[jira] [Commented] (CXF-8162) JWE with multiple recipients does not work for AES CBC Encryption

Wed, 20 Nov 2019 05:55:13 -0800 


    [ 
https://issues.apache.org/jira/browse/CXF-8162?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16978440#comment-16978440
 ] 

Frederik Libert commented on CXF-8162:
--------------------------------------

{code}
protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
        int size = getFullCekKeySize(algoJwt) / 2;
        byte[] actualCek = new byte[size];
        System.arraycopy(theCek, size, actualCek, 0, size);
        return actualCek;
}
{code}

should be 

{code}
protected static byte[] doGetActualCek(byte[] theCek, String algoJwt) {
        int size = getFullCekKeySize(algoJwt) / 2;
        byte[] actualCek = new byte[size];
        System.arraycopy(theCek, 0, actualCek, 0, size);
        return actualCek;
    }
 {code}


 

> JWE with multiple recipients does not work for AES CBC Encryption
> -----------------------------------------------------------------
>
>                 Key: CXF-8162
>                 URL: https://issues.apache.org/jira/browse/CXF-8162
>             Project: CXF
>          Issue Type: Bug
>          Components: JAX-RS Security
>    Affects Versions: 3.3.4
>            Reporter: Frederik Libert
>            Priority: Major
>
> When encrypting for multiple recipients, the plaintext, the CEK, JWE 
> Initialization Vector, and JWE Protected Header are shared by all recipients 
> (which must be the case, since
>  the ciphertext and Authentication Tag are also shared).
> The Apache CXF API for encrypting the content with AES GCM allows this by 
> initializing a ContentEncryptionProvider of type 
> AesGcmContentEncryptionAlgorithm which can be used as reference when 
> initializing the list of JweEncryptionProviders (which take a 
> KeyEncryptionProvider and an ContentEncryptionProvider).
> When using AES CBC, the API is different.
> The class AesCbcContentEncryptionAlgorithm is a private innerclass of  
> JweEncryptionProvider AesCbcHmacJweEncryption so you can't initialize it once 
> and reuse it in all JweEncryptionProviders of the list.
> There is a workaround as the API allows to build the CEK and 
> InitializationVector yourself (not very nice) but this method leads to an 
> ArrayIndexOutOfBoundsException as there is a typo in the 
> AesCbcHmacJweEncryption  when copying the CEK byte by byte internally.
> This typo should be fixed but more importantly, the API for AES CBC 
> encryption should allow the initialization of the ContentEncryptionProvider 
> from outside the JweEncryptionProvider so it can be referenced in all 
> JweEncryptionProviders.
> Without that, you can only encrypt for 1 recipient or the validation will 
> fail (invalid authentication tag) for all but 1 recipient.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)

Reply via email to