8271745: Correct block size for KW,KWP mode and use fixed IV for KWP …

…mode for SunJCE Reviewed-by: xuelei, mullan
openjdk · Sep 1, 2021 · 1a5a2b6 · 1a5a2b6 · openjdk-notifier · Sep 1, 2021
1 parent 2f01a6f
commit 1a5a2b6
Show file tree

Hide file tree

Showing 3 changed files with 213 additions and 150 deletions.
diff --git a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
@@ -26,6 +26,7 @@
 package com.sun.crypto.provider;
 
 import java.util.Arrays;
+import java.util.HexFormat;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
@@ -132,12 +133,14 @@ void init(boolean decrypting, String algorithm, byte[] key, byte[] iv)
         if (key == null) {
             throw new InvalidKeyException("Invalid null key");
         }
-        if (iv != null && iv.length != ICV2.length) {
-            throw new InvalidAlgorithmParameterException("Invalid IV length");
+        // allow setting an iv but if non-null, must equal to ICV2
+        if (iv != null && !Arrays.equals(iv, ICV2)) {
+            HexFormat hf = HexFormat.of().withUpperCase();
+            throw new InvalidAlgorithmParameterException("Invalid IV, got 0x" +
+                    hf.formatHex(iv) + " instead of 0x" + hf.formatHex(ICV2));
         }
         embeddedCipher.init(decrypting, algorithm, key);
-        // iv is retrieved from IvParameterSpec.getIV() which is already cloned
-        this.iv = (iv == null? ICV2 : iv);
+        this.iv = ICV2;
     }
 
     /**

diff --git a/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java b/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
@@ -70,28 +70,28 @@ public AES256_KW_NoPadding() {
     // for AES/KW/NoPadding
     public static final class AES_KW_PKCS5Padding extends KeyWrapCipher {
         public AES_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), -1);
+            super(new AESKeyWrap(), new PKCS5Padding(8), -1);
         }
     }
 
     // for AES_128/KW/NoPadding
     public static final class AES128_KW_PKCS5Padding extends KeyWrapCipher {
         public AES128_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), 16);
+            super(new AESKeyWrap(), new PKCS5Padding(8), 16);
         }
     }
 
     // for AES_192/KW/NoPadding
     public static final class AES192_KW_PKCS5Padding extends KeyWrapCipher {
         public AES192_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), 24);
+            super(new AESKeyWrap(), new PKCS5Padding(8), 24);
         }
     }
 
     // for AES_256/KW/NoPadding
     public static final class AES256_KW_PKCS5Padding extends KeyWrapCipher {
         public AES256_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), 32);
+            super(new AESKeyWrap(), new PKCS5Padding(8), 32);
         }
     }
 
@@ -230,13 +230,11 @@ protected void engineSetPadding(String padding)
     }
 
     /**
-     * Returns the block size (in bytes). i.e. 16 bytes.
-     *
-     * @return the block size (in bytes), i.e. 16 bytes.
+     * @return the block size (in bytes)
      */
     @Override
     protected int engineGetBlockSize() {
-        return cipher.getBlockSize();
+        return 8;
     }
 
     /**