8271745: Correct block size for KW,KWP mode and use fixed IV for KWP mode for SunJCE

Reviewed-by: xuelei, mullan
2025-08-26 14:24:46 +02:00 · 2021-09-01 22:17:49 +00:00 · 2021-09-01 22:17:49 +00:00 · 1a5a2b6b15
commit 1a5a2b6b15
parent 2f01a6f8b6
3 changed files with 194 additions and 131 deletions
--- a/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/AESKeyWrapPadded.java
@ -26,6 +26,7 @@
 package com.sun.crypto.provider;

 import java.util.Arrays;
+import java.util.HexFormat;
 import java.security.*;
 import java.security.spec.*;
 import javax.crypto.*;
@ -132,12 +133,14 @@ class AESKeyWrapPadded extends FeedbackCipher {
        if (key == null) {
            throw new InvalidKeyException("Invalid null key");
        }
-        if (iv != null && iv.length != ICV2.length) {
-            throw new InvalidAlgorithmParameterException("Invalid IV length");
+        // allow setting an iv but if non-null, must equal to ICV2
+        if (iv != null && !Arrays.equals(iv, ICV2)) {
+            HexFormat hf = HexFormat.of().withUpperCase();
+            throw new InvalidAlgorithmParameterException("Invalid IV, got 0x" +
+                    hf.formatHex(iv) + " instead of 0x" + hf.formatHex(ICV2));
        }
        embeddedCipher.init(decrypting, algorithm, key);
-        // iv is retrieved from IvParameterSpec.getIV() which is already cloned
-        this.iv = (iv == null? ICV2 : iv);
+        this.iv = ICV2;
    }

    /**
--- a/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
+++ b/src/java.base/share/classes/com/sun/crypto/provider/KeyWrapCipher.java
@ -70,28 +70,28 @@ abstract class KeyWrapCipher extends CipherSpi {
    // for AES/KW/NoPadding
    public static final class AES_KW_PKCS5Padding extends KeyWrapCipher {
        public AES_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), -1);
+            super(new AESKeyWrap(), new PKCS5Padding(8), -1);
        }
    }

    // for AES_128/KW/NoPadding
    public static final class AES128_KW_PKCS5Padding extends KeyWrapCipher {
        public AES128_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), 16);
+            super(new AESKeyWrap(), new PKCS5Padding(8), 16);
        }
    }

    // for AES_192/KW/NoPadding
    public static final class AES192_KW_PKCS5Padding extends KeyWrapCipher {
        public AES192_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), 24);
+            super(new AESKeyWrap(), new PKCS5Padding(8), 24);
        }
    }

    // for AES_256/KW/NoPadding
    public static final class AES256_KW_PKCS5Padding extends KeyWrapCipher {
        public AES256_KW_PKCS5Padding() {
-            super(new AESKeyWrap(), new PKCS5Padding(16), 32);
+            super(new AESKeyWrap(), new PKCS5Padding(8), 32);
        }
    }

@ -230,13 +230,11 @@ abstract class KeyWrapCipher extends CipherSpi {
    }

    /**
-     * Returns the block size (in bytes). i.e. 16 bytes.
-     *
-     * @return the block size (in bytes), i.e. 16 bytes.
+     * @return the block size (in bytes)
     */
    @Override
    protected int engineGetBlockSize() {
-        return cipher.getBlockSize();
+        return 8;
    }

    /**