added length check for decryption payload for ML-KEM.

added tests for the same.
added PBMAC1 support to PKCS12StoreParameter

Author: dghgit

core/src/main/java/org/bouncycastle/pqc/crypto/mlkem/MLKEMExtractor.java

@@ -21,6 +21,10 @@ public MLKEMExtractor(MLKEMPrivateKeyParameters privateKey)
 
     public byte[] extractSecret(byte[] encapsulation)
     {
+        if (encapsulation.length != this.getEncapsulationLength())
+        {
+            throw new IllegalArgumentException("encapsulation wrong length");
+        }
         return engine.kemDecrypt(privateKey, encapsulation);
     }
 

core/src/test/java/org/bouncycastle/pqc/crypto/test/MLKEMTest.java

@@ -8,6 +8,7 @@
 import java.util.HashMap;
 import java.util.Map;
 
+import junit.framework.Assert;
 import junit.framework.TestCase;
 import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
 import org.bouncycastle.crypto.AsymmetricCipherKeyPair;
@@ -75,6 +76,41 @@ public void testKeys()
         }
     }
 
+    public void testInputs()
+        throws Exception
+    {
+        MLKEMKeyPairGenerator kpGen = new MLKEMKeyPairGenerator();
+        MLKEMKeyGenerationParameters genParam = new MLKEMKeyGenerationParameters(new SecureRandom(), MLKEMParameters.ml_kem_512);
+
+        //
+        // Generate keys and test.
+        //
+        kpGen.init(genParam);
+        AsymmetricCipherKeyPair kp = kpGen.generateKeyPair();
+
+        MLKEMExtractor kEx = new MLKEMExtractor((MLKEMPrivateKeyParameters)kp.getPrivate());
+        
+        try
+        {
+            kEx.extractSecret(new byte[2000]);
+            Assert.fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            assertEquals("encapsulation wrong length", e.getMessage());
+        }
+
+        try
+        {
+            kEx.extractSecret(new byte[600]);
+            Assert.fail();
+        }
+        catch (IllegalArgumentException e)
+        {
+            assertEquals("encapsulation wrong length", e.getMessage());
+        }
+    }
+
     public void testKeyGen() throws IOException
     {
         MLKEMParameters[] params = new MLKEMParameters[]{

prov/src/main/java/org/bouncycastle/jcajce/PKCS12StoreParameter.java

@@ -5,6 +5,15 @@
 import java.security.KeyStore.LoadStoreParameter;
 import java.security.KeyStore.ProtectionParameter;
 
+import org.bouncycastle.asn1.ASN1ObjectIdentifier;
+import org.bouncycastle.asn1.DERNull;
+import org.bouncycastle.asn1.pkcs.PBKDF2Params;
+import org.bouncycastle.asn1.pkcs.PBMAC1Params;
+import org.bouncycastle.asn1.pkcs.PKCSObjectIdentifiers;
+import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
+import org.bouncycastle.internal.asn1.oiw.OIWObjectIdentifiers;
+import org.bouncycastle.util.Arrays;
+
 /**
  * LoadStoreParameter to allow for additional config with PKCS12 files.
  * <p>
@@ -18,6 +27,123 @@ public class PKCS12StoreParameter
     private final ProtectionParameter protectionParameter;
     private final boolean forDEREncoding;
     private final boolean overwriteFriendlyName;
+    private final AlgorithmIdentifier macAlgorithm;
+
+    public static class PBMAC1WithPBKDF2Builder
+    {
+        private int iterationCount = 16384;
+        private byte[] salt = null;
+        private int keySizeinBits = 256;
+        private ASN1ObjectIdentifier prf = PKCSObjectIdentifiers.id_hmacWithSHA256;
+        private ASN1ObjectIdentifier mac = PKCSObjectIdentifiers.id_hmacWithSHA512;
+
+        PBMAC1WithPBKDF2Builder()
+        {
+
+        }
+
+        public PBMAC1WithPBKDF2Builder setIterationCount(int iterationCount)
+        {
+            this.iterationCount = iterationCount;
+
+            return this;
+        }
+
+        public PBMAC1WithPBKDF2Builder setSalt(byte[] salt)
+        {
+            this.salt = Arrays.clone(salt);
+
+            return this;
+        }
+
+        public PBMAC1WithPBKDF2Builder setKeySize(int keySizeinBits)
+        {
+            this.keySizeinBits = keySizeinBits;
+
+            return this;
+        }
+
+        public PBMAC1WithPBKDF2Builder setPrf(ASN1ObjectIdentifier prf)
+        {
+            this.prf = prf;
+
+            return this;
+        }
+
+        public PBMAC1WithPBKDF2Builder setMac(ASN1ObjectIdentifier mac)
+        {
+            this.mac = mac;
+
+            return this;
+        }
+
+        public AlgorithmIdentifier build()
+        {
+            if (salt != null)
+            {
+                throw new IllegalStateException("salt must be non-null");
+            }
+
+            return new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBMAC1, new PBMAC1Params(new AlgorithmIdentifier(PKCSObjectIdentifiers.id_PBKDF2, new PBKDF2Params(salt, iterationCount, keySizeinBits, new AlgorithmIdentifier(prf))),
+                                                        new AlgorithmIdentifier(mac)));
+        }
+    }
+
+    public static PBMAC1WithPBKDF2Builder pbmac1WithPBKDF2Builder()
+    {
+         return new PBMAC1WithPBKDF2Builder();
+    }
+
+    public static class Builder
+    {
+        private final OutputStream out;
+        private final ProtectionParameter protectionParameter;
+        private boolean forDEREncoding = true;
+        private boolean overwriteFriendlyName = true;
+        private AlgorithmIdentifier macAlgorithm = new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE);
+
+        private Builder(OutputStream out, ProtectionParameter protectionParameter)
+        {
+            this.out = out;
+            this.protectionParameter = protectionParameter;
+        }
+
+        public Builder setDEREncoding(boolean enable)
+        {
+            this.forDEREncoding = enable;
+
+            return this;
+        }
+
+        public Builder setOverwriteFriendlyName(boolean enable)
+        {
+            this.overwriteFriendlyName = enable;
+
+            return this;
+        }
+
+        public Builder setMacAlgorithm(AlgorithmIdentifier macAlgorithm)
+        {
+            this.macAlgorithm = macAlgorithm;
+
+            return this;
+        }
+        
+        public PKCS12StoreParameter build()
+        {
+            return new PKCS12StoreParameter(out, protectionParameter, forDEREncoding, overwriteFriendlyName, macAlgorithm);
+        }
+    }
+
+    public static Builder builder(OutputStream out, char[] password)
+    {
+        return builder(out, new KeyStore.PasswordProtection(password));
+    }
+
+    public static Builder builder(OutputStream out, ProtectionParameter protectionParameter)
+    {
+        return new Builder(out, protectionParameter);
+    }
 
     public PKCS12StoreParameter(OutputStream out, char[] password)
     {
@@ -33,6 +159,7 @@ public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREnc
     {
         this(out, new KeyStore.PasswordProtection(password), forDEREncoding, true);
     }
+
     public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding)
     {
         this(out, protectionParameter, forDEREncoding, true);
@@ -44,11 +171,17 @@ public PKCS12StoreParameter(OutputStream out, char[] password, boolean forDEREnc
     }
 
     public PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding, boolean overwriteFriendlyName)
+    {
+        this(out, protectionParameter, forDEREncoding, overwriteFriendlyName, new AlgorithmIdentifier(OIWObjectIdentifiers.idSHA1, DERNull.INSTANCE));
+    }
+
+    private PKCS12StoreParameter(OutputStream out, ProtectionParameter protectionParameter, boolean forDEREncoding, boolean overwriteFriendlyName, AlgorithmIdentifier macAlgorithm)
     {
         this.out = out;
         this.protectionParameter = protectionParameter;
         this.forDEREncoding = forDEREncoding;
         this.overwriteFriendlyName = overwriteFriendlyName;
+        this.macAlgorithm = macAlgorithm;
     }
 
     public OutputStream getOutputStream()
@@ -81,4 +214,9 @@ public boolean isOverwriteFriendlyName()
     {
         return overwriteFriendlyName;
     }
+
+    public AlgorithmIdentifier getMacAlgorithm()
+    {
+        return macAlgorithm;
+    }
 }