8298390: Implement JEP 496: Quantum-Resistant Module-Lattice-Based Key Encapsulation Mechanism

Co-authored-by: Ferenc Rakoczi <ferenc.r.rakoczi@oracle.com> Reviewed-by: valeriep
2025-08-26 22:34:27 +02:00 · 2024-11-22 16:36:52 +00:00 · 2024-11-22 16:36:52 +00:00 · 13987b4244
commit 13987b4244
parent 6d3becb486
10 changed files with 4781 additions and 1 deletions
--- a/src/java.base/share/classes/sun/security/provider/SHA3Parallel.java
+++ b/src/java.base/share/classes/sun/security/provider/SHA3Parallel.java
@ -0,0 +1,94 @@
+/*
+ * Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package sun.security.provider;
+
+import jdk.internal.vm.annotation.IntrinsicCandidate;
+
+import java.security.InvalidAlgorithmParameterException;
+import java.util.Arrays;
+
+import static sun.security.provider.ByteArrayAccess.b2lLittle;
+import static sun.security.provider.ByteArrayAccess.l2bLittle;
+
+import static sun.security.provider.SHA3.keccak;
+
+public class SHA3Parallel {
+    private int blockSize = 0;
+    private static final int DM = 5; // dimension of lanesArr
+    private byte[][] buffers;
+    private long[][] lanesArr;
+    private static final int NRPAR = 2;
+
+    private SHA3Parallel(byte[][] buffers, int blockSize) throws InvalidAlgorithmParameterException {
+        if ((buffers.length != NRPAR) || (buffers[0].length < blockSize)) {
+            throw new InvalidAlgorithmParameterException("Bad buffersize.");
+        }
+        this.buffers = buffers;
+        this.blockSize = blockSize;
+        lanesArr = new long[NRPAR][];
+        for (int i = 0; i < NRPAR; i++) {
+            lanesArr[i] = new long[DM * DM];
+            b2lLittle(buffers[i], 0, lanesArr[i], 0, blockSize);
+        }
+    }
+
+    public void reset(byte[][] buffers) throws InvalidAlgorithmParameterException {
+        if ((buffers.length != NRPAR) || (buffers[0].length < blockSize)) {
+            throw new InvalidAlgorithmParameterException("Bad buffersize.");
+        }
+        this.buffers = buffers;
+        for (int i = 0; i < NRPAR; i++) {
+            Arrays.fill(lanesArr[i], 0L);
+            b2lLittle(buffers[i], 0, lanesArr[i], 0, blockSize);
+        }
+    }
+
+    public int squeezeBlock() {
+        int retVal = doubleKeccak(lanesArr[0], lanesArr[1]);
+        for (int i = 0; i < NRPAR; i++) {
+            l2bLittle(lanesArr[i], 0, buffers[i], 0, blockSize);
+        }
+        return retVal;
+    }
+
+    @IntrinsicCandidate
+    private static int doubleKeccak(long[] lanes0, long[] lanes1) {
+        doubleKeccakJava(lanes0, lanes1);
+        return 1;
+    }
+
+    private static int doubleKeccakJava(long[] lanes0, long[] lanes1) {
+        keccak(lanes0);
+        keccak(lanes1);
+        return 1;
+    }
+
+    public static final class Shake128Parallel extends SHA3Parallel {
+        public Shake128Parallel(byte[][] buf) throws InvalidAlgorithmParameterException {
+            super(buf, 168);
+        }
+    }
+}
--- a/src/java.base/share/classes/sun/security/util/KnownOIDs.java
+++ b/src/java.base/share/classes/sun/security/util/KnownOIDs.java
@ -179,6 +179,11 @@ public enum KnownOIDs {
    SHA3_384withRSA("2.16.840.1.101.3.4.3.15", "SHA3-384withRSA"),
    SHA3_512withRSA("2.16.840.1.101.3.4.3.16", "SHA3-512withRSA"),

+    // kems 2.16.840.1.101.3.4.4.*
+    ML_KEM_512("2.16.840.1.101.3.4.4.1", "ML-KEM-512"),
+    ML_KEM_768("2.16.840.1.101.3.4.4.2", "ML-KEM-768"),
+    ML_KEM_1024("2.16.840.1.101.3.4.4.3", "ML-KEM-1024"),
+
    // RSASecurity
    // PKCS1 1.2.840.113549.1.1.*
    PKCS1("1.2.840.113549.1.1", "RSA") { // RSA KeyPairGenerator and KeyFactory