Closed Bug 470982 Opened 17 years ago Closed 16 years ago

JSS doesn't support AES Key unwrapping

Categories

(JSS Graveyard :: Library, defect, P2)

Product:
JSS Graveyard
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: glenbeasley, Assigned: glenbeasley)

Details

Attachments

(1 file, 1 obsolete file)

test for AES and DESede key wrapping
21.38 KB, patch
Details | Diff | Splinter Review
reported by alex.agranov@gmail.com cipher = Cipher.getInstance("RSA", jssProvider); cipher.init(Cipher.UNWRAP_MODE, wrapKeyPair.getPrivate()); Key unwrappedKey = cipher.unwrap(wrappedData, "AES", Cipher.SECRET_KEY); org.mozilla.jss.util.AssertionException: assertion failure! at org.mozilla.jss.util.Assert._assert(Assert.java:58) at org.mozilla.jss.pkcs11.PK11KeyWrapper.algFromType (PK11KeyWrapper.java:545) at org.mozilla.jss.pkcs11.PK11KeyWrapper.unwrapSymmetric (PK11KeyWrapper.java:518) at org.mozilla.jss.pkcs11.PK11KeyWrapper.unwrapSymmetric (PK11KeyWrapper.java:484) at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineUnwrapSecret (JSSCipherSpi.java:484) at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineUnwrap (JSSCipherSpi.java:452) at javax.crypto.Cipher.unwrap(DashoA13*..) at EncryptionTest.main(EncryptionTest.java:86) The exception comes from the following code (in PK11KeyWrapper) that clearly misses AES case: private static Algorithm algFromType(SymmetricKey.Type type) { if( type == SymmetricKey.DES ) { return EncryptionAlgorithm.DES_ECB; } else if( type == SymmetricKey.DES3 ) { return EncryptionAlgorithm.DES3_ECB; } else if( type == SymmetricKey.RC4 ) { return EncryptionAlgorithm.RC4; } else { Assert._assert( type == SymmetricKey.RC2 ); return EncryptionAlgorithm.RC2_CBC; } }
The attached patch hopefully solves the problem. Note, however, that since AES supports three different key sizes (128, 192 and 256) application must explicitly specify AES key size during unwrap by using one of the following key algorithm strings: "AES-128", "AES-192" or "AES-256". For example: cipher = Cipher.getInstance("RSA", jssProvider); cipher.init(Cipher.UNWRAP_MODE, wrapKeyPair.getPrivate()); Key unwrappedKey = cipher.unwrap(wrappedData, "AES-128", Cipher.SECRET_KEY);
Attachment #356678 - Flags: review?(glen.beasley)
Comment on attachment 356678 [details] [diff] [review] patch for JSS 4.2.5 to enable AES key unwrap r+ for the change to PK11KeyWrapper.java + } else if( type == SymmetricKey.AES ) { + return EncryptionAlgorithm.AES_128_ECB; r- for the other changes related to keyLength which are not necessary. I will add a new patch with the r+ change and also a new test program that will get added to org/mozilla/jss/tests call JCAKeyWrap.java
Attachment #356678 - Flags: review?(glen.beasley) → review-
cvs commit -m "test program for key wrapping r=self jss test suite only" cvs commit: Examining . RCS file: /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/JCAKeyWrap.java,v done Checking in JCAKeyWrap.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/JCAKeyWrap.java,v <-- JCAKeyWrap.java initial revision: 1.1 done Checking in all.pl; /cvsroot/mozilla/security/jss/org/mozilla/jss/tests/all.pl,v <-- all.pl new revision: 1.53; previous revision: 1.52 done cvs commit -m "470982 supoort wrap/unwrap of AES keys with RSA patch from alex.agranov r=glenb" cvs commit: Examining . Checking in PK11KeyWrapper.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java,v <-- PK11KeyWrapper.java new revision: 1.15; previous revision: 1.14 done cvs commit -m "470982 supoort wrap/unwrap of AES keys with RSA patch from alex.agranov r=glenb" cvs commit: Examining . Checking in PK11KeyWrapper.java; /cvsroot/mozilla/security/jss/org/mozilla/jss/pkcs11/PK11KeyWrapper.java,v <-- PK11KeyWrapper.java new revision: 1.15; previous revision: 1.14 done
Attachment #356678 - Attachment is obsolete: true
Status: ASSIGNED → RESOLVED
Closed: 16 years ago
Priority: -- → P2
Resolution: --- → FIXED
Version: 4.2.5 → 4.3
Can anyone verify this got fixed in 4.2.5? I try cipher = Cipher.getInstance("RSA", jssProvider); cipher.init(Cipher.UNWRAP_MODE, wrapKeyPair.getPrivate()); Key unwrappedKey = cipher.unwrap(wrappedData, "AES-256", Cipher.SECRET_KEY); and I get Caused by: java.security.NoSuchAlgorithmException at org.mozilla.jss.crypto.SymmetricKey$Type.fromName(SymmetricKey.java:113) at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineUnwrapSecret(JSSCipherSpi.java:478) at org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineUnwrap(JSSCipherSpi.java:452) at javax.crypto.Cipher.unwrap(DashoA13*..)
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: