8133535: Better exception messaging in Ucrypto code
authorcoffeys
Wed, 16 Sep 2015 12:23:25 +0100
changeset 32646 db7c5592a47f
parent 32645 32e2fd6206d1
child 32648 1fa861caf840
8133535: Better exception messaging in Ucrypto code Reviewed-by: igerasim
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/GCMParameters.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipherWithJavaPadding.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeDigest.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java
jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java
jdk/test/com/oracle/security/ucrypto/CipherSignNotSupported.java
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/GCMParameters.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/GCMParameters.java	Wed Sep 16 12:23:25 2015 +0100
@@ -90,7 +90,8 @@
             return paramSpec.cast(new GCMParameterSpec(tLen*8, iv.clone()));
         } else {
             throw new InvalidParameterSpecException
-                ("Inappropriate parameter specification");
+                ("Inappropriate parameter specification. Received " +
+                paramSpec.getClass().getName());
         }
     }
 
@@ -98,7 +99,8 @@
         throws InvalidParameterSpecException {
         if (!(paramSpec instanceof GCMParameterSpec)) {
             throw new InvalidParameterSpecException
-                ("Inappropriate parameter specification");
+                ("Inappropriate parameter specification. Received " +
+                paramSpec.getClass().getName());
         }
         GCMParameterSpec gcmSpec = (GCMParameterSpec) paramSpec;
         try {
@@ -114,7 +116,8 @@
             val.data.reset();
             setValues(val.data.getOctetString(), val.data.getInteger());
         } else {
-            throw new IOException("GCM parameter parsing error: SEQ tag expected");
+            throw new IOException("GCM parameter parsing error: SEQ tag expected." +
+                " Received: " + val.tag);
         }
     }
 
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java	Wed Sep 16 12:23:25 2015 +0100
@@ -274,13 +274,14 @@
             if (params != null) {
                 if (!(params instanceof IvParameterSpec)) {
                     throw new InvalidAlgorithmParameterException
-                            ("IvParameterSpec required");
+                            ("IvParameterSpec required. Received: " +
+                            params.getClass().getName());
                 } else {
                     ivBytes = ((IvParameterSpec) params).getIV();
                     if (ivBytes.length != blockSize) {
                         throw new InvalidAlgorithmParameterException
                              ("Wrong IV length: must be " + blockSize +
-                              " bytes long");
+                              " bytes long. Received length:" + ivBytes.length);
                     }
                 }
             } else {
@@ -442,12 +443,13 @@
             if (fixedKeySize == -1) {
                 // all 3 AES key lengths are allowed
                 if (keyLen != 16 && keyLen != 24 && keyLen != 32) {
-                    throw new InvalidKeyException("Key size is not valid");
+                    throw new InvalidKeyException("Key size is not valid." +
+                        " Got key length of: " + keyLen);
                 }
             } else {
                 if (keyLen != fixedKeySize) {
                     throw new InvalidKeyException("Only " + fixedKeySize +
-                        "-byte keys are accepted");
+                        "-byte keys are accepted. Got: " + keyLen);
                 }
             }
             // return the validated key length in bytes
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipherWithJavaPadding.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipherWithJavaPadding.java	Wed Sep 16 12:23:25 2015 +0100
@@ -184,7 +184,7 @@
             if (padValue < 1 || padValue > blockSize) {
                 UcryptoProvider.debug("PKCS5Padding: unpad, lastData: " + Arrays.toString(lastData));
                 UcryptoProvider.debug("PKCS5Padding: unpad, padValue=" + padValue);
-                throw new BadPaddingException("Invalid pad value!");
+                throw new BadPaddingException("Invalid pad value: " + padValue);
             }
 
             // sanity check padding bytes
@@ -388,7 +388,7 @@
                 out = Arrays.copyOf(out, actualOut);
             }
         } catch (ShortBufferException sbe) {
-            throw new UcryptoException("Internal Error");
+            throw new UcryptoException("Internal Error", sbe);
         } finally {
             reset();
         }
@@ -404,7 +404,8 @@
         int estimatedOutLen = engineGetOutputSize(inLen);
 
         if (out.length - outOfs < estimatedOutLen) {
-            throw new ShortBufferException();
+            throw new ShortBufferException("Actual: " + (out.length - outOfs) +
+                ". Estimated Out Length: " + estimatedOutLen);
         }
         try {
             if (nc.encrypt) {
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeDigest.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeDigest.java	Wed Sep 16 12:23:25 2015 +0100
@@ -131,7 +131,8 @@
         try {
             int len = engineDigest(digest, 0, digestLen);
             if (len != digestLen) {
-                throw new UcryptoException("Digest length mismatch");
+                throw new UcryptoException("Digest length mismatch." +
+                    " Len: " + len + ". digestLen: " + digestLen);
             }
             return digest;
         } catch (DigestException de) {
@@ -144,10 +145,11 @@
             throws DigestException {
         if (len < digestLen) {
             throw new DigestException("Output buffer must be at least " +
-                                      digestLen + " bytes long");
+                          digestLen + " bytes long. Got: " + len);
         }
         if ((ofs < 0) || (len < 0) || (ofs > out.length - len)) {
-            throw new DigestException("Buffer too short to store digest");
+            throw new DigestException("Buffer too short to store digest. " +
+                "ofs: " + ofs + ". len: " + len + ". out.length: " + out.length);
         }
 
         if (pCtxt == null) {
@@ -177,7 +179,8 @@
             return;
         }
         if ((ofs < 0) || (len < 0) || (ofs > in.length - len)) {
-            throw new ArrayIndexOutOfBoundsException();
+            throw new ArrayIndexOutOfBoundsException("ofs: " + ofs + ". len: "
+                + len + ". in.length: " + in.length);
         }
         if (pCtxt == null) {
             pCtxt = new DigestContextRef(this, nativeInit(mech), mech);
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java	Wed Sep 16 12:23:25 2015 +0100
@@ -188,7 +188,8 @@
         byte[] ivBytes = null;
         if (params != null) {
             if (!(params instanceof GCMParameterSpec)) {
-                throw new InvalidAlgorithmParameterException("GCMParameterSpec required");
+                throw new InvalidAlgorithmParameterException("GCMParameterSpec required." +
+                    " Received: " + params.getClass().getName());
             } else {
                 tagLen = ((GCMParameterSpec) params).getTLen();
                 ivBytes = ((GCMParameterSpec) params).getIV();
@@ -264,9 +265,9 @@
             int outOfs) throws ShortBufferException {
         int len = getOutputSizeByOperation(inLen, false);
         if (out.length - outOfs < len) {
-            throw new ShortBufferException("Output buffer must be "
-                                           + "(at least) " + len
-                                           + " bytes long");
+            throw new ShortBufferException("Output buffer must be " +
+                 "(at least) " + len + " bytes long. Got: " +
+                 (out.length - outOfs));
         }
         if (aadBuffer != null && aadBuffer.size() > 0) {
             // init again with AAD data
@@ -365,8 +366,8 @@
         int len = getOutputSizeByOperation(inLen, true);
         if (out.length - outOfs < len) {
             throw new ShortBufferException("Output buffer must be "
-                                           + "(at least) " + len
-                                           + " bytes long");
+                + "(at least) " + len + " bytes long. Got: " +
+                (out.length - outOfs));
         }
         if (aadBuffer != null && aadBuffer.size() > 0) {
             // init again with AAD data
@@ -385,7 +386,8 @@
             if (inLen < tagLen/8) {
                 // Otherwise, Solaris lib will error out w/ CRYPTO_BUFFER_TOO_SMALL
                 // when ucrypto_decrypt_final() is called
-                throw new AEADBadTagException("Input too short - need tag");
+                throw new AEADBadTagException("Input too short - need tag." +
+                    " inLen: " + inLen + ". tagLen: " + tagLen);
             }
             // refresh 'in' to all buffered-up bytes
             in = ibuffer.toByteArray();
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java	Wed Sep 16 12:23:25 2015 +0100
@@ -94,7 +94,8 @@
                 pKey = nativeInit(NativeKey.getMagnitude(mod),
                                   NativeKey.getMagnitude(privateExp));
             } else {
-                throw new InvalidKeySpecException("Only supports RSAPrivateKeySpec");
+                throw new InvalidKeySpecException("Only supports RSAPrivateKeySpec." +
+                    " Received: " + keySpec.getClass().getName());
             }
             if (pKey == 0L) {
                 throw new UcryptoException("Error constructing RSA PrivateKey");
@@ -141,7 +142,8 @@
                                   NativeKey.getMagnitude(primeExpQ),
                                   NativeKey.getMagnitude(crtCoeff));
             } else {
-                throw new InvalidKeySpecException("Only supports RSAPrivateCrtKeySpec");
+                throw new InvalidKeySpecException("Only supports RSAPrivateCrtKeySpec."
+                    + " Received: " + keySpec.getClass().getName());
             }
             if (pKey == 0L) {
                 throw new UcryptoException("Error constructing RSA PrivateCrtKey");
@@ -184,7 +186,8 @@
                 pKey = nativeInit(NativeKey.getMagnitude(mod),
                                   NativeKey.getMagnitude(publicExp));
             } else {
-                throw new InvalidKeySpecException("Only supports RSAPublicKeySpec");
+                throw new InvalidKeySpecException("Only supports RSAPublicKeySpec." +
+                    " Received: " + keySpec.getClass().getName());
             }
             if (pKey == 0L) {
                 throw new UcryptoException("Error constructing RSA PublicKey");
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java	Wed Sep 16 12:23:25 2015 +0100
@@ -159,7 +159,8 @@
     @Override
     protected int engineGetKeySize(Key key) throws InvalidKeyException {
         if (!(key instanceof RSAKey)) {
-            throw new InvalidKeyException("RSAKey required");
+            throw new InvalidKeyException("RSAKey required. Got: " +
+                key.getClass().getName());
         }
         int n = ((RSAKey)key).getModulus().bitLength();
         // strip off the leading extra 0x00 byte prefix
@@ -206,9 +207,11 @@
 
         // Make sure the proper opmode uses the proper key
         if (doEncrypt && (!(newKey instanceof RSAPublicKey))) {
-            throw new InvalidKeyException("RSAPublicKey required for encryption");
+            throw new InvalidKeyException("RSAPublicKey required for encryption." +
+                " Received: " + newKey.getClass().getName());
         } else if (!doEncrypt && (!(newKey instanceof RSAPrivateKey))) {
-            throw new InvalidKeyException("RSAPrivateKey required for decryption");
+            throw new InvalidKeyException("RSAPrivateKey required for decryption." +
+                " Received: " + newKey.getClass().getName());
         }
 
         NativeKey nativeKey = null;
@@ -237,13 +240,14 @@
                                                       privateKey.getPrimeExponentP(),
                                                       privateKey.getPrimeExponentQ(),
                                                       privateKey.getCrtCoefficient()));
-                   } else if (newKey instanceof RSAPrivateKey) {
+                    } else if (newKey instanceof RSAPrivateKey) {
                         RSAPrivateKey privateKey = (RSAPrivateKey) newKey;
                         nativeKey = (NativeKey) keyFactory.engineGeneratePrivate
                             (new RSAPrivateKeySpec(privateKey.getModulus(),
                                                    privateKey.getPrivateExponent()));
                     } else {
-                        throw new InvalidKeyException("Unsupported type of RSAPrivateKey");
+                        throw new InvalidKeyException("Unsupported type of RSAPrivateKey." +
+                            " Received: " + newKey.getClass().getName());
                     }
                 } catch (InvalidKeySpecException ikse) {
                     throw new InvalidKeyException(ikse);
@@ -282,7 +286,8 @@
     protected synchronized int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out,
             int outOfs) throws ShortBufferException {
         if (out.length - outOfs < outputSize) {
-            throw new ShortBufferException("Output buffer too small");
+            throw new ShortBufferException("Output buffer too small. outputSize: " +
+                outputSize + ". out.length: " + out.length + ". outOfs: " + outOfs);
         }
         if (inLen > 0) {
             update(in, inOfs, inLen);
@@ -332,7 +337,9 @@
                                               "the key to be wrapped");
             }
             if (encodedKey.length > buffer.length) {
-                throw new InvalidKeyException("Key is too long for wrapping");
+                throw new InvalidKeyException("Key is too long for wrapping. " +
+                    "encodedKey.length: " + encodedKey.length +
+                    ". buffer.length: " + buffer.length);
             }
             return engineDoFinal(encodedKey, 0, encodedKey.length);
         } catch (BadPaddingException e) {
@@ -349,7 +356,9 @@
             throws InvalidKeyException, NoSuchAlgorithmException {
 
         if (wrappedKey.length > buffer.length) {
-            throw new InvalidKeyException("Key is too long for unwrapping");
+            throw new InvalidKeyException("Key is too long for unwrapping." +
+                " wrappedKey.length: " + wrappedKey.length +
+                ". buffer.length: " + buffer.length);
         }
 
         boolean isTlsRsaPremasterSecret =
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java	Wed Sep 16 12:23:25 2015 +0100
@@ -56,7 +56,8 @@
         } else if (keySpec instanceof RSAPrivateKeySpec) {
             return new NativeKey.RSAPrivate(keySpec);
         } else {
-            throw new InvalidKeySpecException("Unsupported key spec");
+            throw new InvalidKeySpecException("Unsupported key spec." +
+                " Received: " + keySpec.getClass().getName());
         }
     }
 
--- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java	Wed Sep 16 12:23:25 2015 +0100
@@ -192,7 +192,8 @@
         // Need to check RSA key length whenever a new private key is set
         if (privateKey != key) {
             if (!(privateKey instanceof RSAPrivateKey)) {
-                throw new InvalidKeyException("RSAPrivateKey required");
+                throw new InvalidKeyException("RSAPrivateKey required. " +
+                    "Received: " + privateKey.getClass().getName());
             }
             RSAPrivateKey rsaPrivKey = (RSAPrivateKey) privateKey;
             BigInteger mod = rsaPrivKey.getModulus();
@@ -242,7 +243,8 @@
                     throw new InvalidKeyException(ikse);
                 }
             } else {
-                throw new InvalidKeyException("RSAPublicKey required");
+                throw new InvalidKeyException("RSAPublicKey required. " +
+                    "Received: " + publicKey.getClass().getName());
             }
         }
         init(false, newKey, newSigLength);
@@ -269,7 +271,8 @@
         throws SignatureException {
         if (outbuf == null || (offset < 0) || (outbuf.length < (offset + sigLength))
             || (len < sigLength)) {
-            throw new SignatureException("Invalid output buffer");
+            throw new SignatureException("Invalid output buffer. offset: " +
+                offset + ". len: " + len + ". sigLength: " + sigLength);
         }
         int rv = doFinal(outbuf, offset, sigLength);
         if (rv < 0) {
@@ -328,7 +331,8 @@
         throws SignatureException {
         if (sigBytes == null || (sigOfs < 0) || (sigBytes.length < (sigOfs + this.sigLength))
             || (sigLen < this.sigLength)) {
-            throw new SignatureException("Invalid signature buffer");
+            throw new SignatureException("Invalid signature buffer. sigOfs: " +
+                sigOfs + ". sigLen: " + sigLen + ". this.sigLength: " + this.sigLength);
         }
 
         int rv = doFinal(sigBytes, sigOfs, sigLen);
@@ -405,7 +409,8 @@
     // returns 0 (success) or negative (ucrypto error occurred)
     private int update(byte[] in, int inOfs, int inLen) {
         if (inOfs < 0 || inOfs + inLen > in.length) {
-            throw new ArrayIndexOutOfBoundsException();
+            throw new ArrayIndexOutOfBoundsException("inOfs :" + inOfs +
+                ". inLen: " + inLen + ". in.length: " + in.length);
         }
         ensureInitialized();
         int k = nativeUpdate(pCtxt.id, sign, in, inOfs, inLen);
@@ -442,7 +447,8 @@
         int maxDataSize = keySize - PKCS1PADDING_LEN;
         if (maxDataSize < encodedLen) {
             throw new InvalidKeyException
-                ("Key is too short for this signature algorithm");
+                ("Key is too short for this signature algorithm. maxDataSize: " +
+                    maxDataSize + ". encodedLen: " + encodedLen);
         }
         return keySize;
     }
--- a/jdk/test/com/oracle/security/ucrypto/CipherSignNotSupported.java	Tue Sep 15 15:10:49 2015 -0700
+++ b/jdk/test/com/oracle/security/ucrypto/CipherSignNotSupported.java	Wed Sep 16 12:23:25 2015 +0100
@@ -23,7 +23,7 @@
 
 /**
  * @test
- * @bug 8029849 8132082
+ * @bug 8029849 8132082 8133535
  * @summary Make sure signing via encrypt and verifying via decrypt are not
  * supported by OracleUcrypto provider.
  * @author Anthony Scarpino
@@ -89,8 +89,7 @@
                 ct = c.doFinal(pt);
                 throw new RuntimeException("Encrypt operation should have failed.");
             } catch (InvalidKeyException e) {
-                if (e.getMessage().compareTo("RSAPublicKey required for " +
-                        "encryption") != 0) {
+                if (!e.getMessage().contains("RSAPublicKey required for encryption")) {
                     System.out.println("Wrong exception thrown.");
                     throw e;
                 }
@@ -103,8 +102,7 @@
             c.doFinal(ct);
             throw new RuntimeException("Decrypt operation should have failed.");
         } catch (InvalidKeyException e) {
-            if (e.getMessage().compareTo("RSAPrivateKey required for " +
-                    "decryption") != 0) {
+            if (!e.getMessage().contains("RSAPrivateKey required for decryption")) {
                 System.out.println("Wrong exception thrown.");
                 throw e;
             }