jdk-sandbox: comparison jdk/src/share/classes/com/sun/crypto/provider/DHKeyAgreement.java

equal deleted inserted replaced

-:d935c2f4aeae
+:d77ed23f4992
 /*
-* Copyright (c) 1997, 2009, Oracle and/or its affiliates. All rights reserved.
+* Copyright (c) 1997, 2012, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
 * under the terms of the GNU General Public License version 2 only, as
 * published by the Free Software Foundation.  Oracle designates this
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.Key;
 import java.security.NoSuchAlgorithmException;
 import java.security.SecureRandom;
+import java.security.ProviderException;
 import java.security.spec.AlgorithmParameterSpec;
 import java.security.spec.InvalidKeySpecException;
 import javax.crypto.KeyAgreementSpi;
 import javax.crypto.ShortBufferException;
 import javax.crypto.SecretKey;
 * completed yet
 */
 protected byte[] engineGenerateSecret()
 throws IllegalStateException
 {
-if (generateSecret == false) {
+int expectedLen = (init_p.bitLength() + 7) >>> 3;
-throw new IllegalStateException
+byte[] result = new byte[expectedLen];
-("Key agreement has not been completed yet");
+try {
-}
+engineGenerateSecret(result, 0);
+} catch (ShortBufferException sbe) {
-// Reset the key agreement here (in case anything goes wrong)
+// should never happen since length are identical
-generateSecret = false;
+}
+return result;
-// get the modulus
-BigInteger modulus = init_p;
-BigInteger tmpResult = y.modPow(x, modulus);
-byte[] secret = tmpResult.toByteArray();
-/*
-* BigInteger.toByteArray will sometimes put a sign byte up front, but
-* we NEVER want one.
-*/
-if ((tmpResult.bitLength() % 8) == 0) {
-byte retval[] = new byte[secret.length - 1];
-System.arraycopy(secret, 1, retval, 0, retval.length);
-return retval;
-} else {
-return secret;
-}
 }
 /**
 * Generates the shared secret, and places it into the buffer
 * <code>sharedSecret</code>, beginning at <code>offset</code>.
 throw new ShortBufferException
 ("No buffer provided for shared secret");
 }
 BigInteger modulus = init_p;
+int expectedLen = (modulus.bitLength() + 7) >>> 3;
+if ((sharedSecret.length - offset) < expectedLen) {
+throw new ShortBufferException
+("Buffer too short for shared secret");
+}
+// Reset the key agreement after checking for ShortBufferException
+// above, so user can recover w/o losing internal state
+generateSecret = false;
+/*
+* NOTE: BigInteger.toByteArray() returns a byte array containing
+* the two's-complement representation of this BigInteger with
+* the most significant byte is in the zeroth element. This
+* contains the minimum number of bytes required to represent
+* this BigInteger, including at least one sign bit whose value
+* is always 0.
+*
+* Keys are always positive, and the above sign bit isn't
+* actually used when representing keys.  (i.e. key = new
+* BigInteger(1, byteArray))  To obtain an array containing
+* exactly expectedLen bytes of magnitude, we strip any extra
+* leading 0's, or pad with 0's in case of a "short" secret.
+*/
 byte[] secret = this.y.modPow(this.x, modulus).toByteArray();
+if (secret.length == expectedLen) {
-// BigInteger.toByteArray will sometimes put a sign byte up front,
+System.arraycopy(secret, 0, sharedSecret, offset,
-// but we NEVER want one.
+secret.length);
-if ((secret.length << 3) != modulus.bitLength()) {
+} else {
-if ((sharedSecret.length - offset) < (secret.length - 1)) {
+// Array too short, pad it w/ leading 0s
-throw new ShortBufferException
+if (secret.length < expectedLen) {
-("Buffer too short for shared secret");
+System.arraycopy(secret, 0, sharedSecret,
+offset + (expectedLen - secret.length),
+secret.length);
+} else {
+// Array too long, check and trim off the excess
+if ((secret.length == (expectedLen+1)) && secret[0] == 0) {
+// ignore the leading sign byte
+System.arraycopy(secret, 1, sharedSecret, offset, expectedLen);
+} else {
+throw new ProviderException("Generated secret is out-of-range");
+}
 }
-System.arraycopy(secret, 1, sharedSecret, offset,
+}
-secret.length - 1);
+return expectedLen;
-// Reset the key agreement here (not earlier!), so that people
-// can recover from ShortBufferException above without losing
-// internal state
-generateSecret = false;
-return secret.length - 1;
-} else {
-if ((sharedSecret.length - offset) < secret.length) {
-throw new ShortBufferException
-("Buffer too short to hold shared secret");
-}
-System.arraycopy(secret, 0, sharedSecret, offset, secret.length);
-// Reset the key agreement here (not earlier!), so that people
-// can recover from ShortBufferException above without losing
-// internal state
-generateSecret = false;
-return secret.length;
-}
 }
 /**
 * Creates the shared secret and returns it as a secret key object
 * of the requested algorithm type.

changeset 12201	d77ed23f4992
parent 5506	202f599c92aa
child 16080	0e6266b88242