From f0301d69f3b557b30001e75c2ee8160fd7b9c87b Mon Sep 17 00:00:00 2001 From: igerasim Date: Tue, 30 Jan 2018 11:43:20 -0800 Subject: [PATCH] 8193409: Improve AES supporting classes Reviewed-by: valeriep --- .../sun/crypto/provider/DESedeWrapCipher.java | 18 ++++++++++++++++-- .../sun/crypto/provider/FeedbackCipher.java | 6 ++++-- .../sun/crypto/provider/GaloisCounterMode.java | 15 +++++++++++---- 3 files changed, 31 insertions(+), 8 deletions(-) diff --git a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java index 2e60873c6..94685659a 100644 --- a/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java +++ b/src/share/classes/com/sun/crypto/provider/DESedeWrapCipher.java @@ -473,6 +473,9 @@ public final class DESedeWrapCipher extends CipherSpi { } catch (InvalidKeyException ike) { // should never happen throw new RuntimeException("Internal cipher key is corrupted"); + } catch (InvalidAlgorithmParameterException iape) { + // should never happen + throw new RuntimeException("Internal cipher IV is invalid"); } byte[] out2 = new byte[out.length]; cipher.encrypt(out, 0, out.length, out2, 0); @@ -484,6 +487,9 @@ public final class DESedeWrapCipher extends CipherSpi { } catch (InvalidKeyException ike) { // should never happen throw new RuntimeException("Internal cipher key is corrupted"); + } catch (InvalidAlgorithmParameterException iape) { + // should never happen + throw new RuntimeException("Internal cipher IV is invalid"); } return out2; } @@ -527,8 +533,12 @@ public final class DESedeWrapCipher extends CipherSpi { } iv = new byte[IV_LEN]; System.arraycopy(buffer, 0, iv, 0, iv.length); - cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(), + try { + cipher.init(true, cipherKey.getAlgorithm(), cipherKey.getEncoded(), iv); + } catch (InvalidAlgorithmParameterException iape) { + throw new InvalidKeyException("IV in wrapped key is invalid"); + } byte[] buffer2 = new byte[buffer.length - iv.length]; cipher.decrypt(buffer, iv.length, buffer2.length, buffer2, 0); @@ -541,8 +551,12 @@ public final class DESedeWrapCipher extends CipherSpi { } } // restore cipher state to prior to this call - cipher.init(decrypting, cipherKey.getAlgorithm(), + try { + cipher.init(decrypting, cipherKey.getAlgorithm(), cipherKey.getEncoded(), IV2); + } catch (InvalidAlgorithmParameterException iape) { + throw new InvalidKeyException("IV in wrapped key is invalid"); + } byte[] out = new byte[keyValLen]; System.arraycopy(buffer2, 0, out, 0, keyValLen); return ConstructKeys.constructKey(out, wrappedKeyAlgorithm, diff --git a/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java b/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java index 8d03913e2..b21f96227 100644 --- a/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java +++ b/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -26,6 +26,7 @@ package com.sun.crypto.provider; import java.security.InvalidKeyException; +import java.security.InvalidAlgorithmParameterException; import javax.crypto.*; /** @@ -99,7 +100,8 @@ abstract class FeedbackCipher { * initializing this cipher */ abstract void init(boolean decrypting, String algorithm, byte[] key, - byte[] iv) throws InvalidKeyException; + byte[] iv) throws InvalidKeyException, + InvalidAlgorithmParameterException; /** * Gets the initialization vector. diff --git a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java index 4cb76ffef..cdb22d121 100644 --- a/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java +++ b/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2013, 2016, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2013, 2017, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -262,8 +262,9 @@ final class GaloisCounterMode extends FeedbackCipher { * @exception InvalidKeyException if the given key is inappropriate for * initializing this cipher */ + @Override void init(boolean decrypting, String algorithm, byte[] key, byte[] iv) - throws InvalidKeyException { + throws InvalidKeyException, InvalidAlgorithmParameterException { init(decrypting, algorithm, key, iv, DEFAULT_TAG_LEN); } @@ -282,10 +283,16 @@ final class GaloisCounterMode extends FeedbackCipher { */ void init(boolean decrypting, String algorithm, byte[] keyValue, byte[] ivValue, int tagLenBytes) - throws InvalidKeyException { - if (keyValue == null || ivValue == null) { + throws InvalidKeyException, InvalidAlgorithmParameterException { + if (keyValue == null) { throw new InvalidKeyException("Internal error"); } + if (ivValue == null) { + throw new InvalidAlgorithmParameterException("Internal error"); + } + if (ivValue.length == 0) { + throw new InvalidAlgorithmParameterException("IV is empty"); + } // always encrypt mode for embedded cipher this.embeddedCipher.init(false, algorithm, keyValue); -- GitLab