Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8261910

Support KWP in addition to KW

    XMLWordPrintable

Details

    • CSR
    • Resolution: Approved
    • P3
    • 17
    • security-libs
    • None
    • behavioral
    • minimal
    • Other
    • SE

    Description

      Summary

      NIST SP 800-38F defines two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the Key Wrap (KW) mode and the Key Wrap With Padding (KWP) mode. Update SunJCE provider to support KWP mode and enhance the existing support of KW mode for AES algorithm.

      Problem

      SunJCE provider does not support the KWP mode defined in NIST SP 800-38F. As for the KW mode, its impl in SunJCE provider only can be used for key wrapping/unwraping and does not allow custom IV, padding scheme, nor encryption/decryption.

      Solution

      Refactor existing AES Key Wrap impl in SunJCE provider to support AES cipher w/ KW and KWP mode and allow custom IV, padding schemes and encryption/decryption besides key wrapping/unwrapping.

      Specification

      1. Update "Java Security Standard Algorithm Names" as below:

        1.1) Update the "Cipher Algorithm Names" section to clarify that AESWrap cipher algorithm is equivalent to AES cipher with KW mode and NoPadding, and add AESWrapPad cipher algorithm to be equivalent to AES cipher with KWP mode and NoPadding.

        1.2) Add these two new modes, i.e. KW and KWP, to "Cipher Algorithm Modes" section and refer to RFC 3394 and NIST Special Publication SP 800-38F] for their specification.

      2. Update the "SunJCE provider" section of "JDK Providers Documentation" guide with these two new modes. In particular, update Table 4-16 "The SunJCE Provider Cipher Transformations" as below:

        AES/KW/NoPadding
        AES/KW/PKCS5Padding
        AES/KWP/NoPadding

      Attachments

        Issue Links

          Activity

            People

              valeriep Valerie Peng
              valeriep Valerie Peng
              Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: