buildKey(): Use BC KeyGenerator, but apply PGPainless algorithm preferences

2025-09-09 10:19:39 +02:00 · 2025-03-06 10:38:58 +01:00 · 2025-03-06 10:38:58 +01:00 · deaf9fa404
commit deaf9fa404
parent b5386d844e
4 changed files with 108 additions and 13 deletions
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/PGPainless.kt
@ -19,6 +19,7 @@ import org.bouncycastle.openpgp.api.OpenPGPKeyReader
 import org.bouncycastle.openpgp.api.bc.BcOpenPGPApi
 import org.pgpainless.algorithm.OpenPGPKeyVersion
 import org.pgpainless.bouncycastle.PolicyAdapter
+import org.pgpainless.bouncycastle.helpers.SignatureSubpacketsFunctionHelper
 import org.pgpainless.decryption_verification.DecryptionBuilder
 import org.pgpainless.encryption_signing.EncryptionBuilder
 import org.pgpainless.key.certification.CertifyCertificate
@ -59,7 +60,21 @@ class PGPainless(
                implementation, version.numeric, version == OpenPGPKeyVersion.v6, creationTime)
            .apply {
                val genAlgs = algorithmPolicy.keyGenerationAlgorithmSuite
-                setDefaultFeatures(genAlgs.features.toSignatureSubpacketsFunction(true))
+                // Set default algorithm preferences from AlgorithmSuite
+                setDefaultFeatures(
+                    SignatureSubpacketsFunctionHelper.applyFeatures(true, genAlgs.features))
+                setDefaultSymmetricKeyPreferences(
+                    SignatureSubpacketsFunctionHelper.applySymmetricAlgorithmPreferences(
+                        true, genAlgs.symmetricKeyAlgorithms))
+                setDefaultHashAlgorithmPreferences(
+                    SignatureSubpacketsFunctionHelper.applyHashAlgorithmPreferences(
+                        true, genAlgs.hashAlgorithms))
+                setDefaultCompressionAlgorithmPreferences(
+                    SignatureSubpacketsFunctionHelper.applyCompressionAlgorithmPreferences(
+                        true, genAlgs.compressionAlgorithms))
+                setDefaultAeadAlgorithmPreferences(
+                    SignatureSubpacketsFunctionHelper.applyAEADAlgorithmSuites(
+                        false, genAlgs.aeadAlgorithms))
            }

    fun readKey(): OpenPGPKeyReader = api.readKeyOrCertificate()
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/AlgorithmSuite.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/algorithm/AlgorithmSuite.kt
@ -4,8 +4,6 @@

 package org.pgpainless.algorithm

-import org.bouncycastle.openpgp.api.SignatureSubpacketsFunction
-
 class AlgorithmSuite(
    symmetricKeyAlgorithms: List<SymmetricKeyAlgorithm>?,
    hashAlgorithms: List<HashAlgorithm>?,
@ -18,16 +16,7 @@ class AlgorithmSuite(
    val hashAlgorithms: Set<HashAlgorithm>? = hashAlgorithms?.toSet()
    val compressionAlgorithms: Set<CompressionAlgorithm>? = compressionAlgorithms?.toSet()
    val aeadAlgorithms: Set<AEADCipherMode>? = aeadAlgorithms?.toSet()
-    val features: FeatureSet = FeatureSet(features.toSet())
-
-    class FeatureSet(val features: Set<Feature>) {
-        fun toSignatureSubpacketsFunction(critical: Boolean = true): SignatureSubpacketsFunction {
-            return SignatureSubpacketsFunction {
-                val b = Feature.toBitmask(*features.toTypedArray())
-                it.apply { setFeature(critical, b) }
-            }
-        }
-    }
+    val features: Set<Feature> = features.toSet()

    companion object {

--- a/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/helpers/SignatureSubpacketsFunctionHelper.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/bouncycastle/helpers/SignatureSubpacketsFunctionHelper.kt
@ -0,0 +1,90 @@
+// SPDX-FileCopyrightText: 2025 Paul Schaub <vanitasvitae@fsfe.org>
+//
+// SPDX-License-Identifier: Apache-2.0
+
+package org.pgpainless.bouncycastle.helpers
+
+import org.bouncycastle.bcpg.sig.PreferredAEADCiphersuites
+import org.bouncycastle.openpgp.api.SignatureSubpacketsFunction
+import org.pgpainless.algorithm.AEADCipherMode
+import org.pgpainless.algorithm.CompressionAlgorithm
+import org.pgpainless.algorithm.Feature
+import org.pgpainless.algorithm.HashAlgorithm
+import org.pgpainless.algorithm.SymmetricKeyAlgorithm
+
+class SignatureSubpacketsFunctionHelper {
+
+    companion object {
+
+        @JvmStatic
+        fun applySymmetricAlgorithmPreferences(
+            critical: Boolean = true,
+            symmetricAlgorithms: Set<SymmetricKeyAlgorithm>?
+        ): SignatureSubpacketsFunction {
+            return symmetricAlgorithms?.let { algorithms ->
+                val algorithmIds = algorithms.map { it.algorithmId }.toIntArray()
+                SignatureSubpacketsFunction {
+                    it.apply { setPreferredSymmetricAlgorithms(critical, algorithmIds) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyHashAlgorithmPreferences(
+            critical: Boolean = true,
+            hashAlgorithms: Set<HashAlgorithm>?
+        ): SignatureSubpacketsFunction {
+            return hashAlgorithms?.let { algorithms ->
+                val algorithmIds = algorithms.map { it.algorithmId }.toIntArray()
+                SignatureSubpacketsFunction {
+                    it.apply { setPreferredHashAlgorithms(critical, algorithmIds) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyCompressionAlgorithmPreferences(
+            critical: Boolean = true,
+            compressionAlgorithms: Set<CompressionAlgorithm>?
+        ): SignatureSubpacketsFunction {
+            return compressionAlgorithms?.let { algorithms ->
+                val algorithmIds = algorithms.map { it.algorithmId }.toIntArray()
+                SignatureSubpacketsFunction {
+                    it.apply { setPreferredCompressionAlgorithms(critical, algorithmIds) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyAEADAlgorithmSuites(
+            critical: Boolean = true,
+            aeadAlgorithms: Set<AEADCipherMode>?
+        ): SignatureSubpacketsFunction {
+            return aeadAlgorithms?.let { algorithms ->
+                SignatureSubpacketsFunction {
+                    val builder = PreferredAEADCiphersuites.builder(critical)
+                    for (ciphermode: AEADCipherMode in algorithms) {
+                        builder.addCombination(
+                            ciphermode.ciphermode.algorithmId, ciphermode.aeadAlgorithm.algorithmId)
+                    }
+                    it.apply { setPreferredAEADCiphersuites(builder) }
+                }
+            }
+                ?: SignatureSubpacketsFunction { it }
+        }
+
+        @JvmStatic
+        fun applyFeatures(
+            critical: Boolean = true,
+            features: Set<Feature>
+        ): SignatureSubpacketsFunction {
+            return SignatureSubpacketsFunction {
+                val b = Feature.toBitmask(*features.toTypedArray())
+                it.apply { setFeature(critical, b) }
+            }
+        }
+    }
+}
--- a/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
+++ b/pgpainless-core/src/main/kotlin/org/pgpainless/key/modification/secretkeyring/SecretKeyRingEditor.kt
@ -90,6 +90,7 @@ class SecretKeyRingEditor(var key: OpenPGPKey, override val referenceTime: Date
            }
        builder.hashedSubpackets.apply {
            setKeyFlags(info.getKeyFlagsOf(primaryKey.keyID))
+            hashAlgorithmPreferences
            hashAlgorithmPreferences?.let { setPreferredHashAlgorithms(it) }
            symmetricKeyAlgorithmPreferences?.let { setPreferredSymmetricKeyAlgorithms(it) }
            compressionAlgorithmPreferences?.let { setPreferredCompressionAlgorithms(it) }