connect2id / Nimbus-JOSE-JWT / issues / #23 - Mitigate MMA attacks on JWE RSA1_5 alg — Bitbucket

Issue #23 resolved

Vladimir Dzhuvinov created an issue 2013-03-16

See JOSE WG message

http://www.ietf.org/mail-archive/web/jose/current/msg01832.html

Comments (5)

Vladimir Dzhuvinov reporter
- changed component to Crypto package
- assigned issue to
  
  Vladimir Dzhuvinov
- 2013-03-25T13:23:09+00:00
Vladimir Dzhuvinov reporter
- changed status to open
- 2013-03-25T13:23:17+00:00
Vladimir Dzhuvinov reporter
- changed status to resolved
Added basic protection in commit 0e2cc15.
- 2013-03-25T13:31:26+00:00

Justin Richer

From Juraj:

if (alg.equals(JWEAlgorithm.RSA1_5)) {
    int keyLength = cmkBitLength(readOnlyJWEHeader.getEncryptionMethod());
    SecretKey randomCMK = AES.generateAESCMK(keyLength);

    try {
        cmk = RSA1_5.decryptCMK(privateKey, encryptedKey.decode(), keyLength);
    } catch (Exception e) {
        // Protect against MMA attack by generating random CMK on failure,
        // see http://www.ietf.org/mail-archive/web/jose/current/msg01832.html
        cmk = randomCMK;
    }
}

2013-03-25T17:46:02+00:00

Vladimir Dzhuvinov reporter
Done in commit f74ec03 :)
- 2013-03-26T09:21:00+00:00
Log in to comment

Assignee: Vladimir Dzhuvinov

Type: bug

Priority: major

Status: resolved

Component: Crypto package

Milestone: –

Votes: 0

Watchers: 1

Jira Software: the preferred issue tracker for Bitbucket. Join the team!