8193409: Improve AES supporting classes

Reviewed-by: valeriep

8193409: Improve AES supporting classes
Reviewed-by: valeriep
7dc94ee3 · igerasim · 5fffa30c · 7dc94ee3 · 7dc94ee3 · 7dc94ee3
3 changed file
--- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java
+++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java
@@ -473,6 +473,9 @@ public final class DESedeWrapCipher extends CipherSpi {
        } catch (InvalidKeyException ike) {
            // should never happen
            throw new RuntimeException("Internal cipher key is corrupted");
+        } catch (InvalidAlgorithmParameterException iape) {
+            // should never happen
+            throw new RuntimeException("Internal cipher IV is invalid");
        }
        byte[] out2 = new byte[out.length];
        cipher.encrypt(out, 0, out.length, out2, 0);
@@ -484,6 +487,9 @@ public final class DESedeWrapCipher extends CipherSpi {
        } catch (InvalidKeyException ike) {
            // should never happen
            throw new RuntimeException("Internal cipher key is corrupted");
+        } catch (InvalidAlgorithmParameterException iape) {
+            // should never happen
+            throw new RuntimeException("Internal cipher IV is invalid");
        }
        return out2;
    }
@@ -527,8 +533,12 @@ public final class DESedeWrapCipher extends CipherSpi {
        }
        iv = new byte[IV_LEN];
        System.arraycopy(buffer, 0, iv, 0, iv.length);
-        cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(),
+        try {
+            cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(),
                    iv);
+        } catch (InvalidAlgorithmParameterException iape) {
+            throw new InvalidKeyException("IV in wrapped key is invalid");
+        }
        byte[] buffer2 = new byte[buffer.length - iv.length];
        cipher.decrypt(buffer, iv.length, buffer2.length,
                       buffer2, 0);
@@ -541,8 +551,12 @@ public final class DESedeWrapCipher extends CipherSpi {
            }
        }
        // restore cipher state to prior to this call
-        cipher.init(decrypting, cipherKey.getAlgorithm(),
+        try {
+          cipher.init(decrypting, cipherKey.getAlgorithm(),
                    cipherKey.getEncoded(), IV2);
+        } catch (InvalidAlgorithmParameterException iape) {
+            throw new InvalidKeyException("IV in wrapped key is invalid");
+        }
        byte[] out = new byte[keyValLen];
        System.arraycopy(buffer2, 0, out, 0, keyValLen);
        return ConstructKeys.constructKey(out, wrappedKeyAlgorithm,

--- a/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java
+++ b/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java
 /*
- * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;

 import java.security.InvalidKeyException;
+import java.security.InvalidAlgorithmParameterException;
 import javax.crypto.*;

 /**
@@ -99,7 +100,8 @@ abstract class FeedbackCipher {
     * initializing this cipher
     */
    abstract void init(boolean decrypting, String algorithm, byte[] key,
-                       byte[] iv) throws InvalidKeyException;
+                       byte[] iv) throws InvalidKeyException,
+                                         InvalidAlgorithmParameterException;

   /**
     * Gets the initialization vector.

--- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
+++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java
 /*
- * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@@ -262,8 +262,9 @@ final class GaloisCounterMode extends FeedbackCipher {
     * @exception InvalidKeyException if the given key is inappropriate for
     * initializing this cipher
     */
+    @Override
    void init(boolean decrypting, String algorithm, byte[] key, byte[] iv)
-            throws InvalidKeyException {
+            throws InvalidKeyException, InvalidAlgorithmParameterException {
        init(decrypting, algorithm, key, iv, DEFAULT_TAG_LEN);
    }

@@ -282,10 +283,16 @@ final class GaloisCounterMode extends FeedbackCipher {
     */
    void init(boolean decrypting, String algorithm, byte[] keyValue,
              byte[] ivValue, int tagLenBytes)
-              throws InvalidKeyException {
-        if (keyValue == null || ivValue == null) {
+              throws InvalidKeyException, InvalidAlgorithmParameterException {
+        if (keyValue == null) {
            throw new InvalidKeyException("Internal error");
        }
+        if (ivValue == null) {
+            throw new InvalidAlgorithmParameterException("Internal error");
+        }
+        if (ivValue.length == 0) {
+            throw new InvalidAlgorithmParameterException("IV is empty");
+        }

        // always encrypt mode for embedded cipher
        this.embeddedCipher.init(false, algorithm, keyValue);