jdk/src/share/classes/sun/security/pkcs11/P11KeyAgreement.java
Print this page
rev 5679 : 7192392: Better validation of client keys
Summary: Also reviewed by Andrew Gross<Andrew.Gross@Oracle.COM>
Reviewed-by: vinnie
@@ -35,10 +35,11 @@
import javax.crypto.spec.*;
import static sun.security.pkcs11.TemplateManager.*;
import sun.security.pkcs11.wrapper.*;
import static sun.security.pkcs11.wrapper.PKCS11Constants.*;
+import sun.security.util.KeyUtil;
/**
* KeyAgreement implementation class. This class currently supports
* DH.
*
@@ -132,10 +133,14 @@
("Key must be a PublicKey with algorithm DH");
}
BigInteger p, g, y;
if (key instanceof DHPublicKey) {
DHPublicKey dhKey = (DHPublicKey)key;
+
+ // validate the Diffie-Hellman public key
+ KeyUtil.validate(dhKey);
+
y = dhKey.getY();
DHParameterSpec params = dhKey.getParams();
p = params.getP();
g = params.getG();
} else {
@@ -143,10 +148,14 @@
// just in case not, attempt conversion
P11DHKeyFactory kf = new P11DHKeyFactory(token, "DH");
try {
DHPublicKeySpec spec = (DHPublicKeySpec)kf.engineGetKeySpec
(key, DHPublicKeySpec.class);
+
+ // validate the Diffie-Hellman public key
+ KeyUtil.validate(spec);
+
y = spec.getY();
p = spec.getP();
g = spec.getG();
} catch (InvalidKeySpecException e) {
throw new InvalidKeyException("Could not obtain key values", e);