You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Frederik Weishäupl (JIRA)" <ji...@apache.org> on 2007/03/01 13:35:50 UTC

[jira] Commented: (WSS-72) WSSecEncryptedKey rejects a conformant cipher when its getBlockSize() returns 0

    [ https://issues.apache.org/jira/browse/WSS-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12476910 ] 

Frederik Weishäupl commented on WSS-72:
---------------------------------------

Hi,

I have the same problem by using the JCE implementation (IAIK) in combination with WSS4J.
Is there any plan when this issue will be fixed?

Best Regards,
Frederik

> WSSecEncryptedKey rejects a conformant cipher when its getBlockSize() returns 0
> -------------------------------------------------------------------------------
>
>                 Key: WSS-72
>                 URL: https://issues.apache.org/jira/browse/WSS-72
>             Project: WSS4J
>          Issue Type: Bug
>         Environment: Windows XP
> Axis 1.4
> WSS4J 1.5.0
>            Reporter: Akitoshi Yoshida
>         Assigned To: Davanum Srinivas
>
> Method prepareInternal of WSSecEncrptedKey has the following code fragment:
>         Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
>         try {
>             cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
>         } catch (InvalidKeyException e) {
>             throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
>                     null, null, e);
>         }
>         if (doDebug) {
>             log.debug("cipher blksize: " + cipher.getBlockSize()
>                     + ", symm key length: " + keyBytes.length);
>         }
>         if (cipher.getBlockSize() < keyBytes.length) {
>             throw new WSSecurityException(WSSecurityException.FAILURE,
>                     "unsupportedKeyTransp",
>                     new Object[] { "public key algorithm too weak to encrypt "
>                             + "symmetric key" });
>         }
> The getCipherInstance(keyEncAlgo) instantiates a cipher using Cipher.getInstance("RSA/NONE/PKCS1PADDING").
> When the cipher is an RSA cipher, as in this case, some securiy providers may return 0 for its getBlockSize() method because RSA is not a block cipher.  In particular, we found out that the IAIK 3.12 has this behavior of returing 0 for this method.
> This causes the above code to throws the WSSecurityException.
> The documentation at
> http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/Cipher.html#getBlockSize()
> states that this method should return 0 for non-block ciphers. 
> Therefore, we consider this problem to be a bug in WSSecEncrptedKey and request that the above if block to be commented out as:
>         // RSA is not a block cipher and cipher.getBlockSize() may return 0
> //        if (cipher.getBlockSize() < keyBytes.length) {
> //            throw new WSSecurityException(WSSecurityException.FAILURE,
> //                    "unsupportedKeyTransp",
> //                    new Object[] { "public key algorithm too weak to encrypt "
> //                            + "symmetric key" });
> //        }

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org