JDK-7033170 : Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException
  • Type: Bug
  • Component: security-libs
  • Sub-Component: javax.crypto:pkcs11
  • Affected Version: 7
  • Priority: P4
  • Status: Closed
  • Resolution: Fixed
  • OS: solaris_10
  • CPU: sparc
  • Submitted: 2011-04-01
  • Updated: 2012-04-13
  • Resolved: 2012-04-13
The Version table provides details related to the release that this issue/RFE will be addressed.

Unresolved : Release in which this issue/RFE will be addressed.
Resolved: Release in which this issue/RFE has been resolved.
Fixed : Release in which this issue/RFE has been fixed. The release containing this fix may be available for download as an Early Access Release or a General Availability Release.

To download the current JDK release, click here.
JDK 7 JDK 8
7u4Fixed 8 b23Fixed
Related Reports
Relates :  
Description
FULL PRODUCT VERSION :
java version "1.7.0-ea"
Java(TM) SE Runtime Environment (build 1.7.0-ea-b136)
Java HotSpot(TM) Server VM (build 21.0-b06, mixed mode)


ADDITIONAL OS VERSION INFORMATION :
SunOS il-404-tfs-uft.posten.se 5.10 Generic_144488-09 sun4v sparc SUNW,Sun-Blade-T6320

A DESCRIPTION OF THE PROBLEM :
Cipher.getMaxAllowedKeyLength(String) throws NoSuchAlgorithmException for 4 algorithms:

AES/ECB
BLOWFISH/CBC
DES/ECB
DESEDE/ECB


REGRESSION.  Last worked in version 6

STEPS TO FOLLOW TO REPRODUCE THE PROBLEM :
Compile and run the attached program.

EXPECTED VERSUS ACTUAL BEHAVIOR :
EXPECTED -
I would have expected a list of algorithms and key sizes (as it does for the 22 other algoritms).
ACTUAL -
     1  Algorithm                                Max key length
     2  ---------                                --------------
     3  AES                                             128 bit
     4  AES/CBC/NOPADDING                               128 bit
     5  AES/CBC/PKCS5PADDING                            128 bit
     6  AES/CTR/NOPADDING                               128 bit
     7  AES/ECB                                  Invalid transformation format:AES/ECB
     8  AESWRAP                                         128 bit
     9  ARCFOUR                                         128 bit
    10  BLOWFISH                                        128 bit
    11  BLOWFISH/CBC                             Invalid transformation format:BLOWFISH/CBC
    12  DES                                              64 bit
    13  DES/CBC/NOPADDING                                64 bit
    14  DES/CBC/PKCS5PADDING                             64 bit
    15  DES/ECB                                  Invalid transformation format:DES/ECB
    16  DESEDE                                        Unlimited
    17  DESEDE/CBC/NOPADDING                          Unlimited
    18  DESEDE/CBC/PKCS5PADDING                       Unlimited
    19  DESEDE/ECB                               Invalid transformation format:DESEDE/ECB
    20  DESEDEWRAP                                      128 bit
    21  PBEWITHMD5ANDDES                                128 bit
    22  PBEWITHMD5ANDTRIPLEDES                          128 bit
    23  PBEWITHSHA1ANDDESEDE                            128 bit
    24  PBEWITHSHA1ANDRC2_40                            128 bit
    25  RC2                                             128 bit
    26  RSA                                           Unlimited
    27  RSA/ECB/NOPADDING                             Unlimited
    28  RSA/ECB/PKCS1PADDING                          Unlimited


REPRODUCIBILITY :
This bug can be reproduced always.

---------- BEGIN SOURCE ----------
import java.util.TreeSet;

import javax.crypto.Cipher;

import java.security.NoSuchAlgorithmException;
import java.security.Security;

public class CheckKeySize {

  public static void main(String[] args) {

    TreeSet<String> algorithms = new TreeSet<String>(Security.getAlgorithms("Cipher"));

    System.out.printf("%-40s %s\n", "Algorithm", "Max key length");
    System.out.printf("%-40s %s\n", "---------", "--------------");

    for (String algorithm: algorithms) {
      int    keylength = -1;
      String errMsg    = null;

      System.out.printf("%-40s ", algorithm);

      try {
        keylength = Cipher.getMaxAllowedKeyLength(algorithm);
      } catch (NoSuchAlgorithmException nsae) {
        errMsg = nsae.getMessage();
      }

      switch (keylength) {
      case -1               : System.out.printf("%s\n",       errMsg     ); break;
      case Integer.MAX_VALUE: System.out.printf("%14s\n",     "Unlimited"); break;
      default               : System.out.printf("%10d bit\n", keylength  ); break;
      }
    }

  } // public static void main(String[] args)

} // public class CheckKeySize

---------- END SOURCE ----------

Comments
WORK AROUND To get the value, use "AES" by itself, or remove the 2-item from the list to test.
01-04-2011

EVALUATION Sort of a regression, it's been failing since JDK 6u14, although with one less error. We added support for: Fixed 4898461: Support for ECB and CBC/PKCS5Padding into 6u14 and also into 7. BLOWFISH/CBC Invalid transformation format:BLOWFISH/CBC Removing the PKCS11 provider from the list removes the exception. The failing transformations are failing when you have the 2-item transformation form: Cipher/Mode because: private static String[] tokenizeTransformation(String transformation) only accepts items of the form "cipher" and "cipher/mode/padding". I believe the fix is to allow 1, 2, or 3 items.
01-04-2011