BCJSSE: Support hybrid ECDHE-MLKEM groups

Author: peterdettman

tls/src/main/java/org/bouncycastle/jsse/provider/NamedGroupInfo.java

@@ -1,6 +1,7 @@
 package org.bouncycastle.jsse.provider;
 
 import java.security.AlgorithmParameters;
+import java.security.GeneralSecurityException;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.LinkedHashMap;
@@ -81,13 +82,19 @@ private enum All
         OQS_mlkem1024(NamedGroup.OQS_mlkem1024, "ML-KEM"),
         MLKEM512(NamedGroup.MLKEM512, "ML-KEM"),
         MLKEM768(NamedGroup.MLKEM768, "ML-KEM"),
-        MLKEM1024(NamedGroup.MLKEM1024, "ML-KEM");
+        MLKEM1024(NamedGroup.MLKEM1024, "ML-KEM"),
+
+        SecP256r1MLKEM768(NamedGroup.SecP256r1MLKEM768, "EC", "ML-KEM"),
+        X25519MLKEM768(NamedGroup.X25519MLKEM768, "ML-KEM", "XDH"),
+        SecP384r1MLKEM1024(NamedGroup.SecP384r1MLKEM1024, "EC", "ML-KEM");
 
         private final int namedGroup;
         private final String name;
         private final String text;
-        private final String jcaAlgorithm;
-        private final String jcaGroup;
+        private final String jcaAlgorithm1;
+        private final String jcaAlgorithm2;
+        private final String jcaGroup1;
+        private final String jcaGroup2;
         private final boolean char2;
         private final boolean supportedPost13;
         private final boolean supportedPre13;
@@ -96,17 +103,45 @@ private enum All
 
         private All(int namedGroup, String jcaAlgorithm)
         {
+            if (NamedGroup.refersToASpecificHybrid(namedGroup))
+            {
+                throw new IllegalArgumentException("Non-hybrid constructor only");
+            }
+
             this.namedGroup = namedGroup;
             this.name = NamedGroup.getName(namedGroup);
             this.text = NamedGroup.getText(namedGroup);
-            this.jcaAlgorithm = jcaAlgorithm;
-            this.jcaGroup = NamedGroup.getStandardName(namedGroup);
+            this.jcaAlgorithm1 = jcaAlgorithm;
+            this.jcaAlgorithm2 = null;
+            this.jcaGroup1 = NamedGroup.getStandardName(namedGroup);
+            this.jcaGroup2 = null;
             this.supportedPost13 = NamedGroup.canBeNegotiated(namedGroup, ProtocolVersion.TLSv13);
             this.supportedPre13 = NamedGroup.canBeNegotiated(namedGroup, ProtocolVersion.TLSv12);
             this.char2 = NamedGroup.isChar2Curve(namedGroup);
             this.bitsECDH = NamedGroup.getCurveBits(namedGroup);
             this.bitsFFDHE = NamedGroup.getFiniteFieldBits(namedGroup);
         }
+
+        private All(int namedGroup, String jcaAlgorithm1, String jcaAlgorithm2)
+        {
+            if (!NamedGroup.refersToASpecificHybrid(namedGroup))
+            {
+                throw new IllegalArgumentException("Hybrid constructor only");
+            }
+
+            this.namedGroup = namedGroup;
+            this.name = NamedGroup.getName(namedGroup);
+            this.text = NamedGroup.getText(namedGroup);
+            this.jcaAlgorithm1 = jcaAlgorithm1;
+            this.jcaAlgorithm2 = jcaAlgorithm2;
+            this.jcaGroup1 = NamedGroup.getStandardName(NamedGroup.getHybridFirst(namedGroup));
+            this.jcaGroup2 = NamedGroup.getStandardName(NamedGroup.getHybridSecond(namedGroup));
+            this.supportedPost13 = NamedGroup.canBeNegotiated(namedGroup, ProtocolVersion.TLSv13);
+            this.supportedPre13 = NamedGroup.canBeNegotiated(namedGroup, ProtocolVersion.TLSv12);
+            this.char2 = false;
+            this.bitsECDH = -1;
+            this.bitsFFDHE = -1;
+        }
     }
 
     private static final int[] CANDIDATES_DEFAULT = {
@@ -439,23 +474,37 @@ private static void addNamedGroup(boolean isFipsContext, JcaTlsCrypto crypto, bo
 
         boolean disable = (disableChar2 && all.char2) || (disableFFDHE && all.bitsFFDHE > 0);
 
-        boolean enabled = !disable && (null != all.jcaGroup) && crypto.hasNamedGroup(namedGroup);
+        boolean enabled = !disable && (null != all.jcaGroup1) && (null == all.jcaAlgorithm2 || null != all.jcaGroup2)
+            && TlsUtils.isSupportedNamedGroup(crypto, namedGroup);
+
+        AlgorithmParameters algorithmParameters1 = null;
+        AlgorithmParameters algorithmParameters2 = null;
 
-        AlgorithmParameters algorithmParameters = null;
         if (enabled)
         {
-            // TODO[jsse] Consider also fetching 'jcaAlgorithm'
+            // TODO[jsse] Consider also fetching 'jcaAlgorithm1', 'jcaAlgorithm2'
+
             try
             {
-                algorithmParameters = crypto.getNamedGroupAlgorithmParameters(namedGroup);
+                if (NamedGroup.refersToASpecificHybrid(namedGroup))
+                {
+                    algorithmParameters1 = getAlgorithmParameters(crypto, NamedGroup.getHybridFirst(namedGroup));
+                    algorithmParameters2 = getAlgorithmParameters(crypto, NamedGroup.getHybridSecond(namedGroup));
+                }
+                else
+                {
+                    algorithmParameters1 = getAlgorithmParameters(crypto, namedGroup);
+                }
             }
             catch (Exception e)
             {
                 enabled = false;
+                algorithmParameters1 = null;
+                algorithmParameters2 = null;
             }
         }
 
-        NamedGroupInfo namedGroupInfo = new NamedGroupInfo(all, algorithmParameters, enabled);
+        NamedGroupInfo namedGroupInfo = new NamedGroupInfo(all, algorithmParameters1, algorithmParameters2, enabled);
 
         if (null != ng.put(namedGroup, namedGroupInfo))
         {
@@ -531,6 +580,12 @@ private static Map<Integer, NamedGroupInfo> createIndex(boolean isFipsContext, J
         return ng;
     }
 
+    private static AlgorithmParameters getAlgorithmParameters(JcaTlsCrypto crypto, int namedGroup)
+        throws GeneralSecurityException
+    {
+        return crypto.getNamedGroupAlgorithmParameters(namedGroup);
+    }
+
     private static int getNamedGroupByName(String name)
     {
         for (All all : All.values())
@@ -589,13 +644,16 @@ private static boolean hasAnyECDSA(Map<Integer, NamedGroupInfo> local)
     }
 
     private final All all;
-    private final AlgorithmParameters algorithmParameters;
+    private final AlgorithmParameters algorithmParameters1;
+    private final AlgorithmParameters algorithmParameters2;
     private final boolean enabled;
 
-    NamedGroupInfo(All all, AlgorithmParameters algorithmParameters, boolean enabled)
+    NamedGroupInfo(All all, AlgorithmParameters algorithmParameters1, AlgorithmParameters algorithmParameters2,
+        boolean enabled)
     {
         this.all = all;
-        this.algorithmParameters = algorithmParameters;
+        this.algorithmParameters1 = algorithmParameters1;
+        this.algorithmParameters2 = algorithmParameters2;
         this.enabled = enabled;
     }
 
@@ -609,16 +667,6 @@ int getBitsFFDHE()
         return all.bitsFFDHE;
     }
 
-    String getJcaAlgorithm()
-    {
-        return all.jcaAlgorithm;
-    }
-
-    String getJcaGroup()
-    {
-        return all.jcaGroup;
-    }
-
     int getNamedGroup()
     {
         return all.namedGroup;
@@ -656,7 +704,21 @@ private boolean isPermittedBy(BCAlgorithmConstraints algorithmConstraints)
     {
         Set<BCCryptoPrimitive> primitives = JsseUtils.KEY_AGREEMENT_CRYPTO_PRIMITIVES_BC;
 
-        return algorithmConstraints.permits(primitives, getJcaGroup(), null)
-            && algorithmConstraints.permits(primitives, getJcaAlgorithm(), algorithmParameters);
+        if (!algorithmConstraints.permits(primitives, all.jcaGroup1, null) ||
+            !algorithmConstraints.permits(primitives, all.jcaAlgorithm1, algorithmParameters1))
+        {
+            return false;
+        }
+
+        if (all.jcaAlgorithm2 != null)
+        {
+            if (!algorithmConstraints.permits(primitives, all.jcaGroup2, null) ||
+                !algorithmConstraints.permits(primitives, all.jcaAlgorithm2, algorithmParameters2))
+            {
+                return false;
+            }
+        }
+
+        return true;
     }
 }