added MLKEM to jdk21

royb · royb · commit 0657f4488ee1 · 2024-08-22T15:40:07.000-04:00
diff --git a/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/MLKEM.java b/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/MLKEM.java
@@ -0,0 +1,41 @@
+package org.bouncycastle.pqc.jcajce.provider;
+
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.jcajce.provider.asymmetric.mlkem.MLKEMKeyFactorySpi;
+import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
+import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
+
+public class MLKEM
+{
+    private static final String PREFIX = "org.bouncycastle.pqc.jcajce.provider" + ".mlkem.";
+
+    public static class Mappings
+            extends AsymmetricAlgorithmProvider
+    {
+        public Mappings()
+        {
+        }
+
+        public void configure(ConfigurableProvider provider)
+        {
+            provider.addAlgorithm("KeyFactory.MLKEM", PREFIX + "MLKEMKeyFactorySpi");
+            provider.addAlgorithm("KeyPairGenerator.MLKEM", PREFIX + "MLKEMKeyPairGeneratorSpi");
+
+            provider.addAlgorithm("KeyGenerator.MLKEM", PREFIX + "MLKEMKeyGeneratorSpi");
+
+            AsymmetricKeyInfoConverter keyFact = new MLKEMKeyFactorySpi();
+
+            provider.addAlgorithm("Cipher.ML-KEM", PREFIX + "MLKEMCipherSpi$Base");
+            provider.addAlgorithm("Alg.Alias.Cipher", "ML-KEM");
+
+            registerOid(provider, NISTObjectIdentifiers.id_alg_ml_kem_512, "ML-KEM", keyFact);
+            registerOid(provider, NISTObjectIdentifiers.id_alg_ml_kem_768, "ML-KEM", keyFact);
+            registerOid(provider, NISTObjectIdentifiers.id_alg_ml_kem_1024, "ML-KEM", keyFact);
+
+            provider.addAlgorithm("Kem.ML-KEM", PREFIX + "MLKEMSpi");
+            provider.addAlgorithm("Alg.Alias.Kem", "ML-KEM");
+        }
+    }
+}
diff --git a/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/mlkem/MLKEMDecapsulatorSpi.java b/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/mlkem/MLKEMDecapsulatorSpi.java
@@ -0,0 +1,90 @@
+package org.bouncycastle.pqc.jcajce.provider.mlkem;
+
+import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPrivateKey;
+import org.bouncycastle.jcajce.spec.KTSParameterSpec;
+import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMExtractor;
+import org.bouncycastle.pqc.jcajce.provider.Util;
+
+import javax.crypto.DecapsulateException;
+import javax.crypto.KEMSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidKeyException;
+import java.util.Arrays;
+import java.util.Objects;
+
+public class MLKEMDecapsulatorSpi
+    implements KEMSpi.DecapsulatorSpi
+{
+    BCMLKEMPrivateKey privateKey;
+    KTSParameterSpec parameterSpec;
+    KyberKEMExtractor kemExt;
+
+    public MLKEMDecapsulatorSpi(BCMLKEMPrivateKey privateKey, KTSParameterSpec parameterSpec)
+    {
+        this.privateKey = privateKey;
+        this.parameterSpec = parameterSpec;
+
+        this.kemExt = new KyberKEMExtractor(privateKey.getKeyParams());
+    }
+
+    @Override
+    public SecretKey engineDecapsulate(byte[] encapsulation, int from, int to, String algorithm) throws DecapsulateException
+    {
+        Objects.checkFromToIndex(from, to, engineSecretSize());
+        Objects.requireNonNull(algorithm, "null algorithm");
+        Objects.requireNonNull(encapsulation, "null encapsulation");
+
+        if (encapsulation.length != engineEncapsulationSize())
+        {
+            throw new DecapsulateException("incorrect encapsulation size");
+        }
+
+        // if algorithm is Generic then use parameterSpec to wrap key
+        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
+                algorithm.equals("Generic"))
+        {
+            algorithm = parameterSpec.getKeyAlgorithmName();
+        }
+
+        // check spec algorithm mismatch provided algorithm
+        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
+                !parameterSpec.getKeyAlgorithmName().equals(algorithm))
+        {
+            throw new UnsupportedOperationException(parameterSpec.getKeyAlgorithmName() + " does not match " + algorithm);
+        }
+
+        // Only use KDF when ktsParameterSpec is provided
+        // Considering any ktsParameterSpec with "Generic" as ktsParameterSpec not provided
+        boolean useKDF = parameterSpec.getKdfAlgorithm() != null;
+
+        byte[] secret = kemExt.extractSecret(encapsulation);
+
+        if (useKDF)
+        {
+            try
+            {
+                secret = Util.makeKeyBytes(parameterSpec, secret);
+            }
+            catch (InvalidKeyException e)
+            {
+                throw new IllegalStateException(e);
+            }
+        }
+        byte[] secretKey = Arrays.copyOfRange(secret, from, to);
+
+        return new SecretKeySpec(secretKey, algorithm);
+    }
+
+    @Override
+    public int engineSecretSize()
+    {
+        return parameterSpec.getKeySize() / 8;
+    }
+
+    @Override
+    public int engineEncapsulationSize()
+    {
+        return kemExt.getEncapsulationLength();
+    }
+}
diff --git a/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/mlkem/MLKEMEncapsulatorSpi.java b/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/mlkem/MLKEMEncapsulatorSpi.java
@@ -0,0 +1,93 @@
+package org.bouncycastle.pqc.jcajce.provider.mlkem;
+
+import org.bouncycastle.crypto.SecretWithEncapsulation;
+import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPublicKey;
+import org.bouncycastle.jcajce.spec.KTSParameterSpec;
+import org.bouncycastle.pqc.crypto.crystals.kyber.KyberKEMGenerator;
+import org.bouncycastle.pqc.jcajce.provider.Util;
+
+import javax.crypto.KEM;
+import javax.crypto.KEMSpi;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.InvalidKeyException;
+import java.security.SecureRandom;
+import java.util.Arrays;
+import java.util.Objects;
+
+public class MLKEMEncapsulatorSpi
+    implements KEMSpi.EncapsulatorSpi
+{
+    private final BCMLKEMPublicKey publicKey;
+    private final KTSParameterSpec parameterSpec;
+    private final KyberKEMGenerator kemGen;
+
+    public MLKEMEncapsulatorSpi(BCMLKEMPublicKey publicKey, KTSParameterSpec parameterSpec, SecureRandom random)
+    {
+        this.publicKey = publicKey;
+        this.parameterSpec = parameterSpec;
+
+        this.kemGen = new KyberKEMGenerator(random);
+    }
+
+
+    @Override
+    public KEM.Encapsulated engineEncapsulate(int from, int to, String algorithm)
+    {
+        Objects.checkFromToIndex(from, to, engineSecretSize());
+        Objects.requireNonNull(algorithm, "null algorithm");
+
+        // if algorithm is Generic then use parameterSpec to wrap key
+        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
+                algorithm.equals("Generic"))
+        {
+            algorithm = parameterSpec.getKeyAlgorithmName();
+        }
+
+        // check spec algorithm mismatch provided algorithm
+        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
+                !parameterSpec.getKeyAlgorithmName().equals(algorithm))
+        {
+            throw new UnsupportedOperationException(parameterSpec.getKeyAlgorithmName() + " does not match " + algorithm);
+        }
+
+        // Only use KDF when ktsParameterSpec is provided
+        // Considering any ktsParameterSpec with "Generic" as ktsParameterSpec not provided
+        boolean useKDF = parameterSpec.getKdfAlgorithm() != null;
+
+        SecretWithEncapsulation secEnc = kemGen.generateEncapsulated(publicKey.getKeyParams());
+
+        byte[] encapsulation = secEnc.getEncapsulation();
+        byte[] secret = secEnc.getSecret();
+
+        byte[] secretKey;
+
+        if (useKDF)
+        {
+            try
+            {
+                secret = Util.makeKeyBytes(parameterSpec, secret);
+            }
+            catch (InvalidKeyException e)
+            {
+                throw new IllegalStateException(e);
+            }
+        }
+
+        secretKey = Arrays.copyOfRange(secret, from, to);
+
+        return new KEM.Encapsulated(new SecretKeySpec(secretKey, algorithm), encapsulation, null); //TODO: DER encoding for params    }
+    }
+
+    @Override
+    public int engineSecretSize()
+    {
+        return parameterSpec.getKeySize() / 8;
+    }
+
+
+    @Override
+    public int engineEncapsulationSize()
+    {
+        return kemGen.getEncapsulationSize(publicKey.getKeyParams());
+    }
+}
diff --git a/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/mlkem/MLKEMSpi.java b/prov/src/main/jdk21/org/bouncycastle/pqc/jcajce/provider/mlkem/MLKEMSpi.java
@@ -0,0 +1,61 @@
+package org.bouncycastle.pqc.jcajce.provider.mlkem;
+
+import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPrivateKey;
+import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPublicKey;
+import org.bouncycastle.jcajce.spec.KTSParameterSpec;
+
+import javax.crypto.KEMSpi;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.InvalidKeyException;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.security.SecureRandom;
+import java.security.spec.AlgorithmParameterSpec;
+
+public class MLKEMSpi
+    implements KEMSpi
+{
+    @Override
+    public EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey, AlgorithmParameterSpec spec, SecureRandom secureRandom)
+            throws InvalidAlgorithmParameterException, InvalidKeyException
+    {
+        if (!(publicKey instanceof BCMLKEMPublicKey))
+        {
+            throw new InvalidKeyException("unsupported key");
+        }
+        if (spec == null)
+        {
+            // Do not wrap key, no KDF
+            spec = new KTSParameterSpec.Builder("Generic", 256).withNoKdf().build();
+        }
+        if (!(spec instanceof KTSParameterSpec))
+        {
+            throw new InvalidAlgorithmParameterException("MLKEM can only accept KTSParameterSpec");
+        }
+        if (secureRandom == null)
+        {
+            secureRandom = new SecureRandom();
+        }
+        return new MLKEMEncapsulatorSpi((BCMLKEMPublicKey) publicKey, (KTSParameterSpec) spec, secureRandom);
+    }
+
+    @Override
+    public DecapsulatorSpi engineNewDecapsulator(PrivateKey privateKey, AlgorithmParameterSpec spec)
+            throws InvalidAlgorithmParameterException, InvalidKeyException
+    {
+        if (!(privateKey instanceof BCMLKEMPrivateKey))
+        {
+            throw new InvalidKeyException("unsupported key");
+        }
+        if (spec == null)
+        {
+            // Do not unwrap key, no KDF
+            spec = new KTSParameterSpec.Builder("Generic", 256).withNoKdf().build();
+        }
+        if (!(spec instanceof KTSParameterSpec))
+        {
+            throw new InvalidAlgorithmParameterException("MLKEM can only accept KTSParameterSpec");
+        }
+        return new MLKEMDecapsulatorSpi((BCMLKEMPrivateKey) privateKey, (KTSParameterSpec) spec);
+    }
+}
diff --git a/prov/src/test/jdk21/org/bouncycastle/jcacje/provider/test/AllTests21.java b/prov/src/test/jdk21/org/bouncycastle/jcacje/provider/test/AllTests21.java
@@ -20,6 +20,7 @@ public static Test suite()
         TestSuite suite = new TestSuite("JDK21 Provider Tests");
         suite.addTestSuite(NTRUKEMTest.class);
         suite.addTestSuite(SNTRUPrimeKEMTest.class);
+        suite.addTestSuite(MLKEMTest.class);
         return suite;
     }
 }
diff --git a/prov/src/test/jdk21/org/bouncycastle/jcacje/provider/test/MLKEMTest.java b/prov/src/test/jdk21/org/bouncycastle/jcacje/provider/test/MLKEMTest.java

Original file line number	Diff line number	Diff line change
`@@ -20,6 +20,7 @@ public static Test suite()`
`20`	`20`	`TestSuite suite = new TestSuite("JDK21 Provider Tests");`
`21`	`21`	`suite.addTestSuite(NTRUKEMTest.class);`
`22`	`22`	`suite.addTestSuite(SNTRUPrimeKEMTest.class);`
	`23`	`+ suite.addTestSuite(MLKEMTest.class);`
`23`	`24`	`return suite;`
`24`	`25`	`}`
`25`	`26`	`}`