Add a test helper to generate secret keys … (#3683)

… from a test random seed to make them more reproducible.

Also fix the test that sometimes failed due to not recognizing enough
error cases.

Author: MMcM

fdb-record-layer-core/src/main/java/com/apple/foundationdb/record/provider/common/FixedZeroKeyManager.java

@@ -32,18 +32,18 @@
 public class FixedZeroKeyManager implements SerializationKeyManager {
     private final Key encryptionKey;
     private final String cipherName;
-    private final SecureRandom secureRandom;
+    private final Random random;
 
-    public FixedZeroKeyManager(@Nonnull Key encryptionKey, @Nullable String cipherName, @Nullable SecureRandom secureRandom) {
+    public FixedZeroKeyManager(@Nonnull Key encryptionKey, @Nullable String cipherName, @Nullable Random random) {
         if (cipherName == null) {
             cipherName = CipherPool.DEFAULT_CIPHER;
         }
-        if (secureRandom == null) {
-            secureRandom = new SecureRandom();
+        if (random == null) {
+            random = new SecureRandom();
         }
         this.encryptionKey = encryptionKey;
         this.cipherName = cipherName;
-        this.secureRandom = secureRandom;
+        this.random = random;
     }
 
     @Override
@@ -72,6 +72,6 @@ public Random getRandom(int keyNumber) {
         if (keyNumber != 0) {
             throw new RecordSerializationException("only provide key number 0");
         }
-        return secureRandom;
+        return random;
     }
 }

fdb-record-layer-core/src/test/java/com/apple/foundationdb/record/provider/common/RollingTestKeyManager.java

@@ -21,11 +21,10 @@
 package com.apple.foundationdb.record.provider.common;
 
 import com.apple.foundationdb.record.RecordCoreArgumentException;
+import com.apple.foundationdb.record.util.RandomSecretUtil;
 
-import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import java.security.Key;
-import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.Random;
@@ -34,13 +33,10 @@
  * A {@link SerializationKeyManager} that gives out lots of different keys.
  */
 public class RollingTestKeyManager implements SerializationKeyManager {
-    private final KeyGenerator keyGenerator;
     private final Map<Integer, SecretKey> keys;
     private final Random random;
 
-    public RollingTestKeyManager(long seed) throws NoSuchAlgorithmException {
-        keyGenerator = KeyGenerator.getInstance("AES");
-        keyGenerator.init(128);
+    public RollingTestKeyManager(long seed) {
         keys = new HashMap<>();
         random = new Random(seed);
     }
@@ -49,7 +45,7 @@ public RollingTestKeyManager(long seed) throws NoSuchAlgorithmException {
     public int getSerializationKey() {
         int newKey = random.nextInt();
         if (!keys.containsKey(newKey)) {
-            keys.put(newKey, keyGenerator.generateKey());
+            keys.put(newKey, RandomSecretUtil.randomSecretKey(random));
         }
         return newKey;
     }

fdb-record-layer-core/src/test/java/com/apple/foundationdb/record/provider/common/TransformedRecordSerializerTest.java

@@ -28,8 +28,8 @@
 import com.apple.foundationdb.record.logging.KeyValueLogMessage;
 import com.apple.foundationdb.record.logging.LogMessageKeys;
 import com.apple.foundationdb.record.metadata.RecordType;
+import com.apple.foundationdb.record.util.RandomSecretUtil;
 import com.apple.foundationdb.tuple.Tuple;
-import com.apple.test.BooleanSource;
 import com.apple.test.ParameterizedTestUtils;
 import com.apple.test.RandomSeedSource;
 import com.apple.test.RandomizedTestUtils;
@@ -48,13 +48,11 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import java.nio.ByteBuffer;
 import java.nio.ByteOrder;
 import java.security.InvalidKeyException;
 import java.security.Key;
-import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.List;
@@ -374,11 +372,9 @@ void unrecognizedEncoding() {
     }
 
     @ParameterizedTest
-    @BooleanSource
-    void encryptWhenSerializing(boolean compressToo) throws Exception {
-        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-        keyGen.init(128);
-        SecretKey key = keyGen.generateKey();
+    @MethodSource("randomAndCompressed")
+    void encryptWhenSerializing(long seed, boolean compressToo) {
+        SecretKey key = RandomSecretUtil.randomSecretKey(seed);
         TransformedRecordSerializer<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
                 .setEncryptionKey(key)
@@ -517,7 +513,7 @@ public static Stream<Arguments> randomAndCompressed() {
 
     @ParameterizedTest
     @MethodSource("randomAndCompressed")
-    void encryptRollingKeys(long seed, boolean compressToo) throws Exception {
+    void encryptRollingKeys(long seed, boolean compressToo) {
         RollingTestKeyManager keyManager = new RollingTestKeyManager(seed);
         TransformedRecordSerializer<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
@@ -550,12 +546,11 @@ void encryptRollingKeys(long seed, boolean compressToo) throws Exception {
         assertEquals(records, deserialized);
     }
 
-    @Test
-    void cannotDecryptUnknownKey() throws Exception {
-        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-        keyGen.init(128);
-        SecretKey key = keyGen.generateKey();
-        SecureRandom random = new SecureRandom();
+    @ParameterizedTest
+    @RandomSeedSource
+    void cannotDecryptUnknownKey(long seed) {
+        Random random = new Random(seed);
+        SecretKey key = RandomSecretUtil.randomSecretKey(random);
         TransformedRecordSerializer<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
                 .setKeyManager(new SerializationKeyManager() {
@@ -592,14 +587,20 @@ public Random getRandom(final int keyNumber) {
         assertThat(e.getMessage(), containsString("only provide key number 0"));
     }
 
+    public static Stream<Arguments> randomAndJCE() {
+        return ParameterizedTestUtils.cartesianProduct(
+                RandomizedTestUtils.randomSeeds(0xC0DE6EEDL, 0x6EEDC0DEL),
+                ParameterizedTestUtils.booleans("jce")
+        );
+    }
+
     @ParameterizedTest
-    @BooleanSource
-    void cannotDecryptWithoutKey(boolean jce) throws Exception {
-        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-        keyGen.init(128);
+    @MethodSource("randomAndJCE")
+    void cannotDecryptWithoutKey(long seed, boolean jce) {
+        SecretKey key = RandomSecretUtil.randomSecretKey(seed);
         TransformedRecordSerializer<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
-                .setEncryptionKey(keyGen.generateKey())
+                .setEncryptionKey(key)
                 .setWriteValidationRatio(1.0)
                 .build();
         MySimpleRecord simpleRecord = MySimpleRecord.newBuilder().setRecNo(PRIMARY_KEY_REC_NO).setStrValueIndexed("Hello").build();
@@ -621,7 +622,7 @@ void cannotDecryptWithoutKey(boolean jce) throws Exception {
     }
 
     @Test
-    void cannotEncryptAfterClearKey() throws Exception {
+    void cannotEncryptAfterClearKey() {
         RollingTestKeyManager keyManager = new RollingTestKeyManager(0);
         TransformedRecordSerializerJCE.Builder<Message> builder = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
@@ -631,14 +632,15 @@ void cannotEncryptAfterClearKey() throws Exception {
         assertThat(e.getMessage(), containsString("cannot encrypt when serializing if encryption key is not set"));
     }
 
-    @Test
-    void keyDoesNotMatchAlgorithm() throws Exception {
-        KeyGenerator keyGen = KeyGenerator.getInstance("DES");
-        keyGen.init(56);
+    @ParameterizedTest
+    @RandomSeedSource
+    void keyDoesNotMatchAlgorithm(long seed) {
+        Random random = new Random(seed);
+        SecretKey key = RandomSecretUtil.randomSecretKey(random, "DES", 56);
         try {
             TransformedRecordSerializer<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                     .setEncryptWhenSerializing(true)
-                    .setEncryptionKey(keyGen.generateKey())
+                    .setEncryptionKey(key)
                     .setWriteValidationRatio(1.0)
                     .build();
             MySimpleRecord simpleRecord = MySimpleRecord.newBuilder().setRecNo(PRIMARY_KEY_REC_NO).setStrValueIndexed("Hello").build();
@@ -653,23 +655,23 @@ void keyDoesNotMatchAlgorithm() throws Exception {
         }
     }
 
-    @Test
-    void changeAlgorithm() throws Exception {
-        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-        keyGen.init(128);
+    @ParameterizedTest
+    @RandomSeedSource
+    void changeAlgorithm(long seed) {
+        Random random = new Random(seed);
+        SecretKey key = RandomSecretUtil.randomSecretKey(random, "AES", 128);
         TransformedRecordSerializer<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
-                .setEncryptionKey(keyGen.generateKey())
+                .setEncryptionKey(key)
                 .setWriteValidationRatio(1.0)
                 .build();
         MySimpleRecord simpleRecord = MySimpleRecord.newBuilder().setRecNo(PRIMARY_KEY_REC_NO).setStrValueIndexed("Hello").build();
         byte[] serialized = serialize(serializer, simpleRecord);
-        KeyGenerator keyGen2 = KeyGenerator.getInstance("DES");
-        keyGen2.init(56);
+        SecretKey key2 = RandomSecretUtil.randomSecretKey(random, "DES", 56);
         TransformedRecordSerializer<Message> deserializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
-                 .setCipherName("DES")
-                .setEncryptionKey(keyGen2.generateKey())
+                .setCipherName("DES")
+                .setEncryptionKey(key2)
                 .setWriteValidationRatio(1.0)
                 .build();
         RecordSerializationException e = assertThrows(RecordSerializationException.class,
@@ -679,13 +681,14 @@ void changeAlgorithm() throws Exception {
 
     public static Stream<Arguments> compressedAndOrEncrypted() {
         return ParameterizedTestUtils.cartesianProduct(
+                RandomizedTestUtils.randomSeeds(),
                 ParameterizedTestUtils.booleans("compressed"),
                 ParameterizedTestUtils.booleans("encrypted"));
     }
 
     @ParameterizedTest
     @MethodSource("compressedAndOrEncrypted")
-    void typed(boolean compressed, boolean encrypted) throws Exception {
+    void typed(long seed, boolean compressed, boolean encrypted) {
         RecordSerializer<MySimpleRecord> typedSerializer = new TypedRecordSerializer<>(
                 TestRecords1Proto.RecordTypeUnion.getDescriptor().findFieldByNumber(TestRecords1Proto.RecordTypeUnion._MYSIMPLERECORD_FIELD_NUMBER),
                 TestRecords1Proto.RecordTypeUnion::newBuilder,
@@ -695,9 +698,7 @@ void typed(boolean compressed, boolean encrypted) throws Exception {
         MySimpleRecord rec = MySimpleRecord.newBuilder().setRecNo(PRIMARY_KEY_REC_NO).setStrValueIndexed(SONNET_108).build();
 
         if (encrypted) {
-            KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-            keyGen.init(128);
-            SecretKey key = keyGen.generateKey();
+            SecretKey key = RandomSecretUtil.randomSecretKey(seed);
             typedSerializer = TransformedRecordSerializerJCE.newBuilder(typedSerializer)
                 .setEncryptWhenSerializing(true)
                 .setEncryptionKey(key)
@@ -726,13 +727,13 @@ void typed(boolean compressed, boolean encrypted) throws Exception {
         assertEquals(rec, untypedDeserialized);
     }
 
-    @Test
-    void defaultKeyManagerKey() throws Exception {
-        KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-        keyGen.init(128);
+    @ParameterizedTest
+    @RandomSeedSource
+    void defaultKeyManagerKey(long seed) {
+        SecretKey key = RandomSecretUtil.randomSecretKey(seed);
         TransformedRecordSerializerJCE<Message> serializer = TransformedRecordSerializerJCE.newDefaultBuilder()
                 .setEncryptWhenSerializing(true)
-                .setEncryptionKey(keyGen.generateKey())
+                .setEncryptionKey(key)
                 .setWriteValidationRatio(1.0)
                 .build();
         SerializationKeyManager keyManager = serializer.keyManager;
@@ -753,7 +754,7 @@ void defaultKeyManagerKey() throws Exception {
     }
 
     @Test
-    void invalidKeyManagerBuilder() throws Exception {
+    void invalidKeyManagerBuilder() {
         TransformedRecordSerializerJCE.Builder<Message> builder = TransformedRecordSerializerJCE.newDefaultBuilder();
         builder.setEncryptWhenSerializing(true);
 
@@ -774,7 +775,7 @@ void invalidKeyManagerBuilder() throws Exception {
     }
 
     @Test
-    void reuseBuilder() throws Exception {
+    void reuseBuilder() {
         RollingTestKeyManager keyManager = new RollingTestKeyManager(0);
         TransformedRecordSerializerJCE.Builder<Message> builderWithEncryptionKey = TransformedRecordSerializerJCE
                 .newDefaultBuilder()

fdb-record-layer-core/src/test/java/com/apple/foundationdb/record/provider/foundationdb/cursors/SortCursorTests.java

@@ -39,6 +39,7 @@
 import com.apple.foundationdb.record.sorting.MemorySortAdapter;
 import com.apple.foundationdb.record.sorting.MemorySortCursor;
 import com.apple.foundationdb.record.sorting.MemorySorter;
+import com.apple.foundationdb.record.util.RandomSecretUtil;
 import com.apple.foundationdb.tuple.Tuple;
 import com.apple.test.Tags;
 import com.beust.jcommander.internal.Lists;
@@ -52,7 +53,6 @@
 
 import javax.annotation.Nonnull;
 import javax.annotation.Nullable;
-import javax.crypto.KeyGenerator;
 import javax.crypto.SecretKey;
 import java.io.File;
 import java.io.IOException;
@@ -393,9 +393,7 @@ public int getMaxRecordCountInMemory() {
 
     private FileSortAdapterBase fileSortEncryptedAdapter() throws Exception {
         final SecureRandom secureRandom = new SecureRandom();
-        final KeyGenerator keyGen = KeyGenerator.getInstance("AES");
-        keyGen.init(128, secureRandom);
-        final SecretKey secretKey = keyGen.generateKey();
+        final SecretKey secretKey = RandomSecretUtil.randomSecretKey(secureRandom);
         return new FileSortAdapterBase() {
             @Override
             public int getMinFileRecordCount() {

fdb-record-layer-core/src/test/java/com/apple/foundationdb/record/util/RandomSecretUtil.java

@@ -0,0 +1,63 @@
+/*
+ * RandomSecretUtil.java
+ *
+ * This source file is part of the FoundationDB open source project
+ *
+ * Copyright 2025 Apple Inc. and the FoundationDB project authors
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package com.apple.foundationdb.record.util;
+
+import com.apple.foundationdb.record.RecordCoreException;
+import com.apple.test.RandomizedTestUtils;
+
+import javax.crypto.SecretKey;
+import javax.crypto.SecretKeyFactory;
+import javax.crypto.spec.PBEKeySpec;
+import javax.crypto.spec.SecretKeySpec;
+import java.security.GeneralSecurityException;
+import java.security.spec.KeySpec;
+import java.util.Random;
+
+/**
+ * Utilities for working with reproducible encryption keys in tests.
+ * Instead of using a {@code KeyGenerator} with a {@code SecureRandom}, whose seeding behavior is somewhat variable,
+ * use a key derivation function from password and salt generated by an ordinary {@code Random} that the caller
+ * seeds with {@link RandomizedTestUtils#randomSeeds} or the like.
+ */
+public class RandomSecretUtil {
+    private RandomSecretUtil() {
+    }
+
+    public static SecretKey randomSecretKey(Random r) {
+        return randomSecretKey(r, "AES", 128);
+    }
+
+    public static SecretKey randomSecretKey(long seed) {
+        return randomSecretKey(new Random(seed));
+    }
+
+    public static SecretKey randomSecretKey(Random r, String algorithm, int length) {
+        try {
+            final SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA1");
+            final KeySpec keySpec = new PBEKeySpec(RandomUtil.randomAlphanumericString(r, 10).toCharArray(),
+                    RandomUtil.randomBytes(r, 16), 8, length);
+            final SecretKey key = keyFactory.generateSecret(keySpec);
+            return new SecretKeySpec(key.getEncoded(), algorithm);
+        } catch (GeneralSecurityException ex) {
+            throw new RecordCoreException("Cannot generate secret key", ex);
+        }
+    }
+}