Better handle HMAC keys with null format

corretto · Aug 28, 2020 · 829b2e4 · 829b2e4
1 parent e323cd7
commit 829b2e4
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 1 deletion.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -47,6 +47,9 @@ For other sizes, there are no documented guarantees of the SunEC behavior.
 
   You may need to do a clean build when changing tests.
 
+### Patches
+* Better handle HMAC keys with a `null` format. [PR #124](https://github.com/corretto/amazon-corretto-crypto-provider/pull/124)
+
 ### Maintenance
 * Upgrade tests to JUnit5. [PR #111](https://github.com/corretto/amazon-corretto-crypto-provider/pull/111)
 * Upgrade BouncyCastle test dependency 1.65. [PR #110](https://github.com/corretto/amazon-corretto-crypto-provider/pull/110)

diff --git a/template-src/com/amazon/corretto/crypto/provider/TemplateHmacSpi.java b/template-src/com/amazon/corretto/crypto/provider/TemplateHmacSpi.java
@@ -324,7 +324,7 @@ protected void engineInit(Key key, AlgorithmParameterSpec params)
         }
         // Algorithm is explicitly NOT checked for compatibility with existing
         // JCE implementations such as SUN and BouncyCastle
-        if (!key.getFormat().equalsIgnoreCase("RAW")) {
+        if (!"RAW".equalsIgnoreCase(key.getFormat())) {
             throw new InvalidKeyException("Key must support RAW encoding");
         }
         byte[] rawKey = key.getEncoded();

diff --git a/tst/com/amazon/corretto/crypto/provider/test/HmacTest.java b/tst/com/amazon/corretto/crypto/provider/test/HmacTest.java
@@ -359,6 +359,12 @@ public String getFormat() {
                 return "UnexpectedFormat";
             }
         };
+        final SecretKey nullFormat = new SecretKeySpec("yellowsubmarine".getBytes(StandardCharsets.UTF_8), "Generic") {
+            @Override
+            public String getFormat() {
+                return null;
+            }
+        };
         final SecretKey nullEncoding = new SecretKeySpec("yellowsubmarine".getBytes(StandardCharsets.UTF_8), "Generic") {
             @Override
             public byte[] getEncoded() {
@@ -372,6 +378,7 @@ public byte[] getEncoded() {
             assertThrows(InvalidAlgorithmParameterException.class, () -> mac.init(validKey, new IvParameterSpec(new byte[0])));
             assertThrows(InvalidKeyException.class, () -> mac.init(pubKey));
             assertThrows(InvalidKeyException.class, () -> mac.init(badFormat));
+            assertThrows(InvalidKeyException.class, () -> mac.init(nullFormat));
             assertThrows(InvalidKeyException.class, () -> mac.init(nullEncoding));
         }
     }