-
Sub-task
-
Resolution: Fixed
-
P2
-
11
As per KeyAgreement#generateSecret:
"This method resets this KeyAgreement object, so that it can be reused for further key agreements. "
My interpretation of above assertion is that once the KeyAgreement is reset , it leaves the KeyAgreement object to a state when i was initialized.
If this is correct,
1. Then i could call "doPhase" with a another public key from the another part to involve him in the KeyAgreement protocol.
2. Calling generateSecret second time should throw IllegalStateException, because the object would have resetted the first time and hence the KeyAgreement is not yet complete when second generateSecret call is made.
For XDH based algorithm , the behavior is deviating the spec
For DiffieHellman algorithm, the behavior is adhering to the spec
=====================generateeSecret_reset_XDHbased===========================
String[] xdhBasedAlgorithms = { "XDH","X448","X25519"};
for(String xdhBased : xdhBasedAlgorithms){
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(xdhBased );
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance(xdhBased );
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance(xdhBased );
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret(); //aliceKA has reset
try{
aliceKA.generateSecret();
System.err.println("Alice KeyAgreement object is not throwing IllegalStateException when Alice "
+ "KeyAgreeent obect is reset and generateSecret is called second time for "+xdhBased );
}catch(IllegalStateException e){
//correct behavior
}
try {
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(), true);
}catch (IllegalStateException e){
System.err.println("Alice KeyAgreement object is NOT reusable in further KeyAgreements for "+xdhBased );
}
}
RESULT:
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for XDH
Alice KeyAgreement object is NOT reusable in further KeyAgreements for XDH
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for X448
Alice KeyAgreement object is NOT reusable in further KeyAgreements for X448
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for X25519
Alice KeyAgreement object is NOT reusable in further KeyAgreements for X25519
===========================================================
DIFFIEHELLMAN
=========================generateSecret_DH_reset_expected========================================
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance("DiffieHellman");
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance("DiffieHellman");
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret();
try{
aliceKA.generateSecret();
}catch(IllegalStateException e){
//correct behavior
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and throws IllegalStateException when generateSecret is called after the key agreement was "
+ "reset");
}
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(),true); // does not throw any exception
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and DOES NOT throws IllegalStateException when doPhase is called after the key "
+ "agreement was reset");
RESULT:
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and throws IllegalStateException when generateSecret is called after the key agreement was reset
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and DOES NOT throws IllegalStateException when doPhase is called after the key agreement was reset
==================================================================================
"This method resets this KeyAgreement object, so that it can be reused for further key agreements. "
My interpretation of above assertion is that once the KeyAgreement is reset , it leaves the KeyAgreement object to a state when i was initialized.
If this is correct,
1. Then i could call "doPhase" with a another public key from the another part to involve him in the KeyAgreement protocol.
2. Calling generateSecret second time should throw IllegalStateException, because the object would have resetted the first time and hence the KeyAgreement is not yet complete when second generateSecret call is made.
For XDH based algorithm , the behavior is deviating the spec
For DiffieHellman algorithm, the behavior is adhering to the spec
=====================generateeSecret_reset_XDHbased===========================
String[] xdhBasedAlgorithms = { "XDH","X448","X25519"};
for(String xdhBased : xdhBasedAlgorithms){
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(xdhBased );
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance(xdhBased );
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance(xdhBased );
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret(); //aliceKA has reset
try{
aliceKA.generateSecret();
System.err.println("Alice KeyAgreement object is not throwing IllegalStateException when Alice "
+ "KeyAgreeent obect is reset and generateSecret is called second time for "+xdhBased );
}catch(IllegalStateException e){
//correct behavior
}
try {
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(), true);
}catch (IllegalStateException e){
System.err.println("Alice KeyAgreement object is NOT reusable in further KeyAgreements for "+xdhBased );
}
}
RESULT:
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for XDH
Alice KeyAgreement object is NOT reusable in further KeyAgreements for XDH
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for X448
Alice KeyAgreement object is NOT reusable in further KeyAgreements for X448
Alice KeyAgreement object is not throwing IllegalStateException when Alice KeyAgreeent obect is reset and generateSecret is called second time for X25519
Alice KeyAgreement object is NOT reusable in further KeyAgreements for X25519
===========================================================
DIFFIEHELLMAN
=========================generateSecret_DH_reset_expected========================================
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("DiffieHellman");
KeyPair aliceKePair = keyPairGenerator.generateKeyPair();
KeyPair bobKeyPair = keyPairGenerator.generateKeyPair();
KeyAgreement aliceKA = KeyAgreement.getInstance("DiffieHellman");
aliceKA.init(aliceKePair.getPrivate());
aliceKA.doPhase(bobKeyPair.getPublic(),true);
KeyAgreement bobKA = KeyAgreement.getInstance("DiffieHellman");
bobKA.init(bobKeyPair.getPrivate());
bobKA.doPhase(aliceKePair.getPublic(),true);
aliceKA.generateSecret();
try{
aliceKA.generateSecret();
}catch(IllegalStateException e){
//correct behavior
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and throws IllegalStateException when generateSecret is called after the key agreement was "
+ "reset");
}
aliceKA.doPhase(keyPairGenerator.generateKeyPair().getPublic(),true); // does not throw any exception
System.out.println("The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication"
+ " and DOES NOT throws IllegalStateException when doPhase is called after the key "
+ "agreement was reset");
RESULT:
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and throws IllegalStateException when generateSecret is called after the key agreement was reset
The behavior when the KeyAgreement is reset for DiffieHellman adheres to specfication and DOES NOT throws IllegalStateException when doPhase is called after the key agreement was reset
==================================================================================
- clones
-
JDK-8205476 KeyAgreement#generateSecret is not reset for ECDH based algorithm
-
- Closed
-