|
Quick Lists
|
|
Bug ID:
|
6572331
|
|
Votes
|
0
|
|
Synopsis
|
regression: cipher.wrap operation fails with CKR_ATTRIBUTE_VALUE_INVALID
|
|
Category
|
jce:pkcs11_csp
|
|
Reported Against
|
b06
|
|
Release Fixed
|
7(b26)
|
|
State
|
10-Fix Delivered,
bug
|
|
Priority:
|
3-Medium
|
|
Related Bugs
|
|
|
Submit Date
|
21-JUN-2007
|
|
Description
|
If you compile the following code snippet, it runs well on JDK 5 and fails on jdk
6. I will attach the java file.
==============================code snippet=============================================
public static void main(String[] args) throws Exception{
String str =
"MIICWjCCAcOgAwIBAgICATwwDQYJKoZIhvcNAQEFBQAwQzEbMBkGA1UEChMSUlNBIFNlY3VyaXR5LCBJbmMuMSQwIgYDVQQLExtXUy1JIFNhbXBsZSBBcHBsaWNhdGlvbnMgQ0EwHhcNMDcwNTE0MDMyNDM0WhcNMTAwNTEzMDMyNDM0WjBGMQ0wCwYDVQQKEwRXUy1JMSEwHwYDVQQLExhXUy1JIFNhbXBsZSBBcHBsaWNhdGlvbnMxEjAQBgNVBAMTCVdlYkNsaWVudDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAtFkhq39Hl79yMtbEeStKEXmy4u+Ujpx/lDSppaaq73r+v/IUiLMoctgs7JLngp5mx1A+TUpnL7vSbj8MoZQD075z0MJZKm4OiTfPlQGiP5zI2lAoFL/LnTrDP8p/Sp8L8f37ZKmc4jJYpb4geyD+ud/pzmSqj6RxuA2uEsFAhhkCAwEAAaNaMFgwCQYDVR0TBAIwADALBgNVHQ8EBAMCB4AwHQYDVR0OBBYEFPuSdX21bEp+paQaS+drKiO/VLgwMB8GA1UdIwQYMBaAFL/B6Odbae2pyARL1tH0FSBiknsoMA0GCSqGSIb3DQEBBQUAA4GBADrYjq2eDy6+YeECnOHOcBgikcjJiyouYJPUclPWDMKB/mRzIV4jrAFN0v3/FHYbgu/0mRKNWBZrHeTMf+z+JWa+0AnyU+rWP5JhKBeEvzSmZgetEitirUtHCQdSgXEUBcEDH/tyDYmLHV7gCw0uYSasnWR5eB7C9oCPoQi07RT+";
byte [] certData = Base64.decode(str);
InputStream inStream = new ByteArrayInputStream(certData);
CertificateFactory cf = CertificateFactory.getInstance("X.509");
X509Certificate cert = (X509Certificate)cf.generateCertificate(inStream);
inStream.close();
Cipher cipher = Cipher.getInstance("RSA/ECB/PKCS1Padding");
cipher.init(Cipher.WRAP_MODE,cert);
KeyGenerator keygen = KeyGenerator.getInstance("AES");
keygen.init(256);
SecretKey secretKey = keygen.generateKey();
cipher.wrap(secretKey);
}
==============================end code snippet===========================================
Following is the exception stack trace.
==================== stack trace ==========================================
Exception in thread "main" java.security.InvalidKeyException: Could not create key
at
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:226)
at
sun.security.pkcs11.P11SecretKeyFactory.convertKey(P11SecretKeyFactory.java:131)
at sun.security.pkcs11.P11RSACipher.engineWrap(P11RSACipher.java:387)
at javax.crypto.Cipher.wrap(DashoA13*..)
at keygenerate.Main.main(Main.java:61)
Caused by: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_ATTRIBUTE_VALUE_INVALID
at sun.security.pkcs11.wrapper.PKCS11.C_CreateObject(Native Method)
at
sun.security.pkcs11.P11SecretKeyFactory.createKey(P11SecretKeyFactory.java:221)
... 4 more
==================== end stack trace ==========================================
Java Result: 1
see the issue
https://wsit.dev.java.net/issues/show_bug.cgi?id=612
for details on the impact of this bug on webservices stack.
Posted Date : 2007-06-21 13:51:08.0
java version is
java version "1.6.0_01"
Java(TM) SE Runtime Environment (build 1.6.0_01-b06)
Java HotSpot(TM) Server VM (build 1.6.0_01-b06, mixed mode)
Solaris version is
Solaris 10 3/05 s10_74L2a SPARC
Assembled 22 January 2005
Preinstall part number 259-4421-01
Built 29 March 2005
Posted Date : 2007-06-21 14:08:00.0
|
|
Work Around
|
N/A
|
|
Evaluation
|
Starting 6.0, SunPKCS11 provider will first try to convert the to-be-wrapped key (probably generated by SunJCE provider or other providers) into a PKCS11 key object before passing it to the PKCS11 WrapKey API. The key conversion may fail for various situations, e.g. when the keysize of the to-be-wrapped key exceeds what's supported by the underlying PKCS11 library, or when the key algorithm is unsupported, etc.
To fix this, SunPKCS11 provider should fall back to using PKCS11 Encrypt API instead of WrapKey API when it's unable to convert the to-be-wrapped key into a PKCS11 key.
Posted Date : 2007-10-25 21:42:54.0
|
|
Comments
|
PLEASE NOTE: JDK6 is formerly known as Project Mustang
|
|
|
|
