// some versions of PGP appear to produce 0 for the extra
Expand Down
76 changes: 0 additions & 76 deletions ...rc/main/java/org/bouncycastle/openpgp/operator/AbstractPublicKeyDataDecryptorFactory.java
View file

This file was deleted.

31 changes: 1 addition & 30 deletions pg/src/main/java/org/bouncycastle/openpgp/operator/PublicKeyDataDecryptorFactory.java
View file
Original file line number Diff line number Diff line change
@@ -1,39 +1,10 @@
package org.bouncycastle.openpgp.operator;

import org.bouncycastle.bcpg.InputStreamPacket;
import org.bouncycastle.bcpg.PublicKeyEncSessionPacket;
import org.bouncycastle.openpgp.PGPException;

public interface PublicKeyDataDecryptorFactory
extends PGPDataDecryptorFactory
{
/**
* Recover the plain session info by decrypting the encrypted session key.
* The session info ALWAYS has the symmetric algorithm ID prefixed, so the return value is:
* <pre>[sym-alg][session-key][checksum]?</pre>
*
* @param pkesk public-key encrypted session-key packet
* @param encData encrypted data (sed/seipd/oed) packet
* @return decrypted session info
* @throws PGPException
*/
byte[] recoverSessionData(PublicKeyEncSessionPacket pkesk, InputStreamPacket encData)
byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData)
throws PGPException;

/**
* Recover the plain session info by decrypting the encrypted session key.
* This method returns the decrypted session info as-is (without prefixing missing cipher algorithm),
* so the return value is:
* <pre>[sym-alg]?[session-key][checksum]?</pre>
*
* @deprecated use {@link #recoverSessionData(PublicKeyEncSessionPacket, InputStreamPacket)} instead.
* @param keyAlgorithm public key algorithm
* @param secKeyData encrypted session key data
* @param pkeskVersion version of the PKESK packet
* @return decrypted session info
* @throws PGPException
*/
byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData, int pkeskVersion)
throws PGPException;

}
Loading

0 comments on commit 6114940

Please sign in to comment.