address Sean's comments

wangweij · Jan 7, 2025 · 7027918 · 7027918
1 parent 7a25deb
commit 7027918
Show file tree

Hide file tree

Showing 8 changed files with 25 additions and 20 deletions.
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java b/src/java.base/share/classes/com/sun/crypto/provider/DHKeyAgreement.java
@@ -428,8 +428,8 @@ protected SecretKey engineGenerateSecret(String algorithm)
                 return new SecretKeySpec(secret, algorithm);
             }
         } else {
-            throw new NoSuchAlgorithmException("Unsupported secret key "
-                                               + "algorithm: "+ algorithm);
+            throw new NoSuchAlgorithmException(
+                    "Unsupported secret key algorithm " + algorithm);
         }
     }
 }
diff --git a/src/java.base/share/classes/javax/crypto/KeyAgreement.java b/src/java.base/share/classes/javax/crypto/KeyAgreement.java
@@ -665,13 +665,14 @@ public final int generateSecret(byte[] sharedSecret, int offset)
      *      <a href="{@docRoot}/../specs/security/standard-names.html#secretkey-algorithms">
      *      Java Security Standard Algorithm Names Specification</a>
      *      for information about standard secret key algorithm names.
-     *      Use "Generic" if the output will be used as the input keying
+     *      Specify "Generic" if the output will be used as the input keying
      *      material of a key derivation function (KDF).
      *
      * @return the shared secret key. The length of the key material
      *      may be adjusted to be compatible with the specified algorithm,
      *      regardless of whether the key is extractable. If {@code algorithm}
-     *      is specified as "Generic", the full shared secret will be returned.
+     *      is specified as "Generic" and it is supported by the implementation,
+     *      the full shared secret will be returned.
      *
      * @exception IllegalStateException if this key agreement has not been
      * initialized or if {@code doPhase} has not been called to supply the

diff --git a/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java b/src/java.base/share/classes/javax/crypto/KeyAgreementSpi.java
@@ -211,13 +211,14 @@ protected abstract int engineGenerateSecret(byte[] sharedSecret,
      *      <a href="{@docRoot}/../specs/security/standard-names.html#secretkey-algorithms">
      *      Java Security Standard Algorithm Names Specification</a>
      *      for information about standard secret key algorithm names.
-     *      Use "Generic" if the output will be used as the input keying
+     *      Specify "Generic" if the output will be used as the input keying
      *      material of a key derivation function (KDF).
      *
      * @return the shared secret key. The length of the key material
      *      may be adjusted to be compatible with the specified algorithm,
      *      regardless of whether the key is extractable. If {@code algorithm}
-     *      is specified as "Generic", the full shared secret will be returned.
+     *      is specified as "Generic" and it is supported by the implementation,
+     *      the full shared secret will be returned.
      *
      * @exception IllegalStateException if this key agreement has not been
      * initialized or if {@code doPhase} has not been called to supply the

diff --git a/src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java b/src/java.base/share/classes/sun/security/ec/ECDHKeyAgreement.java
@@ -256,10 +256,10 @@ protected SecretKey engineGenerateSecret(String algorithm)
             throw new NoSuchAlgorithmException("Algorithm must not be null");
         }
         if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
-            throw new NoSuchAlgorithmException
-                ("Only supported for algorithm TlsPremasterSecret");
+            throw new NoSuchAlgorithmException(
+                    "Unsupported secret key algorithm " + algorithm);
         }
-        return new SecretKeySpec(engineGenerateSecret(), "TlsPremasterSecret");
+        return new SecretKeySpec(engineGenerateSecret(), algorithm);
     }
 
     private static

diff --git a/src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java b/src/java.base/share/classes/sun/security/ec/XDHKeyAgreement.java
@@ -211,7 +211,7 @@ protected SecretKey engineGenerateSecret(String algorithm)
 
         if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
             throw new NoSuchAlgorithmException(
-                    "Only supported for algorithm TlsPremasterSecret");
+                    "Unsupported secret key algorithm " + algorithm);
         }
         return new SecretKeySpec(engineGenerateSecret(), algorithm);
     }

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11ECDHKeyAgreement.java
@@ -171,8 +171,8 @@ protected SecretKey engineGenerateSecret(String algorithm)
             throw new NoSuchAlgorithmException("Algorithm must not be null");
         }
         if (!KeyUtil.isSupportedKeyAgreementOutputAlgorithm(algorithm)) {
-            throw new NoSuchAlgorithmException
-                ("Only supported for algorithm TlsPremasterSecret");
+            throw new NoSuchAlgorithmException(
+                    "Unsupported secret key algorithm " + algorithm);
         }
         return nativeGenerateSecret(algorithm);
     }

diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11KeyAgreement.java
@@ -278,8 +278,8 @@ protected SecretKey engineGenerateSecret(String algorithm)
         }
 
         if (!AllowKDF.VALUE) {
-            throw new NoSuchAlgorithmException("Unsupported secret key "
-                                               + "algorithm: " + algorithm);
+            throw new NoSuchAlgorithmException(
+                    "Unsupported secret key algorithm " + algorithm);
         }
 
         byte[] secret = engineGenerateSecret();

diff --git a/test/jdk/java/security/KeyAgreement/Generic.java b/test/jdk/java/security/KeyAgreement/Generic.java
@@ -30,10 +30,13 @@
  * @run main/othervm Generic nss
  * @run main/othervm -DCUSTOM_P11_CONFIG_NAME=p11-nss-sensitive.txt Generic nss
  */
+import jdk.test.lib.Asserts;
+
 import javax.crypto.KeyAgreement;
 import java.security.KeyPairGenerator;
 import java.security.Provider;
 import java.security.Security;
+import java.util.List;
 
 public class Generic {
 
@@ -56,12 +59,12 @@ static void test(Provider p) throws Exception {
                     var kp1 = g.generateKeyPair();
                     var kp2 = g.generateKeyPair();
                     var ka = KeyAgreement.getInstance(s.getAlgorithm(), s.getProvider());
-                    ka.init(kp1.getPrivate());
-                    ka.doPhase(kp2.getPublic(), true);
-                    ka.generateSecret("TlsPremasterSecret");
-                    ka.init(kp1.getPrivate());
-                    ka.doPhase(kp2.getPublic(), true);
-                    ka.generateSecret("Generic");
+                    for (var alg : List.of("TlsPremasterSecret", "Generic")) {
+                        ka.init(kp1.getPrivate());
+                        ka.doPhase(kp2.getPublic(), true);
+                        Asserts.assertEquals(
+                                ka.generateSecret(alg).getAlgorithm(), alg);
+                    }
                 } catch (Exception e) {
                     throw e;
                 }