Skip to content

Commit

Permalink
Merge pull request #22 from fisherstevenk/remove-sun
Browse files Browse the repository at this point in the history
remove sun.security requirement
  • Loading branch information
fisherstevenk authored Aug 12, 2023
2 parents 42c18b1 + 8e3d67f commit 23fae34
Showing 15 changed files with 2,793 additions and 70 deletions.
37 changes: 3 additions & 34 deletions README.md
Original file line number Diff line number Diff line change
@@ -7,44 +7,13 @@

**KYBER** is an IND-CCA2-secure key encapsulation mechanism (KEM), whose security is based on the hardness of solving the learning-with-errors (LWE) problem over module lattices. The homepage for CRYSTALS Kyber can be found [here](https://pq-crystals.org/kyber/index.shtml) (some information from this README is pulled directly from their site).

The initial Java implementation was intended for Android applications. In order to use it on Android however, you need to include the sun.security.util classes in your final jar. The Android version of java does not have them available.

Some minor changes were needed for this library to work with JDK 18 (version 2.0+). In order to use the library in your Java 18 app, you do need modifications to your maven pom (sorry.. no gradle example).

*Please note, do not add the "..." to your pom file. That's just a placeholder instead of adding a full pom file.*

```bash
<project ...>
....
<properties>
<!-- This property must be added -->
<argLine>--add-modules java.base --add-opens java.base/sun.security.util=ALL-UNNAMED</argLine>
...
</properties>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<configuration>
<source>18</source>
<target>18</target>
<!-- This section must be added -->
<compilerArgs>
<arg>--add-exports</arg>
<arg>java.base/sun.security.util=ALL-UNNAMED</arg>
</compilerArgs>
</configuration>
</plugin>
...
</project>
```

The initial creation of this code was translated from this Go implementation of [Kyber (version 3)](https://github.com/symbolicsoft/kyber-k2so). After getting that to work, the code was modified into a JCE. The Diffie-Hellman OpenJDK 11 code was used as a base.

Kyber has three different parameter sets: 512, 768, and 1024. Kyber-512 aims at security roughly equivalent to AES-128, Kyber-768 aims at security roughly equivalent to AES-192, and Kyber-1024 aims at security roughly equivalent to AES-256.

## Sun Libraries
The "sun.security.\*" library requirements have been removed from version 1.1 of this library. The required "sun.security.\*" classes were copied from Java 13 and refactored into "com.swiftcryptollc.crypto.util" under the GNU General Public License version 2. Part of the refactoring was to remove unused methods and variables, and to change to new base classes where possible.

## Loading the Kyber JCE
There are a couple ways to load the Kyber JCE. One way is to add these two lines to your program:

9 changes: 4 additions & 5 deletions pom.xml
Original file line number Diff line number Diff line change
@@ -3,13 +3,12 @@
<modelVersion>4.0.0</modelVersion>
<groupId>com.swiftcryptollc</groupId>
<artifactId>kyberJCE</artifactId>
<version>2.1.5</version>
<version>3.0.0</version>
<packaging>jar</packaging>
<name>KyberJCE</name>
<description>Pure Java implementation of Kyber</description>
<properties>
<project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
<argLine>--add-modules java.base --add-opens java.base/sun.security.util=ALL-UNNAMED</argLine>
</properties>
<repositories>
<repository>
@@ -28,7 +27,7 @@
<dependency>
<groupId>org.junit.jupiter</groupId>
<artifactId>junit-jupiter</artifactId>
<version>5.8.2</version>
<version>5.10.0</version>
<scope>test</scope>
</dependency>
</dependencies>
@@ -37,15 +36,15 @@
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-javadoc-plugin</artifactId>
<version>3.3.1</version>
<version>3.5.0</version>
<configuration>
<additionalparam>-Xdoclint:none</additionalparam>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<version>3.10.1</version>
<version>3.11.0</version>
<configuration>
<source>17</source>
<target>17</target>
Original file line number Diff line number Diff line change
@@ -2,7 +2,11 @@

import com.swiftcryptollc.crypto.provider.kyber.KyberParams;
import com.swiftcryptollc.crypto.spec.KyberParameterSpec;
import com.swiftcryptollc.crypto.util.DerInputStream;
import com.swiftcryptollc.crypto.util.DerOutputStream;
import com.swiftcryptollc.crypto.util.DerValue;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import com.swiftcryptollc.crypto.util.ObjectIdentifier;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -13,10 +17,7 @@
import java.security.ProviderException;
import java.security.PublicKey;
import java.util.Objects;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;


/**
* A cipher text in X.509 format for the Kyber key agreement algorithm.
Original file line number Diff line number Diff line change
@@ -3,7 +3,6 @@
import java.security.AccessController;
import java.security.Provider;
import java.security.SecureRandom;
import static sun.security.util.SecurityConstants.PROVIDER_VER;

/**
* Java implementation of the CRYSTALS Kyber Algorithm.
@@ -45,7 +44,7 @@ static SecureRandom getRandom() {
}

public KyberJCE() {
super("KyberJCE", PROVIDER_VER, info);
super("KyberJCE", System.getProperty("java.specification.version"), info);

AccessController.doPrivileged(new java.security.PrivilegedAction<Object>() {
@Override
Original file line number Diff line number Diff line change
@@ -2,7 +2,6 @@

import com.swiftcryptollc.crypto.provider.kyber.KyberParams;
import com.swiftcryptollc.crypto.spec.KyberParameterSpec;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -13,10 +12,11 @@
import java.security.PrivateKey;
import java.security.ProviderException;
import java.util.Objects;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import com.swiftcryptollc.crypto.util.DerInputStream;
import com.swiftcryptollc.crypto.util.DerOutputStream;
import com.swiftcryptollc.crypto.util.DerValue;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import com.swiftcryptollc.crypto.util.ObjectIdentifier;

/**
* A private key in PKCS#8 format for the Diffie-Hellman key agreement
Original file line number Diff line number Diff line change
@@ -2,7 +2,6 @@

import com.swiftcryptollc.crypto.provider.kyber.KyberParams;
import com.swiftcryptollc.crypto.spec.KyberParameterSpec;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -13,10 +12,11 @@
import java.security.ProviderException;
import java.security.PublicKey;
import java.util.Objects;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import com.swiftcryptollc.crypto.util.DerInputStream;
import com.swiftcryptollc.crypto.util.DerOutputStream;
import com.swiftcryptollc.crypto.util.DerValue;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import com.swiftcryptollc.crypto.util.ObjectIdentifier;

/**
* A public key in X.509 format for the Kyber key agreement algorithm.
Original file line number Diff line number Diff line change
@@ -2,7 +2,6 @@

import com.swiftcryptollc.crypto.provider.kyber.KyberParams;
import com.swiftcryptollc.crypto.spec.KyberParameterSpec;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
@@ -13,10 +12,11 @@
import java.security.ProviderException;
import java.security.PublicKey;
import java.util.Objects;
import sun.security.util.DerInputStream;
import sun.security.util.DerOutputStream;
import sun.security.util.DerValue;
import sun.security.util.ObjectIdentifier;
import com.swiftcryptollc.crypto.util.DerInputStream;
import com.swiftcryptollc.crypto.util.DerOutputStream;
import com.swiftcryptollc.crypto.util.DerValue;
import com.swiftcryptollc.crypto.util.KyberKeyUtil;
import com.swiftcryptollc.crypto.util.ObjectIdentifier;

/**
* A public key in X.509 format for the Kyber key agreement algorithm.
47 changes: 47 additions & 0 deletions src/main/java/com/swiftcryptollc/crypto/util/DerEncoder.java
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
/*
* Copyright (c) 1997, 1999, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/

package com.swiftcryptollc.crypto.util;

import java.io.IOException;
import java.io.OutputStream;

/**
* Interface to an object that knows how to write its own DER
* encoding to an output stream.
*
* @author D. N. Hoover
*/
public interface DerEncoder {

/**
* DER encode this object and write the results to a stream.
*
* @param out the stream on which the DER encoding is written.
*/
public void derEncode(OutputStream out)
throws IOException;

}
Loading

0 comments on commit 23fae34

Please sign in to comment.