[
https://issues.apache.org/jira/browse/CAMEL-23844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Andrea Cosentino updated CAMEL-23844:
-------------------------------------
Fix Version/s: 4.22.0
> Camel-PQC: extractSecretKeyFromEncapsulation uses the raw enum name instead
> of the mapped JCE algorithm name
> ------------------------------------------------------------------------------------------------------------
>
> Key: CAMEL-23844
> URL: https://issues.apache.org/jira/browse/CAMEL-23844
> Project: Camel
> Issue Type: Bug
> Components: camel-pqc
> Reporter: Andrea Cosentino
> Assignee: Andrea Cosentino
> Priority: Minor
> Fix For: 4.22.0
>
>
> In {{PQCProducer.extractSecretKeyFromEncapsulation()}} the restored key is
> built as:
> {code:java}new SecretKeySpec(payload.getEncoded(),
> getConfiguration().getSymmetricKeyAlgorithm()){code}
> This passes the raw {{PQCSymmetricAlgorithms}} enum NAME (e.g.
> "GOST3412_2015", "DESEDE") as the SecretKeySpec algorithm, whereas
> {{extractEncapsulation()}} correctly maps it via
> {{PQCSymmetricAlgorithms.valueOf(...).getAlgorithm()}} (e.g. "GOST3412-2015",
> "DESede").
> For algorithms whose enum name differs from the JCE name (underscore vs
> hyphen, case) the resulting SecretKey carries an algorithm label that does
> not match a valid cipher transformation, which can break downstream Cipher
> usage. AES and most names are unaffected, so impact is limited to a few
> symmetric algorithms.
> h3. Proposal
> Use
> {{PQCSymmetricAlgorithms.valueOf(getConfiguration().getSymmetricKeyAlgorithm()).getAlgorithm()}}
> consistently (same as extractEncapsulation). Applies to the hybrid extract
> path too.
> Affected: {{components/camel-pqc}} PQCProducer
> (extractSecretKeyFromEncapsulation, hybridExtractSecretKeyFromEncapsulation).
> ----
> _Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)