TLS: Cleanup JCA ML-KEM code

peterdettman · peterdettman · commit 32dab66e5455 · 2025-05-26T12:50:13.000+07:00
- reduce dependency on BC provider
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/TlsKemConfig.java b/tls/src/main/java/org/bouncycastle/tls/crypto/TlsKemConfig.java
@@ -1,25 +1,14 @@
 package org.bouncycastle.tls.crypto;
 
-import org.bouncycastle.jcajce.spec.KEMParameterSpec;
-import org.bouncycastle.jcajce.spec.KTSParameterSpec;
-
 public class TlsKemConfig
 {
-    protected final KTSParameterSpec ktsParameterSpec;
     protected final int namedGroup;
     protected final boolean isServer;
 
     public TlsKemConfig(int namedGroup, boolean isServer)
     {
         this.namedGroup = namedGroup;
         this.isServer = isServer;
-        this.ktsParameterSpec = new KTSParameterSpec.Builder("AES-KWP", 256).withNoKdf().build();
-    }
-    public TlsKemConfig(int namedGroup, boolean isServer, KTSParameterSpec ktsParameterSpec)
-    {
-        this.namedGroup = namedGroup;
-        this.isServer = isServer;
-        this.ktsParameterSpec = ktsParameterSpec;
     }
 
     public int getNamedGroup()
@@ -31,9 +20,4 @@ public boolean isServer()
     {
         return isServer;
     }
-
-    public KTSParameterSpec getKtsParameterSpec()
-    {
-        return ktsParameterSpec;
-    }
 }
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JcaTlsCrypto.java
@@ -442,18 +442,13 @@ public AlgorithmParameters getNamedGroupAlgorithmParameters(int namedGroup)
     {
         if (NamedGroup.refersToAnXDHCurve(namedGroup))
         {
-            switch (namedGroup)
-            {
             /*
-             * TODO Return AlgorithmParameters to check against disabled algorithms
+             * TODO Return AlgorithmParameters to check against disabled algorithms?
              *
              * NOTE: The JDK doesn't even support AlgorithmParameters for XDH, so SunJSSE also winds
              * up using null AlgorithmParameters when checking algorithm constraints.
              */
-            case NamedGroup.x25519:
-            case NamedGroup.x448:
-                return null;
-            }
+            return null;
         }
         else if (NamedGroup.refersToAnECDSACurve(namedGroup))
         {
@@ -465,8 +460,12 @@ else if (NamedGroup.refersToASpecificFiniteField(namedGroup))
         }
         else if (NamedGroup.refersToASpecificKem(namedGroup))
         {
-            //Note: There is no AlgorithmParametersSpi for ML-KEM
-            return KemUtil.getAlgorithmParameters(this, NamedGroup.getKemName(namedGroup));
+            /*
+             * TODO Return AlgorithmParameters to check against disabled algorithms?
+             *
+             * NOTE: See what the JDK/SunJSSE implementation does.
+             */
+            return null;
         }
 
         throw new IllegalArgumentException("NamedGroup not supported: " + NamedGroup.getText(namedGroup));
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceTlsMLKem.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceTlsMLKem.java
@@ -2,19 +2,19 @@
 
 import java.io.IOException;
 import java.security.KeyPair;
+import java.security.PrivateKey;
+import java.security.PublicKey;
 
 import org.bouncycastle.jcajce.SecretKeyWithEncapsulation;
-import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPrivateKey;
-import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPublicKey;
 import org.bouncycastle.tls.crypto.TlsAgreement;
 import org.bouncycastle.tls.crypto.TlsSecret;
 
 public class JceTlsMLKem implements TlsAgreement
 {
     protected final JceTlsMLKemDomain domain;
 
-    protected BCMLKEMPrivateKey privateKey;
-    protected BCMLKEMPublicKey publicKey;
+    protected PrivateKey privateKey;
+    protected PublicKey publicKey;
     protected TlsSecret secret;
 
     public JceTlsMLKem(JceTlsMLKemDomain domain)
@@ -34,8 +34,8 @@ public byte[] generateEphemeral() throws IOException
         else
         {
             KeyPair kp = domain.generateKeyPair();
-            this.privateKey = (BCMLKEMPrivateKey)kp.getPrivate();
-            return ((BCMLKEMPublicKey)kp.getPublic()).getPublicData();
+            this.privateKey = kp.getPrivate();
+            return KemUtil.encodePublicKey(kp.getPublic());
         }
     }
 
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceTlsMLKemDomain.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/JceTlsMLKemDomain.java
@@ -1,72 +1,32 @@
 package org.bouncycastle.tls.crypto.impl.jcajce;
 
+import java.io.IOException;
 import java.security.KeyPair;
 import java.security.KeyPairGenerator;
-import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
 import java.security.PrivateKey;
 import java.security.PublicKey;
 
 import javax.crypto.KeyGenerator;
 
 import org.bouncycastle.jcajce.SecretKeyWithEncapsulation;
-import org.bouncycastle.jcajce.provider.asymmetric.mlkem.BCMLKEMPublicKey;
 import org.bouncycastle.jcajce.spec.KEMExtractSpec;
 import org.bouncycastle.jcajce.spec.KEMGenerateSpec;
-import org.bouncycastle.pqc.crypto.mlkem.MLKEMParameters;
-import org.bouncycastle.pqc.crypto.mlkem.MLKEMPublicKeyParameters;
 import org.bouncycastle.tls.NamedGroup;
 import org.bouncycastle.tls.crypto.TlsAgreement;
 import org.bouncycastle.tls.crypto.TlsKemConfig;
 import org.bouncycastle.tls.crypto.TlsKemDomain;
 
 public class JceTlsMLKemDomain implements TlsKemDomain
 {
-    public static MLKEMParameters getDomainParameters(TlsKemConfig kemConfig)
-    {
-        switch (kemConfig.getNamedGroup())
-        {
-        case NamedGroup.OQS_mlkem512:
-        case NamedGroup.MLKEM512:
-            return MLKEMParameters.ml_kem_512;
-        case NamedGroup.OQS_mlkem768:
-        case NamedGroup.MLKEM768:
-            return MLKEMParameters.ml_kem_768;
-        case NamedGroup.OQS_mlkem1024:
-        case NamedGroup.MLKEM1024:
-            return MLKEMParameters.ml_kem_1024;
-        default:
-            throw new IllegalArgumentException("No ML-KEM configuration provided");
-        }
-    }
-
     protected final JcaTlsCrypto crypto;
-    protected final TlsKemConfig config;
-    protected final MLKEMParameters domainParameters;
+    protected final String kemName;
     protected final boolean isServer;
-    protected KeyGenerator keyGen;
-//    protected KeyPairGenerator kpg;
-//    protected Cipher cipher;
-
 
     public JceTlsMLKemDomain(JcaTlsCrypto crypto, TlsKemConfig kemConfig)
     {
         this.crypto = crypto;
-        this.config = kemConfig;
-        this.domainParameters = getDomainParameters(kemConfig);
+        this.kemName = NamedGroup.getKemName(kemConfig.getNamedGroup());
         this.isServer = kemConfig.isServer();
-        try
-        {
-            this.keyGen = crypto.getHelper().createKeyGenerator(domainParameters.getName());
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new RuntimeException(e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new RuntimeException(e);
-        }
     }
 
     public JceTlsSecret adoptLocalSecret(byte[] secret)
@@ -83,85 +43,59 @@ public JceTlsSecret decapsulate(PrivateKey privateKey, byte[] ciphertext)
     {
         try
         {
-            keyGen.init(new KEMExtractSpec.Builder(privateKey, ciphertext, "DEF", 256).withNoKdf().build());
-            SecretKeyWithEncapsulation secEnc = (SecretKeyWithEncapsulation)keyGen.generateKey();
-
+            KeyGenerator keyGenerator = KemUtil.getKeyGenerator(crypto, kemName);
+            keyGenerator.init(new KEMExtractSpec.Builder(privateKey, ciphertext, "DEF", 256).withNoKdf().build());
+            SecretKeyWithEncapsulation secEnc = (SecretKeyWithEncapsulation)keyGenerator.generateKey();
             return adoptLocalSecret(secEnc.getEncoded());
         }
         catch (Exception e)
         {
             throw Exceptions.illegalArgumentException("invalid key: " + e.getMessage(), e);
         }
-
-
-//        MLKEMExtractor kemExtract = new MLKEMExtractor(privateKey);
-//        byte[] secret = kemExtract.extractSecret(ciphertext);
-//        return adoptLocalSecret(secret);
     }
 
-    public BCMLKEMPublicKey decodePublicKey(byte[] encoding)
+    public PublicKey decodePublicKey(byte[] encoding)
+        throws IOException
     {
-        return new BCMLKEMPublicKey(new MLKEMPublicKeyParameters(domainParameters, encoding));
+        return KemUtil.decodePublicKey(crypto, kemName, encoding);
     }
 
     public SecretKeyWithEncapsulation encapsulate(PublicKey publicKey)
     {
         try
         {
-            keyGen.init(new KEMGenerateSpec.Builder(publicKey, "DEF", 256).withNoKdf().build());
-            return (SecretKeyWithEncapsulation)keyGen.generateKey();
+            KeyGenerator keyGenerator = KemUtil.getKeyGenerator(crypto, kemName);
+            keyGenerator.init(new KEMGenerateSpec.Builder(publicKey, "DEF", 256).withNoKdf().build());
+            return (SecretKeyWithEncapsulation)keyGenerator.generateKey();
         }
         catch (Exception e)
         {
             throw Exceptions.illegalArgumentException("invalid key: " + e.getMessage(), e);
         }
     }
 
-    public byte[] encodePublicKey(MLKEMPublicKeyParameters publicKey)
+    public byte[] encodePublicKey(PublicKey publicKey)
+        throws IOException
     {
-        return publicKey.getEncoded();
+        return KemUtil.encodePublicKey(publicKey);
     }
 
-    private void init()
+    public KeyPair generateKeyPair()
     {
+        // TODO How to pass only the SecureRandom? 
 //        try
 //        {
-////            kpg = KeyPairGenerator.getInstance("MLKEM");
-////            kpg.initialize(MLKEMParameterSpec.fromName(domainParameters.getName()), crypto.getSecureRandom());
-////            keyGen = KeyGenerator.getInstance(domainParameters.getName(), "BC");
-//
-////            cipher = KemUtil.getCipher(crypto, domainParameters.getName());
-//
-//
+//            KeyPairGenerator keyPairGenerator = KemUtil.getKeyPairGenerator(crypto, kemName);
+//            keyPairGenerator.initialize((AlgorithmParameterSpec)null, crypto.getSecureRandom());
+//            return keyPairGenerator.generateKeyPair();
 //        }
 //        catch (GeneralSecurityException e)
 //        {
 //            throw Exceptions.illegalStateException("unable to create key pair: " + e.getMessage(), e);
 //        }
 
-
-    }
-    public KeyPair generateKeyPair()
-    {
-//        AlgorithmParameters params = KemUtil.getAlgorithmParameters(crypto, domainParameters.getName());
-//        if (params == null)
-//        {
-//            throw new IllegalStateException("KEM parameters unavailable");
-//        }
-        KeyPairGenerator kpg = null;
-        try
-        {
-            kpg = crypto.getHelper().createKeyPairGenerator(domainParameters.getName());
-        }
-        catch (NoSuchAlgorithmException e)
-        {
-            throw new RuntimeException(e);
-        }
-        catch (NoSuchProviderException e)
-        {
-            throw new RuntimeException(e);
-        }
-        return kpg.generateKeyPair();
+        KeyPairGenerator keyPairGenerator = KemUtil.getKeyPairGenerator(crypto, kemName);
+        return keyPairGenerator.generateKeyPair();
     }
 
     public boolean isServer()
diff --git a/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/KemUtil.java b/tls/src/main/java/org/bouncycastle/tls/crypto/impl/jcajce/KemUtil.java

Original file line number	Diff line number	Diff line change
`@@ -1,25 +1,14 @@`
`1`	`1`	`package org.bouncycastle.tls.crypto;`
`2`	`2`
`3`		`-import org.bouncycastle.jcajce.spec.KEMParameterSpec;`
`4`		`-import org.bouncycastle.jcajce.spec.KTSParameterSpec;`
`5`		`-`
`6`	`3`	`public class TlsKemConfig`
`7`	`4`	`{`
`8`		`- protected final KTSParameterSpec ktsParameterSpec;`
`9`	`5`	`protected final int namedGroup;`
`10`	`6`	`protected final boolean isServer;`
`11`	`7`
`12`	`8`	`public TlsKemConfig(int namedGroup, boolean isServer)`
`13`	`9`	`{`
`14`	`10`	`this.namedGroup = namedGroup;`
`15`	`11`	`this.isServer = isServer;`
`16`		`- this.ktsParameterSpec = new KTSParameterSpec.Builder("AES-KWP", 256).withNoKdf().build();`
`17`		`- }`
`18`		`- public TlsKemConfig(int namedGroup, boolean isServer, KTSParameterSpec ktsParameterSpec)`
`19`		`- {`
`20`		`- this.namedGroup = namedGroup;`
`21`		`- this.isServer = isServer;`
`22`		`- this.ktsParameterSpec = ktsParameterSpec;`
`23`	`12`	`}`
`24`	`13`
`25`	`14`	`public int getNamedGroup()`
`@@ -31,9 +20,4 @@ public boolean isServer()`
`31`	`20`	`{`
`32`	`21`	`return isServer;`
`33`	`22`	`}`
`34`		`-`
`35`		`- public KTSParameterSpec getKtsParameterSpec()`
`36`		`- {`
`37`		`- return ktsParameterSpec;`
`38`		`- }`
`39`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -442,18 +442,13 @@ public AlgorithmParameters getNamedGroupAlgorithmParameters(int namedGroup)`
`442`	`442`	`{`
`443`	`443`	`if (NamedGroup.refersToAnXDHCurve(namedGroup))`
`444`	`444`	`{`
`445`		`- switch (namedGroup)`
`446`		`- {`
`447`	`445`	`/*`
`448`		`- * TODO Return AlgorithmParameters to check against disabled algorithms`
	`446`	`+ * TODO Return AlgorithmParameters to check against disabled algorithms?`
`449`	`447`	`*`
`450`	`448`	`* NOTE: The JDK doesn't even support AlgorithmParameters for XDH, so SunJSSE also winds`
`451`	`449`	`* up using null AlgorithmParameters when checking algorithm constraints.`
`452`	`450`	`*/`
`453`		`- case NamedGroup.x25519:`
`454`		`- case NamedGroup.x448:`
`455`		`- return null;`
`456`		`- }`
	`451`	`+ return null;`
`457`	`452`	`}`
`458`	`453`	`else if (NamedGroup.refersToAnECDSACurve(namedGroup))`
`459`	`454`	`{`
`@@ -465,8 +460,12 @@ else if (NamedGroup.refersToASpecificFiniteField(namedGroup))`
`465`	`460`	`}`
`466`	`461`	`else if (NamedGroup.refersToASpecificKem(namedGroup))`
`467`	`462`	`{`
`468`		`- //Note: There is no AlgorithmParametersSpi for ML-KEM`
`469`		`- return KemUtil.getAlgorithmParameters(this, NamedGroup.getKemName(namedGroup));`
	`463`	`+ /*`
	`464`	`+ * TODO Return AlgorithmParameters to check against disabled algorithms?`
	`465`	`+ *`
	`466`	`+ * NOTE: See what the JDK/SunJSSE implementation does.`
	`467`	`+ */`
	`468`	`+ return null;`
`470`	`469`	`}`
`471`	`470`
`472`	`471`	`throw new IllegalArgumentException("NamedGroup not supported: " + NamedGroup.getText(namedGroup));`