From 034eab9df1f872cb3ca4a98fa0b67322e2dd7b24 Mon Sep 17 00:00:00 2001
From: Vincent Breitmoser <look@my.amazin.horse>
Date: Thu, 11 Jan 2024 13:29:08 +0100
Subject: [PATCH] Update BouncyCastle to 1.77

---
 OpenKeychain/build.gradle                     |  4 ++--
 .../jcajce/CachingDataDecryptorFactory.java   | 24 +++++++++++++++++++
 .../keychain/pgp/CanonicalizedPublicKey.java  |  5 +++-
 .../keychain/pgp/WrappedUserAttribute.java    |  8 +++----
 extern/bouncycastle                           |  2 +-
 gradle.properties                             |  2 +-
 6 files changed, 36 insertions(+), 9 deletions(-)

diff --git a/OpenKeychain/build.gradle b/OpenKeychain/build.gradle
index 1e5dfde18..de45abcd7 100644
--- a/OpenKeychain/build.gradle
+++ b/OpenKeychain/build.gradle
@@ -57,7 +57,7 @@ dependencies {
     implementation project(':extern:MaterialChipsInput')
 
     // implementation project(':openkeychain:extern:bouncycastle:core')
-    implementation 'org.bouncycastle:bcprov-jdk15on:1.68'
+    implementation 'org.bouncycastle:bcprov-jdk18on:1.77'
     implementation project(':extern:bouncycastle:pg')
     // implementation project(':openkeychain:extern:bouncycastle:prov')
 
@@ -69,7 +69,7 @@ dependencies {
     // http://www.vogella.com/tutorials/Robolectric/article.html
     testImplementation 'junit:junit:4.13'
     testImplementation ('org.robolectric:robolectric:3.8') {
-        exclude group: 'org.bouncycastle', module: 'bcprov-jdk16'
+        exclude group: 'org.bouncycastle', module: 'bcprov-jdk18on'
     }
     testImplementation 'org.mockito:mockito-core:2.18.0'
 
diff --git a/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/CachingDataDecryptorFactory.java b/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/CachingDataDecryptorFactory.java
index d558ba9b1..f4b26ace7 100644
--- a/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/CachingDataDecryptorFactory.java
+++ b/OpenKeychain/src/main/java/org/bouncycastle/openpgp/operator/jcajce/CachingDataDecryptorFactory.java
@@ -13,24 +13,30 @@ import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
 
+import org.bouncycastle.bcpg.AEADEncDataPacket;
+import org.bouncycastle.bcpg.SymmetricEncIntegrityPacket;
 import org.bouncycastle.jcajce.util.NamedJcaJceHelper;
 import org.bouncycastle.openpgp.PGPException;
 import org.bouncycastle.openpgp.PGPPublicKeyEncryptedData;
+import org.bouncycastle.openpgp.PGPSessionKey;
 import org.bouncycastle.openpgp.operator.PGPDataDecryptor;
 import org.bouncycastle.openpgp.operator.PublicKeyDataDecryptorFactory;
 
+
 public class CachingDataDecryptorFactory implements PublicKeyDataDecryptorFactory
 {
     private final PublicKeyDataDecryptorFactory mWrappedDecryptor;
     private final HashMap<ByteBuffer, byte[]> mSessionKeyCache;
 
     private OperatorHelper mOperatorHelper;
+    private JceAEADUtil mAeadHelper;
 
     public CachingDataDecryptorFactory(String providerName, Map<ByteBuffer, byte[]> sessionKeyCache)
     {
         this((PublicKeyDataDecryptorFactory) null, sessionKeyCache);
 
         mOperatorHelper = new OperatorHelper(new NamedJcaJceHelper(providerName));
+        mAeadHelper = new JceAEADUtil(mOperatorHelper);
     }
 
     public CachingDataDecryptorFactory(PublicKeyDataDecryptorFactory wrapped,
@@ -83,4 +89,22 @@ public class CachingDataDecryptorFactory implements PublicKeyDataDecryptorFactor
         return mOperatorHelper.createDataDecryptor(withIntegrityPacket, encAlgorithm, key);
     }
 
+    @Override
+    public PGPDataDecryptor createDataDecryptor(AEADEncDataPacket aeadEncDataPacket,
+            PGPSessionKey sessionKey) throws PGPException {
+        if (mWrappedDecryptor != null) {
+            mWrappedDecryptor.createDataDecryptor(aeadEncDataPacket, sessionKey);
+        }
+        return mAeadHelper.createOpenPgpV5DataDecryptor(aeadEncDataPacket, sessionKey);
+    }
+
+    @Override
+    public PGPDataDecryptor createDataDecryptor(SymmetricEncIntegrityPacket seipd,
+            PGPSessionKey sessionKey) throws PGPException {
+        if (mWrappedDecryptor != null) {
+            mWrappedDecryptor.createDataDecryptor(seipd, sessionKey);
+        }
+        return mAeadHelper.createOpenPgpV6DataDecryptor(seipd, sessionKey);
+    }
+
 }
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
index 045944833..faef5bffc 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/CanonicalizedPublicKey.java
@@ -72,7 +72,10 @@ public class CanonicalizedPublicKey extends UncachedPublicKey {
     }
 
     JcePublicKeyKeyEncryptionMethodGenerator getPubKeyEncryptionGenerator(boolean hiddenRecipients) {
-        return new JcePublicKeyKeyEncryptionMethodGenerator(mPublicKey, hiddenRecipients);
+        JcePublicKeyKeyEncryptionMethodGenerator generator =
+                new JcePublicKeyKeyEncryptionMethodGenerator(mPublicKey);
+        generator.setSessionKeyObfuscation(hiddenRecipients);
+        return generator;
     }
 
     public boolean canSign() {
diff --git a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedUserAttribute.java b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedUserAttribute.java
index 69d74caca..9f783586b 100644
--- a/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedUserAttribute.java
+++ b/OpenKeychain/src/main/java/org/sufficientlysecure/keychain/pgp/WrappedUserAttribute.java
@@ -59,8 +59,8 @@ public class WrappedUserAttribute implements Serializable {
     }
 
     public static WrappedUserAttribute fromSubpacket (int type, byte[] data) {
-        UserAttributeSubpacket subpacket = new UserAttributeSubpacket(type, data);
-        PGPUserAttributeSubpacketVector vector = new PGPUserAttributeSubpacketVector(
+        UserAttributeSubpacket subpacket = UserAttributeSubpacket.create(type, data);
+        PGPUserAttributeSubpacketVector vector = PGPUserAttributeSubpacketVector.fromSubpackets(
                 new UserAttributeSubpacket[] { subpacket });
 
         return new WrappedUserAttribute(vector);
@@ -86,7 +86,7 @@ public class WrappedUserAttribute implements Serializable {
         UserAttributeSubpacket[] result = new UserAttributeSubpacket[list.size()];
         list.toArray(result);
         return new WrappedUserAttribute(
-                new PGPUserAttributeSubpacketVector(result));
+                PGPUserAttributeSubpacketVector.fromSubpackets(result));
     }
 
     /** Writes this object to an ObjectOutputStream. */
@@ -107,7 +107,7 @@ public class WrappedUserAttribute implements Serializable {
         if ( ! UserAttributePacket.class.isInstance(p)) {
             throw new IOException("Could not decode UserAttributePacket!");
         }
-        mVector = new PGPUserAttributeSubpacketVector(((UserAttributePacket) p).getSubpackets());
+        mVector = PGPUserAttributeSubpacketVector.fromSubpackets(((UserAttributePacket) p).getSubpackets());
 
     }
 
diff --git a/extern/bouncycastle b/extern/bouncycastle
index 187ca21dd..a76cb19f7 160000
--- a/extern/bouncycastle
+++ b/extern/bouncycastle
@@ -1 +1 @@
-Subproject commit 187ca21dd44766942e6c85e3a85430ecbca77f22
+Subproject commit a76cb19f71b4843d4e58bbeb9dd14ca197501b92
diff --git a/gradle.properties b/gradle.properties
index e46863db5..7b9258c38 100644
--- a/gradle.properties
+++ b/gradle.properties
@@ -1,6 +1,6 @@
 android.enableJetifier=true
 android.useAndroidX=true
-android.jetifier.ignorelist=bcprov-jdk15on
+android.jetifier.ignorelist=bcprov-jdk18on
 org.gradle.jvmargs=-Xms128m -Xmx4096m -XX:+CMSClassUnloadingEnabled
 android.defaults.buildfeatures.buildconfig=true
 android.nonTransitiveRClass=false