Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8206915 XDH TCK issues
  3. JDK-8205427

KeyAgreement#init throws InvalidAlgorithmParameterException for null param for XDH


    • Type: Sub-task
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 11
    • Fix Version/s: 11
    • Component/s: security-libs
    • Labels:


      When KeyAgreement#init(Key,AlgorithmParameterSpec) is called with null
      AlgorithmParameterSpec, then XDH based algorithm is throwing InvalidAlgorithmParameterException but other algorithm say "ECDH" "EC" are accepting the null values
      ======================XDH ==================================
      jshell> import java.security.*
      jshell> import java.security.spec.*
      jshell> import javax.crypto.*

      jshell> KeyAgreement ka = KeyAgreement.getInstance("XDH");
      ka ==> javax.crypto.KeyAgreement@57855c9a

      jshell> KeyPairGenerator kpg = KeyPairGenerator.getInstance("XDH");
      kpg ==> java.security.KeyPairGenerator$Delegate@7f13d6e

      jshell> KeyPair kp = kpg.generateKeyPair();
      kp ==> java.security.KeyPair@704a52ec

      jshell> ka.init(kp.getPrivate(),(AlgorithmParameterSpec)null);
      | Exception java.security.InvalidAlgorithmParameterException: Only NamedParameterSpec is supported.
      | at XECParameters.get (XECParameters.java:259)
      | at XDHKeyAgreement.engineInit (XDHKeyAgreement.java:73)
      | at KeyAgreement.implInit (KeyAgreement.java:356)
      | at KeyAgreement.chooseProvider (KeyAgreement.java:386)
      | at KeyAgreement.init (KeyAgreement.java:547)
      | at KeyAgreement.init (KeyAgreement.java:517)
      | at (#7:1)
      ==========================NULL SecureRandom==============================
      Suppose "SecureRandom" is null it is accepted

      jshell> ka.init(kp.getPrivate(),(SecureRandom)null); //accepted adheres with ECDH behavior

      If you were to change the "XDH" to say "ECDH" and "EC"(keys) then null is accepted and not throwing InvalidAlgorithmParameterException
      ===========ECDH / EC==============================
      jshell> KeyAgreement ka = KeyAgreement.getInstance("ECDH");
      ka ==> javax.crypto.KeyAgreement@30b8a058

      jshell> KeyPairGenerator kpg = KeyPairGenerator.getInstance("EC");
      kpg ==> java.security.KeyPairGenerator$Delegate@4f063c0a

      jshell> kpg.initialize(571)

      jshell> KeyPair keypair = kpg.generateKeyPair();
      keypair ==> java.security.KeyPair@2d8f65a4

      jshell> ka.init(keypair.getPrivate(),(AlgorithmParameterSpec) null); // accepting no error.
      ka.init(keypair.getPrivate(),(SecureRandom) null); //accepted no errror

      I believe the specification does not state anything about null AlgorithmParameterSpec and behavior should be consistent across different algorithms.

      Please clarify the spec to mention about scenario when null is passed to AlgorithmParameterSpec




            • Assignee:
              apetcher Adam Petcher (Inactive)
              bnallakaluva Bharath Nallakaluva (Inactive)
            • Votes:
              0 Vote for this issue
              2 Start watching this issue


              • Created: