[
https://issues.apache.org/jira/browse/WSS-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12468952
]
aki yoshida commented on WSS-72:
--------------------------------
Hi Werner,
Thank you for your reply.
I understand that you can use RSA in the block cipher mode. But the term
"block cipher" commonly refers to a symmetric cipher as in:
-----
(From Wikipedia, the free encyclopedia)
http://en.wikipedia.org/wiki/Block_cipher
Block cipher
In cryptography, a block cipher is a symmetric key cipher which operates
on fixed-length groups of bits, termed blocks, with an unvarying
transformation. ...
-----
The IAIK library seems to take this definition strictly and returns 0
for an asymmetric cipher like RSA even though the cipher can be used
blockwise. I think it is technically correct to return 0 for an
asymmetric cipher. But since this class offers no other method to return
the actual block size (i.e., n-11 for RSA with PKCS1Padding for an RSA
key of size n bytes), I assume the correct way to fix this problem may
be to make the JDK documentation clarify this so that all providers
return the actual block size also for asymmetric ciphers. However, this
may take some time. So if people agree that the JDK is somehow
misleading, should it better to have the if statement of WSS4J changed
to the following until this issue is resolved?
if (cipher.getBlocSize() != 0 && cipher.getBlockSize() <
keyBytes.length)
If this is not possible, I need to forward your comments to the IAIK
development (and possibly to Sun) so that the IAIK library and
potentially other provider libraries with the same behavior change their
behavior.
Best regards,
Aki Yoshida
n.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12468759 ]
> WSSecEncryptedKey rejects a conformant cipher when its getBlockSize() returns > 0
> -------------------------------------------------------------------------------
>
> Key: WSS-72
> URL: https://issues.apache.org/jira/browse/WSS-72
> Project: WSS4J
> Issue Type: Bug
> Environment: Windows XP
> Axis 1.4
> WSS4J 1.5.0
> Reporter: Akitoshi Yoshida
> Assigned To: Davanum Srinivas
>
> Method prepareInternal of WSSecEncrptedKey has the following code fragment:
> Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
> try {
> cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
> } catch (InvalidKeyException e) {
> throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
> null, null, e);
> }
> if (doDebug) {
> log.debug("cipher blksize: " + cipher.getBlockSize()
> + ", symm key length: " + keyBytes.length);
> }
> if (cipher.getBlockSize() < keyBytes.length) {
> throw new WSSecurityException(WSSecurityException.FAILURE,
> "unsupportedKeyTransp",
> new Object[] { "public key algorithm too weak to encrypt "
> + "symmetric key" });
> }
> The getCipherInstance(keyEncAlgo) instantiates a cipher using
> Cipher.getInstance("RSA/NONE/PKCS1PADDING").
> When the cipher is an RSA cipher, as in this case, some securiy providers may
> return 0 for its getBlockSize() method because RSA is not a block cipher. In
> particular, we found out that the IAIK 3.12 has this behavior of returing 0
> for this method.
> This causes the above code to throws the WSSecurityException.
> The documentation at
> http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/Cipher.html#getBlockSize()
> states that this method should return 0 for non-block ciphers.
> Therefore, we consider this problem to be a bug in WSSecEncrptedKey and
> request that the above if block to be commented out as:
> // RSA is not a block cipher and cipher.getBlockSize() may return 0
> // if (cipher.getBlockSize() < keyBytes.length) {
> // throw new WSSecurityException(WSSecurityException.FAILURE,
> // "unsupportedKeyTransp",
> // new Object[] { "public key algorithm too weak to
> encrypt "
> // + "symmetric key" });
> // }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
