RFR: 8248268: Support KWP in addition to KW [v3]
Valerie Peng
valeriep at openjdk.java.net
Thu Mar 25 02:12:40 UTC 2021
On Tue, 23 Mar 2021 19:56:40 GMT, Greg Rubin <github.com+829871+SalusaSecondus at openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>>
>> Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>> AES/KWP/NoPadding
>
> src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java line 69:
>
>> 67: if (!Arrays.equals(ivAndLen, 0, ICV2.length, icv, 0, ICV2.length)) {
>> 68: throw new IllegalBlockSizeException("Integrity check failed");
>> 69: }
>
> While I cannot find any public discussion of this, I'm always uncomfortable checking the plaintext (prior to authentication) against a known value in non-constant time. I'm worried that this (and the equivalent in the unpadded version) might be a problem in the future.
This is just IV and length, not plaintext. So, I didn't use the constant time array check. I can switch to the constant time version, it's trivial.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2404
More information about the security-dev
mailing list