RFR: 8248268: Support KWP in addition to KW [v4]
Valerie Peng
valeriep at openjdk.java.net
Tue Apr 13 06:04:58 UTC 2021
On Sat, 27 Mar 2021 03:51:40 GMT, Greg Rubin <github.com+829871+SalusaSecondus at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Refactor code to reduce code duplication
>> Address review comments
>> Add more test vectors
>
> src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java line 71:
>
>> 69: match &= (ivAndLen[i] == iv[i]);
>> 70: }
>> 71: if (!match) {
>
> True nitpick (thus ignorable): I believe that using bitwise math is slightly more resistant to compiler and/or CPU optimization to defend against timing-attacks. (Since I haven't even seen an attack against KW or KWP, this is simply a note in general rather than something which needs to be fixed.)
Sure, I can change to below:
Suggestion:
int match = 0;
for (int i = 0; i < ICV2.length; i++) {
match |= (ivAndLen[i] ^ iv[i]);
}
if (match != 0) {
throw new IllegalBlockSizeException("Integrity check failed");
}
Is this what you have in mind?
-------------
PR: https://git.openjdk.java.net/jdk/pull/2404
More information about the security-dev
mailing list