Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-4953552

SecurityException for javax.crypto.Cipher.init(int, Key) for algorithm PBEWITHMD

    Details

    • Type: Bug
    • Status: Closed
    • Priority: P3
    • Resolution: Fixed
    • Affects Version/s: 5.0
    • Fix Version/s: 5.0
    • Component/s: security-libs
    • Labels:
    • Subcomponent:
    • Resolved In Build:
      b31
    • CPU:
      sparc
    • OS:
      solaris_2.6
    • Verification:
      Verified

      Description



      Name: iiR10263 Date: 11/13/2003



      The specification describes the following exceptions that are thrown
      by javax.crypto.Cipher.init(int, Key):

      Throws:
      InvalidKeyException - if the given key is inappropriate for
      initializing this cipher, or if this cipher is being initialized for
      decryption and requires algorithm parameters that cannot be determined
      from the given key, or if the given key has a keysize that exceeds the
      maximum allowable keysize (as determined from the configured
      jurisdiction policy files).

      The above means that if a Key argument is inappropriate for some
      reason (for example key is invalid or contradicts system policy)
      InvalidKeyException should be thrown.

      Unfortunately current implementation throws SecurityException when
      init(Cipher.ENCRYPT_MODE, (Key)...)
      is called for Cipher objects of the PBEWITHMD5ANDTRIPLEDES algorithm.

      Please find the code example that reproduses the situation and exception stack
      trace below:
      import java.io.PrintWriter;
      import java.security.InvalidKeyException;
      import java.security.Key;
      import java.security.spec.KeySpec;
      import javax.crypto.Cipher;
      import javax.crypto.SecretKeyFactory;
      import javax.crypto.spec.PBEKeySpec;

      public class e2 {
       
          public static void main(String argv[]) {
              Key k;
              Cipher c;

              //String alg = "PBEWITHSHA1ANDDESEDE";
              String alg = "PBEWITHMD5ANDTRIPLEDES";

              byte[] salt = {
                  (byte)0xc7, (byte)0x73, (byte)0x21, (byte)0x8c,
                  (byte)0x7e, (byte)0xc8, (byte)0xee, (byte)0x99
              };
              int count = 20;
              String s = "My wonderfull password that is long enough. Tra-la-la, let me sing a song";
              
              try {
                  int kl = Cipher.getMaxAllowedKeyLength(alg) / 8;
                  String p = (kl >= s.length()) ? s: s.substring(0, kl);
                  KeySpec ks = new PBEKeySpec(p.toCharArray(), salt, count, kl * 8);
              
                  SecretKeyFactory skf =
                      SecretKeyFactory.getInstance(alg);
           
                  // PBE algorithm is symmetric.
                  k = skf.generateSecret(ks);

                  c = Cipher.getInstance(alg);
                  
                  c.init(Cipher.ENCRYPT_MODE, k);
                  
                  System.out.println("passed");
              } catch (Exception e) {
                  e.printStackTrace(System.out);
              }


              return;
          }
      }

      java.lang.SecurityException: Unsupported keysize or algorithm parameters
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.a(DashoA6275)
              at javax.crypto.Cipher.init(DashoA6275)
              at javax.crypto.Cipher.init(DashoA6275)
              at e2.main(e2.java:32)


      Note that if we change the algorithm to other password-based one
      (PBEWITHSHA1ANDDESEDE) all works correct ("passed" appears).

      java full version "1.5.0-beta-b26"

      ======================================================================

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                valeriep Valerie Peng
                Reporter:
                duke J. Duke (Inactive)
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:
                  Imported:
                  Indexed: