Properly parse and set PreferredAEADCipherSuites subpacket

pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketInputStream.java

@@ -165,6 +165,7 @@ else if (l == 255)
         case PREFERRED_COMP_ALGS:
         case PREFERRED_HASH_ALGS:
         case PREFERRED_SYM_ALGS:
+        case PREFERRED_ENCRYPTION_MODES:
             return new PreferredAlgorithms(type, isCritical, isLongLength, data);
         case PREFERRED_AEAD_ALGORITHMS:
             return new PreferredAEADCiphersuites(isCritical, isLongLength, data);

pg/src/main/java/org/bouncycastle/bcpg/SignatureSubpacketTags.java

@@ -30,8 +30,8 @@ public interface SignatureSubpacketTags
     int SIGNATURE_TARGET = 31;     // signature target
     int EMBEDDED_SIGNATURE = 32;   // embedded signature
     int ISSUER_FINGERPRINT = 33;   // issuer key fingerprint
-//  public static final int PREFERRED_AEAD_ALGORITHMS = 34; // RESERVED since crypto-refresh-05
-int INTENDED_RECIPIENT_FINGERPRINT = 35;   // intended recipient fingerprint
+    int PREFERRED_ENCRYPTION_MODES = 34;       // draft-koch-openpgp-2015-rfc4880bis defines this packet for AEAD algorithms
+    int INTENDED_RECIPIENT_FINGERPRINT = 35;   // intended recipient fingerprint
     int ATTESTED_CERTIFICATIONS = 37;   // attested certifications (RESERVED)
     int KEY_BLOCK = 38;            // Key Block (RESERVED)
     int PREFERRED_AEAD_ALGORITHMS = 39;   // preferred AEAD algorithms

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketGenerator.java

@@ -17,6 +17,7 @@
 import org.bouncycastle.bcpg.sig.KeyFlags;
 import org.bouncycastle.bcpg.sig.NotationData;
 import org.bouncycastle.bcpg.sig.PolicyURI;
+import org.bouncycastle.bcpg.sig.PreferredAEADCiphersuites;
 import org.bouncycastle.bcpg.sig.PreferredAlgorithms;
 import org.bouncycastle.bcpg.sig.PrimaryUserID;
 import org.bouncycastle.bcpg.sig.Revocable;
@@ -183,16 +184,31 @@ public void setPreferredCompressionAlgorithms(boolean isCritical, int[] algorith
 
     /**
      * Specify the preferred AEAD algorithms of this key.
+     * This method of defining encryption mode preferences was introduced and deprecated in
+     * draft-koch-openpgp-2015-rfc4880bis for OpenPGP v5 keys.
      *
-     * @param isCritical true if should be treated as critical, false otherwise.
+     * @param isCritical true, if this packet should be treated as critical, false otherwise.
      * @param algorithms array of algorithms in descending preference
+     * @deprecated use {@link #setPreferredAEADCiphersuites(boolean, PreferredAEADCiphersuites.Combination[])} instead
      */
+    @Deprecated
     public void setPreferredAEADAlgorithms(boolean isCritical, int[] algorithms)
     {
-        packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS, isCritical,
+        packets.add(new PreferredAlgorithms(SignatureSubpacketTags.PREFERRED_ENCRYPTION_MODES, isCritical,
             algorithms));
     }
 
+    /**
+     * Specify the preferred AEAD cipher suites of this key.
+     *
+     * @param isCritical true, if this packet should be treated as critical, false otherwise.
+     * @param algorithms array of algorithms in descending preference
+     */
+    public void setPreferredAEADCiphersuites(boolean isCritical, PreferredAEADCiphersuites.Combination[] algorithms)
+    {
+        packets.add(new PreferredAEADCiphersuites(isCritical, algorithms));
+    }
+
     public void addPolicyURI(boolean isCritical, String policyUri)
     {
         packets.add(new PolicyURI(isCritical, policyUri));

pg/src/main/java/org/bouncycastle/openpgp/PGPSignatureSubpacketVector.java

@@ -17,6 +17,7 @@
 import org.bouncycastle.bcpg.sig.KeyFlags;
 import org.bouncycastle.bcpg.sig.NotationData;
 import org.bouncycastle.bcpg.sig.PolicyURI;
+import org.bouncycastle.bcpg.sig.PreferredAEADCiphersuites;
 import org.bouncycastle.bcpg.sig.PreferredAlgorithms;
 import org.bouncycastle.bcpg.sig.PrimaryUserID;
 import org.bouncycastle.bcpg.sig.RegularExpression;
@@ -257,7 +258,37 @@ public int[] getPreferredCompressionAlgorithms()
         return ((PreferredAlgorithms)p).getPreferences();
     }
 
+    /**
+     * Return an array containing the preferred AEAD encryption modes of the key.
+     * AEAD Encryption modes are defined in {@link org.bouncycastle.bcpg.AEADAlgorithmTags}.
+     * <br>
+     * This packet type is defined in draft-koch-openpgp-2015-rfc4880bis.
+     * Recipients should ignore this packet and assume the recipient to prefer OCB.
+     *
+     * @return encryption modes
+     * @deprecated use {@link #getPreferredAEADCiphersuites()} instead.
+     */
+    @Deprecated
     public int[] getPreferredAEADAlgorithms()
+    {
+        SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.PREFERRED_ENCRYPTION_MODES);
+
+        if (p == null)
+        {
+            return null;
+        }
+
+        PreferredAlgorithms packet = (PreferredAlgorithms) p;
+        return packet.getPreferences();
+    }
+
+    /**
+     * Return an array containing preferred AEAD ciphersuites of the key.
+     * AEAD cipher suites are pairs of a symmetric algorithm and an AEAD algorithm.
+     *
+     * @return AEAD cipher suites
+     */
+    public PreferredAEADCiphersuites getPreferredAEADCiphersuites()
     {
         SignatureSubpacket p = this.getSubpacket(SignatureSubpacketTags.PREFERRED_AEAD_ALGORITHMS);
 
@@ -266,7 +297,8 @@ public int[] getPreferredAEADAlgorithms()
             return null;
         }
 
-        return ((PreferredAlgorithms)p).getPreferences();
+        PreferredAEADCiphersuites packet = (PreferredAEADCiphersuites) p;
+        return new PreferredAEADCiphersuites(packet.isCritical(), packet.getRawAlgorithms());
     }
 
     public int getKeyFlags()