BouncyCastle Translation Checklist

[hugoqnc]

Remaining categories to translate

• [x] mac
• [x] other
• [x] pbe
• [x] signer
  • [x] messagesigner?
• [x] streamcipher
• [x] wrapper

Priority work

• [x] Handle the multiple versions of Kyber/ML-KEM
• [x] Create a SHAKE constructor to distinguish SHAKE128 and SHAKE256
• [x] Use the HMAC algorithm in the translation
• [x] Remove all unnecessary uses of deepCopy in reorganization rules
• [x] Fix all “TODO: Change this to not use the new Algorithm hack to change the kind”
• [x] In BcAsymCipherEngineMapper, check all model algorithms: they should probably be PublicKeyEncryption and not BlockCipher
• [x] All BlockCiphers supporting a Mac mode should implement the Mac interface. This is necessary if we want to enrich Macs with a TAG (see MacOrDigestEnricher)
  • [x] Similarly, all BlockCiphers which can be used for AE should implement the AE interface?
• [x] BcKGMACTest translation: ~Fix the underlying Kalyna being AuthenticatedEncryption and not BlockCipher. Create a reorganization rule to override GCM mode with GMAC.~ Think about what is the correct translation
• [x] Use ParameterSetIdentifier to capture any String like “512” in Kyber-512 (modify the engine’s ParameterIdentifierFactory to use Strings instead of ints)
  • [x] Check KMAC detection rule in BcMac.java: better capture its parameters as a ~ClassicalBitSecurityLevel~ ParameterSetIdentifier
• [x] ~Add a PQC NIST security level model class (and use it for new modeled algorithms)~ (we don't add the security level to the model anymore)
• [x] Model the CBOM primitive “XOF”, and update all the XOFs in the model with this new tag (instead of MessageDigest)
• [x] Add OIDs (particularly for PQC algorithms)
• [x] Remove @Deprecated for the class capturing the security level (because it's still used in some asString())
• [x] Check whether the salt length is correctly translated
• [x] Use AssetCollection for translating multiple nodes of the same kind
  • [x] Merge AsssetCollection nodes in ITranslator
  • [x] ~Handle them correctly in the output layer~

Future work

• [x] Update JavaReorganizerRules to only specify the rules (one by one) that are actually used for Java
• [x] Do not use context’s “Kind” anymore (but use the map instead), and update the translators everywhere (they will probably be simplified as using mappers does not make having case disjunction necessary)
  • [x] In JavaDigestContextTranslator, make sure that cases “MGF1, MGF” are handled
• [x] ~Better handle PQC~ delegated to #149
  • [x] ~Add detection rules for all PQC KEMs parameters (like KyberParameters)~
  • [x] Translate these findings, including adding updated name, NIST security level and OIDs
• [x] All model algorithms like SHA3 (or classes like PasswordBasedEncryption) should have their name defined with getName(), because the name may be defined using a child node added only subsequently
• [x] ~Create specific constructors for all Digests, to precisely capture information form their parameters~ delegated to #149
  • [x] ~Create dedicated tests for Digests~
• [x] Map security level (classical and PQC), nonce length and IV length to the CBOM field in the output layer
• [x] Use encapsulation or decapsulation functionality for the translation of KEM

Non-urgent work

• [x] Add Javadoc to all model classes
• [x] ~Completely remove and replace BouncyCastleInfoMap~ Remove the deprecated parts of BouncyCastleInfoMap
• [x] Check if the logger uses getName and if the tests actually show the updated names
• [x] ~Add BcDerivationFunctionInit depending rules to BcDerivationFunction~
• [x] EC-NR translation: “no EC signature schemes with message recovery are defined in this version of the standard” (IEEE 1363-2000)
• [x] Create a simple reorganizer helper to create a rule replacing an unknown node a given type by its child node of the same type when it exists
• [x] ~JCA uses KeyContext.Kind and SignatureContext.Kind at multiple places: it should be removed~

Questions

• [x] In BcGCMSIVBlockCipherTest, why aren’t all AES enriched with an OID?
• [x] ~Check how “Wrap” should be handled: should it use a dedicated model class? Should there be an enricher to enforce adding the “encapsulate” functionality?~ → Use the default cipher class but with encapsulate/decapsulate functionality
• [x] ~How are keys created in BouncyCastle, and how should handle them as related crypto materials in the translation?~ moved to #31

[n1ckl0sk0rtge]

Validate if #31 is resolved after this issue is completed.