Set private provider field based upon constructor (#927)

The DESedeKey and ChaCha20Key classes do allow for a provider to be used
on construction of the key, however the provider is not saved to the
private field of the class. This can cause NPE to be visable during
serialization operations. This update simply saves the provider to the
private field for later use.

Fixes: #920

Signed-off-by: Jason Katonica <[email protected]>

Author: jasonkatonica

src/main/java/com/ibm/crypto/plus/provider/ChaCha20Key.java

@@ -42,6 +42,7 @@ final class ChaCha20Key implements SecretKey, ChaCha20Constants {
             throw new InvalidKeyException("Wrong key size");
         }
 
+        this.provider = provider;
         this.key = new byte[key.length];
         System.arraycopy(key, 0, this.key, 0, key.length);
     }

src/main/java/com/ibm/crypto/plus/provider/DESedeKey.java

@@ -41,6 +41,7 @@ final class DESedeKey implements SecretKey, Destroyable {
             throw new InvalidKeyException("Wrong key size");
         }
 
+        this.provider = provider;
         this.key = new byte[DESedeKeySpec.DES_EDE_KEY_LEN];
         System.arraycopy(key, 0, this.key, 0, DESedeKeySpec.DES_EDE_KEY_LEN);
         DESedeKeyGenerator.setParityBit(key, 0);

src/test/java/ibm/jceplus/junit/base/BaseTestKeySerialization.java

@@ -22,6 +22,7 @@
 import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.ChaCha20ParameterSpec;
 import javax.crypto.spec.PBEKeySpec;
 import org.junit.jupiter.params.ParameterizedTest;
 import org.junit.jupiter.params.provider.CsvSource;
@@ -76,12 +77,20 @@ public void SerializationKeyPairTest (String algorithm, String sigAlg) throws Ex
     }
 
     @ParameterizedTest
-    @CsvSource({"AES, 256, AES/CBC/PKCS5Padding", "AES, 256, AES/GCM/NoPadding"})
+    @CsvSource({
+        "AES, 256, AES/CBC/PKCS5Padding",
+        "AES, 256, AES/GCM/NoPadding",
+        "DESede, 168, DESede/CBC/PKCS5Padding",
+        "ChaCha20, 256, ChaCha20/None/NoPadding"})
     public void SerializationSecretKeyTest (String algorithm, int size, String cipherName) throws Exception {
         KeyGenerator keyGen = null;
         SecretKey key = null;
         Cipher cp = null;
 
+        //DESede and ChaCha20 not supported by FIPS provider.
+        if ("OpenJCEPlusFIPS".equalsIgnoreCase(getProviderName()) && (algorithm.equalsIgnoreCase("DESede") || algorithm.equalsIgnoreCase("ChaCha20"))) {
+            return;
+        }
 
         keyGen = KeyGenerator.getInstance(algorithm, getProviderName());
         keyGen.init(size);
@@ -92,18 +101,24 @@ public void SerializationSecretKeyTest (String algorithm, int size, String ciphe
         serializeKey(key, keyFile);
         SecretKey deserializedKey = (SecretKey) deserializeKey(keyFile);
 
-
         assertArrayEquals(key.getEncoded(), 
             deserializedKey.getEncoded(),
             "Key deserialized key does not match original");
 
         cp = Cipher.getInstance(cipherName, getProviderName());
         cp.init(Cipher.ENCRYPT_MODE, key);
         byte[] cipherText = cp.doFinal(plainText);
-        AlgorithmParameters params = cp.getParameters();
-
-        // Verify the text
-        cp.init(Cipher.DECRYPT_MODE, deserializedKey, params);
+        
+        // ChaCha20 requires special handling since it uses ChaCha20ParameterSpec instead of AlgorithmParameters
+        if (algorithm.equalsIgnoreCase("ChaCha20")) {
+            byte[] nonce = cp.getIV();
+            ChaCha20ParameterSpec paramSpec = new ChaCha20ParameterSpec(nonce, 1);
+            cp.init(Cipher.DECRYPT_MODE, deserializedKey, paramSpec);
+        } else {
+            AlgorithmParameters params = cp.getParameters();
+            cp.init(Cipher.DECRYPT_MODE, deserializedKey, params);
+        }
+        
         byte[] newPlainText = cp.doFinal(cipherText, 0, cipherText.length);
         assertArrayEquals(plainText, newPlainText, "Secret keys are different");
     }