Some BouncyCastle rules do not capture all available information, in particular static fields defining the parameter sets of certain algorithms. This would for example distinguish the use of kyber512, kyber768 or kyber1024.
Capturing this information is not very difficult but it is a long task given how many classes are used for this in BouncyCastle.
Encapsulated Secrets
Check BcEncapsulatedSecretExtractor and BcEncapsulatedSecretGenerator: for most KEM classes, we only capture them withAnyParameters().
This should be changed to capture the precise content of each constructor.
Most of them have for argument a class of AsymmetricKeyParameter (46 different classes to detect).
These classes do not contain the information directly, instead they usually have a CipherParameters argument. Some of them are already supported, but for these KEM classes, we need support for the classes in the subinterface KEMParameters (9 classes to detect).
Digests
We have a similar scenario with BcDigests, where we could be more precise for some constructor if we add detection rules for additional parameter classes.
For example for Ascon, we should add support for AsconParameters.
Some BouncyCastle rules do not capture all available information, in particular static fields defining the parameter sets of certain algorithms. This would for example distinguish the use of
kyber512,kyber768orkyber1024.Capturing this information is not very difficult but it is a long task given how many classes are used for this in BouncyCastle.
Encapsulated Secrets
Check
BcEncapsulatedSecretExtractorandBcEncapsulatedSecretGenerator: for most KEM classes, we only capture themwithAnyParameters().This should be changed to capture the precise content of each constructor.
Most of them have for argument a class of
AsymmetricKeyParameter(46 different classes to detect).These classes do not contain the information directly, instead they usually have a
CipherParametersargument. Some of them are already supported, but for these KEM classes, we need support for the classes in the subinterfaceKEMParameters(9 classes to detect).Digests
We have a similar scenario with
BcDigests, where we could be more precise for some constructor if we add detection rules for additional parameter classes.For example for Ascon, we should add support for
AsconParameters.