Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

AlgorithmParameterSpec, KeySpec predicate refinement #69

Open
28 of 30 tasks
AndreSonntag opened this issue Apr 8, 2020 · 1 comment
Open
28 of 30 tasks

AlgorithmParameterSpec, KeySpec predicate refinement #69

AndreSonntag opened this issue Apr 8, 2020 · 1 comment
Labels
enhancement

Comments

@AndreSonntag
Copy link
Contributor

AndreSonntag commented Apr 8, 2020
edited
Loading

Currently, CrySL provides different predicates for AlgorithmParamterSpec interface implementers. We should have the same for KeySpec implementers. In the following example, we get an InvalidKeySpecException, due to the wrong KeySpec object.

public static PrivateKey createPrivateKey(){
 KeyFactory keyFactory = KeyFactory.getInstance("DSA");
 PBEKeySpec spec = new PBEKeySpec(new char[16]);
 PrivateKey privateKey = keyFactory.generatePrivate(spec);
 return privateKey;
}

java.security.spec.AlgorithmParameterSpec

  • java.security.spec.DSAGenParameterSpec preparedDSA[]

  • java.security.spec.DSAParameterSpec preparedDSA[]

  • java.security.spec.ECGenParameterSpec preparedEC[]

  • java.security.spec.ECParameterSpec preparedEC[]

  • java.security.spec.MGF1ParameterSpec preparedMFG1[]

  • java.security.spec.RSAKeyGenParameterSpec preparedRSA[]

  • javax.crypto.spec.DHGenParameterSpec preparedDH[]

  • javax.crypto.spec.DHParameterSpec preparedDH[]

  • javax.crypto.spec.GCMParameterSpec preparedGCM[]

  • javax.crypto.spec.IvParameterSpec preparedIV[]

  • javax.crypto.spec.OAEPParameterSpec preparedOAEP[]

  • javax.crypto.spec.PBEParameterSpec preparedPBE[]

  • javax.xml.crypto.dsig.spec.HMACParameterSpec preparedHMAC[]

  • java.security.spec.PSSParameterSpec preparedPSS[]

java.security.spec.KeySpec

  • javax.crypto.spec.PBEKeySpec speccedKey[] → speccedPBEKeySpec[this, keylength]

  • javax.crypto.spec.SecretKeySpec speccedKey[] → speccedSymmetricKeySpec[this, keyAlgorithm], generatedSymmetricKey[this, keyAlgorithm]

  • java.security.spec.X509EncodedKeySpec speccedPubKeySpec[this]

  • java.security.spec.PKCS8EncodedKeySpec speccedPrivKeySpec[this]

  • java.security.spec.EncodedKeySpec speccedPubKeySpec[this], speccedPrivKeySpec[this]

  • java.security.spec.DSAPrivateKeySpec speccedDSAPrivKeySpec[this]

  • java.security.spec.DSAPublicKeySpec speccedDSAPubKeySpec[this]

  • java.security.spec.ECPrivateKeySpec speccedECPrivKeySpec[this]

  • java.security.spec.ECPublicKeySpec speccedECPubKeySpec[this]

  • java.security.spec.RSAPrivateKeySpec speccedRSAPrivKeySpec[this]

  • java.security.spec.RSAPublicKeySpec speccedRSAPubKeySpec[this]

  • java.security.spec.RSAPrivateCrtKeySpec speccedRSAPrivKeySpec[this]

  • javax.crypto.spec.DHPrivateKeySpec speccedDHPrivKeySpec[this]

  • javax.crypto.spec.DHPublicKeySpec speccedDHPubKeySpec[this]

  • javax.crypto.spec.DESedeKeySpec not secure

  • javax.crypto.spec.DESKeySpec not secure

Sources:
https://docs.oracle.com/javase/8/docs/api/java/security/spec/package-tree.html
https://docs.oracle.com/javase/8/docs/api/javax/crypto/spec/package-tree.html
@AndreSonntag
Copy link
Contributor Author

Branch:
https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/AlgorithmParameterSpec_KeySpec_refinement

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@AndreSonntag