Refactor provider ML-KEM code

- including more kyber name cleanup

Author: peterdettman

core/src/main/jdk1.1/org/bouncycastle/pqc/crypto/util/PrivateKeyFactory.java

@@ -157,10 +157,10 @@ else if (algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_512) ||
             algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_768) ||
             algOID.equals(NISTObjectIdentifiers.id_alg_ml_kem_1024))
         {
-            ASN1OctetString kyberKey = ASN1OctetString.getInstance(keyInfo.parsePrivateKey());
-            MLKEMParameters kyberParams = Utils.mlkemParamsLookup(algOID);
+            ASN1OctetString mlkemKey = ASN1OctetString.getInstance(keyInfo.parsePrivateKey());
+            MLKEMParameters mlkemParams = Utils.mlkemParamsLookup(algOID);
 
-            return new MLKEMPrivateKeyParameters(kyberParams, kyberKey.getOctets());
+            return new MLKEMPrivateKeyParameters(mlkemParams, mlkemKey.getOctets());
         }
         else if (Utils.mldsaParams.containsKey(algOID))
         {

core/src/main/jdk1.1/org/bouncycastle/pqc/crypto/util/PublicKeyFactory.java

@@ -108,12 +108,12 @@ public class PublicKeyFactory
         converters.put(BCObjectIdentifiers.picnicl5full, new PicnicConverter());
         converters.put(BCObjectIdentifiers.falcon_512, new FalconConverter());
         converters.put(BCObjectIdentifiers.falcon_1024, new FalconConverter());
-        converters.put(NISTObjectIdentifiers.id_alg_ml_kem_512, new KyberConverter());
-        converters.put(NISTObjectIdentifiers.id_alg_ml_kem_768, new KyberConverter());
-        converters.put(NISTObjectIdentifiers.id_alg_ml_kem_1024, new KyberConverter());
-        converters.put(BCObjectIdentifiers.kyber512_aes, new KyberConverter());
-        converters.put(BCObjectIdentifiers.kyber768_aes, new KyberConverter());
-        converters.put(BCObjectIdentifiers.kyber1024_aes, new KyberConverter());
+        converters.put(NISTObjectIdentifiers.id_alg_ml_kem_512, new MLKEMConverter());
+        converters.put(NISTObjectIdentifiers.id_alg_ml_kem_768, new MLKEMConverter());
+        converters.put(NISTObjectIdentifiers.id_alg_ml_kem_1024, new MLKEMConverter());
+        converters.put(BCObjectIdentifiers.kyber512_aes, new MLKEMConverter());
+        converters.put(BCObjectIdentifiers.kyber768_aes, new MLKEMConverter());
+        converters.put(BCObjectIdentifiers.kyber1024_aes, new MLKEMConverter());
         converters.put(NISTObjectIdentifiers.id_ml_dsa_44, new MLDSAConverter());
         converters.put(NISTObjectIdentifiers.id_ml_dsa_65, new MLDSAConverter());
         converters.put(NISTObjectIdentifiers.id_ml_dsa_87, new MLDSAConverter());
@@ -351,16 +351,16 @@ AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Obje
         }
     }
 
-    private static class KyberConverter
+    private static class MLKEMConverter
         extends SubjectPublicKeyInfoConverter
     {
         AsymmetricKeyParameter getPublicKeyParameters(SubjectPublicKeyInfo keyInfo, Object defaultParams)
             throws IOException
         {
-            MLKEMParameters kyberParameters = Utils.mlkemParamsLookup(keyInfo.getAlgorithm().getAlgorithm());
+            MLKEMParameters mlkemParameters = Utils.mlkemParamsLookup(keyInfo.getAlgorithm().getAlgorithm());
 
             // we're a raw encoding
-            return new MLKEMPublicKeyParameters(kyberParameters, keyInfo.getPublicKeyData().getOctets());
+            return new MLKEMPublicKeyParameters(mlkemParameters, keyInfo.getPublicKeyData().getOctets());
         }
     }
 

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/MLKEMCipherSpi.java

@@ -32,46 +32,46 @@
 import org.bouncycastle.util.Arrays;
 import org.bouncycastle.util.Exceptions;
 
-class MLKEMCipherSpi
+public class MLKEMCipherSpi
     extends CipherSpi
 {
+    private final MLKEMParameters mlkemParameters;
     private final String algorithmName;
+
     private MLKEMGenerator kemGen;
     private KTSParameterSpec kemParameterSpec;
     private BCMLKEMPublicKey wrapKey;
     private BCMLKEMPrivateKey unwrapKey;
 
     private AlgorithmParameters engineParams;
-    private MLKEMParameters mlkemParamters;
 
-    MLKEMCipherSpi(String algorithmName)
+    public MLKEMCipherSpi(String algorithmName)
     {
+        this.mlkemParameters = null;
         this.algorithmName = algorithmName;
-        this.mlkemParamters = null;
     }
 
-    MLKEMCipherSpi(MLKEMParameters kyberParameters)
+    public MLKEMCipherSpi(MLKEMParameters mlkemParameters)
     {
-        this.mlkemParamters = kyberParameters;
-        this.algorithmName = kyberParameters.getName();
+        this.mlkemParameters = mlkemParameters;
+        this.algorithmName = mlkemParameters.getName();
     }
 
     @Override
     protected void engineSetMode(String mode)
-            throws NoSuchAlgorithmException
+        throws NoSuchAlgorithmException
     {
         throw new NoSuchAlgorithmException("Cannot support mode " + mode);
     }
 
     @Override
     protected void engineSetPadding(String padding)
-            throws NoSuchPaddingException
+        throws NoSuchPaddingException
     {
         throw new NoSuchPaddingException("Padding " + padding + " unknown");
     }
 
-    protected int engineGetKeySize(
-            Key key)
+    protected int engineGetKeySize(Key key)
     {
         return 2048; // TODO
         //throw new IllegalArgumentException("not an valid key!");
@@ -176,9 +176,9 @@ else if (opmode == Cipher.UNWRAP_MODE)
             throw new InvalidParameterException("Cipher only valid for wrapping/unwrapping");
         }
 
-        if (mlkemParamters != null)
+        if (mlkemParameters != null)
         {
-            String canonicalAlgName = MLKEMParameterSpec.fromName(mlkemParamters.getName()).getName();
+            String canonicalAlgName = MLKEMParameterSpec.fromName(mlkemParameters.getName()).getName();
             if (!canonicalAlgName.equals(key.getAlgorithm()))
             {
                 throw new InvalidKeyException("cipher locked to " + canonicalAlgName);
@@ -256,11 +256,14 @@ protected byte[] engineWrap(
 
             byte[] keyToWrap = key.getEncoded();
 
-            byte[] rv = Arrays.concatenate(encapsulation, kWrap.wrap(keyToWrap, 0, keyToWrap.length));
-
-            Arrays.clear(keyToWrap);
-
-            return rv;
+            try
+            {
+                return Arrays.concatenate(encapsulation, kWrap.wrap(keyToWrap, 0, keyToWrap.length));
+            }
+            finally
+            {
+                Arrays.clear(keyToWrap);
+            }
         }
         catch (IllegalArgumentException e)
         {
@@ -277,7 +280,7 @@ protected byte[] engineWrap(
             }
             catch (DestroyFailedException e)
             {
-                throw new IllegalBlockSizeException("unable to destroy interim values: " + e.getMessage());
+                // ignore
             }
         }
     }
@@ -293,6 +296,7 @@ protected Key engineUnwrap(
         {
             throw new InvalidKeyException("only SECRET_KEY supported");
         }
+
         byte[] secret = null;
         try
         {
@@ -318,18 +322,14 @@ protected Key engineUnwrap(
         }
         finally
         {
-            if (secret != null)
-            {
-                Arrays.clear(secret);
-            }
+            Arrays.clear(secret);
         }
     }
 
     public static class Base
-            extends MLKEMCipherSpi
+        extends MLKEMCipherSpi
     {
         public Base()
-                throws NoSuchAlgorithmException
         {
             super("MLKEM");
         }

prov/src/main/java/org/bouncycastle/jcajce/provider/asymmetric/mlkem/MLKEMKeyGeneratorSpi.java

@@ -21,21 +21,22 @@
 import org.bouncycastle.util.Arrays;
 
 public class MLKEMKeyGeneratorSpi
-        extends KeyGeneratorSpi
+    extends KeyGeneratorSpi
 {
+    private final MLKEMParameters mlkemParameters;
+    
     private KEMGenerateSpec genSpec;
     private SecureRandom random;
     private KEMExtractSpec extSpec;
-    private MLKEMParameters kyberParameters;
 
     public MLKEMKeyGeneratorSpi()
     {
         this(null);
     }
 
-    protected MLKEMKeyGeneratorSpi(MLKEMParameters kyberParameters)
+    protected MLKEMKeyGeneratorSpi(MLKEMParameters mlkemParameters)
     {
-        this.kyberParameters = kyberParameters;
+        this.mlkemParameters = mlkemParameters;
     }
 
     protected void engineInit(SecureRandom secureRandom)
@@ -51,9 +52,9 @@ protected void engineInit(AlgorithmParameterSpec algorithmParameterSpec, SecureR
         {
             this.genSpec = (KEMGenerateSpec)algorithmParameterSpec;
             this.extSpec = null;
-            if (kyberParameters != null)
+            if (mlkemParameters != null)
             {
-                String canonicalAlgName = MLKEMParameterSpec.fromName(kyberParameters.getName()).getName();
+                String canonicalAlgName = MLKEMParameterSpec.fromName(mlkemParameters.getName()).getName();
                 if (!canonicalAlgName.equals(genSpec.getPublicKey().getAlgorithm()))
                 {
                     throw new InvalidAlgorithmParameterException("key generator locked to " + canonicalAlgName);
@@ -64,9 +65,9 @@ else if (algorithmParameterSpec instanceof KEMExtractSpec)
         {
             this.genSpec = null;
             this.extSpec = (KEMExtractSpec)algorithmParameterSpec;
-            if (kyberParameters != null)
+            if (mlkemParameters != null)
             {
-                String canonicalAlgName = MLKEMParameterSpec.fromName(kyberParameters.getName()).getName();
+                String canonicalAlgName = MLKEMParameterSpec.fromName(mlkemParameters.getName()).getName();
                 if (!canonicalAlgName.equals(extSpec.getPrivateKey().getAlgorithm()))
                 {
                     throw new InvalidAlgorithmParameterException("key generator locked to " + canonicalAlgName);
@@ -93,41 +94,48 @@ protected SecretKey engineGenerateKey()
 
             SecretWithEncapsulation secEnc = kemGen.generateEncapsulated(pubKey.getKeyParams());
 
-            byte[] sharedSecret = secEnc.getSecret();
-
-            byte[] secret = KdfUtil.makeKeyBytes(genSpec, sharedSecret);
-
-            Arrays.clear(sharedSecret);
-
-            SecretKey rv = new SecretKeyWithEncapsulation(new SecretKeySpec(secret, genSpec.getKeyAlgorithmName()), secEnc.getEncapsulation());
+            byte[] kemSecret = secEnc.getSecret();
+            byte[] kdfSecret = KdfUtil.makeKeyBytes(genSpec, kemSecret);
 
             try
             {
-                secEnc.destroy();
+                SecretKeySpec secretKey = new SecretKeySpec(kdfSecret, genSpec.getKeyAlgorithmName());
+
+                return new SecretKeyWithEncapsulation(secretKey, secEnc.getEncapsulation());
             }
-            catch (DestroyFailedException e)
+            finally
             {
-                throw new IllegalStateException("key cleanup failed");
+                try
+                {
+                    secEnc.destroy();
+                }
+                catch (DestroyFailedException e)
+                {
+                    // ignore
+                }
             }
-
-            return rv;
         }
         else
         {
             BCMLKEMPrivateKey privKey = (BCMLKEMPrivateKey)extSpec.getPrivateKey();
             MLKEMExtractor kemExt = new MLKEMExtractor(privKey.getKeyParams());
 
             byte[] encapsulation = extSpec.getEncapsulation();
-            byte[] sharedSecret = kemExt.extractSecret(encapsulation);
-            byte[] secret = KdfUtil.makeKeyBytes(extSpec, sharedSecret);
-
-            Arrays.clear(sharedSecret);
 
-            SecretKey rv = new SecretKeyWithEncapsulation(new SecretKeySpec(secret, extSpec.getKeyAlgorithmName()), encapsulation);
+            byte[] kemSecret = kemExt.extractSecret(encapsulation);
+            byte[] kdfSecret = KdfUtil.makeKeyBytes(extSpec, kemSecret);
 
-            Arrays.clear(secret);
+            try
+            {
+                SecretKeySpec secretKey = new SecretKeySpec(kdfSecret, extSpec.getKeyAlgorithmName());
 
-            return rv;
+                // TODO Why do we return ...WithEncapsulation?? 
+                return new SecretKeyWithEncapsulation(secretKey, encapsulation);
+            }
+            finally
+            {
+                Arrays.clear(kdfSecret);
+            }
         }
     }