Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8338148

ClassCastException for XECPublicKey

XMLWordPrintable

      For key exchange in TLS connections, the local side need to generate the private key for the given named group. Here is the code in the SunJSSE provider:

      XDHKeyExchange.java:
              XDHEPossession(NamedGroup namedGroup, SecureRandom random) {
                  try {
                      KeyPairGenerator kpg
                              = KeyPairGenerator.getInstance(namedGroup.algorithm);
                      kpg.initialize(namedGroup.keAlgParamSpec, random);
                      KeyPair kp = kpg.generateKeyPair();
                      privateKey = kp.getPrivate();
                      publicKey = (XECPublicKey) kp.getPublic();
                  } catch (GeneralSecurityException e) {
                      throw new RuntimeException(
                              "Could not generate XDH keypair", e);
                  }

                  this.namedGroup = namedGroup;
              }


      The XDH public key is explicit cast to XECPublicKey, which is fine for security providers that implement per the Java Security standards. However, there is a public issue [1] with BC provider which does not support the XECPublicKey interface for the x25519/x448 named group key pair generation.

      For such cases, it would be nice if other key exchange algorithms rather than x2559/x448 could be used for the connection. This update could build a more robust SunJSSE provider.

      [1]: https://github.com/bcgit/bc-java/issues/1086

            valeriep Valerie Peng
            xuelei Xuelei Fan
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: