added KDF support to Generate/Extract

Author: dghgit

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/MLDSA.java

@@ -22,8 +22,12 @@ public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyFactory.ML-DSA", PREFIX + "MLDSAKeyFactorySpi$Pure");
             provider.addAlgorithm("KeyPairGenerator.ML-DSA", PREFIX + "MLDSAKeyPairGeneratorSpi$Pure");
+            provider.addAlgorithm("Alg.Alias.KeyFactory.MLDSA", "ML-DSA");
+            provider.addAlgorithm("Alg.Alias.KeyPairGenerator.MLDSA", "ML-DSA");
             provider.addAlgorithm("KeyFactory.HASH-ML-DSA", PREFIX + "MLDSAKeyFactorySpi$Hash");
             provider.addAlgorithm("KeyPairGenerator.HASH-ML-DSA", PREFIX + "MLDSAKeyPairGeneratorSpi$Hash");
+            provider.addAlgorithm("Alg.Alias.KeyFactory.SHA512WITHMLDSA", "HASH-ML-DSA");
+            provider.addAlgorithm("Alg.Alias.KeyPairGenerator.SHA512WITHMLDSA", "HASH-ML-DSA");
 
             addKeyFactoryAlgorithm(provider, "ML-DSA-44", PREFIX + "MLDSAKeyFactorySpi$MLDSA44", NISTObjectIdentifiers.id_ml_dsa_44, new MLDSAKeyFactorySpi.MLDSA44());
             addKeyFactoryAlgorithm(provider, "ML-DSA-65", PREFIX + "MLDSAKeyFactorySpi$MLDSA65", NISTObjectIdentifiers.id_ml_dsa_65, new MLDSAKeyFactorySpi.MLDSA65());

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/MLKEM.java

@@ -21,13 +21,14 @@ public Mappings()
         public void configure(ConfigurableProvider provider)
         {
             provider.addAlgorithm("KeyFactory.ML-KEM", PREFIX + "MLKEMKeyFactorySpi");
+            provider.addAlgorithm("Alg.Alias.KeyFactory.MLKEM", "ML-KEM");
 
             addKeyFactoryAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMKeyFactorySpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512, new MLKEMKeyFactorySpi.MLKEM512());
             addKeyFactoryAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMKeyFactorySpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768, new MLKEMKeyFactorySpi.MLKEM768());
             addKeyFactoryAlgorithm(provider, "ML-KEM-1024", PREFIX + "MLKEMKeyFactorySpi$MLKEM1024", NISTObjectIdentifiers.id_alg_ml_kem_1024, new MLKEMKeyFactorySpi.MLKEM1024());
 
-
             provider.addAlgorithm("KeyPairGenerator.ML-KEM", PREFIX + "MLKEMKeyPairGeneratorSpi");
+            provider.addAlgorithm("Alg.Alias.KeyPairGenerator.MLKEM", "ML-KEM");
 
             addKeyPairGeneratorAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMKeyPairGeneratorSpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512);
             addKeyPairGeneratorAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMKeyPairGeneratorSpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768);
@@ -42,7 +43,7 @@ public void configure(ConfigurableProvider provider)
             AsymmetricKeyInfoConverter keyFact = new MLKEMKeyFactorySpi();
 
             provider.addAlgorithm("Cipher.ML-KEM", PREFIX + "MLKEMCipherSpi$Base");
-            provider.addAlgorithm("Alg.Alias.Cipher." + (ASN1ObjectIdentifier) null, "ML-KEM");
+            provider.addAlgorithm("Alg.Alias.Cipher.MLKEM", "ML-KEM");
 
             addCipherAlgorithm(provider, "ML-KEM-512", PREFIX + "MLKEMCipherSpi$MLKEM512", NISTObjectIdentifiers.id_alg_ml_kem_512);
             addCipherAlgorithm(provider, "ML-KEM-768", PREFIX + "MLKEMCipherSpi$MLKEM768", NISTObjectIdentifiers.id_alg_ml_kem_768);

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/MLKEMKeyGeneratorSpi.java

@@ -17,6 +17,7 @@
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMExtractor;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMGenerator;
 import org.bouncycastle.pqc.crypto.mlkem.MLKEMParameters;
+import org.bouncycastle.pqc.jcajce.provider.util.KdfUtil;
 import org.bouncycastle.util.Arrays;
 
 public class MLKEMKeyGeneratorSpi
@@ -93,7 +94,8 @@ protected SecretKey engineGenerateKey()
             SecretWithEncapsulation secEnc = kemGen.generateEncapsulated(pubKey.getKeyParams());
 
             byte[] sharedSecret = secEnc.getSecret();
-            byte[] secret = Arrays.copyOfRange(sharedSecret, 0, (genSpec.getKeySize() + 7) / 8);
+
+            byte[] secret = KdfUtil.makeKeyBytes(genSpec, sharedSecret);
 
             Arrays.clear(sharedSecret);
 
@@ -117,7 +119,7 @@ protected SecretKey engineGenerateKey()
 
             byte[] encapsulation = extSpec.getEncapsulation();
             byte[] sharedSecret = kemExt.extractSecret(encapsulation);
-            byte[] secret = Arrays.copyOfRange(sharedSecret, 0, (extSpec.getKeySize() + 7) / 8);
+            byte[] secret = KdfUtil.makeKeyBytes(extSpec, sharedSecret);
 
             Arrays.clear(sharedSecret);
 

prov/src/main/java/org/bouncycastle/jcajce/spec/KEMExtractSpec.java

@@ -1,17 +1,31 @@
 package org.bouncycastle.jcajce.spec;
 
 import java.security.PrivateKey;
+import java.security.PublicKey;
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
 import org.bouncycastle.util.Arrays;
 
 public class KEMExtractSpec
+    extends KEMKDFSpec
     implements AlgorithmParameterSpec
 {
+    private static final byte[] EMPTY_OTHER_INFO = new byte[0];
+    private static AlgorithmIdentifier DefKdf = new AlgorithmIdentifier(X9ObjectIdentifiers.id_kdf_kdf3, new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
+
     private final PrivateKey privateKey;
     private final byte[] encapsulation;
-    private final String keyAlgorithmName;
-    private final int keySizeInBits;
+
+    private KEMExtractSpec(PrivateKey privateKey, byte[] encapsulation, String keyAlgorithmName, int keySizeInBits, AlgorithmIdentifier kdfAlgorithm, byte[] otherInfo)
+    {
+        super(kdfAlgorithm, otherInfo, keyAlgorithmName, keySizeInBits);
+
+        this.privateKey = privateKey;
+        this.encapsulation = Arrays.clone(encapsulation);
+    }
 
     public KEMExtractSpec(PrivateKey privateKey, byte[] encapsulation, String keyAlgorithmName)
     {
@@ -20,10 +34,7 @@ public KEMExtractSpec(PrivateKey privateKey, byte[] encapsulation, String keyAlg
 
     public KEMExtractSpec(PrivateKey privateKey, byte[] encapsulation, String keyAlgorithmName, int keySizeInBits)
     {
-        this.privateKey = privateKey;
-        this.encapsulation = Arrays.clone(encapsulation);
-        this.keyAlgorithmName = keyAlgorithmName;
-        this.keySizeInBits = keySizeInBits;
+        this(privateKey, encapsulation, keyAlgorithmName, keySizeInBits, DefKdf, EMPTY_OTHER_INFO);
     }
 
     public byte[] getEncapsulation()
@@ -35,14 +46,4 @@ public PrivateKey getPrivateKey()
     {
         return privateKey;
     }
-
-    public String getKeyAlgorithmName()
-    {
-        return keyAlgorithmName;
-    }
-
-    public int getKeySize()
-    {
-        return keySizeInBits;
-    }
 }

prov/src/main/java/org/bouncycastle/jcajce/spec/KEMGenerateSpec.java

@@ -3,37 +3,117 @@
 import java.security.PublicKey;
 import java.security.spec.AlgorithmParameterSpec;
 
+import org.bouncycastle.asn1.nist.NISTObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.asn1.x9.X9ObjectIdentifiers;
+import org.bouncycastle.util.Arrays;
+
 public class KEMGenerateSpec
+    extends KEMKDFSpec
     implements AlgorithmParameterSpec
 {
-    private final PublicKey publicKey;
-    private final String keyAlgorithmName;
-    private final int keySizeInBits;
+    private static final byte[] EMPTY_OTHER_INFO = new byte[0];
+    private static AlgorithmIdentifier DefKdf = new AlgorithmIdentifier(X9ObjectIdentifiers.id_kdf_kdf3, new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
 
-    public KEMGenerateSpec(PublicKey publicKey, String keyAlgorithmName)
+    /**
+     * Builder class for creating a KTSParameterSpec.
+     */
+    public static final class Builder
     {
-        this(publicKey, keyAlgorithmName, 256);
+        private final PublicKey publicKey;
+        private final String algorithmName;
+        private final int keySizeInBits;
+
+        private AlgorithmIdentifier kdfAlgorithm;
+        private byte[] otherInfo;
+
+        /**
+         * Basic builder.
+         *
+         * @param publicKey the public key to use for encapsulation/secret generation.
+         * @param keyAlgorithmName the algorithm name for the secret key we want to generate.
+         * @param keySizeInBits the size of the wrapping key we want to produce in bits.
+         */
+        public Builder(PublicKey publicKey, String keyAlgorithmName, int keySizeInBits)
+        {
+            this.publicKey = publicKey;
+            this.algorithmName = keyAlgorithmName;
+            this.keySizeInBits = keySizeInBits;
+            this.kdfAlgorithm = new AlgorithmIdentifier(X9ObjectIdentifiers.id_kdf_kdf3, new AlgorithmIdentifier(NISTObjectIdentifiers.id_sha256));
+            this.otherInfo = EMPTY_OTHER_INFO;
+        }
+
+        /**
+         * Use the shared secret directly for key wrap generation.
+         *
+         * @return the current Builder instance.
+         */
+        public Builder withNoKdf()
+        {
+            this.kdfAlgorithm = null;
+
+            return this;
+        }
+
+        /**
+         * Set the KDF algorithm and digest algorithm for wrap key generation. The default KDF is X9.44 KDF-3, also
+         * known as the NIST concatenation KDF.
+         *
+         * @param kdfAlgorithm the KDF algorithm to apply.
+         * @return the current Builder instance.
+         */
+        public Builder withKdfAlgorithm(AlgorithmIdentifier kdfAlgorithm)
+        {
+            this.kdfAlgorithm = kdfAlgorithm;
+
+            return this;
+        }
+
+        /**
+         * Set the OtherInfo to use with the KDF. The default OtherInfo is a zero length byte[].
+         *
+         * @param otherInfo the other info to use.
+         * @return the current Builder instance.
+         */
+        public Builder withOtherInfo(byte[] otherInfo)
+        {
+            this.otherInfo = (otherInfo == null) ? EMPTY_OTHER_INFO : Arrays.clone(otherInfo);
+
+            return this;
+        }
+
+        /**
+         * Build the new parameter spec.
+         *
+         * @return a new parameter spec configured according to the builder state.
+         */
+        public KEMGenerateSpec build()
+        {
+            return new KEMGenerateSpec(publicKey, algorithmName, keySizeInBits, kdfAlgorithm, otherInfo);
+        }
     }
 
-    public KEMGenerateSpec(PublicKey publicKey, String keyAlgorithmName, int keySizeInBits)
+    private final PublicKey publicKey;
+
+    private KEMGenerateSpec(PublicKey publicKey, String keyAlgorithmName, int keySizeInBits, AlgorithmIdentifier kdfAlgorithm, byte[] otherInfo)
     {
+        super(kdfAlgorithm, otherInfo, keyAlgorithmName, keySizeInBits);
+
         this.publicKey = publicKey;
-        this.keyAlgorithmName = keyAlgorithmName;
-        this.keySizeInBits = keySizeInBits;
     }
 
-    public PublicKey getPublicKey()
+    public KEMGenerateSpec(PublicKey publicKey, String keyAlgorithmName)
     {
-        return publicKey;
+        this(publicKey, keyAlgorithmName, 256, DefKdf, EMPTY_OTHER_INFO);
     }
 
-    public String getKeyAlgorithmName()
+    public KEMGenerateSpec(PublicKey publicKey, String keyAlgorithmName, int keySizeInBits)
     {
-        return keyAlgorithmName;
+        this(publicKey, keyAlgorithmName, keySizeInBits, DefKdf, EMPTY_OTHER_INFO);
     }
 
-    public int getKeySize()
+    public PublicKey getPublicKey()
     {
-        return keySizeInBits;
+        return publicKey;
     }
 }

prov/src/main/java/org/bouncycastle/jcajce/spec/KEMKDFSpec.java

@@ -0,0 +1,40 @@
+package org.bouncycastle.jcajce.spec;
+
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.util.Arrays;
+
+public class KEMKDFSpec
+{
+    private final String keyAlgorithmName;
+    private final int keySizeInBits;
+    private final AlgorithmIdentifier kdfAlgorithm;
+    private final byte[] otherInfo;
+
+    protected KEMKDFSpec(AlgorithmIdentifier kdfAlgorithm, byte[] otherInfo, String keyAlgorithmName, int keySizeInBits)
+    {
+        this.keyAlgorithmName = keyAlgorithmName;
+        this.keySizeInBits = keySizeInBits;
+        this.kdfAlgorithm = kdfAlgorithm;
+        this.otherInfo = otherInfo;
+    }
+
+    public String getKeyAlgorithmName()
+    {
+        return keyAlgorithmName;
+    }
+
+    public int getKeySize()
+    {
+        return keySizeInBits;
+    }
+
+    public AlgorithmIdentifier getKdfAlgorithm()
+    {
+        return kdfAlgorithm;
+    }
+
+    public byte[] getOtherInfo()
+    {
+        return Arrays.clone(otherInfo);
+    }
+}

prov/src/main/java/org/bouncycastle/jcajce/spec/KTSParameterSpec.java

@@ -11,13 +11,10 @@
  * Parameter spec for doing KTS based wrapping via the Cipher API.
  */
 public class KTSParameterSpec
+    extends KEMKDFSpec
     implements AlgorithmParameterSpec
 {
-    private final String wrappingKeyAlgorithm;
-    private final int keySizeInBits;
     private final AlgorithmParameterSpec parameterSpec;
-    private final AlgorithmIdentifier kdfAlgorithm;
-    private byte[] otherInfo;
 
     /**
      * Builder class for creating a KTSParameterSpec.
@@ -111,31 +108,9 @@ protected KTSParameterSpec(
         String wrappingKeyAlgorithm, int keySizeInBits,
         AlgorithmParameterSpec parameterSpec, AlgorithmIdentifier kdfAlgorithm, byte[] otherInfo)
     {
-        this.wrappingKeyAlgorithm = wrappingKeyAlgorithm;
-        this.keySizeInBits = keySizeInBits;
-        this.parameterSpec = parameterSpec;
-        this.kdfAlgorithm = kdfAlgorithm;
-        this.otherInfo = otherInfo;
-    }
+        super(kdfAlgorithm, otherInfo, wrappingKeyAlgorithm, keySizeInBits);
 
-    /**
-     * Return the name of the algorithm for the wrapping key this key spec should use.
-     *
-     * @return the key algorithm.
-     */
-    public String getKeyAlgorithmName()
-    {
-        return wrappingKeyAlgorithm;
-    }
-
-    /**
-     * Return the size of the key (in bits) for the wrapping key this key spec should use.
-     *
-     * @return length in bits of the key to be calculated.
-     */
-    public int getKeySize()
-    {
-        return keySizeInBits;
+        this.parameterSpec = parameterSpec;
     }
 
     /**
@@ -147,24 +122,4 @@ public AlgorithmParameterSpec getParameterSpec()
     {
         return parameterSpec;
     }
-
-    /**
-     * Return the AlgorithmIdentifier for the KDF to do key derivation after extracting the secret.
-     *
-     * @return the AlgorithmIdentifier for the SecretKeyFactory's KDF.
-     */
-    public AlgorithmIdentifier getKdfAlgorithm()
-    {
-        return kdfAlgorithm;
-    }
-
-    /**
-     * Return the otherInfo data for initialising the KDF.
-     *
-     * @return the otherInfo data.
-     */
-    public byte[] getOtherInfo()
-    {
-        return Arrays.clone(otherInfo);
-    }
 }