AlgorithmParameterSpec, KeySpec predicate refinement

[AndreSonntag]

Currently, CrySL provides different predicates for AlgorithmParamterSpec interface implementers. We should have the same for KeySpec implementers. In the following example, we get an InvalidKeySpecException, due to the wrong KeySpec object.

public static PrivateKey createPrivateKey(){
 KeyFactory keyFactory = KeyFactory.getInstance("DSA");
 PBEKeySpec spec = new PBEKeySpec(new char[16]);
 PrivateKey privateKey = keyFactory.generatePrivate(spec);
 return privateKey;
}  

java.security.spec.AlgorithmParameterSpec

• java.security.spec.DSAGenParameterSpec preparedDSA[]

• java.security.spec.DSAParameterSpec preparedDSA[]

• java.security.spec.ECGenParameterSpec preparedEC[]

• java.security.spec.ECParameterSpec preparedEC[]

• java.security.spec.MGF1ParameterSpec preparedMFG1[]

• java.security.spec.RSAKeyGenParameterSpec preparedRSA[]

• javax.crypto.spec.DHGenParameterSpec preparedDH[]

• javax.crypto.spec.DHParameterSpec preparedDH[]

• javax.crypto.spec.GCMParameterSpec preparedGCM[]

• javax.crypto.spec.IvParameterSpec preparedIV[]

• javax.crypto.spec.OAEPParameterSpec preparedOAEP[]

• javax.crypto.spec.PBEParameterSpec preparedPBE[]

• javax.xml.crypto.dsig.spec.HMACParameterSpec preparedHMAC[]

• java.security.spec.PSSParameterSpec preparedPSS[]

java.security.spec.KeySpec

• javax.crypto.spec.PBEKeySpec speccedKey[] → speccedPBEKeySpec[this, keylength]

• javax.crypto.spec.SecretKeySpec speccedKey[] → speccedSymmetricKeySpec[this, keyAlgorithm], generatedSymmetricKey[this, keyAlgorithm]

• java.security.spec.X509EncodedKeySpec speccedPubKeySpec[this]

• java.security.spec.PKCS8EncodedKeySpec speccedPrivKeySpec[this]

• java.security.spec.EncodedKeySpec speccedPubKeySpec[this], speccedPrivKeySpec[this]

• java.security.spec.DSAPrivateKeySpec speccedDSAPrivKeySpec[this]

• java.security.spec.DSAPublicKeySpec speccedDSAPubKeySpec[this]

• java.security.spec.ECPrivateKeySpec speccedECPrivKeySpec[this]

• java.security.spec.ECPublicKeySpec speccedECPubKeySpec[this]

• java.security.spec.RSAPrivateKeySpec speccedRSAPrivKeySpec[this]

• java.security.spec.RSAPublicKeySpec speccedRSAPubKeySpec[this]

• java.security.spec.RSAPrivateCrtKeySpec speccedRSAPrivKeySpec[this]

• javax.crypto.spec.DHPrivateKeySpec speccedDHPrivKeySpec[this]

• javax.crypto.spec.DHPublicKeySpec speccedDHPubKeySpec[this]

• javax.crypto.spec.DESedeKeySpec not secure

• javax.crypto.spec.DESKeySpec not secure

Sources:
https://docs.oracle.com/javase/8/docs/api/java/security/spec/package-tree.html
https://docs.oracle.com/javase/8/docs/api/javax/crypto/spec/package-tree.html

[AndreSonntag]

Branch:
https://github.com/CROSSINGTUD/Crypto-API-Rules/tree/AlgorithmParameterSpec_KeySpec_refinement