search

IBM / OpenJCEPlus

This project makes use of Java and C/C++. This project will create OpenJCEPlus and OpenJCEPlusFIPS cryptographic providers which are implementations of the Java™ Cryptography Extensions (JCE) APIs. The actual cryptographic code will come from the OpenCryptographyKitC project which is based on OpenSSL.
Apache License 2.0
4 stars 10 forks source link

Key encodings for X25519 and X448 do not match encoding formats of Oracle providers #100

Open jasonkatonica opened 3 weeks ago

jasonkatonica commented 3 weeks ago

The test BaseTestXDHKeyImport once properly testing specific providers ( OpenJCEPlus and OpenJCEPlusFIPS ) does not match encodings by other providers.

The code should be updated such that encodings created by the OpenJCEPlus and OpenJCEPlusFIPS provider create keys similar to the SunEC provider in each release. There are different formats of such keys explained in a comment here:

https://github.com/IBM/OpenJCEPlus/blob/3c44149386d98d4834da3409744443918d31239a/src/test/java/ibm/jceplus/junit/base/BaseTestXDHKeyImport.java#L159

Our code does not appear to match what Sun is doing and the test should enforce this by producing encodings with Sun and our provider and ensuring not only that they match the expected value but match each other in format.

johnpeck-us-ibm commented 3 weeks ago

We need to make sure that is works with BouncyCastle as well. Since this is where these were tested originally.

jasonkatonica commented 3 weeks ago

Yes that makes sense we investigate that all providers oracle and bouncy castle match, and if not comment this well and decide which encodings we should use.