On Mon, 30 Aug 2021 19:09:09 GMT, Sean Mullan <[email protected]> wrote:
>> Could someone help review this straight forward change? During the
>> interoperability testing with PKCS11 KW/KWP support, it is noticed that
>> SunJCE provider used the wrong block size (AES: 16) when padding is needed
>> for KW mode. With KW, KWP modes, data block size is multiples of 8-byte, so
>> the padding should pad data to multiples of 8 bytes instead of 16. In
>> addition, although PKCS#11 v3.0 states the IV for KWP mode is 4-byte, NSS's
>> implementation would silently ignore the specified IVs. Thus, for max
>> interoperability, it seems safer to change SunJCE provider to always use the
>> same default IV and disallow custom IVs for KWP mode, at least for now.
>> Regression test is enhanced to test more scenarios.
>>
>> Thanks,
>> Valerie
>
> src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java line
> 237:
>
>> 235: @Override
>> 236: protected int engineGetBlockSize() {
>> 237: return 8;
>
> Line 186 still says:
>
> `* symmetric cipher whose block size must be 128-bit`
>
> Should that also be updated?
Line 186 is correct in that the underlying Cipher block size must be 128-bit.
However, the KW/KWP processing affected the input size requirement into 8-byte
blocks, thus the overall cipher block size is now 8 instead of 16 bytes.
-------------
PR: https://git.openjdk.java.net/jdk/pull/5236
