Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8248268

Support KWP in addition to KW

    Details

    • Type: Enhancement
    • Status: In Progress
    • Priority: P4
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: 16
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Understanding:
      Fix Understood
    • CPU:
      generic
    • OS:
      generic

      Description

      Request submitted to OpenJDK security alias:
      Initial request from Bernd Eckenfels <ecki@zusammenkunft.net>
      JCE implements the AESWrap cipher, but it's does not offer the KWP mode of NIST 800-38F. KW and KWP use the same wrapping algorithm W which is also used by AESWrap, however do to different initialisation vectors the existing implementation can not be used to implement the padded wrapping.

      Is it possible to offer KWP as a special padding mode for AESWrap or have the W mode be it's own block mode so you can implement the padding externally?

      Additional feedback from Michael StJohns <mstjohns@comcast.net>
      Reading the comments in the AESWrapCipher code, this was created against the XML encryption standards even though the underlying code is a straight implementation of RFC3394.

      Rather than twiddle with this current implementation and name mapping, it may make more sense to redo this as a normal <Alg>/<mode>/<padding> mapping. E.g. "AES/KeyWrap-NIST/NoPadding" or KWPPadding or AutoPadding rather than the current "AESWrap". That would then allow for "ChaCha20/KeyWrap-NIST/AutoPadding" and others.

      I.e., copy the code from the current AESWrapCipher and convert it to a mode. More work now, less later. The AutoPadding would select the no padding if the encoded key size was a multiple of the block length, and the KWP padding if the encoded key size was not a multiple. Or read the IV to determine which for unwrapping.

        Attachments

          Activity

            People

            • Assignee:
              valeriep Valerie Peng
              Reporter:
              valeriep Valerie Peng
            • Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

              • Created:
                Updated: