From 4e30174c57d3a2ca129fa094be343f77132cea90 Mon Sep 17 00:00:00 2001 From: Jared Crawford Date: Thu, 30 Apr 2026 12:46:02 -0400 Subject: [PATCH] Make KEM abstract methods protected to allow external subclassing MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Package-private abstract methods on KEM prevent users from implementing custom KEMs (e.g. XWing) outside the org.bouncycastle.crypto.hpke package, requiring them to place subclasses inside the BC package as a workaround. Promote all abstract methods on KEM from package-private to protected. Update DHKEM.getEncryptionSize() to match — it was the only remaining package-private override; all other DHKEM overrides were already public or protected. This is a source-compatible change: existing subclasses (DHKEM) that override with broader visibility (public/protected) are unaffected. --- .../org/bouncycastle/crypto/hpke/DHKEM.java | 2 +- .../org/bouncycastle/crypto/hpke/KEM.java | 26 +++++++++---------- 2 files changed, 14 insertions(+), 14 deletions(-) diff --git a/core/src/main/java/org/bouncycastle/crypto/hpke/DHKEM.java b/core/src/main/java/org/bouncycastle/crypto/hpke/DHKEM.java index 84f40ba68a..cd9a7c8018 100644 --- a/core/src/main/java/org/bouncycastle/crypto/hpke/DHKEM.java +++ b/core/src/main/java/org/bouncycastle/crypto/hpke/DHKEM.java @@ -282,7 +282,7 @@ public AsymmetricCipherKeyPair DeserializePrivateKey(byte[] skEncoded, byte[] pk } } - int getEncryptionSize() + protected int getEncryptionSize() { return Nenc; } diff --git a/core/src/main/java/org/bouncycastle/crypto/hpke/KEM.java b/core/src/main/java/org/bouncycastle/crypto/hpke/KEM.java index 35bb58348f..54936c0423 100644 --- a/core/src/main/java/org/bouncycastle/crypto/hpke/KEM.java +++ b/core/src/main/java/org/bouncycastle/crypto/hpke/KEM.java @@ -10,26 +10,26 @@ public abstract class KEM { // Key Generation - abstract AsymmetricCipherKeyPair GeneratePrivateKey(); - abstract AsymmetricCipherKeyPair DeriveKeyPair(byte[] ikm); + protected abstract AsymmetricCipherKeyPair GeneratePrivateKey(); + protected abstract AsymmetricCipherKeyPair DeriveKeyPair(byte[] ikm); // Encapsulates a shared secret for a given public key and returns the encapsulated key and shared secret. - abstract byte[][] Encap(AsymmetricKeyParameter recipientPublicKey); - abstract byte[][] Encap(AsymmetricKeyParameter pkR, AsymmetricCipherKeyPair kpE); - abstract byte[][] AuthEncap(AsymmetricKeyParameter pkR, AsymmetricCipherKeyPair kpS); + protected abstract byte[][] Encap(AsymmetricKeyParameter recipientPublicKey); + protected abstract byte[][] Encap(AsymmetricKeyParameter pkR, AsymmetricCipherKeyPair kpE); + protected abstract byte[][] AuthEncap(AsymmetricKeyParameter pkR, AsymmetricCipherKeyPair kpS); // Decapsulates the given encapsulated key using the recipient's key pair and returns the shared secret. - abstract byte[] Decap(byte[] encapsulatedKey, AsymmetricCipherKeyPair recipientKeyPair); - abstract byte[] AuthDecap(byte[] enc, AsymmetricCipherKeyPair kpR, AsymmetricKeyParameter pkS); + protected abstract byte[] Decap(byte[] encapsulatedKey, AsymmetricCipherKeyPair recipientKeyPair); + protected abstract byte[] AuthDecap(byte[] enc, AsymmetricCipherKeyPair kpR, AsymmetricKeyParameter pkS); // Serialization - abstract byte[] SerializePublicKey(AsymmetricKeyParameter publicKey); - abstract byte[] SerializePrivateKey(AsymmetricKeyParameter key); + protected abstract byte[] SerializePublicKey(AsymmetricKeyParameter publicKey); + protected abstract byte[] SerializePrivateKey(AsymmetricKeyParameter key); // Deserialization - abstract AsymmetricKeyParameter DeserializePublicKey(byte[] encodedPublicKey); - abstract AsymmetricCipherKeyPair DeserializePrivateKey(byte[] skEncoded, byte[] pkEncoded); + protected abstract AsymmetricKeyParameter DeserializePublicKey(byte[] encodedPublicKey); + protected abstract AsymmetricCipherKeyPair DeserializePrivateKey(byte[] skEncoded, byte[] pkEncoded); - abstract int getEncryptionSize(); + protected abstract int getEncryptionSize(); -} \ No newline at end of file +}