RFR: 8271745: Correct block size for KW, KWP mode and use fixed IV for KWP mode for SunJCE
Valerie Peng
valeriep at openjdk.java.net
Tue Aug 31 00:12:29 UTC 2021
On Mon, 30 Aug 2021 19:09:09 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> Could someone help review this straight forward change? During the interoperability testing with PKCS11 KW/KWP support, it is noticed that SunJCE provider used the wrong block size (AES: 16) when padding is needed for KW mode. With KW, KWP modes, data block size is multiples of 8-byte, so the padding should pad data to multiples of 8 bytes instead of 16. In addition, although PKCS#11 v3.0 states the IV for KWP mode is 4-byte, NSS's implementation would silently ignore the specified IVs. Thus, for max interoperability, it seems safer to change SunJCE provider to always use the same default IV and disallow custom IVs for KWP mode, at least for now. Regression test is enhanced to test more scenarios.
>>
>> Thanks,
>> Valerie
>
> src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java line 237:
>
>> 235: @Override
>> 236: protected int engineGetBlockSize() {
>> 237: return 8;
>
> Line 186 still says:
>
> `* symmetric cipher whose block size must be 128-bit`
>
> Should that also be updated?
Line 186 is correct in that the underlying Cipher block size must be 128-bit. However, the KW/KWP processing affected the input size requirement into 8-byte blocks, thus the overall cipher block size is now 8 instead of 16 bytes.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5236
More information about the security-dev
mailing list