7181214: Need specify SKF translateKey(SecurityKey) method requires instance of PBEKey for PBKDF2 algorithms
Reviewed-by: xuelei, weijun
This commit is contained in:
Valerie Peng
parent
2afb4c3327
commit
6dc4d891c3
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2005, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -63,11 +63,11 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
|
||||
protected SecretKey engineGenerateSecret(KeySpec keySpec)
|
||||
throws InvalidKeySpecException
|
||||
{
|
||||
if (!(keySpec instanceof PBEKeySpec)) {
|
||||
throw new InvalidKeySpecException("Invalid key spec");
|
||||
if (keySpec instanceof PBEKeySpec ks) {
|
||||
return new PBKDF2KeyImpl(ks, prfAlgo);
|
||||
} else {
|
||||
throw new InvalidKeySpecException("Only PBEKeySpec is accepted");
|
||||
}
|
||||
PBEKeySpec ks = (PBEKeySpec) keySpec;
|
||||
return new PBKDF2KeyImpl(ks, prfAlgo);
|
||||
}
|
||||
|
||||
/**
|
||||
@ -89,12 +89,10 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
|
||||
*/
|
||||
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
|
||||
throws InvalidKeySpecException {
|
||||
if (key instanceof javax.crypto.interfaces.PBEKey) {
|
||||
if (key instanceof javax.crypto.interfaces.PBEKey pKey) {
|
||||
// Check if requested key spec is amongst the valid ones
|
||||
if ((keySpecCl != null)
|
||||
&& keySpecCl.isAssignableFrom(PBEKeySpec.class)) {
|
||||
javax.crypto.interfaces.PBEKey pKey =
|
||||
(javax.crypto.interfaces.PBEKey) key;
|
||||
char[] passwd = pKey.getPassword();
|
||||
byte[] encoded = pKey.getEncoded();
|
||||
try {
|
||||
@ -107,11 +105,11 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
|
||||
Arrays.fill(encoded, (byte)0);
|
||||
}
|
||||
} else {
|
||||
throw new InvalidKeySpecException("Invalid key spec");
|
||||
throw new InvalidKeySpecException
|
||||
("Only PBEKeySpec is accepted");
|
||||
}
|
||||
} else {
|
||||
throw new InvalidKeySpecException("Invalid key " +
|
||||
"format/algorithm");
|
||||
throw new InvalidKeySpecException("Only PBEKey is accepted");
|
||||
}
|
||||
}
|
||||
|
||||
@ -138,9 +136,7 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
|
||||
return key;
|
||||
}
|
||||
// Check if key implements the PBEKey
|
||||
if (key instanceof javax.crypto.interfaces.PBEKey) {
|
||||
javax.crypto.interfaces.PBEKey pKey =
|
||||
(javax.crypto.interfaces.PBEKey) key;
|
||||
if (key instanceof javax.crypto.interfaces.PBEKey pKey) {
|
||||
char[] password = pKey.getPassword();
|
||||
byte[] encoding = pKey.getEncoded();
|
||||
PBEKeySpec spec =
|
||||
@ -160,9 +156,12 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
|
||||
}
|
||||
Arrays.fill(encoding, (byte)0);
|
||||
}
|
||||
} else {
|
||||
throw new InvalidKeyException("Only PBEKey is accepted");
|
||||
}
|
||||
}
|
||||
throw new InvalidKeyException("Invalid key format/algorithm");
|
||||
throw new InvalidKeyException("Only PBKDF2With" + prfAlgo +
|
||||
" key with RAW format is accepted");
|
||||
}
|
||||
|
||||
public static final class HmacSHA1 extends PBKDF2Core {
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright (c) 2012, 2014, Oracle and/or its affiliates. All rights reserved.
|
||||
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
|
||||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
||||
*
|
||||
* This code is free software; you can redistribute it and/or modify it
|
||||
@ -30,6 +30,7 @@ import javax.crypto.SecretKey;
|
||||
import javax.crypto.SecretKeyFactory;
|
||||
import javax.crypto.interfaces.PBEKey;
|
||||
import javax.crypto.spec.PBEKeySpec;
|
||||
import javax.crypto.spec.SecretKeySpec;
|
||||
|
||||
/**
|
||||
* @test
|
||||
@ -68,7 +69,8 @@ public class PBKDF2Translate {
|
||||
try {
|
||||
if (!theTest.testMyOwnSecretKey()
|
||||
|| !theTest.generateAndTranslateKey()
|
||||
|| !theTest.translateSpoiledKey()) {
|
||||
|| !theTest.translateSpoiledKey()
|
||||
|| !theTest.testGeneralSecretKey()) {
|
||||
// we don't want to set failed to false
|
||||
failed = true;
|
||||
}
|
||||
@ -188,6 +190,45 @@ public class PBKDF2Translate {
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* The test case scenario implemented in the method: - create a general
|
||||
* secret key (does not implement PBEKey) - try calling
|
||||
* translate and getKeySpec methods and see if the expected
|
||||
* InvalidKeyException and InvalidKeySpecException is thrown.
|
||||
*
|
||||
* @return true if the expected Exception occurred; false - otherwise
|
||||
* @throws NoSuchAlgorithmException
|
||||
*/
|
||||
public boolean testGeneralSecretKey() throws NoSuchAlgorithmException {
|
||||
SecretKey key = new SecretKeySpec("random#s".getBytes(), algoToTest);
|
||||
SecretKeyFactory skf = SecretKeyFactory.getInstance(algoToTest);
|
||||
try {
|
||||
skf.translateKey(key);
|
||||
System.out.println("Error: expected IKE not thrown");
|
||||
return false;
|
||||
} catch (InvalidKeyException e) {
|
||||
if (e.getMessage().indexOf("PBEKey") == -1) {
|
||||
System.out.println("Error: IKE message should " +
|
||||
"indicate that PBEKey is required");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
try {
|
||||
skf.getKeySpec(key, PBEKeySpec.class);
|
||||
System.out.println("Error: expected IKSE not thrown");
|
||||
return false;
|
||||
} catch (InvalidKeySpecException e) {
|
||||
if (e.getMessage().indexOf("PBEKey") == -1) {
|
||||
System.out.println("Error: IKSE message should " +
|
||||
"indicate that PBEKey is required");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
/**
|
||||
* Generate a PBKDF2 secret key using given algorithm.
|
||||
*
|
||||
|
||||
Loading…
Reference in New Issue
Block a user