High-Level OpenPGP API

pg/src/main/java/org/bouncycastle/openpgp/KeyIdentifier.java

@@ -22,6 +22,11 @@ public class KeyIdentifier
     private final byte[] fingerprint;
     private final long keyId;
 
+    public KeyIdentifier(String hexEncoded)
+    {
+        this(Hex.decode(hexEncoded));
+    }
+
     /**
      * Create a new {@link KeyIdentifier} based on a keys fingerprint.
      * For fingerprints matching the format of a v4, v5 or v6 key, the constructor will
@@ -263,6 +268,26 @@ public boolean isWildcard()
         return keyId == 0L && fingerprint.length == 0;
     }
 
+    public static boolean matches(List<KeyIdentifier> identifiers, KeyIdentifier identifier, boolean explicit)
+    {
+        for (KeyIdentifier candidate : identifiers)
+        {
+            if (!explicit && candidate.isWildcard())
+            {
+                return true;
+            }
+
+            if (candidate.getFingerprint() != null &&
+                    Arrays.constantTimeAreEqual(candidate.getFingerprint(), identifier.getFingerprint()))
+            {
+                return true;
+            }
+
+            return candidate.getKeyId() == identifier.getKeyId();
+        }
+        return false;
+    }
+
     /**
      * Return true, if any of the {@link KeyIdentifier KeyIdentifiers} in the {@code identifiers} list
      * matches the given {@link PGPPublicKey}.
@@ -327,6 +352,33 @@ public static boolean matches(List<KeyIdentifier> identifiers,
         return false;
     }
 
+    @Override
+    public boolean equals(Object obj) {
+        if (obj == null)
+        {
+            return false;
+        }
+        if (this == obj)
+        {
+            return true;
+        }
+        if (!(obj instanceof KeyIdentifier))
+        {
+            return false;
+        }
+        KeyIdentifier other = (KeyIdentifier) obj;
+        if (getFingerprint() != null && other.getFingerprint() != null)
+        {
+            return Arrays.constantTimeAreEqual(getFingerprint(), other.getFingerprint());
+        }
+        return getKeyId() == other.getKeyId();
+    }
+
+    @Override
+    public int hashCode() {
+        return (int) getKeyId();
+    }
+
     public String toString()
     {
         if (isWildcard())

pg/src/main/java/org/bouncycastle/openpgp/PGPSignature.java

@@ -22,6 +22,8 @@
 import org.bouncycastle.bcpg.TrustPacket;
 import org.bouncycastle.bcpg.sig.IssuerFingerprint;
 import org.bouncycastle.bcpg.sig.IssuerKeyID;
+import org.bouncycastle.bcpg.sig.RevocationReason;
+import org.bouncycastle.bcpg.sig.RevocationReasonTags;
 import org.bouncycastle.math.ec.rfc8032.Ed25519;
 import org.bouncycastle.math.ec.rfc8032.Ed448;
 import org.bouncycastle.openpgp.operator.PGPContentVerifier;
@@ -897,6 +899,37 @@ public static boolean isCertification(int signatureType)
             || PGPSignature.POSITIVE_CERTIFICATION == signatureType;
     }
 
+    public static boolean isRevocation(int signatureType)
+    {
+        return PGPSignature.KEY_REVOCATION == signatureType
+                || PGPSignature.CERTIFICATION_REVOCATION == signatureType
+                || PGPSignature.SUBKEY_REVOCATION == signatureType;
+    }
+
+    public boolean isHardRevocation()
+    {
+        if (!isRevocation(getSignatureType()))
+        {
+            return false; // no revocation
+        }
+
+        if (!hasSubpackets())
+        {
+            return true; // consider missing subpackets (and therefore missing reason) as hard revocation
+        }
+
+        // only consider reasons from the hashed packet area
+        RevocationReason reason = getHashedSubPackets() != null ?
+                getHashedSubPackets().getRevocationReason() : null;
+        if (reason == null)
+        {
+            return true; // missing reason packet is hard
+        }
+
+        return reason.getRevocationReason() == RevocationReasonTags.NO_REASON // No reason is hard
+                || reason.getRevocationReason() == RevocationReasonTags.KEY_COMPROMISED; // key compromise is hard
+    }
+
     /**
      * Return true, if the cryptographic signature encoding of the two signatures match.
      * @param sig1 first signature

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureException.java

@@ -0,0 +1,15 @@
+package org.bouncycastle.openpgp;
+
+public class PGPSignatureException
+        extends PGPException
+{
+    public PGPSignatureException(String message)
+    {
+        super(message);
+    }
+
+    public PGPSignatureException(String message, Exception cause)
+    {
+        super(message, cause);
+    }
+}

pg/src/main/java/org/bouncycastle/openpgp/api/AuthenticatingInputStream.java

@@ -0,0 +1,101 @@
+package org.bouncycastle.openpgp.api;
+
+import java.io.IOException;
+import java.io.InputStream;
+
+/**
+ * Implementation of {@link InputStream} that withholds a number of bytes ({@link #CIRCULAR_BUFFER_SIZE} by
+ * default) from the original message until the message has been processed completely.
+ * This is done in order to minimize the risk of emitting unauthenticated plaintext, while being somewhat
+ * resource-efficient.
+ * The number of bytes to withhold can be configured.
+ */
+public class AuthenticatingInputStream
+        extends InputStream
+{
+    private static final int CIRCULAR_BUFFER_SIZE = 1024 * 1024 * 32; // 32 MiB
+
+    private final byte[] circularBuffer;
+    private int lastWrittenPos = 0;
+    private int bufReadPos = 0;
+    private final InputStream in;
+    private boolean closed = false;
+
+    public AuthenticatingInputStream(InputStream in)
+    {
+        this(in, CIRCULAR_BUFFER_SIZE);
+    }
+
+    public AuthenticatingInputStream(InputStream in, int bufferSize)
+    {
+        if (bufferSize <= 0)
+        {
+            throw new IllegalArgumentException("Buffer size cannot be null nor negative.");
+        }
+        this.circularBuffer = new byte[bufferSize];
+        this.in = in;
+    }
+
+    private void fill()
+            throws IOException
+    {
+        if (closed)
+        {
+            return;
+        }
+
+        // readerPos - 1 % buf.len
+        int lastAvailPos = (circularBuffer.length + bufReadPos - 1) % circularBuffer.length;
+        int read;
+        if (lastWrittenPos < lastAvailPos)
+        {
+            read = in.read(circularBuffer, lastWrittenPos, lastAvailPos - lastWrittenPos);
+        }
+        else
+        {
+            read = in.read(circularBuffer, lastWrittenPos, circularBuffer.length - lastWrittenPos);
+            if (read >= 0)
+            {
+                lastWrittenPos += read;
+            }
+            read = in.read(circularBuffer, 0, lastAvailPos);
+        }
+
+        if (read >= 0)
+        {
+            lastWrittenPos += read;
+        }
+        else
+        {
+            close();
+        }
+
+        lastWrittenPos %= circularBuffer.length;
+    }
+
+    @Override
+    public void close()
+            throws IOException
+    {
+        if (!closed)
+        {
+            closed = true;
+            System.out.println("Close");
+            in.close();
+        }
+    }
+
+    @Override
+    public int read()
+            throws IOException
+    {
+        fill();
+        if (bufReadPos == lastWrittenPos)
+        {
+            return -1;
+        }
+        int i = circularBuffer[bufReadPos++];
+        bufReadPos %= circularBuffer.length;
+        return i;
+    }
+}

pg/src/main/java/org/bouncycastle/openpgp/api/BcOpenPGPImplementation.java

@@ -0,0 +1,109 @@
+package org.bouncycastle.openpgp.api;
+
+import org.bouncycastle.bcpg.S2K;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPObjectFactory;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
+import org.bouncycastle.openpgp.PGPSessionKey;
+import org.bouncycastle.openpgp.bc.BcPGPObjectFactory;
+import org.bouncycastle.openpgp.operator.PBEDataDecryptorFactory;
+import org.bouncycastle.openpgp.operator.PBEKeyEncryptionMethodGenerator;
+import org.bouncycastle.openpgp.operator.PBESecretKeyDecryptorBuilderProvider;
+import org.bouncycastle.openpgp.operator.PGPContentSignerBuilder;
+import org.bouncycastle.openpgp.operator.PGPContentVerifierBuilderProvider;
+import org.bouncycastle.openpgp.operator.PGPDataEncryptorBuilder;
+import org.bouncycastle.openpgp.operator.PGPDigestCalculatorProvider;
+import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
+import org.bouncycastle.openpgp.operator.PublicKeyKeyEncryptionMethodGenerator;
+import org.bouncycastle.openpgp.operator.SessionKeyDataDecryptorFactory;
+import org.bouncycastle.openpgp.operator.bc.BcPBEDataDecryptorFactory;
+import org.bouncycastle.openpgp.operator.bc.BcPBEKeyEncryptionMethodGenerator;
+import org.bouncycastle.openpgp.operator.bc.BcPBESecretKeyDecryptorBuilderProvider;
+import org.bouncycastle.openpgp.operator.bc.BcPGPContentSignerBuilder;
+import org.bouncycastle.openpgp.operator.bc.BcPGPContentVerifierBuilderProvider;
+import org.bouncycastle.openpgp.operator.bc.BcPGPDataEncryptorBuilder;
+import org.bouncycastle.openpgp.operator.bc.BcPGPDigestCalculatorProvider;
+import org.bouncycastle.openpgp.operator.bc.BcPublicKeyDataDecryptorFactory;
+import org.bouncycastle.openpgp.operator.bc.BcPublicKeyKeyEncryptionMethodGenerator;
+import org.bouncycastle.openpgp.operator.bc.BcSessionKeyDataDecryptorFactory;
+
+import java.io.InputStream;
+
+public class BcOpenPGPImplementation
+        extends OpenPGPImplementation
+{
+    @Override
+    public PGPObjectFactory pgpObjectFactory(InputStream packetInputStream)
+    {
+        return new BcPGPObjectFactory(packetInputStream);
+    }
+
+    @Override
+    public PGPContentVerifierBuilderProvider pgpContentVerifierBuilderProvider()
+    {
+        return new BcPGPContentVerifierBuilderProvider();
+    }
+
+    @Override
+    public PBESecretKeyDecryptorBuilderProvider pbeSecretKeyDecryptorBuilderProvider()
+    {
+        return new BcPBESecretKeyDecryptorBuilderProvider();
+    }
+
+    @Override
+    public PGPDataEncryptorBuilder pgpDataEncryptorBuilder(int symmetricKeyAlgorithm)
+    {
+        return new BcPGPDataEncryptorBuilder(symmetricKeyAlgorithm);
+    }
+
+    @Override
+    public PublicKeyKeyEncryptionMethodGenerator publicKeyKeyEncryptionMethodGenerator(PGPPublicKey encryptionSubkey)
+    {
+        return new BcPublicKeyKeyEncryptionMethodGenerator(encryptionSubkey);
+    }
+
+    @Override
+    public PBEKeyEncryptionMethodGenerator pbeKeyEncryptionMethodGenerator(char[] messagePassphrase)
+    {
+        return new BcPBEKeyEncryptionMethodGenerator(messagePassphrase);
+    }
+
+    @Override
+    public PBEKeyEncryptionMethodGenerator pbeKeyEncryptionMethodGenerator(char[] messagePassphrase, S2K.Argon2Params argon2Params)
+    {
+        return new BcPBEKeyEncryptionMethodGenerator(messagePassphrase, argon2Params);
+    }
+
+    @Override
+    public PGPContentSignerBuilder pgpContentSignerBuilder(int publicKeyAlgorithm, int hashAlgorithm)
+    {
+        return new BcPGPContentSignerBuilder(publicKeyAlgorithm, hashAlgorithm);
+    }
+
+    @Override
+    public PBEDataDecryptorFactory pbeDataDecryptorFactory(char[] messagePassphrase)
+            throws PGPException
+    {
+        return new BcPBEDataDecryptorFactory(messagePassphrase, pgpDigestCalculatorProvider());
+    }
+
+    @Override
+    public SessionKeyDataDecryptorFactory sessionKeyDataDecryptorFactory(PGPSessionKey sessionKey)
+    {
+        return new BcSessionKeyDataDecryptorFactory(sessionKey);
+    }
+
+    @Override
+    public PublicKeyDataDecryptorFactory publicKeyDataDecryptorFactory(PGPPrivateKey decryptionKey)
+    {
+        return new BcPublicKeyDataDecryptorFactory(decryptionKey);
+    }
+
+    @Override
+    public PGPDigestCalculatorProvider pgpDigestCalculatorProvider()
+            throws PGPException
+    {
+        return new BcPGPDigestCalculatorProvider();
+    }
+}