stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8279800: isAssignableFrom checks in AlgorithmParametersSpi.engineGetParameterSpec appear to be backwards

Browse Source 
Reviewed-by: xuelei, valeriep
This commit is contained in:
Weijun Wang 2022-01-13 00:42:00 +00:00
parent 1228b2f1f8
commit cb25029885
15 changed files with 141 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/java.base/share/classes/com/sun/crypto/provider/BlockCipherParamsCore.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -108,7 +108,7 @@ final class BlockCipherParamsCore {
<T extends AlgorithmParameterSpec> T getParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (IvParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(IvParameterSpec.class)) {
return paramSpec.cast(new IvParameterSpec(this.iv));
} else {
throw new InvalidParameterSpecException

4
src/java.base/share/classes/com/sun/crypto/provider/ChaCha20Poly1305Parameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -147,7 +147,7 @@ public final class ChaCha20Poly1305Parameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (IvParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(IvParameterSpec.class)) {
return paramSpec.cast(new IvParameterSpec(nonce));
} else {
throw new InvalidParameterSpecException

4
src/java.base/share/classes/com/sun/crypto/provider/DHParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -98,7 +98,7 @@ public final class DHParameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (DHParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(DHParameterSpec.class)) {
return paramSpec.cast(new DHParameterSpec(this.p, this.g, this.l));
} else {
throw new InvalidParameterSpecException

4
src/java.base/share/classes/com/sun/crypto/provider/GCMParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -107,7 +107,7 @@ public final class GCMParameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (GCMParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(GCMParameterSpec.class)) {
return paramSpec.cast(new GCMParameterSpec(tLen * 8, iv));
} else {
throw new InvalidParameterSpecException

4
src/java.base/share/classes/com/sun/crypto/provider/OAEPParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -148,7 +148,7 @@ public final class OAEPParameters extends AlgorithmParametersSpi {
protected <T extends AlgorithmParameterSpec>
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (OAEPParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(OAEPParameterSpec.class)) {
return paramSpec.cast(
new OAEPParameterSpec(mdName, "MGF1", mgfSpec,
new PSource.PSpecified(p)));

2
src/java.base/share/classes/com/sun/crypto/provider/PBEKeyFactory.java
View File

@ -243,7 +243,7 @@ abstract class PBEKeyFactory extends SecretKeyFactorySpi {
// Check if requested key spec is amongst the valid ones
if ((keySpecCl != null)
&& PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
&& keySpecCl.isAssignableFrom(PBEKeySpec.class)) {
byte[] passwdBytes = key.getEncoded();
char[] passwdChars = new char[passwdBytes.length];
for (int i=0; i<passwdChars.length; i++)

4
src/java.base/share/classes/com/sun/crypto/provider/PBEParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1998, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1998, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -105,7 +105,7 @@ public final class PBEParameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(PBEParameterSpec.class)) {
return paramSpec.cast(
new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {

4
src/java.base/share/classes/com/sun/crypto/provider/PBES2Parameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2012, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2012, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -334,7 +334,7 @@ abstract class PBES2Parameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException
{
if (PBEParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(PBEParameterSpec.class)) {
return paramSpec.cast(
new PBEParameterSpec(this.salt, this.iCount, this.cipherParam));
} else {

2
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2Core.java
View File

@ -92,7 +92,7 @@ abstract class PBKDF2Core extends SecretKeyFactorySpi {
if (key instanceof javax.crypto.interfaces.PBEKey) {
// Check if requested key spec is amongst the valid ones
if ((keySpecCl != null)
&& PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
&& keySpecCl.isAssignableFrom(PBEKeySpec.class)) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
char[] passwd = pKey.getPassword();

167
src/java.base/share/classes/com/sun/crypto/provider/PBKDF2HmacSHA1Factory.java
View File

@ -1,167 +0,0 @@
/*
* Copyright (c) 2005, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package com.sun.crypto.provider;
import java.security.InvalidKeyException;
import java.security.spec.KeySpec;
import java.security.spec.InvalidKeySpecException;
import java.util.Arrays;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactorySpi;
import javax.crypto.spec.PBEKeySpec;
/**
* This class implements a key factory for PBE keys derived using
* PBKDF2 with HmacSHA1 psuedo random function(PRF) as defined in
* PKCS#5 v2.0.
*
* @author Valerie Peng
*
*/
public final class PBKDF2HmacSHA1Factory extends SecretKeyFactorySpi {
/**
* Empty constructor
*/
public PBKDF2HmacSHA1Factory() {
}
/**
* Generates a <code>SecretKey</code> object from the provided key
* specification (key material).
*
* @param keySpec the specification (key material) of the secret key
*
* @return the secret key
*
* @exception InvalidKeySpecException if the given key specification
* is inappropriate for this key factory to produce a public key.
*/
protected SecretKey engineGenerateSecret(KeySpec keySpec)
throws InvalidKeySpecException
{
if (!(keySpec instanceof PBEKeySpec)) {
throw new InvalidKeySpecException("Invalid key spec");
}
PBEKeySpec ks = (PBEKeySpec) keySpec;
return new PBKDF2KeyImpl(ks, "HmacSHA1");
}
/**
* Returns a specification (key material) of the given key
* in the requested format.
*
* @param key the key
*
* @param keySpecCl the requested format in which the key material shall be
* returned
*
* @return the underlying key specification (key material) in the
* requested format
*
* @exception InvalidKeySpecException if the requested key
* specification is inappropriate for the given key, or the
* given key cannot be processed (e.g., the given key has an
* unrecognized algorithm or format).
*/
protected KeySpec engineGetKeySpec(SecretKey key, Class<?> keySpecCl)
throws InvalidKeySpecException {
if (key instanceof javax.crypto.interfaces.PBEKey) {
// Check if requested key spec is amongst the valid ones
if ((keySpecCl != null)
&& PBEKeySpec.class.isAssignableFrom(keySpecCl)) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
char[] passwd = pKey.getPassword();
byte[] encoded = pKey.getEncoded();
try {
return new PBEKeySpec(passwd, pKey.getSalt(),
pKey.getIterationCount(), encoded.length * 8);
} finally {
if (passwd != null) {
Arrays.fill(passwd, (char) 0);
}
Arrays.fill(encoded, (byte)0);
}
} else {
throw new InvalidKeySpecException("Invalid key spec");
}
} else {
throw new InvalidKeySpecException("Invalid key " +
"format/algorithm");
}
}
/**
* Translates a <code>SecretKey</code> object, whose provider may be
* unknown or potentially untrusted, into a corresponding
* <code>SecretKey</code> object of this key factory.
*
* @param key the key whose provider is unknown or untrusted
*
* @return the translated key
*
* @exception InvalidKeyException if the given key cannot be processed by
* this key factory.
*/
protected SecretKey engineTranslateKey(SecretKey key)
throws InvalidKeyException {
if ((key != null) &&
(key.getAlgorithm().equalsIgnoreCase("PBKDF2WithHmacSHA1")) &&
(key.getFormat().equalsIgnoreCase("RAW"))) {
// Check if key originates from this factory
if (key instanceof com.sun.crypto.provider.PBKDF2KeyImpl) {
return key;
}
// Check if key implements the PBEKey
if (key instanceof javax.crypto.interfaces.PBEKey) {
javax.crypto.interfaces.PBEKey pKey =
(javax.crypto.interfaces.PBEKey) key;
char[] password = pKey.getPassword();
byte[] encoding = pKey.getEncoded();
PBEKeySpec spec =
new PBEKeySpec(password,
pKey.getSalt(),
pKey.getIterationCount(),
encoding.length*8);
try {
return new PBKDF2KeyImpl(spec, "HmacSHA1");
} catch (InvalidKeySpecException re) {
throw new InvalidKeyException
("Invalid key component(s)", re);
} finally {
if (password != null) {
Arrays.fill(password, (char) 0);
spec.clearPassword();
}
Arrays.fill(encoding, (byte)0);
}
}
}
throw new InvalidKeyException("Invalid key format/algorithm");
}
}

4
src/java.base/share/classes/com/sun/crypto/provider/RC2Parameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2003, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -180,7 +180,7 @@ public final class RC2Parameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (RC2ParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(RC2ParameterSpec.class)) {
return paramSpec.cast((iv == null ?
new RC2ParameterSpec(effectiveKeySize) :
new RC2ParameterSpec(effectiveKeySize, iv)));

4
src/java.base/share/classes/sun/security/provider/DSAParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2011, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -101,7 +101,7 @@ public class DSAParameters extends AlgorithmParametersSpi {
try {
Class<?> dsaParamSpec = Class.forName
("java.security.spec.DSAParameterSpec");
if (dsaParamSpec.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(dsaParamSpec)) {
return paramSpec.cast(
new DSAParameterSpec(this.p, this.q, this.g));
} else {

4
src/java.base/share/classes/sun/security/rsa/PSSParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2018, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2018, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -180,7 +180,7 @@ public final class PSSParameters extends AlgorithmParametersSpi {
protected <T extends AlgorithmParameterSpec>
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (PSSParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(PSSParameterSpec.class)) {
return paramSpec.cast(spec);
} else {
throw new InvalidParameterSpecException

4
src/java.base/share/classes/sun/security/util/GCMParameters.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2019, 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -111,7 +111,7 @@ public final class GCMParameters extends AlgorithmParametersSpi {
T engineGetParameterSpec(Class<T> paramSpec)
throws InvalidParameterSpecException {
if (GCMParameterSpec.class.isAssignableFrom(paramSpec)) {
if (paramSpec.isAssignableFrom(GCMParameterSpec.class)) {
return paramSpec.cast(new GCMParameterSpec(tLen * 8, iv));
} else {
throw new InvalidParameterSpecException

117
test/jdk/java/security/spec/IsAssignableFromOrder.java Normal file
View File

@ -0,0 +1,117 @@
/*
* Copyright (c) 2022, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import sun.security.util.CurveDB;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import javax.crypto.spec.DESedeKeySpec;
import javax.crypto.spec.DHParameterSpec;
import javax.crypto.spec.GCMParameterSpec;
import javax.crypto.spec.IvParameterSpec;
import javax.crypto.spec.OAEPParameterSpec;
import javax.crypto.spec.PBEKeySpec;
import javax.crypto.spec.PBEParameterSpec;
import javax.crypto.spec.RC2ParameterSpec;
import javax.crypto.spec.SecretKeySpec;
import java.math.BigInteger;
import java.nio.charset.StandardCharsets;
import java.security.AlgorithmParameters;
import java.security.spec.AlgorithmParameterSpec;
import java.security.spec.DSAParameterSpec;
import java.security.spec.ECGenParameterSpec;
import java.security.spec.ECParameterSpec;
import java.security.spec.KeySpec;
import java.security.spec.PSSParameterSpec;
/**
* @test
* @bug 8279800
* @modules java.base/sun.security.util
* @summary isAssignableFrom checks in AlgorithmParametersSpi.engineGetParameterSpec appear to be backwards
*/
public class IsAssignableFromOrder {
public static void main(String[] args) throws Exception {
// AlgorithmParameters
testAlgSpec("AES", new IvParameterSpec(new byte[16]));
testAlgSpec("ChaCha20-Poly1305", new IvParameterSpec(new byte[12]));
testAlgSpec("DiffieHellman", new DHParameterSpec(BigInteger.ONE, BigInteger.TWO));
testAlgSpec("GCM", new GCMParameterSpec(96, new byte[16]));
testAlgSpec("OAEP", OAEPParameterSpec.DEFAULT);
testAlgSpec("PBEWithSHA1AndDESede", new PBEParameterSpec(
"saltsalt".getBytes(StandardCharsets.UTF_8), 10000));
testAlgSpec("PBEWithHmacSHA256AndAES_256", new PBEParameterSpec(
"saltsalt".getBytes(StandardCharsets.UTF_8), 10000,
new IvParameterSpec(new byte[16])));
testAlgSpec("RC2", new RC2ParameterSpec(256, new byte[32]));
testAlgSpec("DSA", new DSAParameterSpec(
BigInteger.ONE, BigInteger.TWO, BigInteger.TEN));
testAlgSpec("RSASSA-PSS", PSSParameterSpec.DEFAULT);
testAlgSpec("EC", new ECGenParameterSpec("secp256r1"));
testAlgSpec("EC", CurveDB.lookup("secp256r1"),
ECParameterSpec.class, AlgorithmParameterSpec.class);
// SecretKeyFactory
var spec = new PBEKeySpec(
"password".toCharArray(),
"saltsalt".getBytes(StandardCharsets.UTF_8),
10000,
32);
testKeySpec("PBE", spec, PBEKeySpec.class);
testKeySpec("PBEWithHmacSHA256AndAES_256", spec, PBEKeySpec.class);
testKeySpec("PBKDF2WithHmacSHA1", spec, PBEKeySpec.class);
testKeySpec("DES", new SecretKeySpec(new byte[8], "DES"), DESKeySpec.class);
testKeySpec("DESede", new SecretKeySpec(new byte[24], "DESede"), DESedeKeySpec.class);
}
static void testAlgSpec(String algorithm, AlgorithmParameterSpec spec,
Class<? extends AlgorithmParameterSpec>... classes) throws Exception {
System.out.println(algorithm);
var ap1 = AlgorithmParameters.getInstance(algorithm);
ap1.init(spec);
var ap2 = AlgorithmParameters.getInstance(algorithm);
ap2.init(ap1.getEncoded());
if (classes.length == 0) {
classes = new Class[]{spec.getClass(), AlgorithmParameterSpec.class};
}
for (var c : classes) {
ap1.getParameterSpec(c);
ap2.getParameterSpec(c);
}
}
static void testKeySpec(String algorithm, KeySpec spec, Class<?> clazz)
throws Exception {
System.out.println(algorithm);
var kf = SecretKeyFactory.getInstance(algorithm);
var key = kf.generateSecret(spec);
kf.getKeySpec(key, KeySpec.class);
kf.getKeySpec(key, clazz);
}
}