Details
-
Bug
-
Status: Closed
-
Blocker
-
Resolution: Fixed
-
3.3.4
-
None
-
Unknown
Description
Key Derivation for ECDH Key Agreement is different if Direct mode or KeyWrap mode is used: key length and algorithmid are calculated in a different way.
However, the code of apache cxf uses the same code block for both.
This makes it correct for Direct mode but wrong for KeyWrap mode as the algorithmID and keydatalen is always based on the value of the "enc" field, which is wrong for KeyWrap.
See extract specs below.
RFC JWA (https://tools.ietf.org/html/rfc7518#page-15)
keydatalen
This is set to the number of bits in the desired output key. For
"ECDH-ES", this is length of the key used by the "enc" algorithm.
For "ECDH-ES+A128KW", "ECDH-ES+A192KW", and "ECDH-ES+A256KW", this
is 128, 192, and 256, respectively.
AlgorithmID
The AlgorithmID value is of the form Datalen || Data, where Data
is a variable-length string of zero or more octets, and Datalen is
a fixed-length, big-endian 32-bit counter that indicates the
length (in octets) of Data. In the Direct Key Agreement case,
Data is set to the octets of the ASCII representation of the "enc"
Header Parameter value. In the Key Agreement with Key Wrapping
case, Data is set to the octets of the ASCII representation of the
"alg" (algorithm) Header Parameter value.