Re: JSS doesn't support AES key unwrapping

Tue, 23 Dec 2008 11:53:44 -0800 

alex.agra...@gmail.com wrote, On 2008-12-23 02:59:
> When I try to unwrap AES key via JSS API, I get the following
> exception:
> 
> cipher = Cipher.getInstance("RSA", jssProvider);
> cipher.init(Cipher.UNWRAP_MODE, wrapKeyPair.getPrivate());
> Key unwrappedKey = cipher.unwrap(wrappedData, "AES",
> Cipher.SECRET_KEY);
> 
> org.mozilla.jss.util.AssertionException: assertion failure!
> at org.mozilla.jss.util.Assert._assert(Assert.java:58)
> at org.mozilla.jss.pkcs11.PK11KeyWrapper.algFromType(PK11KeyWrapper.java:545)
> at 
> org.mozilla.jss.pkcs11.PK11KeyWrapper.unwrapSymmetric(PK11KeyWrapper.java:518)
> at 
> org.mozilla.jss.pkcs11.PK11KeyWrapper.unwrapSymmetric(PK11KeyWrapper.java:484)
> at 
> org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineUnwrapSecret(JSSCipherSpi.java:484)
> at 
> org.mozilla.jss.provider.javax.crypto.JSSCipherSpi.engineUnwrap(JSSCipherSpi.java:452)
> at javax.crypto.Cipher.unwrap(DashoA13*..)
> at EncryptionTest.main(EncryptionTest.java:86)
> 
> The exception comes from the following code (in PK11KeyWrapper) that
> clearly misses AES case:
> 
> private static Algorithm
>     algFromType(SymmetricKey.Type type) {
>         if( type == SymmetricKey.DES ) {
>             return EncryptionAlgorithm.DES_ECB;
>         } else if( type == SymmetricKey.DES3 ) {
>             return EncryptionAlgorithm.DES3_ECB;
>         } else if( type == SymmetricKey.RC4 ) {
>             return EncryptionAlgorithm.RC4;
>         } else {
>             Assert._assert( type == SymmetricKey.RC2 );
>             return EncryptionAlgorithm.RC2_CBC;
>         }
>     }

Please file a bug in bugzilla.mozilla.org, product JSS, and put all
the above information into that bug.  If you prefer not to do that,
please let me know and I will file the bug.

> I've seen other people complaining about a similar problem.

oh?  This is the first report of this problem that I recall seeing.

> Is this done on purpose (lack of proper code in NSS/JSS)? Or is it
> some minor bug in JSS that may be easily fixed?

It's just a bug.  If my recollection is correct, and no one else has
reported this assertion failure before this, then it tells us that
this feature is largely unused. :(
_______________________________________________
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to