diff options
Diffstat (limited to 'security-utils/src')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/SharedKeyGenerator.java | 8 | ||||
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java | 6 |
2 files changed, 8 insertions, 6 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SharedKeyGenerator.java b/security-utils/src/main/java/com/yahoo/security/SharedKeyGenerator.java index 0d46af648e0..440b17eecfa 100644 --- a/security-utils/src/main/java/com/yahoo/security/SharedKeyGenerator.java +++ b/security-utils/src/main/java/com/yahoo/security/SharedKeyGenerator.java @@ -14,6 +14,7 @@ import java.security.InvalidAlgorithmParameterException; import java.security.InvalidKeyException; import java.security.KeyPair; import java.security.NoSuchAlgorithmException; +import java.security.PrivateKey; import java.security.PublicKey; import java.security.SecureRandom; @@ -39,11 +40,12 @@ public class SharedKeyGenerator { private static final int AES_GCM_AUTH_TAG_BITS = 128; private static final String AES_GCM_ALGO_SPEC = "AES/GCM/NoPadding"; private static final String ECIES_CIPHER_NAME = "ECIES"; // TODO ensure SHA-256+AES. Needs BC version bump + private static final SecureRandom SHARED_CSPRNG = new SecureRandom(); public static SecretSharedKey generateForReceiverPublicKey(PublicKey receiverPublicKey, int keyId) { try { var keyGen = KeyGenerator.getInstance("AES"); - keyGen.init(256, new SecureRandom()); + keyGen.init(256, SHARED_CSPRNG); var secretKey = keyGen.generateKey(); var cipher = Cipher.getInstance(ECIES_CIPHER_NAME, BouncyCastleProviderHolder.getInstance()); @@ -58,10 +60,10 @@ public class SharedKeyGenerator { } } - public static SecretSharedKey fromSealedKey(SealedSharedKey sealedKey, KeyPair receiverKeyPair) { + public static SecretSharedKey fromSealedKey(SealedSharedKey sealedKey, PrivateKey receiverPrivateKey) { try { var cipher = Cipher.getInstance(ECIES_CIPHER_NAME, BouncyCastleProviderHolder.getInstance()); - cipher.init(Cipher.DECRYPT_MODE, receiverKeyPair.getPrivate()); + cipher.init(Cipher.DECRYPT_MODE, receiverPrivateKey); byte[] secretKey = cipher.doFinal(sealedKey.eciesPayload()); return new SecretSharedKey(new SecretKeySpec(secretKey, "AES"), sealedKey); diff --git a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java index c5f539dce58..348f214aa85 100644 --- a/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java +++ b/security-utils/src/test/java/com/yahoo/security/SharedKeyTest.java @@ -36,7 +36,7 @@ public class SharedKeyTest { var publicToken = myShared.sealedSharedKey().toTokenString(); var theirSealed = SealedSharedKey.fromTokenString(publicToken); - var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverKeyPair); + var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverKeyPair.getPrivate()); assertArrayEquals(myShared.secretKey().getEncoded(), theirShared.secretKey().getEncoded()); } @@ -67,7 +67,7 @@ public class SharedKeyTest { var expectedSharedSecret = "b1aded9dc19593baa08fe64f916dcbaf3328ec666d2e0c81b1f6f8af9794187b"; var theirSealed = SealedSharedKey.fromTokenString(publicToken); - var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverKeyPair); + var theirShared = SharedKeyGenerator.fromSealedKey(theirSealed, receiverKeyPair.getPrivate()); assertEquals(expectedSharedSecret, Hex.toHexString(theirShared.secretKey().getEncoded())); } @@ -78,7 +78,7 @@ public class SharedKeyTest { var eveKeyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); var bobShared = SharedKeyGenerator.generateForReceiverPublicKey(aliceKeyPair.getPublic(), 1); assertThrows(IllegalArgumentException.class, // TODO consider distinct exception class - () -> SharedKeyGenerator.fromSealedKey(bobShared.sealedSharedKey(), eveKeyPair)); + () -> SharedKeyGenerator.fromSealedKey(bobShared.sealedSharedKey(), eveKeyPair.getPrivate())); } @Test |