Skip to content

Commit

Permalink
8271745: Correct block size for KW,KWP mode and use fixed IV for KWP …
Browse files Browse the repository at this point in the history
…mode for SunJCE

Reviewed-by: xuelei, mullan
  • Loading branch information
Valerie Peng committed Sep 1, 2021
1 parent 2f01a6f commit 1a5a2b6
Show file tree
Hide file tree
Showing 3 changed files with 213 additions and 150 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@
package com.sun.crypto.provider;

import java.util.Arrays;
import java.util.HexFormat;
import java.security.*;
import java.security.spec.*;
import javax.crypto.*;
Expand Down Expand Up @@ -132,12 +133,14 @@ void init(boolean decrypting, String algorithm, byte[] key, byte[] iv)
if (key == null) {
throw new InvalidKeyException("Invalid null key");
}
if (iv != null && iv.length != ICV2.length) {
throw new InvalidAlgorithmParameterException("Invalid IV length");
// allow setting an iv but if non-null, must equal to ICV2
if (iv != null && !Arrays.equals(iv, ICV2)) {
HexFormat hf = HexFormat.of().withUpperCase();
throw new InvalidAlgorithmParameterException("Invalid IV, got 0x" +
hf.formatHex(iv) + " instead of 0x" + hf.formatHex(ICV2));
}
embeddedCipher.init(decrypting, algorithm, key);
// iv is retrieved from IvParameterSpec.getIV() which is already cloned
this.iv = (iv == null? ICV2 : iv);
this.iv = ICV2;
}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -70,28 +70,28 @@ public AES256_KW_NoPadding() {
// for AES/KW/NoPadding
public static final class AES_KW_PKCS5Padding extends KeyWrapCipher {
public AES_KW_PKCS5Padding() {
super(new AESKeyWrap(), new PKCS5Padding(16), -1);
super(new AESKeyWrap(), new PKCS5Padding(8), -1);
}
}

// for AES_128/KW/NoPadding
public static final class AES128_KW_PKCS5Padding extends KeyWrapCipher {
public AES128_KW_PKCS5Padding() {
super(new AESKeyWrap(), new PKCS5Padding(16), 16);
super(new AESKeyWrap(), new PKCS5Padding(8), 16);
}
}

// for AES_192/KW/NoPadding
public static final class AES192_KW_PKCS5Padding extends KeyWrapCipher {
public AES192_KW_PKCS5Padding() {
super(new AESKeyWrap(), new PKCS5Padding(16), 24);
super(new AESKeyWrap(), new PKCS5Padding(8), 24);
}
}

// for AES_256/KW/NoPadding
public static final class AES256_KW_PKCS5Padding extends KeyWrapCipher {
public AES256_KW_PKCS5Padding() {
super(new AESKeyWrap(), new PKCS5Padding(16), 32);
super(new AESKeyWrap(), new PKCS5Padding(8), 32);
}
}

Expand Down Expand Up @@ -230,13 +230,11 @@ protected void engineSetPadding(String padding)
}

/**
* Returns the block size (in bytes). i.e. 16 bytes.
*
* @return the block size (in bytes), i.e. 16 bytes.
* @return the block size (in bytes)
*/
@Override
protected int engineGetBlockSize() {
return cipher.getBlockSize();
return 8;
}

/**
Expand Down
Loading

1 comment on commit 1a5a2b6

@openjdk-notifier
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please sign in to comment.