On Sat, 27 Mar 2021 03:51:40 GMT, Greg Rubin
<github.com+829871+salusasecon...@openjdk.org> wrote:
>> Valerie Peng has updated the pull request incrementally with one additional
>> commit since the last revision:
>>
>> Refactor code to reduce code duplication
>> Address review comments
>> Add more test vectors
>
> src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
> line 71:
>
>> 69: match &= (ivAndLen[i] == iv[i]);
>> 70: }
>> 71: if (!match) {
>
> True nitpick (thus ignorable): I believe that using bitwise math is slightly
> more resistant to compiler and/or CPU optimization to defend against
> timing-attacks. (Since I haven't even seen an attack against KW or KWP, this
> is simply a note in general rather than something which needs to be fixed.)
Sure, I can change to below:
Suggestion:
int match = 0;
for (int i = 0; i < ICV2.length; i++) {
match |= (ivAndLen[i] ^ iv[i]);
}
if (match != 0) {
throw new IllegalBlockSizeException("Integrity check failed");
}
Is this what you have in mind?
-------------
PR: https://git.openjdk.java.net/jdk/pull/2404
