Fixes for PQC test cases and Fix Serialization issues with keys. (#680)

Needed to remove the dependency of JDK17 in the testcases.
Also, there is an issue with serialization. When KeyRep is used to
serialize the key the provider order is used to de serialize the key
which can cause the wrong key to be created. So, added a new KeyRep
class that contains the provider which will allow the correct key to be
created.

Signed-off-by: John Peck <[email protected]>

Author: johnpeck-us-ibm

src/main/java/com/ibm/crypto/plus/provider/AESKey.java

@@ -9,7 +9,6 @@
 package com.ibm.crypto.plus.provider;
 
 import java.security.InvalidKeyException;
-import java.security.KeyRep;
 import java.util.Arrays;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -26,6 +25,8 @@ final class AESKey implements SecretKey {
 
     private transient boolean destroyed = false;
 
+    private OpenJCEPlusProvider provider = null;
+
     /**
      * Create an AES key from a given key
      *
@@ -35,12 +36,13 @@ final class AESKey implements SecretKey {
      * @exception InvalidKeyException
      *                if the given key has wrong size
      */
-    AESKey(byte[] key) throws InvalidKeyException {
+    AESKey(OpenJCEPlusProvider provider, byte[] key) throws InvalidKeyException {
         if ((key == null) || !AESUtils.isKeySizeValid(key.length)) {
             throw new InvalidKeyException("Wrong key size");
         }
 
         this.key = new byte[key.length];
+        this.provider = provider;
         System.arraycopy(key, 0, this.key, 0, key.length);
     }
 
@@ -117,7 +119,7 @@ private void readObject(java.io.ObjectInputStream s)
      */
     private Object writeReplace() throws java.io.ObjectStreamException {
         checkDestroyed();
-        return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded());
+        return new JCEPlusKeyRep(JCEPlusKeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded(), provider.getName());
     }
 
     /**

src/main/java/com/ibm/crypto/plus/provider/AESKeyFactory.java

@@ -49,7 +49,7 @@ public AESKeyFactory(OpenJCEPlusProvider provider) {
     protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
         try {
             if (keySpec instanceof SecretKeySpec) {
-                return new AESKey(((SecretKeySpec) keySpec).getEncoded());
+                return new AESKey(provider, ((SecretKeySpec) keySpec).getEncoded());
             }
             throw new InvalidKeySpecException("Inappropriate key specification");
         } catch (InvalidKeyException e) {

src/main/java/com/ibm/crypto/plus/provider/AESKeyGenerator.java

@@ -53,7 +53,7 @@ protected SecretKey engineGenerateKey() {
         cryptoRandom.nextBytes(keyBytes);
 
         try {
-            return new AESKey(keyBytes);
+            return new AESKey(provider, keyBytes);
         } catch (InvalidKeyException e) {
             // Should never happen
             throw new ProviderException(e.getMessage());

src/main/java/com/ibm/crypto/plus/provider/ChaCha20Key.java

@@ -9,7 +9,6 @@
 package com.ibm.crypto.plus.provider;
 
 import java.security.InvalidKeyException;
-import java.security.KeyRep;
 import java.util.Arrays;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.SecretKeySpec;
@@ -26,6 +25,8 @@ final class ChaCha20Key implements SecretKey, ChaCha20Constants {
 
     private transient boolean destroyed = false;
 
+    private OpenJCEPlusProvider provider = null;
+
     /**
      * Create an ChaCha20 key from a given key
      *
@@ -35,7 +36,7 @@ final class ChaCha20Key implements SecretKey, ChaCha20Constants {
      * @exception InvalidKeyException
      *                if the given key has wrong size
      */
-    ChaCha20Key(byte[] key) throws InvalidKeyException {
+    ChaCha20Key(OpenJCEPlusProvider provider, byte[] key) throws InvalidKeyException {
 
         if ((key == null) || (key.length != ChaCha20_KEY_SIZE)) {
             throw new InvalidKeyException("Wrong key size");
@@ -118,7 +119,7 @@ private void readObject(java.io.ObjectInputStream s)
      */
     private Object writeReplace() throws java.io.ObjectStreamException {
         checkDestroyed();
-        return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded());
+        return new JCEPlusKeyRep(JCEPlusKeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded(), provider.getName());
     }
 
     /**

src/main/java/com/ibm/crypto/plus/provider/ChaCha20KeyFactory.java

@@ -49,7 +49,7 @@ public ChaCha20KeyFactory(OpenJCEPlusProvider provider) {
     protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
         try {
             if (keySpec instanceof SecretKeySpec) {
-                return new ChaCha20Key(((SecretKeySpec) keySpec).getEncoded());
+                return new ChaCha20Key(provider, ((SecretKeySpec) keySpec).getEncoded());
             }
             throw new InvalidKeySpecException("Inappropriate key specification");
         } catch (InvalidKeyException e) {

src/main/java/com/ibm/crypto/plus/provider/ChaCha20KeyGenerator.java

@@ -53,7 +53,7 @@ protected SecretKey engineGenerateKey() {
         cryptoRandom.nextBytes(keyBytes);
 
         try {
-            return new ChaCha20Key(keyBytes);
+            return new ChaCha20Key(provider, keyBytes);
         } catch (InvalidKeyException e) {
             // Should never happen
             throw new ProviderException(e.getMessage());

src/main/java/com/ibm/crypto/plus/provider/DESedeKey.java

@@ -9,7 +9,6 @@
 package com.ibm.crypto.plus.provider;
 
 import java.security.InvalidKeyException;
-import java.security.KeyRep;
 import java.util.Arrays;
 import javax.crypto.SecretKey;
 import javax.crypto.spec.DESedeKeySpec;
@@ -28,14 +27,16 @@ final class DESedeKey implements SecretKey, Destroyable {
 
     private transient boolean destroyed = false;
 
+    private OpenJCEPlusProvider provider = null;
+
     /**
      * Creates a DES-EDE key from a given key.
      *
      * @param key the given key
      *
      * @exception InvalidKeyException if the given key has a wrong size
      */
-    DESedeKey(byte[] key) throws InvalidKeyException {
+    DESedeKey(OpenJCEPlusProvider provider, byte[] key) throws InvalidKeyException {
         if ((key == null) || (key.length < DESedeKeySpec.DES_EDE_KEY_LEN)) {
             throw new InvalidKeyException("Wrong key size");
         }
@@ -120,7 +121,7 @@ private void readObject(java.io.ObjectInputStream s)
      */
     private Object writeReplace() throws java.io.ObjectStreamException {
         checkDestroyed();
-        return new KeyRep(KeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded());
+        return new JCEPlusKeyRep(JCEPlusKeyRep.Type.SECRET, getAlgorithm(), getFormat(), getEncoded(), provider.getName());
     }
 
     /**

src/main/java/com/ibm/crypto/plus/provider/DESedeKeyFactory.java

@@ -52,10 +52,10 @@ public DESedeKeyFactory(OpenJCEPlusProvider provider) {
     protected SecretKey engineGenerateSecret(KeySpec keySpec) throws InvalidKeySpecException {
         try {
             if (keySpec instanceof DESedeKeySpec) {
-                return new DESedeKey(((DESedeKeySpec) keySpec).getKey());
+                return new DESedeKey(provider, ((DESedeKeySpec) keySpec).getKey());
             }
             if (keySpec instanceof SecretKeySpec) {
-                return new DESedeKey(((SecretKeySpec) keySpec).getEncoded());
+                return new DESedeKey(provider, ((SecretKeySpec) keySpec).getEncoded());
             }
             throw new InvalidKeySpecException("Inappropriate key specification");
         } catch (InvalidKeyException e) {

src/main/java/com/ibm/crypto/plus/provider/DESedeKeyGenerator.java

@@ -79,7 +79,7 @@ protected SecretKey engineGenerateKey() {
         }
 
         try {
-            return new DESedeKey(rawkey);
+            return new DESedeKey(provider, rawkey);
         } catch (InvalidKeyException e) {
             // Should never happen
             throw new ProviderException(e.getMessage());

src/main/java/com/ibm/crypto/plus/provider/DHKeyAgreement.java

@@ -211,7 +211,7 @@ protected SecretKey engineGenerateSecret(String algorithm)
         byte[] secret = engineGenerateSecret();
         if (algorithm.equalsIgnoreCase("DESede") || algorithm.equalsIgnoreCase("TripleDES")) {
             // Triple DES
-            return new DESedeKey(secret);
+            return new DESedeKey(provider, secret);
         } else if (algorithm.equalsIgnoreCase("AES")) {
             // AES
             int keysize = secret.length;