RFR: 8248268: Support KWP in addition to KW [v3]

Valerie Peng valeriep at openjdk.java.net
Thu Mar 25 02:12:40 UTC 2021


On Tue, 23 Mar 2021 19:56:40 GMT, Greg Rubin <github.com+829871+SalusaSecondus at openjdk.org> wrote:

>> Valerie Peng has updated the pull request incrementally with one additional commit since the last revision:
>> 
>>   Changed AlgorithmParameters impls to register under AES/KW/NoPadding and
>>   AES/KWP/NoPadding
>
> src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java line 69:
> 
>> 67:         if (!Arrays.equals(ivAndLen, 0, ICV2.length, icv, 0, ICV2.length)) {
>> 68:             throw new IllegalBlockSizeException("Integrity check failed");
>> 69:         }
> 
> While I cannot find any public discussion of this, I'm always uncomfortable checking the plaintext (prior to authentication) against a known value in non-constant time. I'm worried that this (and the equivalent in the unpadded version) might be a problem in the future.

This is just IV and length, not plaintext. So, I didn't use the constant time array check. I can switch to the constant time version, it's trivial.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2404


More information about the security-dev mailing list