IDP 3.1 Wrong keysize
Description
Environment
RHEL 6.6
JDK 8 r40
Tomcat8
is related to
Activity
Brent Putman March 16, 2015 at 9:03 PM(edited)
The above is confirmed. The AlgorithmDescriptor for this has a length of 192, which isn't wrong: that's the length of a 3DES key. The problem is that the KeyGenerator impl of SunJCE provider in both Java 7 and 8 only accepts 168 bits. BC on the other hand takes 168 or 192.
The fix is to just special case this to 168 bits, the common denominator, in the AlgorithmSupport method that generates symmetric keys. A length of 168 is required to be supported per the JCA docs:
http://docs.oracle.com/javase/7/docs/technotes/guides/security/StandardNames.html#impl
http://docs.oracle.com/javase/8/docs/technotes/guides/security/StandardNames.html#impl
Leaving the getKeyLength(uri) method as-is, because that's used in key resolution stuff, and there the key length really is 192 bits.
Brent Putman March 16, 2015 at 8:57 PM
Pasting my response on the users list:
Yes, I'm familiar with the general issue. IIRC the Java JCA stuff is somewhat inconsistent in what they consider to be the key size for triple DES keys. Some security provider impls treat it as 192 and some treat it as 168 (or 112 if the DESede variant which reuses the first DES key as the third key also).
I think it has to do with: Original DES keys were defined as 64 bits. However 8 bits were defined as parity bits. This was back (in the 70's I think) when communications channels weren't so reliable, so they built some parity bits right into the key itself. Or something like that. So anyway, only 56 bits of actual key material.
So depending on whether they treat a DES key as 56 vs 64 bits, some impls treat a triple DES key as either 168 or 192.
I'll look into it.
Brent Putman March 16, 2015 at 8:56 PM
Moving this to OpenSAML since that's where the bug actually is.
We are testing IDP 3.1 and discovered that when http://www.w3.org/2001/04/xmlenc#tripledes-cbc is listed first in the SP's metadata first the following error is generated. We are running Oracle JDK 8 r40 on Tomcat8. We can work around this by changing the order of possible encrypting key algorithms or removing tripledes-cbc, but we did find it odd and thought you might have seen this before.
Exception:
2015-03-15 22:14:43,593 - ERROR [net.shibboleth.idp.saml.profile:-2] - Uncaught runtime exception
java.security.InvalidParameterException: Wrong keysize: must be equal to 112 or 168
at com.sun.crypto.provider.DESedeKeyGenerator.engineInit(DESedeKeyGenerator.java:94)
==> idp-warn.log <==
2015-03-15 22:14:43,593 - ERROR [net.shibboleth.idp.saml.profile:-2] - Uncaught runtime exception
java.security.InvalidParameterException: Wrong keysize: must be equal to 112 or 168
at com.sun.crypto.provider.DESedeKeyGenerator.engineInit(DESedeKeyGenerator.java:94)
Error Message:
Web Login Service - Uncaught Exception
A software error was encountered that prevents normal operation:
java.security.InvalidParameterException: Wrong keysize: must be equal to 112 or 168
Please report this problem to your Help Desk or administrative staff. It has also been logged for an administrator to review.