-
Bug
-
Resolution: Fixed
-
P2
-
11
-
b18
-
Verified
As per KeyAgreement#generateSecret:
"This method resets this KeyAgreement object, so that it can be reused for further key agreements. "
My interpretation of above assertion is that once the KeyAgreement is reset , it leaves the KeyAgreement object to a state when i was initialized.
If this is correct,
1. Then i could call "doPhase" with a another public key from the another part to involve him in the KeyAgreement protocol.
2. Calling generateSecret second time should throw IllegalStateException, because the object would have resetted the first time and hence the KeyAgreement is not yet complete when second generateSecret call is made.
For ECDH based algorithm , the behavior is deviating the spec
For DiffieHellman algorithm, the behavior is adhering to the spec
=====================generateeSecret_reset_ECDH===========================
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance("ECDH");
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance("ECDH");
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret(); //aliceKA has reset
try{
aliceKA.generateSecret();
System.err.println("Alice KeyAgreement object is not throwing IllegalStateException when Alice "
+ "KeyAgreeent obect is reset and generateSecret is called second time for ECDH");
}catch(IllegalStateException e){
//correct behavior
}
try {
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(), true);
}catch (IllegalStateException e){
System.err.println("Alice KeyAgreement object is NOT reusable in further KeyAgreements");
}
RESULT:
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for ECDH
Alice KeyAgreement object is NOT reusable in further KeyAgreements
===========================================================
DIFFIEHELLMAN
=========================generateSecret_DH_reset_expected========================================
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance("DiffieHellman");
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance("DiffieHellman");
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret();
try{
aliceKA.generateSecret();
}catch(IllegalStateException e){
//correct behavior
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and throws IllegalStateException when generateSecret is called after the key agreement was "
+ "reset");
}
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(),true); // does not throw any exception
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and DOES NOT throws IllegalStateException when doPhase is called after the key "
+ "agreement was reset");
RESULT:
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and throws IllegalStateException when generateSecret is called after the key agreement was reset
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and DOES NOT throws IllegalStateException when doPhase is called after the key agreement was reset
==================================================================================
"This method resets this KeyAgreement object, so that it can be reused for further key agreements. "
My interpretation of above assertion is that once the KeyAgreement is reset , it leaves the KeyAgreement object to a state when i was initialized.
If this is correct,
1. Then i could call "doPhase" with a another public key from the another part to involve him in the KeyAgreement protocol.
2. Calling generateSecret second time should throw IllegalStateException, because the object would have resetted the first time and hence the KeyAgreement is not yet complete when second generateSecret call is made.
For ECDH based algorithm , the behavior is deviating the spec
For DiffieHellman algorithm, the behavior is adhering to the spec
=====================generateeSecret_reset_ECDH===========================
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("EC");
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance("ECDH");
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance("ECDH");
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret(); //aliceKA has reset
try{
aliceKA.generateSecret();
System.err.println("Alice KeyAgreement object is not throwing IllegalStateException when Alice "
+ "KeyAgreeent obect is reset and generateSecret is called second time for ECDH");
}catch(IllegalStateException e){
//correct behavior
}
try {
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(), true);
}catch (IllegalStateException e){
System.err.println("Alice KeyAgreement object is NOT reusable in further KeyAgreements");
}
RESULT:
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for ECDH
Alice KeyAgreement object is NOT reusable in further KeyAgreements
===========================================================
DIFFIEHELLMAN
=========================generateSecret_DH_reset_expected========================================
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance("DiffieHellman");
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance("DiffieHellman");
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret();
try{
aliceKA.generateSecret();
}catch(IllegalStateException e){
//correct behavior
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and throws IllegalStateException when generateSecret is called after the key agreement was "
+ "reset");
}
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(),true); // does not throw any exception
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and DOES NOT throws IllegalStateException when doPhase is called after the key "
+ "agreement was reset");
RESULT:
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and throws IllegalStateException when generateSecret is called after the key agreement was reset
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and DOES NOT throws IllegalStateException when doPhase is called after the key agreement was reset
==================================================================================
- csr for
-
JDK-8212051 KeyAgreement#generateSecret is not reset for ECDH based algorithm
-
- Closed
-
- is cloned by
-
JDK-8205478 KeyAgreement#generateSecret is not reset for XDH based algorithm
-
- Resolved
-