Andrea Cosentino created CAMEL-23844:
----------------------------------------
Summary: Camel-PQC: extractSecretKeyFromEncapsulation uses the raw
enum name instead of the mapped JCE algorithm name
Key: CAMEL-23844
URL: https://issues.apache.org/jira/browse/CAMEL-23844
Project: Camel
Issue Type: Bug
Components: camel-pqc
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
In {{PQCProducer.extractSecretKeyFromEncapsulation()}} the restored key is
built as:
{code:java}new SecretKeySpec(payload.getEncoded(),
getConfiguration().getSymmetricKeyAlgorithm()){code}
This passes the raw {{PQCSymmetricAlgorithms}} enum NAME (e.g. "GOST3412_2015",
"DESEDE") as the SecretKeySpec algorithm, whereas {{extractEncapsulation()}}
correctly maps it via {{PQCSymmetricAlgorithms.valueOf(...).getAlgorithm()}}
(e.g. "GOST3412-2015", "DESede").
For algorithms whose enum name differs from the JCE name (underscore vs hyphen,
case) the resulting SecretKey carries an algorithm label that does not match a
valid cipher transformation, which can break downstream Cipher usage. AES and
most names are unaffected, so impact is limited to a few symmetric algorithms.
h3. Proposal
Use
{{PQCSymmetricAlgorithms.valueOf(getConfiguration().getSymmetricKeyAlgorithm()).getAlgorithm()}}
consistently (same as extractEncapsulation). Applies to the hybrid extract
path too.
Affected: {{components/camel-pqc}} PQCProducer
(extractSecretKeyFromEncapsulation, hybridExtractSecretKeyFromEncapsulation).
----
_Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)