You are viewing a plain text version of this content. The canonical link for it is here.
Posted to wss4j-dev@ws.apache.org by "Frederik Weishäupl (JIRA)" <ji...@apache.org> on 2007/03/01 13:35:50 UTC
[jira] Commented: (WSS-72) WSSecEncryptedKey rejects a conformant
cipher when its getBlockSize() returns 0
[ https://issues.apache.org/jira/browse/WSS-72?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12476910 ]
Frederik Weishäupl commented on WSS-72:
---------------------------------------
Hi,
I have the same problem by using the JCE implementation (IAIK) in combination with WSS4J.
Is there any plan when this issue will be fixed?
Best Regards,
Frederik
> WSSecEncryptedKey rejects a conformant cipher when its getBlockSize() returns 0
> -------------------------------------------------------------------------------
>
> Key: WSS-72
> URL: https://issues.apache.org/jira/browse/WSS-72
> Project: WSS4J
> Issue Type: Bug
> Environment: Windows XP
> Axis 1.4
> WSS4J 1.5.0
> Reporter: Akitoshi Yoshida
> Assigned To: Davanum Srinivas
>
> Method prepareInternal of WSSecEncrptedKey has the following code fragment:
> Cipher cipher = WSSecurityUtil.getCipherInstance(keyEncAlgo);
> try {
> cipher.init(Cipher.ENCRYPT_MODE, remoteCert);
> } catch (InvalidKeyException e) {
> throw new WSSecurityException(WSSecurityException.FAILED_ENC_DEC,
> null, null, e);
> }
> if (doDebug) {
> log.debug("cipher blksize: " + cipher.getBlockSize()
> + ", symm key length: " + keyBytes.length);
> }
> if (cipher.getBlockSize() < keyBytes.length) {
> throw new WSSecurityException(WSSecurityException.FAILURE,
> "unsupportedKeyTransp",
> new Object[] { "public key algorithm too weak to encrypt "
> + "symmetric key" });
> }
> The getCipherInstance(keyEncAlgo) instantiates a cipher using Cipher.getInstance("RSA/NONE/PKCS1PADDING").
> When the cipher is an RSA cipher, as in this case, some securiy providers may return 0 for its getBlockSize() method because RSA is not a block cipher. In particular, we found out that the IAIK 3.12 has this behavior of returing 0 for this method.
> This causes the above code to throws the WSSecurityException.
> The documentation at
> http://java.sun.com/j2se/1.4.2/docs/api/javax/crypto/Cipher.html#getBlockSize()
> states that this method should return 0 for non-block ciphers.
> Therefore, we consider this problem to be a bug in WSSecEncrptedKey and request that the above if block to be commented out as:
> // RSA is not a block cipher and cipher.getBlockSize() may return 0
> // if (cipher.getBlockSize() < keyBytes.length) {
> // throw new WSSecurityException(WSSecurityException.FAILURE,
> // "unsupportedKeyTransp",
> // new Object[] { "public key algorithm too weak to encrypt "
> // + "symmetric key" });
> // }
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
---------------------------------------------------------------------
To unsubscribe, e-mail: wss4j-dev-unsubscribe@ws.apache.org
For additional commands, e-mail: wss4j-dev-help@ws.apache.org