8013069: javax.crypto tests fail with new PBE algorithm names
Summary: Shouldn't auto-generate default parameters for MAC objects.
Reviewed-by: vinnie
--- a/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java Thu May 30 22:19:28 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/HmacPKCS12PBESHA1.java Wed May 29 20:54:43 2013 -0700
@@ -86,12 +86,13 @@
throw new InvalidKeyException("SecretKey of PBE type required");
}
if (params == null) {
- // generate default for salt and iteration count if necessary
- if (salt == null) {
- salt = new byte[20];
- SunJCE.getRandom().nextBytes(salt);
+ // should not auto-generate default values since current
+ // javax.crypto.Mac api does not have any method for caller to
+ // retrieve the generated defaults.
+ if ((salt == null) || (iCount == 0)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec required for salt and iteration count");
}
- if (iCount == 0) iCount = 100;
} else if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("PBEParameterSpec type required");
--- a/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java Thu May 30 22:19:28 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/PBMAC1Core.java Wed May 29 20:54:43 2013 -0700
@@ -42,12 +42,10 @@
*/
abstract class PBMAC1Core extends HmacCore {
- private static final int DEFAULT_SALT_LENGTH = 20;
- private static final int DEFAULT_COUNT = 4096;
-
+ // NOTE: this class inherits the Cloneable interface from HmacCore
+ // Need to override clone() if mutable fields are added.
private final String kdfAlgo;
private final String hashAlgo;
- private final PBKDF2Core kdf;
private final int blockLength; // in octets
/**
@@ -56,13 +54,15 @@
*/
PBMAC1Core(String kdfAlgo, String hashAlgo, int blockLength)
throws NoSuchAlgorithmException {
-
super(hashAlgo, blockLength);
this.kdfAlgo = kdfAlgo;
this.hashAlgo = hashAlgo;
this.blockLength = blockLength;
+ }
- switch(kdfAlgo) {
+ private static PBKDF2Core getKDFImpl(String algo) {
+ PBKDF2Core kdf = null;
+ switch(algo) {
case "HmacSHA1":
kdf = new PBKDF2Core.HmacSHA1();
break;
@@ -79,9 +79,10 @@
kdf = new PBKDF2Core.HmacSHA512();
break;
default:
- throw new NoSuchAlgorithmException(
- "No MAC implementation for " + kdfAlgo);
+ throw new ProviderException(
+ "No MAC implementation for " + algo);
}
+ return kdf;
}
/**
@@ -120,12 +121,13 @@
throw new InvalidKeyException("SecretKey of PBE type required");
}
if (params == null) {
- // generate default for salt and iteration count if necessary
- if (salt == null) {
- salt = new byte[DEFAULT_SALT_LENGTH];
- SunJCE.getRandom().nextBytes(salt);
+ // should not auto-generate default values since current
+ // javax.crypto.Mac api does not have any method for caller to
+ // retrieve the generated defaults.
+ if ((salt == null) || (iCount == 0)) {
+ throw new InvalidAlgorithmParameterException
+ ("PBEParameterSpec required for salt and iteration count");
}
- if (iCount == 0) iCount = DEFAULT_COUNT;
} else if (!(params instanceof PBEParameterSpec)) {
throw new InvalidAlgorithmParameterException
("PBEParameterSpec type required");
@@ -168,7 +170,7 @@
java.util.Arrays.fill(passwdChars, ' ');
SecretKey s = null;
-
+ PBKDF2Core kdf = getKDFImpl(kdfAlgo);
try {
s = kdf.engineGenerateSecret(pbeSpec);
--- a/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java Thu May 30 22:19:28 2013 -0700
+++ b/jdk/src/share/classes/com/sun/crypto/provider/SunJCE.java Wed May 29 20:54:43 2013 -0700
@@ -731,10 +731,11 @@
put("Mac.HmacSHA384 SupportedKeyFormats", "RAW");
put("Mac.HmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.HmacPBESHA1 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA224 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA256 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA384 SupportedKeyFormats", "RAW");
- put("Mac.HmacPBESHA512 SupportedKeyFormats", "RAW");
+ put("Mac.PBEWithHmacSHA1 SupportedKeyFormatS", "RAW");
+ put("Mac.PBEWithHmacSHA224 SupportedKeyFormats", "RAW");
+ put("Mac.PBEWithHmacSHA256 SupportedKeyFormats", "RAW");
+ put("Mac.PBEWithHmacSHA384 SupportedKeyFormats", "RAW");
+ put("Mac.PBEWithHmacSHA512 SupportedKeyFormats", "RAW");
put("Mac.SslMacMD5 SupportedKeyFormats", "RAW");
put("Mac.SslMacSHA1 SupportedKeyFormats", "RAW");
--- a/jdk/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java Thu May 30 22:19:28 2013 -0700
+++ b/jdk/test/com/sun/crypto/provider/Mac/HmacPBESHA1.java Wed May 29 20:54:43 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2003, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,8 +23,8 @@
/**
* @test
- * @bug 4893959
- * @summary basic test for HmacPBESHA1
+ * @bug 4893959 8013069
+ * @summary basic test for PBE MAC algorithms.
* @author Valerie Peng
*/
import java.io.PrintStream;
@@ -68,8 +68,9 @@
}
Mac mac = Mac.getInstance(algo, PROVIDER);
byte[] plainText = new byte[30];
-
- mac.init(key);
+ PBEParameterSpec spec =
+ new PBEParameterSpec("saltValue".getBytes(), 250);
+ mac.init(key, spec);
mac.update(plainText);
byte[] value1 = mac.doFinal();
if (value1.length != length) {
--- a/jdk/test/com/sun/crypto/provider/Mac/MacClone.java Thu May 30 22:19:28 2013 -0700
+++ b/jdk/test/com/sun/crypto/provider/Mac/MacClone.java Wed May 29 20:54:43 2013 -0700
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 1998, 2012, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1998, 2013, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -23,12 +23,13 @@
/*
* @test
- * @bug 7087021
- * @summary MacClone
+ * @bug 7087021 8013069
+ * @summary Clone tests for all MAC algorithms.
* @author Jan Luehe
*/
+import java.security.spec.AlgorithmParameterSpec;
import javax.crypto.*;
-import javax.crypto.spec.SecretKeySpec;
+import javax.crypto.spec.*;
public class MacClone {
@@ -39,18 +40,23 @@
KeyGenerator kgen = KeyGenerator.getInstance("DES");
SecretKey skey = kgen.generateKey();
for (String algo : algos) {
- doTest(algo, skey);
+ doTest(algo, skey, null);
}
- String[] algos2 = { "HmacPBESHA1" };
+ String[] algos2 = { "HmacPBESHA1", "PBEWithHmacSHA1",
+ "PBEWithHmacSHA224", "PBEWithHmacSHA256",
+ "PBEWithHmacSHA384", "PBEWithHmacSHA512" };
skey = new SecretKeySpec("whatever".getBytes(), "PBE");
+ PBEParameterSpec params =
+ new PBEParameterSpec("1234567890".getBytes(), 500);
for (String algo : algos2) {
- doTest(algo, skey);
+ doTest(algo, skey, params);
}
System.out.println("Test Passed");
}
- private static void doTest(String algo, SecretKey skey) throws Exception {
+ private static void doTest(String algo, SecretKey skey,
+ AlgorithmParameterSpec params) throws Exception {
//
// Clone an uninitialized Mac object
//
@@ -72,7 +78,7 @@
// Clone an initialized Mac object
//
mac = Mac.getInstance(algo, "SunJCE");
- mac.init(skey);
+ mac.init(skey, params);
macClone = (Mac)mac.clone();
System.out.println(macClone.getProvider().toString());
System.out.println(macClone.getAlgorithm());