search

wohaph / keyczar

Automatically exported from code.google.com/p/keyczar
0 stars 0 forks source link

AES with stronger (non-default) key size 256 generates a wrong sized byte initialization vector #30

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. org.keyczar.KeyczarTool create --location=sample\ --purpose=crypt

2. org.keyczar.KeyczarTool addkey --location=sample\ --status=primary
--size=256

3. Run a simple Java test:

    String keyPath = "c:\\dev\\keyczar\\sample";

    String testString = "Mercury, Venus, Earth, Mars, Jupiter, Saturn, Uranus,
Neptune, Pluto";

    try
    {
        Crypter crypter = new Crypter(keyPath);

        String ciphertext = crypter.encrypt(testString);

        System.out.println("Cipher-text: "+ciphertext);

        String plaintext = crypter.decrypt(ciphertext);

        System.out.println("Plain-text:  "+plaintext);
    }
    catch (KeyczarException ke)
    {
        ke.printStackTrace();
    }

What is the expected output? What do you see instead?

Expected output: the cipher text, followed by plain-text.

Here's the actual exception that's thrown:

org.keyczar.exceptions.KeyczarException:
java.security.InvalidAlgorithmParameterException: Wrong IV length: must be
16 bytes long
    at org.keyczar.AesKey$AesStream.<init>(AesKey.java:132)
    at org.keyczar.AesKey.getStream(AesKey.java:108)
    at org.keyczar.Encrypter.ciphertextSize(Encrypter.java:93)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:112)
    at org.keyczar.Encrypter.encrypt(Encrypter.java:184)
    at SymmetricTest.main(SymmetricTest.java:19)
Caused by: java.security.InvalidAlgorithmParameterException: Wrong IV
length: must be 16 bytes long
    at com.sun.crypto.provider.SunJCE_f.a(DashoA13*..)
    at com.sun.crypto.provider.AESCipher.engineInit(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.a(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at javax.crypto.Cipher.init(DashoA13*..)
    at org.keyczar.AesKey$AesStream.<init>(AesKey.java:127)
    ... 5 more

The IV that's being created is 32 bytes instead of 16 bytes.

Please use labels and text to provide additional information.

In order to utilize stronger key sizes (e.g. AES 256) the user needs to
update his JCE policy files to the JCE Unlimited Strength Jurisdiction
Policy which can be downloaded from Sun at http://java.sun.com/javase
Please add this information to the documentation and/or the installation notes.

Original issue reported on code.google.com by epyatkev...@gmail.com on 14 Aug 2008 at 9:38

Attachments:

GoogleCodeExporter commented 9 years ago 
I'll check it out.

Original comment by stevew...@gmail.com on 15 Aug 2008 at 2:24

GoogleCodeExporter commented 9 years ago 
I attached a patch that may fix the issue. AES' block size is *always* 16, so 
there's
no reason not to define it as a constant.

-- Thom

Original comment by reikonmu...@gmail.com on 4 Jun 2009 at 10:58

Attachments:

GoogleCodeExporter commented 9 years ago 
Sorry, I overlooked this. Fixed.

Original comment by stevew...@gmail.com on 21 Oct 2010 at 6:41

GoogleCodeExporter commented 9 years ago 
This issue can probably be resolved, yes?

Original comment by dgryski on 20 Jan 2012 at 2:02

GoogleCodeExporter commented 9 years ago 
Indeed, it has been fixed.  I just verified it in the code.

Original comment by swillden@google.com on 20 Jan 2012 at 2:16