Comments (4)
I've done an initial investigation on this, sorry, but I am unable to understand what the error is. It sounds like you are trying to use the RFC5649 engine to unwrap unpadded data. Would you provide some details of what the error actually is?
from bc-java.
My apologies I should have clarified the problem. So my situation is a case where the key may or may not be at length which is a multiple of 64 bits. As per RFC5649 is it stated: "This document specifies a padding convention for use with the AES Key
Wrap algorithm specified in RFC 3394. This convention eliminates the
requirement that the length of the key to be wrapped be a multiple of
64 bits, allowing a key of any practical length to be wrapped."
Which brings me to the implementation. Line 184 - 186 has:
// Otherwise, unwrap as per RFC 3394 but don't check IV the same way
decrypted = rfc3394UnwrapNoIvCheck(in, inOff, inLen);
paddedPlaintext = decrypted;
This is all fine and well, however the code proceeds to check the IV as described by "RFC5649 Section 3. Alternative Initial Value", rather than as described by RFC3394 Section 2.2.3.
Instead of copying the unwrap method in RFC3394WrapEngine as rfc3394UnwrapNoIvCheck, the code should defer to the RFC3394WrapEngine and return from where n != 2.
I would be more than happy to contribute to this. May I be given the permissions to submit a pull request with the changes?
from bc-java.
I think you've misunderstood the code - RFC3394 is a different algorithm, in NIST parlance AES KW, RFC 5649 is AES KWP. The reference concerning the IV is about how it's extracted from the encrypted stream for comparison (to make it clearer - don't check the IV the same way refers to "don't check it the same way as RFC 3394"). If you are wrapping keys that may or may not be 64 bits just use KWP.
from bc-java.
I see what you are saying here, I should have paid closer attention to "Otherwise, apply Steps 1 and 2 of the unwrapping process specified
in Section 2.2.2 of [AES-KW2] to the n+1 64-bit ciphertext blocks,
{C[0], C[1], ..., C[n]}, and to the KEK, K." in https://tools.ietf.org/html/rfc5649#section-3 However, it might be less confusing to just use the Step 1 and 2 implementation from RFC3394WrapEngine for added clarity, anyways thanks for double checking.
from bc-java.
Related Issues (20)
- Converting Ed25519, Ed448 keys fails if encoding has leading 0 HOT 1
- When gradle `plugin` transitive dependency: Unsupported class file major version 65 HOT 1
- New version of bouncy castle library generates inordinate number INFO Logging messages - ProvTlsServer handshaking
- Wrong ASN1 encoding of RSASSAPSSparams HOT 4
- https://www.bouncycastle.org/ is down HOT 1
- Feature Request: Private Key Offloading HOT 7
- .jar filename has a different version after build HOT 1
- org.bouncycastle.crypto.fips.FipsOperationError: Module checksum failed: expected [9f6751f059ab42f7d83e4e107881438036787e1e1821cd23a53c4b8181cc300f] got [db22a19266bc3d8485b00ed8fa24f2454b584bed02a365701c8900037d86099e] HOT 1
- TlsFatalAlert: internal_error(80) at JcaTlsRSASigner.generateRawSignature with custom RSA provider
- java.lang.NoClassDefFoundError: org/bouncycastle/util/Pack
- Caused by: java.lang.ClassNotFoundException: Didn't find class "org.bouncycastle.jce.provider.BouncyCastleProvider"
- Support configuring signature_algorithms_cert extension which differ from signature_algorithms extension HOT 1
- Support creating CMSSignedDataParser
- org.bouncycastle.tls.TlsFatalAlertReceived: access_denied(49) HOT 1
- PGP test fails HOT 1
- Add support for parsing passphrase protected OpenSSH keys
- Dilithium3 signatures not compliant to fips204 Table 2. HOT 4
- Support rfc9579 in PKCS12 keystores (and in FIPS mode)
- `BCrypt.generate(...)` is error-prone HOT 1
- Incorrect determination of expire date
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from bc-java.