Egothor/ZeroEcho
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 2 Wiki Activity

Compare commits

base: Egothor:release@1.0.0
Branches Tags
Egothor:main
Egothor:release@1.0.1 Egothor:release@1.0.0
...
compare: Egothor:release@1.0.1
Branches Tags
Egothor:main
Egothor:release@1.0.1 Egothor:release@1.0.0

2 Commits
release@1. ... release@1.

Author SHA1 Message Date
Leo Galambos
0114f46907 chore: javadoc upload disabled (workflow)
All checks were successful
Release / release (push) Successful in 1m5s
Details 
Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2025-11-02 14:00:17 +01:00
Leo Galambos
56eb54bf9e fix: incorrect (package) javadoc for chacha and cmce 
Signed-off-by: Leo Galambos <lg@hq.egothor.org>
 2025-09-19 02:01:22 +02:00
3 changed files with 108 additions and 92 deletions
Expand all files Collapse all files

5
.gitea/workflows/release.yml
View File

@@ -42,7 +42,8 @@ jobs:
apt install -y rsync apt install -y rsync
- name: Build and publish to Gitea Maven and JavaDoc to the website - name: Build and publish to Gitea Maven and JavaDoc to the website
run: ./gradlew clean publish uploadJavadoc --no-daemon -PgiteaToken=${{ secrets.CI_PUBLISH_TOKEN }} -PjavadocUser=${{ vars.JAVADOC_USER }} -PjavadocHost=${{ vars.JAVADOC_HOST }} -PjavadocPath=${{ vars.JAVADOC_PATH }} -PjavadocKeyPath=~/.ssh/id_rsa run: ./gradlew clean publish --no-daemon -PgiteaToken=${{ secrets.CI_PUBLISH_TOKEN }}
# was run: ./gradlew clean publish uploadJavadoc --no-daemon -PgiteaToken=${{ secrets.CI_PUBLISH_TOKEN }} -PjavadocUser=${{ vars.JAVADOC_USER }} -PjavadocHost=${{ vars.JAVADOC_HOST }} -PjavadocPath=${{ vars.JAVADOC_PATH }} -PjavadocKeyPath=~/.ssh/id_rsa
- name: Generate release notes - name: Generate release notes
id: notes id: notes
@@ -88,5 +89,5 @@ jobs:
- name: Create Gitea Release - name: Create Gitea Release
uses: softprops/action-gh-release@v2 uses: softprops/action-gh-release@v2
with: with:
files: app/build/libs/*.jar files: app/build/distributions/*.tar app/build/distributions/*.zip
body_path: /tmp/release_notes.md body_path: /tmp/release_notes.md

101
lib/src/main/java/zeroecho/core/alg/chacha/package-info.java
View File

@@ -33,56 +33,83 @@
* POSSIBILITY OF SUCH DAMAGE. * POSSIBILITY OF SUCH DAMAGE.
******************************************************************************/ ******************************************************************************/
/** /**
* Classic McEliece (CMCE) KEM integration and utilities. * ChaCha algorithm implementation and runtime wiring.
* *
* <p> * <p>
* This package adapts the Bouncy Castle PQC CMCE primitives to the core SPI. It * This package provides the ChaCha capability set for the core layer, including
* provides the algorithm descriptor, a runtime KEM context, and key * the stream cipher ChaCha20 and the AEAD construction ChaCha20-Poly1305. The
* specifications for generation and import. The design keeps provider-specific * module contains algorithm descriptors, streaming cipher contexts, immutable
* details encapsulated behind factories while exposing clear roles and metadata * specifications, optional header codecs for runtime parameters, and symmetric
* to the higher layers. * key import/generation specifications. The design favors safe defaults
* (12-byte nonces, 128-bit AEAD tag), explicit role-to-context binding, and a
* clear separation between static configuration and per-operation parameters.
* </p> * </p>
* *
* <h2>Scope and responsibilities</h2>
* <ul>
* <li>Expose a concrete algorithm descriptor that registers CMCE KEM roles and
* a KEM-backed message-agreement adapter.</li>
* <li>Provide a runtime context that performs encapsulation and
* decapsulation.</li>
* <li>Define key specifications for key-pair generation and for importing X.509
* and PKCS#8 encodings.</li>
* </ul>
*
* <h2>Components</h2> * <h2>Components</h2>
* <ul> * <ul>
* <li><b>Algorithm descriptor:</b> {@link zeroecho.core.alg.cmce.CmceAlgorithm} * <li><b>Algorithm descriptors:</b> {@link ChaChaAlgorithm} registers ENCRYPT
* declares {@code ENCAPSULATE}/{@code DECAPSULATE} KEM roles and wires an * and DECRYPT roles for the ChaCha20 stream cipher;
* {@code AGREEMENT} role through a KEM-based adapter. It also registers * {@link ChaCha20Poly1305Algorithm} registers the AEAD counterpart. Both share
* asymmetric key builders for generation and import. The provider requirement * a common base that wires symmetric key builders for generation and import.
* is the Bouncy Castle PQC provider under the standard name * </li>
* {@code "BCPQC"}.</li> *
* <li><b>Runtime context:</b> {@link zeroecho.core.alg.cmce.CmceKemContext} * <li><b>Streaming contexts:</b> {@link ChaChaCipherContext} and
* holds state for encapsulation or decapsulation depending on which constructor * {@link ChaCha20Poly1305CipherContext} implement {@code InputStream}-to-
* is used.</li> * {@code InputStream} transforms. The abstract parent
* <li><b>Key generation spec:</b> {@link zeroecho.core.alg.cmce.CmceKeyGenSpec} * {@link AbstractChaChaCipherContext} handles nonce lifecycle, optional header
* selects a CMCE parameter set (variant) used by the key-pair builder.</li> * injection/parsing, and construction of a pull-based cipher stream.</li>
* <li><b>Key import specs:</b> {@link zeroecho.core.alg.cmce.CmcePublicKeySpec} *
* wraps X.509 public keys and {@link zeroecho.core.alg.cmce.CmcePrivateKeySpec} * <li><b>Static configuration (specs):</b> {@link ChaChaSpec} captures the
* wraps PKCS#8 private keys; both are immutable and defensively copy their byte * initial counter and optional header codec for ChaCha20;
* arrays.</li> * {@link ChaCha20Poly1305Spec} binds the optional header codec for AEAD. The
* sealed marker {@link ChaChaBaseSpec} unifies both.</li>
*
* <li><b>Header codecs (optional):</b> {@link ChaChaHeaderCodec} writes/reads a
* compact header carrying the 12-byte nonce and a packed stream counter;
* {@link ChaCha20Poly1305HeaderCodec} writes/reads the 12-byte nonce and an
* optional SHA-256 of AAD to assert out-of-band AAD integrity.</li>
*
* <li><b>Key specifications:</b> {@link ChaChaKeyGenSpec} defines parameters
* for generating 256-bit ChaCha keys; {@link ChaChaKeyImportSpec} wraps
* externally supplied raw keys. Generation and import are registered by the
* algorithm base.</li>
* </ul> * </ul>
* *
* <h2>Provider requirements</h2> * <h2>Runtime parameters and context exchange</h2>
* <p> * <p>
* The algorithm expects the Bouncy Castle PQC provider to be installed before * Streaming contexts exchange ephemeral parameters through a Conflux session
* use; the descriptor verifies this when generating or importing keys. * context using namespaced keys. For ChaCha20 and ChaCha20-Poly1305, a 12-byte
* nonce is required for each operation. On encryption, if the session context
* does not provide a nonce, the context generates a fresh value and stores it
* back into the session; on decryption the nonce must already be present and
* have the correct length. ChaCha20 also uses an initial counter sourced from
* {@link ChaChaSpec} and optionally overridden by the session context. When a
* header codec is configured and a session context is set, encryption prepends
* a minimal header and decryption reads it first to hydrate the session before
* initializing the cipher.
* </p> * </p>
* *
* <h2>Safety and validation</h2>
* <ul>
* <li><b>Nonce uniqueness:</b> Applications must ensure nonces are unique per
* key. The contexts will generate nonces for encryption, but cross-process
* uniqueness is the caller's responsibility. Decryption fails if a nonce is
* missing or has an unexpected size.</li>
*
* <li><b>Counter policy (ChaCha20):</b> The default initial counter is 1. A
* context may override the spec value through the session key dedicated to
* counter exchange; consistency is enforced at attach time.</li>
*
* <li><b>AEAD tag and AAD (ChaCha20-Poly1305):</b> The effective tag length is
* 128 bits. If AAD is supplied, it is included in authentication; when enabled,
* the header codec can store SHA-256(AAD) to verify that decrypt-time AAD
* matches encrypt-time AAD.</li>
* </ul>
*
* <h2>Thread-safety</h2> * <h2>Thread-safety</h2>
* <ul> * <ul>
* <li>Algorithm descriptors are immutable and safe to share across * <li>Algorithm descriptors are immutable and safe to share.</li>
* threads.</li> * <li>Streaming contexts are stateful and not thread-safe.</li>
* <li>Runtime contexts are stateful and not thread-safe.</li>
* </ul> * </ul>
* *
* @since 1.0 * @since 1.0

94
lib/src/main/java/zeroecho/core/alg/cmce/package-info.java
View File

@@ -33,70 +33,58 @@
* POSSIBILITY OF SUCH DAMAGE. * POSSIBILITY OF SUCH DAMAGE.
******************************************************************************/ ******************************************************************************/
/** /**
* <h2>Classic McEliece (CMCE)</h2> * Classic McEliece (CMCE) KEM integration and utilities.
* *
* <p> * <p>
* This package integrates the Classic McEliece cryptosystem, one of the oldest * This package adapts the Bouncy Castle PQC CMCE primitives to the core SPI. It
* and most studied code-based public-key cryptosystems. Originally proposed by * provides the algorithm descriptor, a runtime KEM context, and key
* Robert McEliece in 1978, it is based on the hardness of decoding random * specifications for generation and import. The design keeps provider-specific
* binary Goppa codes. Despite large public key sizes, the scheme has withstood * details encapsulated behind factories while exposing clear roles and metadata
* decades of cryptanalysis and remains unbroken by both classical and quantum * to the higher layers.
* computers.
* </p> * </p>
* *
* <h2>Post-quantum KEM</h2> * <h2>Scope and responsibilities</h2>
* <ul>
* <li>Expose a concrete algorithm descriptor that registers CMCE KEM roles and
* a KEM-backed message-agreement adapter.</li>
* <li>Provide a runtime context that performs encapsulation and
* decapsulation.</li>
* <li>Define key specifications for key-pair generation and for importing X.509
* and PKCS#8 encodings.</li>
* </ul>
* *
* <h2>Components</h2>
* <ul>
* <li><b>Algorithm descriptor:</b> {@link zeroecho.core.alg.cmce.CmceAlgorithm}
* declares {@code ENCAPSULATE}/{@code DECAPSULATE} KEM roles and wires an
* {@code AGREEMENT} role through a KEM-based adapter. It also registers
* asymmetric key builders for generation and import. The provider requirement
* is the Bouncy Castle PQC provider under the standard name
* {@code "BCPQC"}.</li>
* <li><b>Runtime context:</b> {@link zeroecho.core.alg.cmce.CmceKemContext}
* holds state for encapsulation or decapsulation depending on which constructor
* is used.</li>
* <li><b>Key generation spec:</b> {@link zeroecho.core.alg.cmce.CmceKeyGenSpec}
* selects a CMCE parameter set (variant) used by the key-pair builder.</li>
* <li><b>Key import specs:</b> {@link zeroecho.core.alg.cmce.CmcePublicKeySpec}
* wraps X.509 public keys and {@link zeroecho.core.alg.cmce.CmcePrivateKeySpec}
* wraps PKCS#8 private keys; both are immutable and defensively copy their byte
* arrays.</li>
* </ul>
*
* <h2>Provider requirements</h2>
* <p> * <p>
* Classic McEliece has been selected by NIST in the post-quantum cryptography * The algorithm expects the Bouncy Castle PQC provider to be installed before
* standardization process for key encapsulation. Its primary appeal is * use; the descriptor verifies this when generating or importing keys.
* long-term confidence: no efficient attacks are known even in the quantum
* setting. It provides IND-CCA2 security through a well-studied transform and
* is especially suited for use cases where large public keys are acceptable but
* extremely strong security margins are desired.
* </p> * </p>
* *
* <h2>Contents</h2> * <h2>Thread-safety</h2>
* <ul> * <ul>
* <li>{@link zeroecho.core.alg.cmce.CmceAlgorithm} algorithm adapter exposing * <li>Algorithm descriptors are immutable and safe to share across
* CMCE as a KEM and agreement primitive.</li> * threads.</li>
* <li>{@link zeroecho.core.alg.cmce.CmceKemContext} runtime context for * <li>Runtime contexts are stateful and not thread-safe.</li>
* encapsulation and decapsulation.</li>
* <li>{@link zeroecho.core.alg.cmce.CmceKeyGenSpec} enumeration of
* standardized CMCE parameter sets (variants).</li>
* <li>{@link zeroecho.core.alg.cmce.CmcePublicKeySpec} wrapper for
* X.509-encoded public keys.</li>
* <li>{@link zeroecho.core.alg.cmce.CmcePrivateKeySpec} wrapper for
* PKCS#8-encoded private keys.</li>
* </ul> * </ul>
* *
* <h2>Security properties</h2>
* <ul>
* <li>Underlying assumption: hardness of decoding binary Goppa codes.</li>
* <li>Selected as a NIST post-quantum KEM standard (2022).</li>
* <li>Public keys are large (hundreds of kilobytes), but ciphertexts and
* secrets are compact.</li>
* <li>Considered quantum-resistant and secure against known attacks.</li>
* </ul>
*
* <h2>Usage</h2> <pre>{@code
* // Select a variant (e.g., 8192128F for 256-bit security)
* CmceKeyGenSpec spec = CmceKeyGenSpec.mceliece8192128f();
* CmceAlgorithm alg = new CmceAlgorithm();
* KeyPair kp = alg.asymmetricKeyBuilder(CmceKeyGenSpec.class).generateKeyPair(spec);
*
* // Encapsulation (sender)
* try (CmceKemContext ctx = new CmceKemContext(alg, kp.getPublic())) {
* KemResult kem = ctx.encapsulate();
* byte[] ct = kem.ciphertext();
* byte[] secret = kem.secret();
* }
*
* // Decapsulation (recipient)
* try (CmceKemContext ctx = new CmceKemContext(alg, kp.getPrivate())) {
* byte[] secret = ctx.decapsulate(ct);
* }
* }</pre>
*
* @since 1.0 * @since 1.0
*/ */
package zeroecho.core.alg.cmce; package zeroecho.core.alg.cmce;