Re: RFR: 8271745: Correct block size for KW, KWP mode and use fixed IV for KWP mode for SunJCE

On Tue, 24 Aug 2021 01:33:42 GMT, Valerie Peng wrote: > Could someone help review this straight forward change? During the > interoperability testing with PKCS11 KW/KWP support, it is noticed that > SunJCE provider used the wrong block size (AES: 16) when padding is needed > for KW mode. With

Re: RFR: 8271745: Correct block size for KW, KWP mode and use fixed IV for KWP mode for SunJCE

On Wed, 1 Sep 2021 02:29:37 GMT, Valerie Peng wrote: >> So the block size is always 8 even when there is no padding? > > Yes, with KW (no pad), data must be in multiples of 8. When data does not > meet this size requirement, an external padding scheme such as PKCS5/7 > padding is needed to pad

Re: RFR: 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider

On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh wrote: > This fix adds an EC private key range check for the scalar value to be within > the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA > Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC > KeyGener

JEP 411 - use cases

Hi, Earlier this summer, our organization became aware of JEP-411 and the plan to remove Security Manager in the future, and I'd like to add our perspective to the use case / adoption aspect. We deploy and manage a number of server-side Java applications, both developed in-house and from vendo

Re: RFR: 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider

On Wed, 1 Sep 2021 15:13:14 GMT, Weijun Wang wrote: > So the key is only validated before it's used? Why not when creating it? > > Do we need to validate public key as well? It might not be a problem since > modular calculation should scale it back to normal. Our old native impl does > have on

Re: RFR: 8271745: Correct block size for KW, KWP mode and use fixed IV for KWP mode for SunJCE

On Wed, 1 Sep 2021 12:20:41 GMT, Sean Mullan wrote: >> Yes, with KW (no pad), data must be in multiples of 8. When data does not >> meet this size requirement, an external padding scheme such as PKCS5/7 >> padding is needed to pad the data to multiples of 8 in order for KW mode to >> process t

Re: JEP 411 - use cases

Hi James, On 9/1/21 11:48 AM, Doyle, James wrote: Hi, Earlier this summer, our organization became aware of JEP-411 and the plan to remove Security Manager in the future, and I’d like to add our perspective to the use case / adoption aspect. We deploy and manage a number of server-side Java

Re: RFR: 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider

On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh wrote: > This fix adds an EC private key range check for the scalar value to be within > the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA > Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC > KeyGener

Re: RFR: 8272385: Enforce ECPrivateKey d value to be in the range [1, n-1] for SunEC provider

On Wed, 1 Sep 2021 04:17:23 GMT, Jamil Nimeh wrote: > This fix adds an EC private key range check for the scalar value to be within > the range [1, n-1] (n being the order of the generator) for the SunEC ECDSA > Signature algorithms and ECDH KeyAgreement algorithms. While the SunEC > KeyGener

Integrated: 8271745: Correct block size for KW, KWP mode and use fixed IV for KWP mode for SunJCE

On Tue, 24 Aug 2021 01:33:42 GMT, Valerie Peng wrote: > Could someone help review this straight forward change? During the > interoperability testing with PKCS11 KW/KWP support, it is noticed that > SunJCE provider used the wrong block size (AES: 16) when padding is needed > for KW mode. With