JDK-8257932 : ECDHKeyAgreement.generateSecret() should throw the proper exception
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto
  • Priority: P4
  • Status: Resolved
  • Resolution: Duplicate
  • Submitted: 2020-12-09
  • Updated: 2021-02-20
  • Resolved: 2021-02-20
Related Reports
Duplicate :  
JDK-8261502 - ECDHKeyAgreement: Allows alternate ECPrivateKey impl and revised exception handling
Description
If the public or private key has has points that are not on the curve, ECDHKeyAgreement.generateSecret() will throw a ProviderException.  
It should be a InvalidKeyException, which is a subclass of the GeneralSecurityException.

The KeyAgreement.generateSecret() spec says IllegalStateException are to be thrown.  The EC method does not wrap previous exception.
Comments
The changed was merged into JDK-8261502 as it was the more noteworthy bug eventhough this bug was a larger code change. When looking through the, it did not check the keys until the the actual operation, generateSecret(). It is my belief the code was built only for the native ecc implementation where sending all the key material to the library was needed to verify the pieces. Now that we only have a java ecc implementation, this is not longer necessary and the checks can happen in their proper methods and throwing the proper exception class. It makes little sense to keep checks like supported curves and valid keys to generateSecret when they should be during the init and doPhase methods.
20-02-2021