It appears that when I call Cipher.update() with arbitrarly sized
input for a DESede/CBC/NoPadding Cipher I get a TokenRuntimeException
with the description "Cipher operation failed".
The error is not thrown if the input is a multiple of the cipher's
block size, in this case a multiple of 8.
Other JCE providers such as Sun and BouncyCastle do not require that
udpate() be called with complete blocks, only that by the time
doFinal() is called, a multiple of block size bytes has been passed.
I'm pretty sure this behaviour is, in fact, the behaviour required by
the JCE specification.
I'm certainly willing to believe I'm missing something obvious here.
Has anybody else run into this? Here is a simple program that
illustrates the problem.
Using the JSS provider, the program fails on the first call to
update. Using BouncyCastle or Sun the program works fine.
Also changing the size of data1 and data2 to a multiple of 8 allows
JSS to work.
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import org.mozilla.jss.CryptoManager;
public class SimpleTest2 {
/**
* @param args
*/
public static void main(String[] args) throws Exception {
CryptoManager.initialize("");
Cipher cipher = Cipher.getInstance("DESede/CBC/NoPadding");
KeyGenerator kg = KeyGenerator.getInstance("DESede");
SecretKey key = kg.generateKey();
cipher.init(Cipher.ENCRYPT_MODE, key);
byte[] data1 = new byte[60];
byte[] data2 = new byte[64];
cipher.update(data1);
cipher.update(data2);
cipher.doFinal();
}
}
_______________________________________________
dev-tech-crypto mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-tech-crypto
