From e988796ea9548d2e8be8ece5a99de23944fe1b80 Mon Sep 17 00:00:00 2001
From: Paul Schaub <vanitasvitae@fsfe.org>
Date: Fri, 30 May 2025 14:45:34 +0200
Subject: [PATCH] SOP encrypt: Add profile for rfc9580

---
 .../kotlin/org/pgpainless/sop/EncryptImpl.kt  | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/EncryptImpl.kt b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/EncryptImpl.kt
index bacd53e9..87d87b45 100644
--- a/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/EncryptImpl.kt
+++ b/pgpainless-sop/src/main/kotlin/org/pgpainless/sop/EncryptImpl.kt
@@ -8,11 +8,14 @@ import java.io.IOException
 import java.io.InputStream
 import java.io.OutputStream
 import org.bouncycastle.openpgp.PGPException
+import org.bouncycastle.openpgp.api.MessageEncryptionMechanism
 import org.bouncycastle.openpgp.api.OpenPGPKey
 import org.bouncycastle.util.io.Streams
 import org.pgpainless.PGPainless
+import org.pgpainless.algorithm.AEADAlgorithm
 import org.pgpainless.algorithm.DocumentSignatureType
 import org.pgpainless.algorithm.StreamEncoding
+import org.pgpainless.algorithm.SymmetricKeyAlgorithm
 import org.pgpainless.encryption_signing.EncryptionOptions
 import org.pgpainless.encryption_signing.ProducerOptions
 import org.pgpainless.encryption_signing.SigningOptions
@@ -33,8 +36,13 @@ class EncryptImpl(private val api: PGPainless) : Encrypt {
 
     companion object {
         @JvmField val RFC4880_PROFILE = Profile("rfc4880", "Follow the packet format of rfc4880")
+        @JvmField val RFC9580_PROFILE = Profile("rfc9580", "Follow the packet format of rfc9580")
 
-        @JvmField val SUPPORTED_PROFILES = listOf(RFC4880_PROFILE)
+        @JvmField
+        val SUPPORTED_PROFILES =
+            listOf(
+                RFC4880_PROFILE.withAliases("default", "compatibility"),
+                RFC9580_PROFILE.withAliases("security", "performance"))
     }
 
     private val encryptionOptions = EncryptionOptions.get(api)
@@ -55,6 +63,12 @@ class EncryptImpl(private val api: PGPainless) : Encrypt {
             throw SOPGPException.MissingArg("Missing encryption method.")
         }
 
+        if (profile == RFC9580_PROFILE.name) {
+            encryptionOptions.overrideEncryptionMechanism(
+                MessageEncryptionMechanism.aead(
+                    SymmetricKeyAlgorithm.AES_128.algorithmId, AEADAlgorithm.OCB.algorithmId))
+        }
+
         val options =
             if (signingOptions != null) {
                     ProducerOptions.signAndEncrypt(encryptionOptions, signingOptions!!)
@@ -94,7 +108,8 @@ class EncryptImpl(private val api: PGPainless) : Encrypt {
 
     override fun profile(profileName: String): Encrypt = apply {
         profile =
-            SUPPORTED_PROFILES.find { it.name == profileName }?.name
+            SUPPORTED_PROFILES.find { it.name == profileName || it.aliases.contains(profileName) }
+                ?.name
                 ?: throw SOPGPException.UnsupportedProfile("encrypt", profileName)
     }