NTRUPrime: Add missing mappings, fix OID mappings

- unify NTRUPrime mappings using SpiUtil

Author: peterdettman

core/src/main/java/org/bouncycastle/pqc/crypto/ntruprime/SNTRUPrimeKEMExtractor.java

@@ -10,6 +10,11 @@ public class SNTRUPrimeKEMExtractor
 
     public SNTRUPrimeKEMExtractor(SNTRUPrimePrivateKeyParameters privateKey)
     {
+        if (privateKey == null)
+        {
+            throw new NullPointerException("'privateKey' cannot be null");
+        }
+
         this.privateKey = privateKey;
     }
 

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/NTRUPrime.java

@@ -4,6 +4,7 @@
 import org.bouncycastle.jcajce.provider.config.ConfigurableProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricAlgorithmProvider;
 import org.bouncycastle.jcajce.provider.util.AsymmetricKeyInfoConverter;
+import org.bouncycastle.jcajce.util.SpiUtil;
 import org.bouncycastle.pqc.jcajce.provider.ntruprime.NTRULPRimeKeyFactorySpi;
 import org.bouncycastle.pqc.jcajce.provider.ntruprime.SNTRUPrimeKeyFactorySpi;
 
@@ -27,32 +28,36 @@ public void configure(ConfigurableProvider provider)
 
             AsymmetricKeyInfoConverter keyFact = new NTRULPRimeKeyFactorySpi();
 
-            provider.addAlgorithm("Cipher.NTRULPRIME", PREFIX + "NTRULPRimeCipherSpi$Base");
-            provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.pqc_kem_ntrulprime, "NTRU");
-            
+            addCipherAlgorithm(provider, "NTRULPRIME", PREFIX + "NTRULPRimeCipherSpi$Base", BCObjectIdentifiers.pqc_kem_ntrulprime);
+
             registerOid(provider, BCObjectIdentifiers.ntrulpr653, "NTRULPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.ntrulpr761, "NTRULPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.ntrulpr857, "NTRULPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.ntrulpr953, "NTRULPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.ntrulpr1013, "NTRULPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.ntrulpr1277, "NTRULPRIME", keyFact);
-            
+
             provider.addAlgorithm("KeyFactory.SNTRUPRIME", PREFIX + "SNTRUPrimeKeyFactorySpi");
             provider.addAlgorithm("KeyPairGenerator.SNTRUPRIME", PREFIX + "SNTRUPrimeKeyPairGeneratorSpi");
 
             provider.addAlgorithm("KeyGenerator.SNTRUPRIME", PREFIX + "SNTRUPrimeKeyGeneratorSpi");
 
             keyFact = new SNTRUPrimeKeyFactorySpi();
 
-            provider.addAlgorithm("Cipher.SNTRUPRIME", PREFIX + "SNTRUPrimeCipherSpi$Base");
-            provider.addAlgorithm("Alg.Alias.Cipher." + BCObjectIdentifiers.pqc_kem_sntruprime, "NTRU");
+            addCipherAlgorithm(provider, "SNTRUPRIME", PREFIX + "SNTRUPrimeCipherSpi$Base", BCObjectIdentifiers.pqc_kem_sntruprime);
 
             registerOid(provider, BCObjectIdentifiers.sntrup653, "SNTRUPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.sntrup761, "SNTRUPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.sntrup857, "SNTRUPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.sntrup953, "SNTRUPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.sntrup1013, "SNTRUPRIME", keyFact);
             registerOid(provider, BCObjectIdentifiers.sntrup1277, "SNTRUPRIME", keyFact);
+
+            if (SpiUtil.hasKEM())
+            {
+                // TODO Per-parameter-set SPI classes?
+                addKEMAlgorithm(provider, "SNTRUPRIME", PREFIX + "SNTRUPrimeKEMSpi$SNTRUPrime", BCObjectIdentifiers.pqc_kem_sntruprime);
+            }
         }
     }
 }

prov/src/main/jdk17/org/bouncycastle/pqc/jcajce/provider/NTRUPrime.java

@@ -1,35 +1,39 @@
 package org.bouncycastle.pqc.jcajce.provider.ntruprime;
 
-import org.bouncycastle.jcajce.spec.KTSParameterSpec;
-import org.bouncycastle.pqc.crypto.ntruprime.SNTRUPrimeKEMExtractor;
-import org.bouncycastle.pqc.jcajce.provider.util.KdfUtil;
-import org.bouncycastle.util.Arrays;
+import java.util.Objects;
 
 import javax.crypto.DecapsulateException;
 import javax.crypto.KEMSpi;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
-import java.security.InvalidKeyException;
-import java.util.Objects;
 
+import org.bouncycastle.jcajce.spec.KTSParameterSpec;
+import org.bouncycastle.pqc.crypto.ntruprime.SNTRUPrimeKEMExtractor;
+import org.bouncycastle.pqc.jcajce.provider.util.KdfUtil;
+import org.bouncycastle.util.Arrays;
+
+/*
+ *  NOTE: Per javadoc for javax.crypto.KEM, "Encapsulator and Decapsulator objects are also immutable. It is safe to
+ *  invoke multiple encapsulate and decapsulate methods on the same Encapsulator or Decapsulator object at the same
+ *  time. Each invocation of encapsulate will generate a new shared secret and key encapsulation message."
+ */
 class SNTRUPrimeDecapsulatorSpi
     implements KEMSpi.DecapsulatorSpi
 {
-    BCSNTRUPrimePrivateKey privateKey;
-    KTSParameterSpec parameterSpec;
-
-    SNTRUPrimeKEMExtractor kemExt;
+//    private final BCSNTRUPrimePrivateKey privateKey;
+    private final KTSParameterSpec parameterSpec;
+    private final SNTRUPrimeKEMExtractor kemExt;
 
-    public SNTRUPrimeDecapsulatorSpi(BCSNTRUPrimePrivateKey privateKey, KTSParameterSpec parameterSpec)
+    SNTRUPrimeDecapsulatorSpi(BCSNTRUPrimePrivateKey privateKey, KTSParameterSpec parameterSpec)
     {
-        this.privateKey = privateKey;
+//        this.privateKey = privateKey;
         this.parameterSpec = parameterSpec;
-
-        kemExt = new SNTRUPrimeKEMExtractor(privateKey.getKeyParams());
+        this.kemExt = new SNTRUPrimeKEMExtractor(privateKey.getKeyParams());
     }
 
     @Override
-    public SecretKey engineDecapsulate(byte[] encapsulation, int from, int to, String algorithm) throws DecapsulateException
+    public SecretKey engineDecapsulate(byte[] encapsulation, int from, int to, String algorithm)
+        throws DecapsulateException
     {
         Objects.checkFromToIndex(from, to, engineSecretSize());
         Objects.requireNonNull(algorithm, "null algorithm");
@@ -40,27 +44,32 @@ public SecretKey engineDecapsulate(byte[] encapsulation, int from, int to, Strin
             throw new DecapsulateException("incorrect encapsulation size");
         }
 
-        // if algorithm is Generic then use parameterSpec to wrap key
-        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
-                algorithm.equals("Generic"))
+        String keyAlgName = parameterSpec.getKeyAlgorithmName();
+        if (!"Generic".equals(keyAlgName))
         {
-            algorithm = parameterSpec.getKeyAlgorithmName();
+            // if algorithm is Generic then use parameterSpec to wrap key
+            if ("Generic".equals(algorithm))
+            {
+                algorithm = keyAlgName;
+            }
+            // check spec algorithm mismatch provided algorithm
+            else if (!algorithm.equals(keyAlgName))
+            {
+                throw new UnsupportedOperationException(keyAlgName + " does not match " + algorithm);
+            }
         }
 
-        // check spec algorithm mismatch provided algorithm
-        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
-                !parameterSpec.getKeyAlgorithmName().equals(algorithm))
+        byte[] kemSecret = kemExt.extractSecret(encapsulation);
+        byte[] kdfSecret = KdfUtil.makeKeyBytes(parameterSpec, kemSecret);
+
+        try
         {
-            throw new UnsupportedOperationException(parameterSpec.getKeyAlgorithmName() + " does not match " + algorithm);
+            return new SecretKeySpec(kdfSecret, from, to - from, algorithm);
+        }
+        finally
+        {
+            Arrays.clear(kdfSecret);
         }
-
-        // Only use KDF when ktsParameterSpec is provided
-        // Considering any ktsParameterSpec with "Generic" as ktsParameterSpec not provided
-        byte[] secret = kemExt.extractSecret(encapsulation);
-
-        byte[] secretKey = Arrays.copyOfRange(KdfUtil.makeKeyBytes(parameterSpec, secret), from, to);
-
-        return new SecretKeySpec(secretKey, algorithm);
     }
 
     @Override

prov/src/main/jdk17/org/bouncycastle/pqc/jcajce/provider/ntruprime/SNTRUPrimeDecapsulatorSpi.java

@@ -1,32 +1,36 @@
 package org.bouncycastle.pqc.jcajce.provider.ntruprime;
 
+import java.security.SecureRandom;
+import java.util.Objects;
+
+import javax.crypto.KEM;
+import javax.crypto.KEMSpi;
+import javax.crypto.SecretKey;
+import javax.crypto.spec.SecretKeySpec;
+
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.jcajce.spec.KTSParameterSpec;
 import org.bouncycastle.pqc.crypto.ntruprime.SNTRUPrimeKEMGenerator;
 import org.bouncycastle.pqc.jcajce.provider.util.KdfUtil;
 import org.bouncycastle.util.Arrays;
 
-import javax.crypto.KEM;
-import javax.crypto.KEMSpi;
-import javax.crypto.spec.SecretKeySpec;
-import java.security.InvalidKeyException;
-import java.security.SecureRandom;
-import java.util.Objects;
-
+/*
+ *  NOTE: Per javadoc for javax.crypto.KEM, "Encapsulator and Decapsulator objects are also immutable. It is safe to
+ *  invoke multiple encapsulate and decapsulate methods on the same Encapsulator or Decapsulator object at the same
+ *  time. Each invocation of encapsulate will generate a new shared secret and key encapsulation message."
+ */
 class SNTRUPrimeEncapsulatorSpi
     implements KEMSpi.EncapsulatorSpi
 {
     private final BCSNTRUPrimePublicKey publicKey;
     private final KTSParameterSpec parameterSpec;
     private final SNTRUPrimeKEMGenerator kemGen;
 
-
-    public SNTRUPrimeEncapsulatorSpi(BCSNTRUPrimePublicKey publicKey, KTSParameterSpec parameterSpec, SecureRandom random)
+    SNTRUPrimeEncapsulatorSpi(BCSNTRUPrimePublicKey publicKey, KTSParameterSpec parameterSpec, SecureRandom random)
     {
         this.publicKey = publicKey;
         this.parameterSpec = parameterSpec;
-
-        kemGen = new SNTRUPrimeKEMGenerator(random);
+        this.kemGen = new SNTRUPrimeKEMGenerator(random);
     }
 
     @Override
@@ -35,31 +39,37 @@ public KEM.Encapsulated engineEncapsulate(int from, int to, String algorithm)
         Objects.checkFromToIndex(from, to, engineSecretSize());
         Objects.requireNonNull(algorithm, "null algorithm");
 
-        // if algorithm is Generic then use parameterSpec to wrap key
-        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
-                algorithm.equals("Generic"))
-        {
-            algorithm = parameterSpec.getKeyAlgorithmName();
-        }
-
-        // check spec algorithm mismatch provided algorithm
-        if (!parameterSpec.getKeyAlgorithmName().equals("Generic") &&
-                !parameterSpec.getKeyAlgorithmName().equals(algorithm))
+        String keyAlgName = parameterSpec.getKeyAlgorithmName();
+        if (!"Generic".equals(keyAlgName))
         {
-            throw new UnsupportedOperationException(parameterSpec.getKeyAlgorithmName() + " does not match " + algorithm);
+            // if algorithm is Generic then use parameterSpec to wrap key
+            if ("Generic".equals(algorithm))
+            {
+                algorithm = keyAlgName;
+            }
+            // check spec algorithm mismatch provided algorithm
+            else if (!algorithm.equals(keyAlgName))
+            {
+                throw new UnsupportedOperationException(keyAlgName + " does not match " + algorithm);
+            }
         }
 
-        // Only use KDF when ktsParameterSpec is provided
-        // Considering any ktsParameterSpec with "Generic" as ktsParameterSpec not provided
         SecretWithEncapsulation secEnc = kemGen.generateEncapsulated(publicKey.getKeyParams());
 
         byte[] encapsulation = secEnc.getEncapsulation();
-        byte[] secret = secEnc.getSecret();
 
-        byte[] secretKey = Arrays.copyOfRange(KdfUtil.makeKeyBytes(parameterSpec, secret), from, to);
-
-        return new KEM.Encapsulated(new SecretKeySpec(secretKey, algorithm), encapsulation, null); //TODO: DER encoding for params
+        byte[] kemSecret = secEnc.getSecret();
+        byte[] kdfSecret = KdfUtil.makeKeyBytes(parameterSpec, kemSecret);
 
+        try
+        {
+            SecretKey secretKey = new SecretKeySpec(kdfSecret, from, to - from, algorithm);
+            return new KEM.Encapsulated(secretKey, encapsulation, null);
+        }
+        finally
+        {
+            Arrays.clear(kdfSecret);
+        }
     }
 
     @Override