-
Notifications
You must be signed in to change notification settings - Fork 5.6k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
8320449: ECDHKeyAgreement should validate parameters before using them
Reviewed-by: mullan
- Loading branch information
John Jiang
committed
Jan 16, 2024
1 parent
b058063
commit 43d2d68
Showing
2 changed files
with
137 additions
and
17 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
120 changes: 120 additions & 0 deletions
120
test/jdk/sun/security/ec/ECDHKeyAgreementParamValidation.java
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
/* | ||
* Copyright (C) 2024, THL A29 Limited, a Tencent company. All rights reserved. | ||
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. | ||
* | ||
* This code is free software; you can redistribute it and/or modify it | ||
* under the terms of the GNU General Public License version 2 only, as | ||
* published by the Free Software Foundation. | ||
* | ||
* This code is distributed in the hope that it will be useful, but WITHOUT | ||
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or | ||
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License | ||
* version 2 for more details (a copy is included in the LICENSE file that | ||
* accompanied this code). | ||
* | ||
* You should have received a copy of the GNU General Public License version | ||
* 2 along with this work; if not, write to the Free Software Foundation, | ||
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. | ||
* | ||
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA | ||
* or visit www.oracle.com if you need additional information or have any | ||
* questions. | ||
*/ | ||
|
||
/* | ||
* @test | ||
* @bug 8320449 | ||
* @summary ECDHKeyAgreement should validate parameters before assigning them to fields. | ||
* @library /test/lib | ||
* @run main ECDHKeyAgreementParamValidation | ||
*/ | ||
|
||
import javax.crypto.KeyAgreement; | ||
import java.math.BigInteger; | ||
import java.security.InvalidKeyException; | ||
import java.security.KeyFactory; | ||
import java.security.KeyPair; | ||
import java.security.KeyPairGenerator; | ||
import java.security.interfaces.ECPrivateKey; | ||
import java.security.spec.ECPrivateKeySpec; | ||
|
||
import jdk.test.lib.Asserts; | ||
|
||
public class ECDHKeyAgreementParamValidation { | ||
|
||
private static void testInitWithInvalidKey() throws Exception { | ||
KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC"); | ||
kpg.initialize(256); | ||
KeyPair kp = kpg.generateKeyPair(); | ||
ECPrivateKey privateKey = (ECPrivateKey) kp.getPrivate(); | ||
|
||
KeyFactory keyFactory = KeyFactory.getInstance("EC"); | ||
ECPrivateKey invalidPrivateKey | ||
= (ECPrivateKey) keyFactory.generatePrivate( | ||
new ECPrivateKeySpec(BigInteger.ZERO, | ||
privateKey.getParams())); | ||
|
||
KeyAgreement ka = KeyAgreement.getInstance("ECDH"); | ||
|
||
// The first initiation should succeed. | ||
ka.init(privateKey); | ||
|
||
// The second initiation should fail with invalid private key, | ||
// and the private key assigned by the first initiation should be cleared. | ||
Asserts.assertThrows( | ||
InvalidKeyException.class, | ||
() -> ka.init(invalidPrivateKey)); | ||
|
||
// Cannot doPhase due to no private key. | ||
Asserts.assertThrows( | ||
IllegalStateException.class, | ||
() -> ka.doPhase(kp.getPublic(), true)); | ||
|
||
// Cannot generate shared key due to no key | ||
Asserts.assertThrows(IllegalStateException.class, ka::generateSecret); | ||
} | ||
|
||
private static void testDoPhaseWithInvalidKey() throws Exception { | ||
// SECP256R1 key pair | ||
KeyPairGenerator kpgP256 = KeyPairGenerator.getInstance("EC"); | ||
kpgP256.initialize(256); | ||
KeyPair kpP256 = kpgP256.generateKeyPair(); | ||
|
||
// SECP384R1 key pair | ||
KeyPairGenerator kpgP384 = KeyPairGenerator.getInstance("EC"); | ||
kpgP384.initialize(384); | ||
KeyPair kpP384 = kpgP384.generateKeyPair(); | ||
|
||
KeyAgreement ka = KeyAgreement.getInstance("ECDH"); | ||
ka.init(kpP256.getPrivate()); | ||
|
||
Asserts.assertThrows( | ||
InvalidKeyException.class, | ||
() -> ka.doPhase(kpP384.getPublic(), true)); | ||
|
||
// Should not generate shared key with SECP256R1 private key and SECP384R1 public key | ||
Asserts.assertThrows(IllegalStateException.class, ka::generateSecret); | ||
} | ||
|
||
public static void main(String[] args) { | ||
boolean failed = false; | ||
|
||
try { | ||
testInitWithInvalidKey(); | ||
} catch (Exception e) { | ||
failed = true; | ||
e.printStackTrace(); | ||
} | ||
|
||
try { | ||
testDoPhaseWithInvalidKey(); | ||
} catch (Exception e) { | ||
failed = true; | ||
e.printStackTrace(); | ||
} | ||
|
||
if (failed) { | ||
throw new RuntimeException("Test failed"); | ||
} | ||
} | ||
} |
43d2d68
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Review
Issues