CAMEL-22508 - Camel-PQC: Add more KEM and Signature algorithms

components/camel-pqc/src/main/java/org/apache/camel/component/pqc/PQCConfiguration.java

@@ -43,13 +43,13 @@ public class PQCConfiguration implements Cloneable {
     @UriParam
     @Metadata(label = "advanced", autowired = true)
     private Signature signer;
-    @UriParam(enums = "MLDSA,SLHDSA,LMS,XMSS,FALCON,PICNIC,RAINBOW,SNOVA,MAYO,DILITHIUM,SPHINCSPLUS")
+    @UriParam(enums = "MLDSA,SLHDSA,LMS,HSS,XMSS,XMSSMT,DILITHIUM,FALCON,PICNIC,SNOVA,MAYO,SPHINCSPLUS")
     @Metadata(label = "advanced")
     private String signatureAlgorithm;
     @UriParam
     @Metadata(label = "advanced", autowired = true)
     private KeyGenerator keyGenerator;
-    @UriParam(enums = "MLKEM,BIKE,HQC,CMCE,SABER,FRODO,NTRU,NTRULPRime")
+    @UriParam(enums = "MLKEM,BIKE,HQC,CMCE,SABER,FRODO,NTRU,NTRULPRime,SNTRUPrime,KYBER")
     @Metadata(label = "advanced")
     private String keyEncapsulationAlgorithm;
     @UriParam(enums = "AES,ARIA,RC2,RC5,CAMELLIA,CAST5,CAST6,CHACHA7539,DSTU7624,GOST28147,GOST3412_2015,GRAIN128,HC128,HC256,SALSA20,SEED,SM4,DESEDE")

components/camel-pqc/src/main/java/org/apache/camel/component/pqc/PQCKeyEncapsulationAlgorithms.java

@@ -29,6 +29,7 @@ public enum PQCKeyEncapsulationAlgorithms {
     FRODO("FRODO", "BCPQC"),
     NTRU("NTRU", "BCPQC"),
     NTRULPRime("NTRULPRime", "BCPQC"),
+    SNTRUPrime("SNTRUPrime", "BCPQC"),
     KYBER("KYBER", "BCPQC");
 
     private final String algorithm;

components/camel-pqc/src/main/java/org/apache/camel/component/pqc/PQCSignatureAlgorithms.java

@@ -22,7 +22,9 @@ public enum PQCSignatureAlgorithms {
     MLDSA("ML-DSA", "BC"),
     SLHDSA("SLH-DSA", "BC"),
     LMS("LMS", "BC"),
+    HSS("LMS", "BC"),
     XMSS("XMSS", "BCPQC"),
+    XMSSMT("XMSSMT", "BCPQC"),
     DILITHIUM("DILITHIUM", "BCPQC"),
 
     // Experimental and non-standardized

components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultHSSMaterial.java

@@ -0,0 +1,61 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.pqc.crypto;
+
+import java.security.*;
+
+import org.apache.camel.component.pqc.PQCSignatureAlgorithms;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.crypto.lms.LMOtsParameters;
+import org.bouncycastle.pqc.crypto.lms.LMSigParameters;
+import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
+import org.bouncycastle.pqc.jcajce.spec.LMSHSSKeyGenParameterSpec;
+import org.bouncycastle.pqc.jcajce.spec.LMSKeyGenParameterSpec;
+
+public class PQCDefaultHSSMaterial {
+    public static final KeyPair keyPair;
+    public static final Signature signer;
+
+    static {
+        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastleProvider());
+        }
+        if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastlePQCProvider());
+        }
+        KeyPairGenerator generator;
+        try {
+            generator = prepareKeyPair();
+            keyPair = generator.generateKeyPair();
+            signer = Signature.getInstance(PQCSignatureAlgorithms.HSS.getAlgorithm());
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    protected static KeyPairGenerator prepareKeyPair()
+            throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance(PQCSignatureAlgorithms.HSS.getAlgorithm(),
+                PQCSignatureAlgorithms.HSS.getBcProvider());
+        LMSKeyGenParameterSpec[] lmsSpecs = new LMSKeyGenParameterSpec[] {
+                new LMSKeyGenParameterSpec(LMSigParameters.lms_sha256_n32_h5, LMOtsParameters.sha256_n32_w2),
+                new LMSKeyGenParameterSpec(LMSigParameters.lms_sha256_n32_h5, LMOtsParameters.sha256_n32_w2)
+        };
+        kpGen.initialize(new LMSHSSKeyGenParameterSpec(lmsSpecs));
+        return kpGen;
+    }
+}

components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/PQCDefaultXMSSMTMaterial.java

@@ -0,0 +1,54 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.pqc.crypto;
+
+import java.security.*;
+
+import org.apache.camel.component.pqc.PQCSignatureAlgorithms;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
+import org.bouncycastle.pqc.jcajce.spec.XMSSMTParameterSpec;
+
+public class PQCDefaultXMSSMTMaterial {
+    public static final KeyPair keyPair;
+    public static final Signature signer;
+
+    static {
+        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastleProvider());
+        }
+        if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastlePQCProvider());
+        }
+        KeyPairGenerator generator;
+        try {
+            generator = prepareKeyPair();
+            keyPair = generator.generateKeyPair();
+            signer = Signature.getInstance(PQCSignatureAlgorithms.XMSSMT.getAlgorithm());
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    protected static KeyPairGenerator prepareKeyPair()
+            throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
+        KeyPairGenerator kpGen = KeyPairGenerator.getInstance(PQCSignatureAlgorithms.XMSSMT.getAlgorithm(),
+                PQCSignatureAlgorithms.XMSSMT.getBcProvider());
+        kpGen.initialize(XMSSMTParameterSpec.XMSSMT_SHA2_20d2_256, new SecureRandom());
+        return kpGen;
+    }
+}

components/camel-pqc/src/main/java/org/apache/camel/component/pqc/crypto/kem/PQCDefaultSNTRUPrimeMaterial.java

@@ -0,0 +1,63 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.pqc.crypto.kem;
+
+import java.security.*;
+
+import javax.crypto.KeyGenerator;
+
+import org.apache.camel.component.pqc.PQCKeyEncapsulationAlgorithms;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
+import org.bouncycastle.pqc.jcajce.spec.SNTRUPrimeParameterSpec;
+
+public class PQCDefaultSNTRUPrimeMaterial {
+
+    public static final KeyPair keyPair;
+    public static final KeyGenerator keyGenerator;
+    public static final KeyPairGenerator generator;
+
+    static {
+        if (Security.getProvider(BouncyCastleProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastleProvider());
+        }
+        if (Security.getProvider(BouncyCastlePQCProvider.PROVIDER_NAME) == null) {
+            Security.addProvider(new BouncyCastlePQCProvider());
+        }
+        try {
+            generator = prepareKeyPair();
+            keyPair = generator.generateKeyPair();
+            keyGenerator = prepareKeyGenerator();
+        } catch (Exception e) {
+            throw new RuntimeException(e);
+        }
+    }
+
+    protected static KeyPairGenerator prepareKeyPair()
+            throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(PQCKeyEncapsulationAlgorithms.SNTRUPrime.getAlgorithm(),
+                PQCKeyEncapsulationAlgorithms.SNTRUPrime.getBcProvider());
+        kpg.initialize(SNTRUPrimeParameterSpec.sntrup761, new SecureRandom());
+        return kpg;
+    }
+
+    protected static KeyGenerator prepareKeyGenerator() throws NoSuchAlgorithmException, NoSuchProviderException {
+        KeyGenerator kg = KeyGenerator.getInstance(PQCKeyEncapsulationAlgorithms.SNTRUPrime.getAlgorithm(),
+                PQCKeyEncapsulationAlgorithms.SNTRUPrime.getBcProvider());
+        return kg;
+    }
+}

components/camel-pqc/src/test/java/org/apache/camel/component/pqc/PQCSNTRUPrimeGenerateEncapsulationAESTest.java

@@ -0,0 +1,107 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License.  You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.camel.component.pqc;
+
+import java.security.*;
+
+import javax.crypto.KeyGenerator;
+
+import org.apache.camel.BindToRegistry;
+import org.apache.camel.EndpointInject;
+import org.apache.camel.Produce;
+import org.apache.camel.ProducerTemplate;
+import org.apache.camel.builder.RouteBuilder;
+import org.apache.camel.component.mock.MockEndpoint;
+import org.apache.camel.test.junit5.CamelTestSupport;
+import org.bouncycastle.jcajce.SecretKeyWithEncapsulation;
+import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.pqc.jcajce.provider.BouncyCastlePQCProvider;
+import org.bouncycastle.pqc.jcajce.spec.SNTRUPrimeParameterSpec;
+import org.bouncycastle.util.Arrays;
+import org.junit.jupiter.api.BeforeAll;
+import org.junit.jupiter.api.Test;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+public class PQCSNTRUPrimeGenerateEncapsulationAESTest extends CamelTestSupport {
+
+    @EndpointInject("mock:sign")
+    protected MockEndpoint resultSign;
+
+    @Produce("direct:sign")
+    protected ProducerTemplate templateSign;
+
+    @EndpointInject("mock:verify")
+    protected MockEndpoint resultVerify;
+
+    public PQCSNTRUPrimeGenerateEncapsulationAESTest() throws NoSuchAlgorithmException {
+    }
+
+    @Override
+    protected RouteBuilder createRouteBuilder() {
+        return new RouteBuilder() {
+            @Override
+            public void configure() {
+                from("direct:sign").to("pqc:keyenc?operation=generateSecretKeyEncapsulation&symmetricKeyAlgorithm=AES")
+                        .to("mock:sign")
+                        .to("pqc:keyenc?operation=extractSecretKeyEncapsulation&symmetricKeyAlgorithm=AES").to("mock:verify");
+            }
+        };
+    }
+
+    @BeforeAll
+    public static void startup() throws Exception {
+        Security.addProvider(new BouncyCastleProvider());
+        Security.addProvider(new BouncyCastlePQCProvider());
+    }
+
+    @Test
+    void testSignAndVerify() throws Exception {
+        resultSign.expectedMessageCount(1);
+        resultVerify.expectedMessageCount(1);
+        templateSign.sendBody("Hello");
+        resultSign.assertIsSatisfied();
+        assertNotNull(resultSign.getExchanges().get(0).getMessage().getBody(SecretKeyWithEncapsulation.class));
+        assertEquals(PQCSymmetricAlgorithms.AES.getAlgorithm(),
+                resultSign.getExchanges().get(0).getMessage().getBody(SecretKeyWithEncapsulation.class).getAlgorithm());
+        SecretKeyWithEncapsulation secEncrypted
+                = resultSign.getExchanges().get(0).getMessage().getBody(SecretKeyWithEncapsulation.class);
+        assertNotNull(resultVerify.getExchanges().get(0).getMessage().getBody(SecretKeyWithEncapsulation.class));
+        assertEquals(PQCSymmetricAlgorithms.AES.getAlgorithm(),
+                resultVerify.getExchanges().get(0).getMessage().getBody(SecretKeyWithEncapsulation.class).getAlgorithm());
+        SecretKeyWithEncapsulation secEncryptedExtracted
+                = resultVerify.getExchanges().get(0).getMessage().getBody(SecretKeyWithEncapsulation.class);
+        assertTrue(Arrays.areEqual(secEncrypted.getEncoded(), secEncryptedExtracted.getEncoded()));
+    }
+
+    @BindToRegistry("Keypair")
+    public KeyPair setKeyPair() throws NoSuchAlgorithmException, NoSuchProviderException, InvalidAlgorithmParameterException {
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(PQCKeyEncapsulationAlgorithms.SNTRUPrime.getAlgorithm(),
+                PQCKeyEncapsulationAlgorithms.SNTRUPrime.getBcProvider());
+        kpg.initialize(SNTRUPrimeParameterSpec.sntrup761, new SecureRandom());
+        KeyPair kp = kpg.generateKeyPair();
+        return kp;
+    }
+
+    @BindToRegistry("KeyGenerator")
+    public KeyGenerator setKeyGenerator()
+            throws NoSuchAlgorithmException, NoSuchProviderException {
+        KeyGenerator kg = KeyGenerator.getInstance(PQCKeyEncapsulationAlgorithms.SNTRUPrime.getAlgorithm(),
+                PQCKeyEncapsulationAlgorithms.SNTRUPrime.getBcProvider());
+        return kg;
+    }
+}