Reduce diff

pgpainless · Aug 7, 2024 · 463548d · 463548d
1 parent d6260e4
commit 463548d
Show file tree

Hide file tree

Showing 5 changed files with 43 additions and 57 deletions.
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java b/pg/src/main/java/org/bouncycastle/openpgp/PGPPublicKeyEncryptedData.java
@@ -35,9 +35,10 @@ public class PGPPublicKeyEncryptedData
     }
 
     private boolean confirmCheckSum(
-            byte[] sessionInfo)
+        byte[] sessionInfo)
     {
         int check = 0;
+
         for (int i = 1; i != sessionInfo.length - 2; i++)
         {
             check += sessionInfo[i] & 0xff;
@@ -98,6 +99,8 @@ public PGPSessionKey getSessionKey(
         throws PGPException
     {
         byte[] sessionInfo = dataDecryptorFactory.recoverSessionData(keyData, encData);
+
+        // Confirm and discard checksum
         if (containsChecksum(keyData.getAlgorithm()))
         {
             if (!confirmCheckSum(sessionInfo))
@@ -107,15 +110,13 @@ public PGPSessionKey getSessionKey(
             sessionInfo = Arrays.copyOf(sessionInfo, sessionInfo.length - 2);
         }
 
-
-        byte[] sessionKey;
+        byte[] sessionKey = Arrays.copyOfRange(sessionInfo, 1, sessionInfo.length);
         int algorithm;
 
         // OCB (LibrePGP v5 style AEAD)
         if (encData instanceof AEADEncDataPacket)
         {
             algorithm = ((AEADEncDataPacket) encData).getAlgorithm();
-            sessionKey = Arrays.copyOfRange(sessionInfo, 1, sessionInfo.length);
         }
 
         // SEIPD (OpenPGP v4 / OpenPGP v6)
@@ -125,12 +126,10 @@ else if (encData instanceof SymmetricEncIntegrityPacket)
             if (seipd.getVersion() == SymmetricEncIntegrityPacket.VERSION_1)
             {
                 algorithm = sessionInfo[0];
-                sessionKey = Arrays.copyOfRange(sessionInfo, 1, sessionInfo.length);
             }
             else if (seipd.getVersion() == SymmetricEncIntegrityPacket.VERSION_2)
             {
                 algorithm = seipd.getCipherAlgorithm();
-                sessionKey = Arrays.copyOfRange(sessionInfo, 1, sessionInfo.length);
             }
             else
             {
@@ -141,7 +140,6 @@ else if (seipd.getVersion() == SymmetricEncIntegrityPacket.VERSION_2)
         else
         {
             algorithm = sessionInfo[0];
-            sessionKey = Arrays.copyOfRange(sessionInfo, 1, sessionInfo.length);
         }
 
         return new PGPSessionKey(algorithm & 0xff, sessionKey);

diff --git a/...rc/main/java/org/bouncycastle/openpgp/operator/AbstractPublicKeyDataDecryptorFactory.java b/...rc/main/java/org/bouncycastle/openpgp/operator/AbstractPublicKeyDataDecryptorFactory.java
@@ -56,22 +56,12 @@ protected boolean containsSKAlg(int pkeskVersion)
         return pkeskVersion != PublicKeyEncSessionPacket.VERSION_6;
     }
 
-    protected boolean confirmCheckSum(
-            byte[] sessionInfo, int algorithm)
+    protected static void checkRange(int pLen, byte[] enc)
+            throws PGPException
     {
-        // X25519, X448 does not include a checksum
-        if (algorithm == PublicKeyAlgorithmTags.X25519 || algorithm == PublicKeyAlgorithmTags.X448)
+        if (pLen > enc.length)
         {
-            return true;
+            throw new PGPException("encoded length out of range");
         }
-
-        int check = 0;
-        for (int i = 1; i != sessionInfo.length - 2; i++)
-        {
-            check += sessionInfo[i] & 0xff;
-        }
-
-        return (sessionInfo[sessionInfo.length - 2] == (byte)(check >> 8))
-                && (sessionInfo[sessionInfo.length - 1] == (byte)(check));
     }
 }
diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/PublicKeyDataDecryptorFactory.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/PublicKeyDataDecryptorFactory.java
@@ -7,15 +7,30 @@
 public interface PublicKeyDataDecryptorFactory
     extends PGPDataDecryptorFactory
 {
+    /**
+     * Recover the plain session info by decrypting the encrypted session key.
+     * The session info ALWAYS has the symmetric algorithm ID prefixed, so the return value is:
+     * <pre>[sym-alg][session-key][checksum]?</pre>
+     *
+     * @param pkesk public-key encrypted session-key packet
+     * @param encData encrypted data (sed/seipd/oed) packet
+     * @return decrypted session info
+     * @throws PGPException
+     */
     byte[] recoverSessionData(PublicKeyEncSessionPacket pkesk, InputStreamPacket encData)
             throws PGPException;
 
     /**
-     * @deprecated use {@link #recoverSessionData(PublicKeyEncSessionPacket, InputStreamPacket)} (PublicKeyEncSessionPacket, InputStreamPacket)} instead.
+     * Recover the plain session info by decrypting the encrypted session key.
+     * This method returns the decrypted session info as-is (without prefixing missing cipher algorithm),
+     * so the return value is:
+     * <pre>[sym-alg]?[session-key][checksum]?</pre>
+     *
+     * @deprecated use {@link #recoverSessionData(PublicKeyEncSessionPacket, InputStreamPacket)} instead.
      * @param keyAlgorithm public key algorithm
      * @param secKeyData encrypted session key data
      * @param pkeskVersion version of the PKESK packet
-     * @return
+     * @return decrypted session info
      * @throws PGPException
      */
     byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData, int pkeskVersion)

diff --git a/pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.java b/pg/src/main/java/org/bouncycastle/openpgp/operator/bc/BcPublicKeyDataDecryptorFactory.java
@@ -297,13 +297,4 @@ private static byte[] unwrapSessionData(byte[] keyEnc, int symmetricKeyAlgorithm
         c.init(false, key);
         return c.unwrap(keyEnc, 0, keyEnc.length);
     }
-
-    private static void checkRange(int pLen, byte[] enc)
-        throws PGPException
-    {
-        if (pLen > enc.length)
-        {
-            throw new PGPException("encoded length out of range");
-        }
-    }
 }
diff --git a/...ava/org/bouncycastle/openpgp/operator/jcajce/JcePublicKeyDataDecryptorFactoryBuilder.java b/...ava/org/bouncycastle/openpgp/operator/jcajce/JcePublicKeyDataDecryptorFactoryBuilder.java
@@ -147,9 +147,7 @@ public byte[] recoverSessionData(PublicKeyEncSessionPacket pkesk, InputStreamPac
             public byte[] recoverSessionData(int keyAlgorithm, byte[][] secKeyData, int pkeskVersion)
                 throws PGPException
             {
-                if (keyAlgorithm == PublicKeyAlgorithmTags.ECDH ||
-                        keyAlgorithm == PublicKeyAlgorithmTags.X25519 ||
-                        keyAlgorithm == PublicKeyAlgorithmTags.X448)
+                if (keyAlgorithm == PublicKeyAlgorithmTags.ECDH || keyAlgorithm == PublicKeyAlgorithmTags.X25519 || keyAlgorithm == PublicKeyAlgorithmTags.X448)
                 {
                     throw new PGPException("ECDH requires use of PGPPrivateKey for decryption");
                 }
@@ -264,18 +262,12 @@ private byte[] decryptSessionData(JcaPGPKeyConverter converter, PGPPrivateKey pr
         byte[] keyEnc;
 
         pLen = ((((enc[0] & 0xff) << 8) + (enc[1] & 0xff)) + 7) / 8;
-        if ((2 + pLen + 1) > enc.length)
-        {
-            throw new PGPException("encoded length out of range");
-        }
+        checkRange(2 + pLen + 1, enc);
 
         pEnc = new byte[pLen];
         System.arraycopy(enc, 2, pEnc, 0, pLen);
         int keyLen = enc[pLen + 2] & 0xff;
-        if ((2 + pLen + 1 + keyLen) > enc.length)
-        {
-            throw new PGPException("encoded length out of range");
-        }
+        checkRange(2 + pLen + 1 + keyLen, enc);
 
         keyEnc = new byte[keyLen];
         System.arraycopy(enc, 2 + pLen + 1, keyEnc, 0, keyLen);
@@ -341,11 +333,8 @@ private byte[] decryptSessionData(JcaPGPKeyConverter converter, PGPPrivateKey pr
             byte[] ephemeralKey = Arrays.copyOf(enc, pLen);
 
             int size = enc[pLen] & 0xff;
-            // checkRange
-            if ((pLen + 1 + size) > enc.length)
-            {
-                throw new PGPException("encoded length out of range");
-            }
+
+            checkRange(pLen + 1 + size, enc);
 
             // encrypted session key
             int sesKeyLen = size - (containsSKAlg ? 1 : 0);
@@ -363,18 +352,12 @@ private byte[] decryptSessionData(JcaPGPKeyConverter converter, PGPPrivateKey pr
         }
     }
 
-    private Key getSessionKey(JcaPGPKeyConverter converter,
-                              PGPPrivateKey privKey,
-                              String agreementName,
-                              PublicKey publicKey,
-                              int symmetricKeyAlgorithm,
-                              byte[] keyEnc,
-                              AlgorithmParameterSpec ukms)
+    private Key getSessionKey(JcaPGPKeyConverter converter, PGPPrivateKey privKey, String agreementName,
+                              PublicKey publicKey, int symmetricKeyAlgorithm, byte[] keyEnc, AlgorithmParameterSpec ukms)
         throws PGPException, GeneralSecurityException
     {
         PrivateKey privateKey = converter.getPrivateKey(privKey);
-        String wrapName = RFC6637Utils.getKeyEncryptionOID(symmetricKeyAlgorithm).getId();
-        Key key = JcaJcePGPUtil.getSecret(helper, publicKey, wrapName, agreementName, ukms, privateKey);
+        Key key = JcaJcePGPUtil.getSecret(helper, publicKey, RFC6637Utils.getKeyEncryptionOID(symmetricKeyAlgorithm).getId(), agreementName, ukms, privateKey);
         Cipher c = helper.createKeyWrapper(symmetricKeyAlgorithm);
         c.init(Cipher.UNWRAP_MODE, key);
         return c.unwrap(keyEnc, "Session", Cipher.SECRET_KEY);
@@ -456,4 +439,13 @@ private byte[] decryptSessionData(int keyAlgorithm, PrivateKey privKey, int expe
             throw new PGPException("exception decrypting session data", e);
         }
     }
+
+    private static void checkRange(int pLen, byte[] enc)
+            throws PGPException
+    {
+        if (pLen > enc.length)
+        {
+            throw new PGPException("encoded length out of range");
+        }
+    }
 }