PGPainless/bc-sop
1
0
Fork 0
mirror of https://codeberg.org/PGPainless/bc-sop.git synced 2025-09-09 03:09:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

WIP: encrypt: Add support for rfc4880 profile

Browse source
This commit is contained in:
Paul Schaub 2025-07-25 15:10:03 +02:00
parent 1e6782166f
commit e0952aaf60
Signed by: vanitasvitae
GPG key ID: 62BEE9264BF17311
2 changed files with 37 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

36
bc-sop-api/src/main/java/org/pgpainless/bouncycastle/sop/operation/BCEncrypt.java
View file

@ -1,8 +1,11 @@
package org.pgpainless.bouncycastle.sop.operation; package org.pgpainless.bouncycastle.sop.operation;
import org.bouncycastle.bcpg.SymmetricKeyAlgorithmTags;
import org.bouncycastle.openpgp.PGPException; import org.bouncycastle.openpgp.PGPException;
import org.bouncycastle.openpgp.PGPSignature; import org.bouncycastle.openpgp.PGPSignature;
import org.bouncycastle.openpgp.api.MessageEncryptionMechanism;
import org.bouncycastle.openpgp.api.OpenPGPApi; import org.bouncycastle.openpgp.api.OpenPGPApi;
import org.bouncycastle.openpgp.api.OpenPGPEncryptionNegotiator;
import org.bouncycastle.openpgp.api.OpenPGPKey; import org.bouncycastle.openpgp.api.OpenPGPKey;
import org.bouncycastle.openpgp.api.OpenPGPMessageGenerator; import org.bouncycastle.openpgp.api.OpenPGPMessageGenerator;
import org.bouncycastle.openpgp.api.OpenPGPMessageOutputStream; import org.bouncycastle.openpgp.api.OpenPGPMessageOutputStream;
@ -12,6 +15,7 @@ import org.bouncycastle.openpgp.api.exception.InvalidSigningKeyException;
import org.bouncycastle.util.io.Streams; import org.bouncycastle.util.io.Streams;
import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.NotNull;
import sop.EncryptionResult; import sop.EncryptionResult;
import sop.Profile;
import sop.ReadyWithResult; import sop.ReadyWithResult;
import sop.SessionKey; import sop.SessionKey;
import sop.enums.EncryptAs; import sop.enums.EncryptAs;
@ -23,15 +27,25 @@ import java.io.InputStream;
import java.io.OutputStream; import java.io.OutputStream;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Arrays;
import java.util.List; import java.util.List;
public class BCEncrypt public class BCEncrypt
extends AbstractBCOperation extends AbstractBCOperation
implements Encrypt { implements Encrypt {
public static final Profile RFC4880_PROFILE = new Profile("rfc4880", "Follow the packet format of rfc4880");
public static final Profile RFC9580_PROFILE = new Profile("rfc9580", "Follow the packet format of rfc9580");
public static final List<Profile> PROFILES = Arrays.asList(
RFC4880_PROFILE.withAliases("default", "compatibility"),
RFC9580_PROFILE.withAliases("security", "performance"));
private final OpenPGPMessageGenerator mGen; private final OpenPGPMessageGenerator mGen;
private final List<OpenPGPKey> signingKeys = new ArrayList<>(); private final List<OpenPGPKey> signingKeys = new ArrayList<>();
private int signatureMode = PGPSignature.BINARY_DOCUMENT; private int signatureMode = PGPSignature.BINARY_DOCUMENT;
private boolean hasEncryptionMethod = false; private boolean hasEncryptionMethod = false;
private Profile profile = RFC9580_PROFILE;
public BCEncrypt(OpenPGPApi api) { public BCEncrypt(OpenPGPApi api) {
super(api); super(api);
@ -104,9 +118,14 @@ public class BCEncrypt
@NotNull @NotNull
@Override @Override
public Encrypt profile(@NotNull String s) { public Encrypt profile(@NotNull String s) {
// TODO: Implement for (Profile p : PROFILES) {
if (p.getName().equals(s) || p.getAliases().contains(s)) {
profile = p;
return this; return this;
} }
}
throw new SOPGPException.UnsupportedProfile("encrypt", s);
}
@NotNull @NotNull
@Override @Override
@ -116,6 +135,21 @@ public class BCEncrypt
throw new SOPGPException.MissingArg("No encryption method provided."); throw new SOPGPException.MissingArg("No encryption method provided.");
} }
if (profile.getName().equals(RFC4880_PROFILE.getName())) {
mGen.setPublicKeyBasedEncryptionNegotiator(new OpenPGPEncryptionNegotiator() {
@Override
public MessageEncryptionMechanism negotiateEncryption(OpenPGPMessageGenerator configuration) {
return MessageEncryptionMechanism.integrityProtected(SymmetricKeyAlgorithmTags.AES_256);
}
});
mGen.setPasswordBasedEncryptionNegotiator(new OpenPGPEncryptionNegotiator() {
@Override
public MessageEncryptionMechanism negotiateEncryption(OpenPGPMessageGenerator configuration) {
return MessageEncryptionMechanism.integrityProtected(SymmetricKeyAlgorithmTags.AES_256);
}
});
}
for (OpenPGPKey key : signingKeys) { for (OpenPGPKey key : signingKeys) {
try { try {
mGen.addSigningKey(key, new SignatureParameters.Callback() { mGen.addSigningKey(key, new SignatureParameters.Callback() {

3
bc-sop-api/src/main/java/org/pgpainless/bouncycastle/sop/operation/BCListProfiles.java
View file

@ -6,7 +6,6 @@ import sop.Profile;
import sop.exception.SOPGPException; import sop.exception.SOPGPException;
import sop.operation.ListProfiles; import sop.operation.ListProfiles;
import java.util.Collections;
import java.util.List; import java.util.List;
public class BCListProfiles public class BCListProfiles
@ -24,7 +23,7 @@ public class BCListProfiles
case "generate-key": case "generate-key":
return BCGenerateKey.PROFILES; return BCGenerateKey.PROFILES;
case "encrypt": case "encrypt":
return Collections.emptyList(); return BCEncrypt.PROFILES;
} }
throw new SOPGPException.UnsupportedProfile(s); throw new SOPGPException.UnsupportedProfile(s);
} }