-
Sub-task
-
Resolution: Fixed
-
P3
-
11
-
Verified
When KeyAgreement#init(Key,AlgorithmParameterSpec) is called with null
AlgorithmParameterSpec, then XDH based algorithm is throwing InvalidAlgorithmParameterException but other algorithm say "ECDH" "EC" are accepting the null values
======================XDH ==================================
jshell> import java.security.*
jshell> import java.security.spec.*
jshell> import javax.crypto.*
jshell> KeyAgreement ka = KeyAgreement.getInstance("XDH");
ka ==> javax.crypto.KeyAgreement@57855c9a
jshell> KeyPairGenerator kpg = KeyPairGenerator.getInstance("XDH");
kpg ==> java.security.KeyPairGenerator$Delegate@7f13d6e
jshell> KeyPair kp = kpg.generateKeyPair();
kp ==> java.security.KeyPair@704a52ec
jshell> ka.init(kp.getPrivate(),(AlgorithmParameterSpec)null);
| Exception java.security.InvalidAlgorithmParameterException: Only NamedParameterSpec is supported.
| at XECParameters.get (XECParameters.java:259)
| at XDHKeyAgreement.engineInit (XDHKeyAgreement.java:73)
| at KeyAgreement.implInit (KeyAgreement.java:356)
| at KeyAgreement.chooseProvider (KeyAgreement.java:386)
| at KeyAgreement.init (KeyAgreement.java:547)
| at KeyAgreement.init (KeyAgreement.java:517)
| at (#7:1)
==========================NULL SecureRandom==============================
Suppose "SecureRandom" is null it is accepted
jshell> ka.init(kp.getPrivate(),(SecureRandom)null); //accepted adheres with ECDH behavior
==========================================================
If you were to change the "XDH" to say "ECDH" and "EC"(keys) then null is accepted and not throwing InvalidAlgorithmParameterException
===========ECDH / EC==============================
jshell> KeyAgreement ka = KeyAgreement.getInstance("ECDH");
ka ==> javax.crypto.KeyAgreement@30b8a058
jshell> KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
kpg ==> java.security.KeyPairGenerator$Delegate@4f063c0a
jshell> kpg.initialize(571)
jshell> KeyPair keypair = kpg.generateKeyPair();
keypair ==> java.security.KeyPair@2d8f65a4
jshell> ka.init(keypair.getPrivate(),(AlgorithmParameterSpec) null); // accepting no error.
ka.init(keypair.getPrivate(),(SecureRandom) null); //accepted no errror
=====================================================
I believe the specification does not state anything about null AlgorithmParameterSpec and behavior should be consistent across different algorithms.
Please clarify the spec to mention about scenario when null is passed to AlgorithmParameterSpec
AlgorithmParameterSpec, then XDH based algorithm is throwing InvalidAlgorithmParameterException but other algorithm say "ECDH" "EC" are accepting the null values
======================XDH ==================================
jshell> import java.security.*
jshell> import java.security.spec.*
jshell> import javax.crypto.*
jshell> KeyAgreement ka = KeyAgreement.getInstance("XDH");
ka ==> javax.crypto.KeyAgreement@57855c9a
jshell> KeyPairGenerator kpg = KeyPairGenerator.getInstance("XDH");
kpg ==> java.security.KeyPairGenerator$Delegate@7f13d6e
jshell> KeyPair kp = kpg.generateKeyPair();
kp ==> java.security.KeyPair@704a52ec
jshell> ka.init(kp.getPrivate(),(AlgorithmParameterSpec)null);
| Exception java.security.InvalidAlgorithmParameterException: Only NamedParameterSpec is supported.
| at XECParameters.get (XECParameters.java:259)
| at XDHKeyAgreement.engineInit (XDHKeyAgreement.java:73)
| at KeyAgreement.implInit (KeyAgreement.java:356)
| at KeyAgreement.chooseProvider (KeyAgreement.java:386)
| at KeyAgreement.init (KeyAgreement.java:547)
| at KeyAgreement.init (KeyAgreement.java:517)
| at (#7:1)
==========================NULL SecureRandom==============================
Suppose "SecureRandom" is null it is accepted
jshell> ka.init(kp.getPrivate(),(SecureRandom)null); //accepted adheres with ECDH behavior
==========================================================
If you were to change the "XDH" to say "ECDH" and "EC"(keys) then null is accepted and not throwing InvalidAlgorithmParameterException
===========ECDH / EC==============================
jshell> KeyAgreement ka = KeyAgreement.getInstance("ECDH");
ka ==> javax.crypto.KeyAgreement@30b8a058
jshell> KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
kpg ==> java.security.KeyPairGenerator$Delegate@4f063c0a
jshell> kpg.initialize(571)
jshell> KeyPair keypair = kpg.generateKeyPair();
keypair ==> java.security.KeyPair@2d8f65a4
jshell> ka.init(keypair.getPrivate(),(AlgorithmParameterSpec) null); // accepting no error.
ka.init(keypair.getPrivate(),(SecureRandom) null); //accepted no errror
=====================================================
I believe the specification does not state anything about null AlgorithmParameterSpec and behavior should be consistent across different algorithms.
Please clarify the spec to mention about scenario when null is passed to AlgorithmParameterSpec