[ 
https://issues.apache.org/jira/browse/CAMEL-23844?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrea Cosentino updated CAMEL-23844:
-------------------------------------
    Fix Version/s: 4.22.0

> Camel-PQC: extractSecretKeyFromEncapsulation uses the raw enum name instead 
> of the mapped JCE algorithm name
> ------------------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23844
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23844
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-pqc
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Minor
>             Fix For: 4.22.0
>
>
> In {{PQCProducer.extractSecretKeyFromEncapsulation()}} the restored key is 
> built as:
> {code:java}new SecretKeySpec(payload.getEncoded(), 
> getConfiguration().getSymmetricKeyAlgorithm()){code}
> This passes the raw {{PQCSymmetricAlgorithms}} enum NAME (e.g. 
> "GOST3412_2015", "DESEDE") as the SecretKeySpec algorithm, whereas 
> {{extractEncapsulation()}} correctly maps it via 
> {{PQCSymmetricAlgorithms.valueOf(...).getAlgorithm()}} (e.g. "GOST3412-2015", 
> "DESede").
> For algorithms whose enum name differs from the JCE name (underscore vs 
> hyphen, case) the resulting SecretKey carries an algorithm label that does 
> not match a valid cipher transformation, which can break downstream Cipher 
> usage. AES and most names are unaffected, so impact is limited to a few 
> symmetric algorithms.
> h3. Proposal
> Use 
> {{PQCSymmetricAlgorithms.valueOf(getConfiguration().getSymmetricKeyAlgorithm()).getAlgorithm()}}
>  consistently (same as extractEncapsulation). Applies to the hybrid extract 
> path too.
> Affected: {{components/camel-pqc}} PQCProducer 
> (extractSecretKeyFromEncapsulation, hybridExtractSecretKeyFromEncapsulation).
> ----
> _Filed by Claude Code on behalf of Andrea Cosentino._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to