8189441: Define algorithm names for keys derived from KeyAgreement

Reviewed-by: mullan
2025-08-26 22:34:27 +02:00 · 2025-01-27 18:09:17 +00:00 · 2025-01-27 18:09:17 +00:00 · aba60a9274
commit aba60a9274
parent 03106eb2d3
10 changed files with 160 additions and 44 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
@ -1,5 +1,5 @@
 /*
- * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 1997, 2025, Oracle and/or its affiliates. All rights reserved.
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
 *
 * This code is free software; you can redistribute it and/or modify it
@ -379,11 +379,10 @@ extends KeyAgreementSpi {
            throw new NoSuchAlgorithmException("null algorithm");
        }

-        if (!algorithm.equalsIgnoreCase("TlsPremasterSecret") &&
-            !AllowKDF.VALUE) {
-
-            throw new NoSuchAlgorithmException("Unsupported secret key "
-                                               + "algorithm: " + algorithm);
+        if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm) &&
+                !AllowKDF.VALUE) {
+            throw new NoSuchAlgorithmException(
+                    "Unsupported secret key algorithm: " + algorithm);
        }

        byte[] secret = engineGenerateSecret();
@ -419,13 +418,17 @@ extends KeyAgreementSpi {
                throw new InvalidKeyException("Key material is too short");
            }
            return skey;
-        } else if (algorithm.equals("TlsPremasterSecret")) {
-            // remove leading zero bytes per RFC 5246 Section 8.1.2
-            return new SecretKeySpec(
+        } else if (KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
+            if (algorithm.equalsIgnoreCase("TlsPremasterSecret")) {
+                // remove leading zero bytes per RFC 5246 Section 8.1.2
+                return new SecretKeySpec(
                        KeyUtil.trimZeroes(secret), "TlsPremasterSecret");
+            } else {
+                return new SecretKeySpec(secret, algorithm);
+            }
        } else {
-            throw new NoSuchAlgorithmException("Unsupported secret key "
-                                               + "algorithm: "+ algorithm);
+            throw new NoSuchAlgorithmException(
+                    "Unsupported secret key algorithm: " + algorithm);
        }
    }
 }