From db186ff5596efd665aacc7b74ca3f392214b9e02 Mon Sep 17 00:00:00 2001
From: Jan Martin Persch <jan.persch@iem.fraunhofer.de>
Date: Thu, 2 Apr 2026 11:35:01 +0200
Subject: [PATCH] Make SecretKeySpec accept randomized key material

SecretKeySpec requires "preparedKeyMaterial[keyMaterial]", but
SecureRandom ensures "randomized" and not "preparedKeyMaterial".

This commit extends the predicate in the "REQUIRES" section of
SecretKeySpec by "|| randomized[keyMaterial]" to make it also accept
randomized key material.
---
 BouncyCastle-JCA/src/SecretKeySpec.crysl              | 4 ++--
 JavaCryptographicArchitecture/src/SecretKeySpec.crysl | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/BouncyCastle-JCA/src/SecretKeySpec.crysl b/BouncyCastle-JCA/src/SecretKeySpec.crysl
index 99292550..c1f27d6d 100644
--- a/BouncyCastle-JCA/src/SecretKeySpec.crysl
+++ b/BouncyCastle-JCA/src/SecretKeySpec.crysl
@@ -21,9 +21,9 @@ CONSTRAINTS
 	neverTypeOf[keyMaterial, java.lang.String];
 	
 REQUIRES
-	preparedKeyMaterial[keyMaterial];	
+	preparedKeyMaterial[keyMaterial] || randomized[keyMaterial];	
 	
 ENSURES
 	speccedKey[this, _];
 	generatedKey[this, keyAlgorithm];
-	
\ No newline at end of file
+	
diff --git a/JavaCryptographicArchitecture/src/SecretKeySpec.crysl b/JavaCryptographicArchitecture/src/SecretKeySpec.crysl
index f272d27e..f3f0e641 100644
--- a/JavaCryptographicArchitecture/src/SecretKeySpec.crysl
+++ b/JavaCryptographicArchitecture/src/SecretKeySpec.crysl
@@ -20,7 +20,7 @@ CONSTRAINTS
 	neverTypeOf[keyMaterial, java.lang.String];
 	
 REQUIRES
-	preparedKeyMaterial[keyMaterial];	
+	preparedKeyMaterial[keyMaterial] || randomized[keyMaterial];	
 	
 ENSURES
 	speccedKey[this, _];