Andrea Cosentino created CAMEL-23844:
----------------------------------------

             Summary: Camel-PQC: extractSecretKeyFromEncapsulation uses the raw 
enum name instead of the mapped JCE algorithm name
                 Key: CAMEL-23844
                 URL: https://issues.apache.org/jira/browse/CAMEL-23844
             Project: Camel
          Issue Type: Bug
          Components: camel-pqc
            Reporter: Andrea Cosentino
            Assignee: Andrea Cosentino


In {{PQCProducer.extractSecretKeyFromEncapsulation()}} the restored key is 
built as:

{code:java}new SecretKeySpec(payload.getEncoded(), 
getConfiguration().getSymmetricKeyAlgorithm()){code}

This passes the raw {{PQCSymmetricAlgorithms}} enum NAME (e.g. "GOST3412_2015", 
"DESEDE") as the SecretKeySpec algorithm, whereas {{extractEncapsulation()}} 
correctly maps it via {{PQCSymmetricAlgorithms.valueOf(...).getAlgorithm()}} 
(e.g. "GOST3412-2015", "DESede").

For algorithms whose enum name differs from the JCE name (underscore vs hyphen, 
case) the resulting SecretKey carries an algorithm label that does not match a 
valid cipher transformation, which can break downstream Cipher usage. AES and 
most names are unaffected, so impact is limited to a few symmetric algorithms.

h3. Proposal
Use 
{{PQCSymmetricAlgorithms.valueOf(getConfiguration().getSymmetricKeyAlgorithm()).getAlgorithm()}}
 consistently (same as extractEncapsulation). Applies to the hybrid extract 
path too.

Affected: {{components/camel-pqc}} PQCProducer 
(extractSecretKeyFromEncapsulation, hybridExtractSecretKeyFromEncapsulation).

----
_Filed by Claude Code on behalf of Andrea Cosentino._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to