Provide fallback SecureRandom in low-level KEM generators

Author: peterdettman

core/src/main/java/org/bouncycastle/pqc/crypto/hqc/HQCKEMGenerator.java

@@ -2,6 +2,7 @@
 
 import java.security.SecureRandom;
 
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.EncapsulatedSecretGenerator;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
@@ -11,11 +12,11 @@
 public class HQCKEMGenerator
     implements EncapsulatedSecretGenerator
 {
-    private final SecureRandom sr;
+    private final SecureRandom random;
 
     public HQCKEMGenerator(SecureRandom random)
     {
-        this.sr = random;
+        this.random = CryptoServicesRegistrar.getSecureRandom(random);
     }
 
     public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recipientKey)
@@ -29,7 +30,7 @@ public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recip
         byte[] salt = new byte[key.getParameters().getSALT_SIZE_BYTES()];
         byte[] pk = key.getPublicKey();
 
-        engine.encaps(u, v, K, pk, salt, sr);
+        engine.encaps(u, v, K, pk, salt, random);
 
         byte[] cipherText = Arrays.concatenate(u, v, salt);
 

core/src/main/java/org/bouncycastle/pqc/crypto/ntru/NTRUKEMGenerator.java

@@ -2,6 +2,7 @@
 
 import java.security.SecureRandom;
 
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.EncapsulatedSecretGenerator;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.digests.SHA3Digest;
@@ -22,19 +23,9 @@ public class NTRUKEMGenerator
 {
     private final SecureRandom random;
 
-    /**
-     * Constructor
-     *
-     * @param random a secure random number generator
-     */
     public NTRUKEMGenerator(SecureRandom random)
     {
-        if (random == null)
-        {
-            throw new NullPointerException("'random' cannot be null");
-        }
-
-        this.random = random;
+        this.random = CryptoServicesRegistrar.getSecureRandom(random);
     }
 
     public SecretWithEncapsulation generateEncapsulated(AsymmetricKeyParameter recipientKey)

core/src/main/java/org/bouncycastle/pqc/crypto/ntruprime/SNTRUPrimeKEMGenerator.java

@@ -2,6 +2,7 @@
 
 import java.security.SecureRandom;
 
+import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.EncapsulatedSecretGenerator;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.params.AsymmetricKeyParameter;
@@ -15,7 +16,7 @@ public class SNTRUPrimeKEMGenerator
 
     public SNTRUPrimeKEMGenerator(SecureRandom random)
     {
-        this.random = random;
+        this.random = CryptoServicesRegistrar.getSecureRandom(random);
     }
 
     @Override

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/hqc/HQCCipherSpi.java

@@ -19,7 +19,6 @@
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.DestroyFailedException;
 
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.Wrapper;
@@ -154,7 +153,7 @@ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec paramSpec,
             if (key instanceof BCHQCPublicKey)
             {
                 wrapKey = (BCHQCPublicKey)key;
-                kemGen = new HQCKEMGenerator(CryptoServicesRegistrar.getSecureRandom(random));
+                kemGen = new HQCKEMGenerator(random);
             }
             else
             {

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/ntru/NTRUCipherSpi.java

@@ -19,7 +19,6 @@
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.DestroyFailedException;
 
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.Wrapper;
@@ -145,7 +144,7 @@ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec paramSpec,
             if (key instanceof BCNTRUPublicKey)
             {
                 wrapKey = (BCNTRUPublicKey)key;
-                kemGen = new NTRUKEMGenerator(CryptoServicesRegistrar.getSecureRandom(random));
+                kemGen = new NTRUKEMGenerator(random);
             }
             else
             {

prov/src/main/java/org/bouncycastle/pqc/jcajce/provider/ntruprime/SNTRUPrimeCipherSpi.java

@@ -19,7 +19,6 @@
 import javax.crypto.spec.SecretKeySpec;
 import javax.security.auth.DestroyFailedException;
 
-import org.bouncycastle.crypto.CryptoServicesRegistrar;
 import org.bouncycastle.crypto.InvalidCipherTextException;
 import org.bouncycastle.crypto.SecretWithEncapsulation;
 import org.bouncycastle.crypto.Wrapper;
@@ -144,7 +143,7 @@ protected void engineInit(int opmode, Key key, AlgorithmParameterSpec paramSpec,
             if (key instanceof BCSNTRUPrimePublicKey)
             {
                 wrapKey = (BCSNTRUPrimePublicKey)key;
-                kemGen = new SNTRUPrimeKEMGenerator(CryptoServicesRegistrar.getSecureRandom(random));
+                kemGen = new SNTRUPrimeKEMGenerator(random);
             }
             else
             {

prov/src/main/jdk17/org/bouncycastle/pqc/jcajce/provider/hqc/HQCKEMSpi.java

@@ -33,10 +33,6 @@ public EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey, AlgorithmParam
         {
             throw new InvalidAlgorithmParameterException("HQC can only accept KTSParameterSpec");
         }
-        if (secureRandom == null)
-        {
-            secureRandom = new SecureRandom();
-        }
         return new HQCEncapsulatorSpi((BCHQCPublicKey)publicKey, (KTSParameterSpec)spec, secureRandom);
     }
 

prov/src/main/jdk17/org/bouncycastle/pqc/jcajce/provider/ntru/NTRUKEMSpi.java

@@ -33,10 +33,6 @@ public EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey, AlgorithmParam
         {
             throw new InvalidAlgorithmParameterException("NTRU can only accept KTSParameterSpec");
         }
-        if (secureRandom == null)
-        {
-            secureRandom = new SecureRandom();
-        }
         return new NTRUEncapsulatorSpi((BCNTRUPublicKey) publicKey, (KTSParameterSpec) spec, secureRandom);
     }
 

prov/src/main/jdk17/org/bouncycastle/pqc/jcajce/provider/ntruprime/SNTRUPrimeKEMSpi.java

@@ -30,10 +30,6 @@ public EncapsulatorSpi engineNewEncapsulator(PublicKey publicKey, AlgorithmParam
         {
             throw new InvalidAlgorithmParameterException("SNTRUPrime can only accept KTSParameterSpec");
         }
-        if (secureRandom == null)
-        {
-            secureRandom = new SecureRandom();
-        }
         return new SNTRUPrimeEncapsulatorSpi((BCSNTRUPrimePublicKey) publicKey,(KTSParameterSpec) spec, secureRandom);
     }