From bc3cb9594596f819dd8bfe39f5ab9ac2fe695a9b Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Mon, 5 May 2025 14:19:32 +0200
Subject: [PATCH] Workaround for OpenPGPInputStream to recognize PKESKv6
 packets

---
 .../OpenPgpInputStream.java                   | 44 ++++++++++++++-----
 .../MechanismNegotiationTest.java             |  2 +-
 2 files changed, 34 insertions(+), 12 deletions(-)

diff --git a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java
index 3522f509..4904d808 100644
--- a/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java
+++ b/pgpainless-core/src/main/java/org/pgpainless/decryption_verification/OpenPgpInputStream.java
@@ -178,22 +178,44 @@ public class OpenPgpInputStream extends BufferedInputStream {
 
             case PUBLIC_KEY_ENC_SESSION:
                 int pkeskVersion = bcpgIn.read();
-                if (pkeskVersion <= 0 || pkeskVersion > 5) {
+                if (pkeskVersion <= 0 || pkeskVersion > 6) {
                     return;
                 }
 
-                // Skip Key-ID
-                for (int i = 0; i < 8; i++) {
-                    bcpgIn.read();
-                }
+                if (pkeskVersion == 3) {
+                    // Skip Key-ID
+                    for (int i = 0; i < 8; i++) {
+                        bcpgIn.read();
+                    }
 
-                int pkeskAlg = bcpgIn.read();
-                if (PublicKeyAlgorithm.fromId(pkeskAlg) == null) {
-                    return;
-                }
+                    int pkeskAlg = bcpgIn.read();
+                    if (PublicKeyAlgorithm.fromId(pkeskAlg) == null) {
+                        return;
+                    }
 
-                containsOpenPgpPackets = true;
-                isLikelyOpenPgpMessage = true;
+                    containsOpenPgpPackets = true;
+                    isLikelyOpenPgpMessage = true;
+                } else if (pkeskVersion == 6) {
+                    int len = bcpgIn.read();
+                    if (len != 0) {
+                        int ver = bcpgIn.read();
+                        if (ver == 4) {
+                            for (int i = 0; i < 20; i++) {
+                                bcpgIn.read();
+                            }
+                        } else {
+                            for (int i = 0; i < 32; i++) {
+                                bcpgIn.read();
+                            }
+                        }
+                        int pkeskAlg = bcpgIn.read();
+                        if (PublicKeyAlgorithm.fromId(pkeskAlg) == null) {
+                            return;
+                        }
+                    }
+                    containsOpenPgpPackets = true;
+                    isLikelyOpenPgpMessage = true;
+                }
                 break;
 
             case SIGNATURE:
diff --git a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MechanismNegotiationTest.java b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MechanismNegotiationTest.java
index 44a10a65..448a7646 100644
--- a/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MechanismNegotiationTest.java
+++ b/pgpainless-core/src/test/java/org/pgpainless/encryption_signing/MechanismNegotiationTest.java
@@ -146,7 +146,7 @@ public class MechanismNegotiationTest {
         private final OpenPGPKeyVersion version;
         private final AlgorithmSuite preferences;
 
-        public KeySpecification(OpenPGPKeyVersion version,
+        KeySpecification(OpenPGPKeyVersion version,
                                 AlgorithmSuite preferences) {
             this.version = version;
             this.preferences = preferences;