# HG changeset patch # User coffeys # Date 1442402605 -3600 # Node ID f5a6a6058bb502ce7a0ed022c0d07ff0118226fa # Parent 27dfaac11928985b50a8b3c3ab489a2e6c9ab421 8133535: Better exception messaging in Ucrypto code Reviewed-by: igerasim diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/GCMParameters.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/GCMParameters.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/GCMParameters.java Wed Sep 16 12:23:25 2015 +0100 @@ -90,7 +90,8 @@ return paramSpec.cast(new GCMParameterSpec(tLen*8, iv.clone())); } else { throw new InvalidParameterSpecException - ("Inappropriate parameter specification"); + ("Inappropriate parameter specification. Received " + + paramSpec.getClass().getName()); } } @@ -98,7 +99,8 @@ throws InvalidParameterSpecException { if (!(paramSpec instanceof GCMParameterSpec)) { throw new InvalidParameterSpecException - ("Inappropriate parameter specification"); + ("Inappropriate parameter specification. Received " + + paramSpec.getClass().getName()); } GCMParameterSpec gcmSpec = (GCMParameterSpec) paramSpec; try { @@ -114,7 +116,8 @@ val.data.reset(); setValues(val.data.getOctetString(), val.data.getInteger()); } else { - throw new IOException("GCM parameter parsing error: SEQ tag expected"); + throw new IOException("GCM parameter parsing error: SEQ tag expected." + + " Received: " + val.tag); } } diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipher.java Wed Sep 16 12:23:25 2015 +0100 @@ -274,13 +274,14 @@ if (params != null) { if (!(params instanceof IvParameterSpec)) { throw new InvalidAlgorithmParameterException - ("IvParameterSpec required"); + ("IvParameterSpec required. Received: " + + params.getClass().getName()); } else { ivBytes = ((IvParameterSpec) params).getIV(); if (ivBytes.length != blockSize) { throw new InvalidAlgorithmParameterException ("Wrong IV length: must be " + blockSize + - " bytes long"); + " bytes long. Received length:" + ivBytes.length); } } } else { @@ -442,12 +443,13 @@ if (fixedKeySize == -1) { // all 3 AES key lengths are allowed if (keyLen != 16 && keyLen != 24 && keyLen != 32) { - throw new InvalidKeyException("Key size is not valid"); + throw new InvalidKeyException("Key size is not valid." + + " Got key length of: " + keyLen); } } else { if (keyLen != fixedKeySize) { throw new InvalidKeyException("Only " + fixedKeySize + - "-byte keys are accepted"); + "-byte keys are accepted. Got: " + keyLen); } } // return the validated key length in bytes diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipherWithJavaPadding.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipherWithJavaPadding.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeCipherWithJavaPadding.java Wed Sep 16 12:23:25 2015 +0100 @@ -184,7 +184,7 @@ if (padValue < 1 || padValue > blockSize) { UcryptoProvider.debug("PKCS5Padding: unpad, lastData: " + Arrays.toString(lastData)); UcryptoProvider.debug("PKCS5Padding: unpad, padValue=" + padValue); - throw new BadPaddingException("Invalid pad value!"); + throw new BadPaddingException("Invalid pad value: " + padValue); } // sanity check padding bytes @@ -388,7 +388,7 @@ out = Arrays.copyOf(out, actualOut); } } catch (ShortBufferException sbe) { - throw new UcryptoException("Internal Error"); + throw new UcryptoException("Internal Error", sbe); } finally { reset(); } @@ -404,7 +404,8 @@ int estimatedOutLen = engineGetOutputSize(inLen); if (out.length - outOfs < estimatedOutLen) { - throw new ShortBufferException(); + throw new ShortBufferException("Actual: " + (out.length - outOfs) + + ". Estimated Out Length: " + estimatedOutLen); } try { if (nc.encrypt) { diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeDigest.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeDigest.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeDigest.java Wed Sep 16 12:23:25 2015 +0100 @@ -131,7 +131,8 @@ try { int len = engineDigest(digest, 0, digestLen); if (len != digestLen) { - throw new UcryptoException("Digest length mismatch"); + throw new UcryptoException("Digest length mismatch." + + " Len: " + len + ". digestLen: " + digestLen); } return digest; } catch (DigestException de) { @@ -144,10 +145,11 @@ throws DigestException { if (len < digestLen) { throw new DigestException("Output buffer must be at least " + - digestLen + " bytes long"); + digestLen + " bytes long. Got: " + len); } if ((ofs < 0) || (len < 0) || (ofs > out.length - len)) { - throw new DigestException("Buffer too short to store digest"); + throw new DigestException("Buffer too short to store digest. " + + "ofs: " + ofs + ". len: " + len + ". out.length: " + out.length); } if (pCtxt == null) { @@ -177,7 +179,8 @@ return; } if ((ofs < 0) || (len < 0) || (ofs > in.length - len)) { - throw new ArrayIndexOutOfBoundsException(); + throw new ArrayIndexOutOfBoundsException("ofs: " + ofs + ". len: " + + len + ". in.length: " + in.length); } if (pCtxt == null) { pCtxt = new DigestContextRef(this, nativeInit(mech), mech); diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeGCMCipher.java Wed Sep 16 12:23:25 2015 +0100 @@ -188,7 +188,8 @@ byte[] ivBytes = null; if (params != null) { if (!(params instanceof GCMParameterSpec)) { - throw new InvalidAlgorithmParameterException("GCMParameterSpec required"); + throw new InvalidAlgorithmParameterException("GCMParameterSpec required." + + " Received: " + params.getClass().getName()); } else { tagLen = ((GCMParameterSpec) params).getTLen(); ivBytes = ((GCMParameterSpec) params).getIV(); @@ -264,9 +265,9 @@ int outOfs) throws ShortBufferException { int len = getOutputSizeByOperation(inLen, false); if (out.length - outOfs < len) { - throw new ShortBufferException("Output buffer must be " - + "(at least) " + len - + " bytes long"); + throw new ShortBufferException("Output buffer must be " + + "(at least) " + len + " bytes long. Got: " + + (out.length - outOfs)); } if (aadBuffer != null && aadBuffer.size() > 0) { // init again with AAD data @@ -365,8 +366,8 @@ int len = getOutputSizeByOperation(inLen, true); if (out.length - outOfs < len) { throw new ShortBufferException("Output buffer must be " - + "(at least) " + len - + " bytes long"); + + "(at least) " + len + " bytes long. Got: " + + (out.length - outOfs)); } if (aadBuffer != null && aadBuffer.size() > 0) { // init again with AAD data @@ -385,7 +386,8 @@ if (inLen < tagLen/8) { // Otherwise, Solaris lib will error out w/ CRYPTO_BUFFER_TOO_SMALL // when ucrypto_decrypt_final() is called - throw new AEADBadTagException("Input too short - need tag"); + throw new AEADBadTagException("Input too short - need tag." + + " inLen: " + inLen + ". tagLen: " + tagLen); } // refresh 'in' to all buffered-up bytes in = ibuffer.toByteArray(); diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeKey.java Wed Sep 16 12:23:25 2015 +0100 @@ -94,7 +94,8 @@ pKey = nativeInit(NativeKey.getMagnitude(mod), NativeKey.getMagnitude(privateExp)); } else { - throw new InvalidKeySpecException("Only supports RSAPrivateKeySpec"); + throw new InvalidKeySpecException("Only supports RSAPrivateKeySpec." + + " Received: " + keySpec.getClass().getName()); } if (pKey == 0L) { throw new UcryptoException("Error constructing RSA PrivateKey"); @@ -141,7 +142,8 @@ NativeKey.getMagnitude(primeExpQ), NativeKey.getMagnitude(crtCoeff)); } else { - throw new InvalidKeySpecException("Only supports RSAPrivateCrtKeySpec"); + throw new InvalidKeySpecException("Only supports RSAPrivateCrtKeySpec." + + " Received: " + keySpec.getClass().getName()); } if (pKey == 0L) { throw new UcryptoException("Error constructing RSA PrivateCrtKey"); @@ -184,7 +186,8 @@ pKey = nativeInit(NativeKey.getMagnitude(mod), NativeKey.getMagnitude(publicExp)); } else { - throw new InvalidKeySpecException("Only supports RSAPublicKeySpec"); + throw new InvalidKeySpecException("Only supports RSAPublicKeySpec." + + " Received: " + keySpec.getClass().getName()); } if (pKey == 0L) { throw new UcryptoException("Error constructing RSA PublicKey"); diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSACipher.java Wed Sep 16 12:23:25 2015 +0100 @@ -159,7 +159,8 @@ @Override protected int engineGetKeySize(Key key) throws InvalidKeyException { if (!(key instanceof RSAKey)) { - throw new InvalidKeyException("RSAKey required"); + throw new InvalidKeyException("RSAKey required. Got: " + + key.getClass().getName()); } int n = ((RSAKey)key).getModulus().bitLength(); // strip off the leading extra 0x00 byte prefix @@ -206,9 +207,11 @@ // Make sure the proper opmode uses the proper key if (doEncrypt && (!(newKey instanceof RSAPublicKey))) { - throw new InvalidKeyException("RSAPublicKey required for encryption"); + throw new InvalidKeyException("RSAPublicKey required for encryption." + + " Received: " + newKey.getClass().getName()); } else if (!doEncrypt && (!(newKey instanceof RSAPrivateKey))) { - throw new InvalidKeyException("RSAPrivateKey required for decryption"); + throw new InvalidKeyException("RSAPrivateKey required for decryption." + + " Received: " + newKey.getClass().getName()); } NativeKey nativeKey = null; @@ -237,13 +240,14 @@ privateKey.getPrimeExponentP(), privateKey.getPrimeExponentQ(), privateKey.getCrtCoefficient())); - } else if (newKey instanceof RSAPrivateKey) { + } else if (newKey instanceof RSAPrivateKey) { RSAPrivateKey privateKey = (RSAPrivateKey) newKey; nativeKey = (NativeKey) keyFactory.engineGeneratePrivate (new RSAPrivateKeySpec(privateKey.getModulus(), privateKey.getPrivateExponent())); } else { - throw new InvalidKeyException("Unsupported type of RSAPrivateKey"); + throw new InvalidKeyException("Unsupported type of RSAPrivateKey." + + " Received: " + newKey.getClass().getName()); } } catch (InvalidKeySpecException ikse) { throw new InvalidKeyException(ikse); @@ -282,7 +286,8 @@ protected synchronized int engineUpdate(byte[] in, int inOfs, int inLen, byte[] out, int outOfs) throws ShortBufferException { if (out.length - outOfs < outputSize) { - throw new ShortBufferException("Output buffer too small"); + throw new ShortBufferException("Output buffer too small. outputSize: " + + outputSize + ". out.length: " + out.length + ". outOfs: " + outOfs); } if (inLen > 0) { update(in, inOfs, inLen); @@ -332,7 +337,9 @@ "the key to be wrapped"); } if (encodedKey.length > buffer.length) { - throw new InvalidKeyException("Key is too long for wrapping"); + throw new InvalidKeyException("Key is too long for wrapping. " + + "encodedKey.length: " + encodedKey.length + + ". buffer.length: " + buffer.length); } return engineDoFinal(encodedKey, 0, encodedKey.length); } catch (BadPaddingException e) { @@ -349,7 +356,9 @@ throws InvalidKeyException, NoSuchAlgorithmException { if (wrappedKey.length > buffer.length) { - throw new InvalidKeyException("Key is too long for unwrapping"); + throw new InvalidKeyException("Key is too long for unwrapping." + + " wrappedKey.length: " + wrappedKey.length + + ". buffer.length: " + buffer.length); } boolean isTlsRsaPremasterSecret = diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSAKeyFactory.java Wed Sep 16 12:23:25 2015 +0100 @@ -56,7 +56,8 @@ } else if (keySpec instanceof RSAPrivateKeySpec) { return new NativeKey.RSAPrivate(keySpec); } else { - throw new InvalidKeySpecException("Unsupported key spec"); + throw new InvalidKeySpecException("Unsupported key spec." + + " Received: " + keySpec.getClass().getName()); } } diff -r 27dfaac11928 -r f5a6a6058bb5 src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java --- a/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java Tue Sep 15 15:10:49 2015 -0700 +++ b/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/NativeRSASignature.java Wed Sep 16 12:23:25 2015 +0100 @@ -192,7 +192,8 @@ // Need to check RSA key length whenever a new private key is set if (privateKey != key) { if (!(privateKey instanceof RSAPrivateKey)) { - throw new InvalidKeyException("RSAPrivateKey required"); + throw new InvalidKeyException("RSAPrivateKey required. " + + "Received: " + privateKey.getClass().getName()); } RSAPrivateKey rsaPrivKey = (RSAPrivateKey) privateKey; BigInteger mod = rsaPrivKey.getModulus(); @@ -242,7 +243,8 @@ throw new InvalidKeyException(ikse); } } else { - throw new InvalidKeyException("RSAPublicKey required"); + throw new InvalidKeyException("RSAPublicKey required. " + + "Received: " + publicKey.getClass().getName()); } } init(false, newKey, newSigLength); @@ -269,7 +271,8 @@ throws SignatureException { if (outbuf == null || (offset < 0) || (outbuf.length < (offset + sigLength)) || (len < sigLength)) { - throw new SignatureException("Invalid output buffer"); + throw new SignatureException("Invalid output buffer. offset: " + + offset + ". len: " + len + ". sigLength: " + sigLength); } int rv = doFinal(outbuf, offset, sigLength); if (rv < 0) { @@ -328,7 +331,8 @@ throws SignatureException { if (sigBytes == null || (sigOfs < 0) || (sigBytes.length < (sigOfs + this.sigLength)) || (sigLen < this.sigLength)) { - throw new SignatureException("Invalid signature buffer"); + throw new SignatureException("Invalid signature buffer. sigOfs: " + + sigOfs + ". sigLen: " + sigLen + ". this.sigLength: " + this.sigLength); } int rv = doFinal(sigBytes, sigOfs, sigLen); @@ -405,7 +409,8 @@ // returns 0 (success) or negative (ucrypto error occurred) private int update(byte[] in, int inOfs, int inLen) { if (inOfs < 0 || inOfs + inLen > in.length) { - throw new ArrayIndexOutOfBoundsException(); + throw new ArrayIndexOutOfBoundsException("inOfs :" + inOfs + + ". inLen: " + inLen + ". in.length: " + in.length); } ensureInitialized(); int k = nativeUpdate(pCtxt.id, sign, in, inOfs, inLen); @@ -442,7 +447,8 @@ int maxDataSize = keySize - PKCS1PADDING_LEN; if (maxDataSize < encodedLen) { throw new InvalidKeyException - ("Key is too short for this signature algorithm"); + ("Key is too short for this signature algorithm. maxDataSize: " + + maxDataSize + ". encodedLen: " + encodedLen); } return keySize; } diff -r 27dfaac11928 -r f5a6a6058bb5 test/com/oracle/security/ucrypto/CipherSignNotSupported.java --- a/test/com/oracle/security/ucrypto/CipherSignNotSupported.java Tue Sep 15 15:10:49 2015 -0700 +++ b/test/com/oracle/security/ucrypto/CipherSignNotSupported.java Wed Sep 16 12:23:25 2015 +0100 @@ -23,7 +23,7 @@ /** * @test - * @bug 8029849 8132082 + * @bug 8029849 8132082 8133535 * @summary Make sure signing via encrypt and verifying via decrypt are not * supported by OracleUcrypto provider. * @author Anthony Scarpino @@ -89,8 +89,7 @@ ct = c.doFinal(pt); throw new RuntimeException("Encrypt operation should have failed."); } catch (InvalidKeyException e) { - if (e.getMessage().compareTo("RSAPublicKey required for " + - "encryption") != 0) { + if (!e.getMessage().contains("RSAPublicKey required for encryption")) { System.out.println("Wrong exception thrown."); throw e; } @@ -103,8 +102,7 @@ c.doFinal(ct); throw new RuntimeException("Decrypt operation should have failed."); } catch (InvalidKeyException e) { - if (e.getMessage().compareTo("RSAPrivateKey required for " + - "decryption") != 0) { + if (!e.getMessage().contains("RSAPrivateKey required for decryption")) { System.out.println("Wrong exception thrown."); throw e; }