Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8261910

Support KWP in addition to KW

    XMLWordPrintable

    Details

    • Type: CSR
    • Status: Closed
    • Priority: P3
    • Resolution: Approved
    • Fix Version/s: 17
    • Component/s: security-libs
    • Labels:
      None
    • Subcomponent:
    • Compatibility Kind:
      behavioral
    • Compatibility Risk:
      minimal
    • Interface Kind:
      Other
    • Scope:
      SE

      Description

      Summary

      NIST SP 800-38F defines two new, deterministic authenticated-encryption modes of operation of the Advanced Encryption Standard (AES) algorithm: the Key Wrap (KW) mode and the Key Wrap With Padding (KWP) mode. Update SunJCE provider to support KWP mode and enhance the existing support of KW mode for AES algorithm.

      Problem

      SunJCE provider does not support the KWP mode defined in NIST SP 800-38F. As for the KW mode, its impl in SunJCE provider only can be used for key wrapping/unwraping and does not allow custom IV, padding scheme, nor encryption/decryption.

      Solution

      Refactor existing AES Key Wrap impl in SunJCE provider to support AES cipher w/ KW and KWP mode and allow custom IV, padding schemes and encryption/decryption besides key wrapping/unwrapping.

      Specification

      1. Update "Java Security Standard Algorithm Names" as below:

        1.1) Update the "Cipher Algorithm Names" section to clarify that AESWrap cipher algorithm is equivalent to AES cipher with KW mode and NoPadding, and add AESWrapPad cipher algorithm to be equivalent to AES cipher with KWP mode and NoPadding.

        1.2) Add these two new modes, i.e. KW and KWP, to "Cipher Algorithm Modes" section and refer to RFC 3394 and NIST Special Publication SP 800-38F] for their specification.

      2. Update the "SunJCE provider" section of "JDK Providers Documentation" guide with these two new modes. In particular, update Table 4-16 "The SunJCE Provider Cipher Transformations" as below:

        AES/KW/NoPadding
        AES/KW/PKCS5Padding
        AES/KWP/NoPadding

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              valeriep Valerie Peng
              Reporter:
              valeriep Valerie Peng
              Reviewed By:
              Xuelei Fan
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: