[jira] Resolved: (WSS-72) WSSecEncryptedKey rejects a conformant cipher when its getBlockSize() returns 0

Mon, 05 Mar 2007 07:37:11 -0800 

     [ 
https://issues.apache.org/jira/browse/WSS-72?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Davanum Srinivas resolved WSS-72.
---------------------------------

    Resolution: Fixed

Checked in a fix in svn revision  514691

thanks,
dims

> WSSecEncryptedKey rejects a conformant cipher when its getBlockSize() returns > 0
> -------------------------------------------------------------------------------
>
>                 Key: WSS-72
>                 URL: https://issues.apache.org/jira/browse/WSS-72
>             Project: WSS4J
>          Issue Type: Bug
>         Environment: Windows XP
> Axis 1.4
> WSS4J 1.5.0
>            Reporter: Akitoshi Yoshida
>         Assigned To: Davanum Srinivas
>
> Method prepareInternal of WSSecEncrptedKey has the following code fragment:
>         Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
>         try {
>             cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
>         } catch (InvalidKeyException e) {
>             throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
>                     null, null, e);
>         }
>         if (doDebug) {
>             log.debug("cipher blksize: " + cipher.getBlockSize()
>                     + ", symm key length: " + keyBytes.length);
>         }
>         if (cipher.getBlockSize() < keyBytes.length) {
>             throw new WSSecurityException(WSSecurityException.FAILURE,
>                     "unsupportedKeyTransp",
>                     new Object[] { "public key algorithm too weak to encrypt "
>                             + "symmetric key" });
>         }
> The getCipherInstance(keyEncAlgo) instantiates a cipher using 
> Cipher.getInstance("RSA/NONE/PKCS1PADDING").
> When the cipher is an RSA cipher, as in this case, some securiy providers may 
> return 0 for its getBlockSize() method because RSA is not a block cipher.  In 
> particular, we found out that the IAIK 3.12 has this behavior of returing 0 
> for this method.
> This causes the above code to throws the WSSecurityException.
> The documentation at
> http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/Cipher.html#getBlockSize()
> states that this method should return 0 for non-block ciphers. 
> Therefore, we consider this problem to be a bug in WSSecEncrptedKey and 
> request that the above if block to be commented out as:
>         // RSA is not a block cipher and cipher.getBlockSize() may return 0
> //        if (cipher.getBlockSize() < keyBytes.length) {
> //            throw new WSSecurityException(WSSecurityException.FAILURE,
> //                    "unsupportedKeyTransp",
> //                    new Object[] { "public key algorithm too weak to 
> encrypt "
> //                            + "symmetric key" });
> //        }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to