JCE: return SecretKeySpec of appropriate size from KeyAgreement.engineGenerateSecret()

cconlon · cconlon · commit 6bf12d99a3d1 · 2025-10-17T11:46:13.000-06:00
diff --git a/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyAgreement.java b/src/main/java/com/wolfssl/provider/jce/WolfCryptKeyAgreement.java
@@ -330,19 +330,66 @@ protected SecretKey engineGenerateSecret(String algorithm)
                InvalidKeyException {
 
         byte secret[] = engineGenerateSecret();
+        byte[] keyMaterial = null;
+        SecretKey ret = null;
 
         log("generating SecretKey for " + algorithm);
 
-        if (algorithm.equals("DES")) {
-            return (SecretKey)new DESKeySpec(secret);
+        try {
+            if (algorithm.equals("DES")) {
+                /* DES requires 8 bytes */
+                if (secret.length < DESKeySpec.DES_KEY_LEN) {
+                    throw new InvalidKeyException(
+                        "Shared secret is too short for DES key");
+                }
+                keyMaterial = new byte[DESKeySpec.DES_KEY_LEN];
+                System.arraycopy(secret, 0, keyMaterial, 0,
+                    DESKeySpec.DES_KEY_LEN);
+                ret = new SecretKeySpec(keyMaterial, algorithm);
+
+            } else if (algorithm.equals("DESede")) {
+                /* DESede requires 24 bytes (3-key) */
+                if (secret.length < DESedeKeySpec.DES_EDE_KEY_LEN) {
+                    throw new InvalidKeyException(
+                        "Shared secret is too short for DESede key");
+                }
+                keyMaterial = new byte[DESedeKeySpec.DES_EDE_KEY_LEN];
+                System.arraycopy(secret, 0, keyMaterial, 0,
+                    DESedeKeySpec.DES_EDE_KEY_LEN);
+                ret = new SecretKeySpec(keyMaterial, algorithm);
+
+            } else if (algorithm.equals("AES")) {
+                /* AES requires specific key sizes: 128, 192, or 256 bits.
+                 * Use first 16 bytes (128-bit) by default, or 32 bytes
+                 * (256-bit) if shared secret is >= 32 bytes. */
+                int aesKeyLen = 16; /* default to AES-128 */
+                if (secret.length >= 32) {
+                    aesKeyLen = 32; /* use AES-256 if possible */
+                } else if (secret.length >= 24) {
+                    aesKeyLen = 24; /* use AES-192 if >= 24 bytes */
+                }
+
+                if (secret.length < aesKeyLen) {
+                    throw new InvalidKeyException(
+                        "Shared secret is too short for AES key " +
+                        "(need at least " + aesKeyLen + " bytes)");
+                }
 
-        } else if (algorithm.equals("DESede")) {
-            return (SecretKey)new DESedeKeySpec(secret);
+                keyMaterial = new byte[aesKeyLen];
+                System.arraycopy(secret, 0, keyMaterial, 0, aesKeyLen);
+                ret = new SecretKeySpec(keyMaterial, algorithm);
 
-        } else {
-            /* AES and default */
-            return new SecretKeySpec(secret, algorithm);
+            } else {
+                /* Other algorithms: use full shared secret */
+                ret = new SecretKeySpec(secret, algorithm);
+            }
+
+        } finally {
+            zeroArray(secret);
+            zeroArray(keyMaterial);
         }
+
+        return ret;
     }
 
     /**
diff --git a/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyAgreementTest.java b/src/test/java/com/wolfssl/provider/jce/test/WolfCryptKeyAgreementTest.java
@@ -39,6 +39,8 @@
 
 import javax.crypto.KeyAgreement;
 import javax.crypto.ShortBufferException;
+import javax.crypto.SecretKey;
+import javax.crypto.Cipher;
 import javax.crypto.spec.DHParameterSpec;
 
 import java.security.Security;
@@ -773,6 +775,242 @@ private void threadRunnerKeyAgreeTest(String algo)
         }
     }
 
+    @Test
+    public void testDHGenerateSecretKeyForDES()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               InvalidParameterSpecException, InvalidKeyException,
+               InvalidAlgorithmParameterException {
+
+        /* Skip 512-bit DH params in FIPS mode. FIPS 186-4 only allows
+         * 1024, 2048, and 3072-bit DH parameter generation */
+        if (Fips.enabled) {
+            return;
+        }
+
+        /* create DH params */
+        AlgorithmParameterGenerator paramGen =
+            AlgorithmParameterGenerator.getInstance("DH");
+        paramGen.init(512);
+
+        AlgorithmParameters params;
+        try {
+            params = paramGen.generateParameters();
+        }
+        catch (RuntimeException e) {
+            /* 512-bit DH parameter generation may not be supported due to
+             * wolfSSL enforcing minimum parameter sizes. Skip test if
+             * generation fails. */
+            if (e.getMessage() != null && e.getMessage().contains(
+                "Bad function argument")) {
+                return;
+            }
+            throw e;
+        }
+
+        DHParameterSpec dhParams =
+            (DHParameterSpec)params.getParameterSpec(DHParameterSpec.class);
+
+        /* initialize key pair generator */
+        KeyPairGenerator keyGen =
+            KeyPairGenerator.getInstance("DH", "wolfJCE");
+        keyGen.initialize(dhParams, secureRandom);
+
+        KeyAgreement aKeyAgree = KeyAgreement.getInstance("DH", "wolfJCE");
+        KeyAgreement bKeyAgree = KeyAgreement.getInstance("DH", "wolfJCE");
+
+        KeyPair aPair = keyGen.generateKeyPair();
+        KeyPair bPair = keyGen.generateKeyPair();
+
+        aKeyAgree.init(aPair.getPrivate());
+        bKeyAgree.init(bPair.getPrivate());
+
+        aKeyAgree.doPhase(bPair.getPublic(), true);
+        bKeyAgree.doPhase(aPair.getPublic(), true);
+
+        /* Test generateSecret("DES") returns SecretKey, not DESKeySpec */
+        SecretKey desKeyA = null;
+        SecretKey desKeyB = null;
+        try {
+            desKeyA = aKeyAgree.generateSecret("DES");
+            assertNotNull(desKeyA);
+            assertTrue(desKeyA instanceof SecretKey);
+            assertEquals("DES", desKeyA.getAlgorithm());
+
+            /* Verify key can be used with Cipher */
+            Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
+            cipher.init(Cipher.ENCRYPT_MODE, desKeyA);
+
+        } catch (ClassCastException e) {
+            fail("generateSecret(\"DES\") should return SecretKey, " +
+                "not DESKeySpec: " + e.getMessage());
+
+        } catch (Exception e) {
+            fail("Unexpected exception during DES key generation: " +
+                e.getMessage());
+        }
+
+        /* Test generateSecret("DESede") returns SecretKey */
+        try {
+            /* bKeyAgree already has doPhase() completed, just generate
+             * secret with different algorithm */
+            SecretKey desedeKey = bKeyAgree.generateSecret("DESede");
+            assertNotNull(desedeKey);
+            assertTrue(desedeKey instanceof SecretKey);
+            assertEquals("DESede", desedeKey.getAlgorithm());
+
+            /* Verify key can be used with Cipher */
+            Cipher cipher =
+                Cipher.getInstance("DESede/ECB/PKCS5Padding");
+            cipher.init(Cipher.ENCRYPT_MODE, desedeKey);
+
+        } catch (ClassCastException e) {
+            fail("generateSecret(\"DESede\") should return SecretKey, " +
+                "not DESedeKeySpec: " + e.getMessage());
+
+        } catch (Exception e) {
+            fail("Unexpected exception during DESede key generation: " +
+                e.getMessage());
+        }
+
+        /* Test generateSecret("AES") returns SecretKey with proper size */
+        KeyAgreement cKeyAgree = KeyAgreement.getInstance("DH", "wolfJCE");
+        KeyPair cPair = keyGen.generateKeyPair();
+        cKeyAgree.init(cPair.getPrivate());
+        cKeyAgree.doPhase(aPair.getPublic(), true);
+
+        try {
+            SecretKey aesKey = cKeyAgree.generateSecret("AES");
+            assertNotNull(aesKey);
+            assertTrue(aesKey instanceof SecretKey);
+            assertEquals("AES", aesKey.getAlgorithm());
+
+            /* AES key should be 16, 24, or 32 bytes */
+            byte[] encoded = aesKey.getEncoded();
+            assertTrue("AES key length should be 16, 24, or 32 bytes",
+                encoded.length == 16 || encoded.length == 24 ||
+                encoded.length == 32);
+
+            /* Verify key can be used with Cipher */
+            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+            cipher.init(Cipher.ENCRYPT_MODE, aesKey);
+
+            /* Test encryption/decryption */
+            byte[] plaintext = "Test AES encryption".getBytes();
+            byte[] ciphertext = cipher.doFinal(plaintext);
+            cipher.init(Cipher.DECRYPT_MODE, aesKey,
+                cipher.getParameters());
+            byte[] decrypted = cipher.doFinal(ciphertext);
+            assertArrayEquals(plaintext, decrypted);
+
+        } catch (Exception e) {
+            fail("Unexpected exception during AES key generation: " +
+                e.getMessage());
+        }
+    }
+
+    @Test
+    public void testECDHGenerateSecretKeyForDES()
+        throws NoSuchProviderException, NoSuchAlgorithmException,
+               InvalidParameterSpecException, InvalidKeyException,
+               InvalidAlgorithmParameterException {
+
+        /* initialize key pair generator */
+        KeyPairGenerator keyGen =
+            KeyPairGenerator.getInstance("EC", "wolfJCE");
+        ECGenParameterSpec ecsp = new ECGenParameterSpec("secp256r1");
+        keyGen.initialize(ecsp);
+
+        KeyAgreement aKeyAgree = KeyAgreement.getInstance("ECDH", "wolfJCE");
+        KeyAgreement bKeyAgree = KeyAgreement.getInstance("ECDH", "wolfJCE");
+
+        KeyPair aPair = keyGen.generateKeyPair();
+        KeyPair bPair = keyGen.generateKeyPair();
+
+        aKeyAgree.init(aPair.getPrivate());
+        bKeyAgree.init(bPair.getPrivate());
+
+        aKeyAgree.doPhase(bPair.getPublic(), true);
+        bKeyAgree.doPhase(aPair.getPublic(), true);
+
+        /* Test generateSecret("DES") returns SecretKey, not DESKeySpec */
+        try {
+            SecretKey desKey = aKeyAgree.generateSecret("DES");
+            assertNotNull(desKey);
+            assertTrue(desKey instanceof SecretKey);
+            assertEquals("DES", desKey.getAlgorithm());
+
+            /* Verify key can be used with Cipher */
+            Cipher cipher = Cipher.getInstance("DES/ECB/PKCS5Padding");
+            cipher.init(Cipher.ENCRYPT_MODE, desKey);
+
+        } catch (ClassCastException e) {
+            fail("generateSecret(\"DES\") should return SecretKey, " +
+                "not DESKeySpec: " + e.getMessage());
+
+        } catch (Exception e) {
+            fail("Unexpected exception during DES key generation: " +
+                e.getMessage());
+        }
+
+        /* Test generateSecret("DESede") returns SecretKey */
+        try {
+            /* bKeyAgree already has doPhase() completed, just generate
+             * secret with different algorithm */
+            SecretKey desedeKey = bKeyAgree.generateSecret("DESede");
+            assertNotNull(desedeKey);
+            assertTrue(desedeKey instanceof SecretKey);
+            assertEquals("DESede", desedeKey.getAlgorithm());
+
+            /* Verify key can be used with Cipher */
+            Cipher cipher =
+                Cipher.getInstance("DESede/ECB/PKCS5Padding");
+            cipher.init(Cipher.ENCRYPT_MODE, desedeKey);
+
+        } catch (ClassCastException e) {
+            fail("generateSecret(\"DESede\") should return SecretKey, " +
+                "not DESedeKeySpec: " + e.getMessage());
+
+        } catch (Exception e) {
+            fail("Unexpected exception during DESede key generation: " +
+                e.getMessage());
+        }
+
+        /* Test generateSecret("AES") returns SecretKey with proper size */
+        KeyAgreement cKeyAgree = KeyAgreement.getInstance("ECDH", "wolfJCE");
+        KeyPair cPair = keyGen.generateKeyPair();
+        cKeyAgree.init(cPair.getPrivate());
+        cKeyAgree.doPhase(aPair.getPublic(), true);
+
+        try {
+            SecretKey aesKey = cKeyAgree.generateSecret("AES");
+            assertNotNull(aesKey);
+            assertTrue(aesKey instanceof SecretKey);
+            assertEquals("AES", aesKey.getAlgorithm());
+
+            /* AES key should be 16, 24, or 32 bytes */
+            byte[] encoded = aesKey.getEncoded();
+            assertTrue("AES key length should be 16, 24, or 32 bytes",
+                encoded.length == 16 || encoded.length == 24 ||
+                encoded.length == 32);
+
+            /* Verify key can be used with Cipher */
+            Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5Padding");
+            cipher.init(Cipher.ENCRYPT_MODE, aesKey);
+
+            /* Test encryption/decryption */
+            byte[] plaintext = "Test AES encryption".getBytes();
+            byte[] ciphertext = cipher.doFinal(plaintext);
+            cipher.init(Cipher.DECRYPT_MODE, aesKey,
+                cipher.getParameters());
+            byte[] decrypted = cipher.doFinal(ciphertext);
+            assertArrayEquals(plaintext, decrypted);
+
+        } catch (Exception e) {
+            fail("Unexpected exception during AES key generation: " +
+                e.getMessage());
+        }
+    }
+
     @Test
     public void testThreadedKeyAgreement()
         throws InterruptedException, NoSuchAlgorithmException {
