Project import generated by Copybara.

PiperOrigin-RevId: 913600876

Author: miguelaranda0

common/src/jni/main/cpp/conscrypt/native_crypto.cc

@@ -3174,18 +3174,33 @@ static jboolean NativeCrypto_X25519(JNIEnv* env, jclass, jbyteArray outArray,
                   pubkeyArray);
         return JNI_FALSE;
     }
+    if (out.size() != 32) {
+        conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException",
+                                           "Output array length != 32");
+        return JNI_FALSE;
+    }
 
     ScopedByteArrayRO privkey(env, privkeyArray);
     if (privkey.get() == nullptr) {
         JNI_TRACE("X25519(%p) => privkey == null", outArray);
         return JNI_FALSE;
     }
+    if (privkey.size() != 32) {
+        conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException",
+                                           "Private key array length != 32");
+        return JNI_FALSE;
+    }
 
     ScopedByteArrayRO pubkey(env, pubkeyArray);
     if (pubkey.get() == nullptr) {
         JNI_TRACE("X25519(%p) => pubkey == null", outArray);
         return JNI_FALSE;
     }
+    if (pubkey.size() != 32) {
+        conscrypt::jniutil::throwException(env, "java/lang/IllegalArgumentException",
+                                           "Public key array length != 32");
+        return JNI_FALSE;
+    }
 
     if (X25519(reinterpret_cast<uint8_t*>(out.get()),
                reinterpret_cast<const uint8_t*>(privkey.get()),

openjdk/src/test/java/org/conscrypt/NativeCryptoTest.java

@@ -4595,4 +4595,62 @@ public void test_slhdsa_sha2_128s_works() throws Exception {
                 RuntimeException.class,
                 () -> NativeCrypto.SLHDSA_SHA2_128S_generate_key(publicKeyTooLong, privateKey));
     }
+
+    @Test
+    public void x25519_testVector1FromRfc7748_works() throws Exception {
+        // Test vector from RFC 7748, Section 6.1 (Alice's side)
+        byte[] privateKey =
+                decodeHex("77076d0a7318a57d3c16c17251b26645df4c2f87ebc0992ab177fba51db92c2a");
+        byte[] expectedOutput =
+                decodeHex("8520f0098930a754748b7ddcb43ef75a0dbf3a0d26381af4eba4a98eaa9b4e6a");
+        byte[] base = new byte[32];
+        base[0] = 9;
+
+        byte[] out = new byte[32];
+        boolean success = NativeCrypto.X25519(out, privateKey, base);
+
+        assertTrue(success);
+        assertArrayEquals(expectedOutput, out);
+    }
+
+    @Test
+    public void x25519_testVector2FromRfc7748_works() throws Exception {
+        // Test vector from RFC 7748, Section 6.1 (Bob's side)
+        byte[] privateKey =
+                decodeHex("5dab087e624a8a4b79e17f8b83800ee66f3bb1292618b6fd1c2f8b27ff88e0eb");
+        byte[] expectedOutput =
+                decodeHex("de9edb7d7b7dc1b4d35b61c2ece435373f8343c85b78674dadfc7e146f882b4f");
+        byte[] base = new byte[32];
+        base[0] = 9;
+
+        byte[] out = new byte[32];
+        boolean success = NativeCrypto.X25519(out, privateKey, base);
+
+        assertTrue(success);
+        assertArrayEquals(expectedOutput, out);
+    }
+
+    @Test
+    public void x25519_invalidInputSize_throwsIllegalArgumentException() throws Exception {
+        assertThrows(IllegalArgumentException.class,
+                     () -> NativeCrypto.X25519(new byte[31], new byte[32], new byte[32]));
+
+        assertThrows(IllegalArgumentException.class,
+                     () -> NativeCrypto.X25519(new byte[32], new byte[31], new byte[32]));
+
+        assertThrows(IllegalArgumentException.class,
+                     () -> NativeCrypto.X25519(new byte[32], new byte[32], new byte[31]));
+    }
+
+    @Test
+    public void x25519_nullInput_throwsIllegalArgumentException() throws Exception {
+        assertThrows(NullPointerException.class,
+                     () -> NativeCrypto.X25519(null, new byte[32], new byte[32]));
+
+        assertThrows(NullPointerException.class,
+                     () -> NativeCrypto.X25519(new byte[32], null, new byte[32]));
+
+        assertThrows(NullPointerException.class,
+                     () -> NativeCrypto.X25519(new byte[32], new byte[32], null));
+    }
 }

platform/src/main/java/org/conscrypt/AndroidHpkeSpi.java

@@ -104,4 +104,58 @@ public X25519_CHACHA20() {
             super(new HpkeImpl.X25519_CHACHA20());
         }
     }
+
+  public static class MlKem768HkdfSha256Aes128Gcm extends AndroidHpkeSpi {
+    public MlKem768HkdfSha256Aes128Gcm() {
+      super(new HpkeImpl.MlKem768HkdfSha256Aes128Gcm());
+    }
+  }
+
+  public static class MlKem768HkdfSha256Aes256Gcm extends AndroidHpkeSpi {
+    public MlKem768HkdfSha256Aes256Gcm() {
+      super(new HpkeImpl.MlKem768HkdfSha256Aes256Gcm());
+    }
+  }
+
+  public static class MlKem768HkdfSha256ChaCha20Poly1305 extends AndroidHpkeSpi {
+    public MlKem768HkdfSha256ChaCha20Poly1305() {
+      super(new HpkeImpl.MlKem768HkdfSha256ChaCha20Poly1305());
+    }
+  }
+
+  public static class MlKem1024HkdfSha256Aes128Gcm extends AndroidHpkeSpi {
+    public MlKem1024HkdfSha256Aes128Gcm() {
+      super(new HpkeImpl.MlKem1024HkdfSha256Aes128Gcm());
+    }
+  }
+
+  public static class MlKem1024HkdfSha256Aes256Gcm extends AndroidHpkeSpi {
+    public MlKem1024HkdfSha256Aes256Gcm() {
+      super(new HpkeImpl.MlKem1024HkdfSha256Aes256Gcm());
+    }
+  }
+
+  public static class MlKem1024HkdfSha256ChaCha20Poly1305 extends AndroidHpkeSpi {
+    public MlKem1024HkdfSha256ChaCha20Poly1305() {
+      super(new HpkeImpl.MlKem1024HkdfSha256ChaCha20Poly1305());
+    }
+  }
+
+  public static class XwingHkdfSha256Aes128Gcm extends AndroidHpkeSpi {
+    public XwingHkdfSha256Aes128Gcm() {
+      super(new HpkeImpl.XwingHkdfSha256Aes128Gcm());
+    }
+  }
+
+  public static class XwingHkdfSha256Aes256Gcm extends AndroidHpkeSpi {
+    public XwingHkdfSha256Aes256Gcm() {
+      super(new HpkeImpl.XwingHkdfSha256Aes256Gcm());
+    }
+  }
+
+  public static class XwingHkdfSha256Chacha20Poly1305 extends AndroidHpkeSpi {
+    public XwingHkdfSha256Chacha20Poly1305() {
+      super(new HpkeImpl.XwingHkdfSha256Chacha20Poly1305());
+    }
+  }
 }

platform/src/test/java/org/conscrypt/AndroidHpkeSpiTest.java

@@ -27,10 +27,21 @@
 
 @RunWith(JUnit4.class)
 public class AndroidHpkeSpiTest {
-    private static final String[] HPKE_NAMES =
-            new String[] {"DHKEM_X25519_HKDF_SHA256/HKDF_SHA256/AES_128_GCM",
-                          "DHKEM_X25519_HKDF_SHA256/HKDF_SHA256/AES_256_GCM",
-                          "DHKEM_X25519_HKDF_SHA256/HKDF_SHA256/CHACHA20POLY1305"};
+  private static final String[] HPKE_NAMES =
+      new String[] {
+        "DHKEM_X25519_HKDF_SHA256/HKDF_SHA256/AES_128_GCM",
+        "DHKEM_X25519_HKDF_SHA256/HKDF_SHA256/AES_256_GCM",
+        "DHKEM_X25519_HKDF_SHA256/HKDF_SHA256/CHACHA20POLY1305",
+        "MLKEM_768/HKDF_SHA256/AES_128_GCM",
+        "MLKEM_768/HKDF_SHA256/AES_256_GCM",
+        "MLKEM_768/HKDF_SHA256/CHACHA20POLY1305",
+        "MLKEM_1024/HKDF_SHA256/AES_128_GCM",
+        "MLKEM_1024/HKDF_SHA256/AES_256_GCM",
+        "MLKEM_1024/HKDF_SHA256/CHACHA20POLY1305",
+        "XWING/HKDF_SHA256/AES_128_GCM",
+        "XWING/HKDF_SHA256/AES_256_GCM",
+        "XWING/HKDF_SHA256/CHACHA20POLY1305"
+      };
 
     // This only needs to test the wrapper functionality as the implementation and client
     // APIs are tested elsewhere.  What we're looking for is that HPKE SPI instances returned