Re: [BJA-694] really only for low level? (was: Bouncy Castle Crypto Provider Package version 1.60 now available)

classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Re: [BJA-694] really only for low level? (was: Bouncy Castle Crypto Provider Package version 1.60 now available)

Eckenfels. Bernd
Hallo,

in BJA-694 David commented that only the low level api with custom parameters is affected. However when I inspect the kpg from following code:

    Security.addProvider(new BouncyCastleProvider());
    KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA","BC");
    kpg.initialize(2048);
    KeyPair kp = kpg.generateKeyPair();

I see kpg.param as o.b.c.p.RSAKeyPairGenerator#iterations=4 (not 7). Not sure if that is ignored or normal tests are done in addition, but it is the lower value, right?

Gruss
Bernd

BJA-694 http://www.bouncycastle.org/jira/browse/BJA-694

-----Ursprüngliche Nachricht-----
Von: Jon Eaves <[hidden email]>
Gesendet: Dienstag, 3. Juli 2018 11:43
An: [hidden email]; [hidden email]
Betreff: [dev-crypto] Bouncy Castle Crypto Provider Package version 1.60 now available

Release 1.60 is now out.

This release deals with two CVEs: one affecting RSA key pair generation where the certainty value is being tweaked in the light-weight API, and the other on properly validating an XMSS/XMSS^MT private key on reload.
In terms of improvements, the BCJSSE now supports SNI, CMS now supports
SHA-3 signatures, the Unified Model is now fully supported for Diffie-Hellman with ephemeral keys, and PGP EC operations can support a wider range of curves. Issues have also been fixed in EST, CRMF request generation, and low-level support has been added for EdDSA.

Further details on other additions and bug fixes can be found in the release notes at:

https://www.bouncycastle.org/releasenotes.html

Thanks also goes to other people and organisations who have contributed/donated to the project and you can find the updated list at

https://www.bouncycastle.org/contributors.html

We would also like to thank holders of Crypto Workshop support contracts as we were again able to fund extra work on this release through time available from those.

For the actual release and other details go to our latest releases page:

https://www.bouncycastle.org/latest_releases.html

And for those who like living on the bleeding edge, the betas for future releases can be downloaded from:

https://www.bouncycastle.org/betas/

and changes to the code base can be tracked via:

https://github.com/bcgit

In other news, the first nine chapters of the new book, "Java
Cryptography: Tools and Techniques", are now completed as well as some material for chapter 12 (certification requests) and chapter 15 (post quantum crypto). The book is available at:

https://leanpub.com/javacryptotoolsandtech

If you download it, please be sure to sign up for updates. We are issuing an updated version about once a month.

On the FIPS front, the Java FIPS 1.0.2 release is now available under early access. The road map for this release can be found at:

https://www.bouncycastle.org/fips_java_roadmap.html

If you are interested helping support the Bouncy Castle project through donation, you can find the details on how to donate via PayPal or Bitcoin, at:

https://www.bouncycastle.org/donate

The Legion of the Bouncy Castle Inc is a registered Australian charity based in the State of Victoria, Australia.

If you wish to sponsor specific work on Bouncy Castle, get early access to the FIPS APIs under development, or get a commercial support contract for the APIs please contact us at Crypto Workshop (https://www.cryptoworkshop.com )

Remember, you can also follow this project on Facebook ( https://www.facebook.com/legionofthebouncycastle ), Google+ ( https://plus.google.com/+BouncycastleOrgAPIs/posts ) and/or Twitter ( https://twitter.com/bccrypto ).

Finally, for users of the maven repositories, 1.60 should be appearing shortly on maven central. The GitHub repository has been updated as well.









SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.

Reply | Threaded
Open this post in threaded view
|

Re: [BJA-694] really only for low level? (was: Bouncy Castle Crypto Provider Package version 1.60 now available)

David Hook-3

Can you tell me where the 7 comes from? Table C.2 of FIPS PUB 186-4 give
the M-R count for 1024 bit p and q (required for the below) as 5, not 7.
4 + the extra M-R test done in BigInteger gets the count to 5.

Regards,

David

On 03/07/18 23:21, Eckenfels. Bernd wrote:

> Hallo,
>
> in BJA-694 David commented that only the low level api with custom parameters is affected. However when I inspect the kpg from following code:
>
>     Security.addProvider(new BouncyCastleProvider());
>     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA","BC");
>     kpg.initialize(2048);
>     KeyPair kp = kpg.generateKeyPair();
>
> I see kpg.param as o.b.c.p.RSAKeyPairGenerator#iterations=4 (not 7). Not sure if that is ignored or normal tests are done in addition, but it is the lower value, right?
>
> Gruss
> Bernd
>
> BJA-694 http://www.bouncycastle.org/jira/browse/BJA-694
>
> -----Ursprüngliche Nachricht-----
> Von: Jon Eaves <[hidden email]>
> Gesendet: Dienstag, 3. Juli 2018 11:43
> An: [hidden email]; [hidden email]
> Betreff: [dev-crypto] Bouncy Castle Crypto Provider Package version 1.60 now available
>
> Release 1.60 is now out.
>
> This release deals with two CVEs: one affecting RSA key pair generation where the certainty value is being tweaked in the light-weight API, and the other on properly validating an XMSS/XMSS^MT private key on reload.
> In terms of improvements, the BCJSSE now supports SNI, CMS now supports
> SHA-3 signatures, the Unified Model is now fully supported for Diffie-Hellman with ephemeral keys, and PGP EC operations can support a wider range of curves. Issues have also been fixed in EST, CRMF request generation, and low-level support has been added for EdDSA.
>
> Further details on other additions and bug fixes can be found in the release notes at:
>
> https://www.bouncycastle.org/releasenotes.html
>
> Thanks also goes to other people and organisations who have contributed/donated to the project and you can find the updated list at
>
> https://www.bouncycastle.org/contributors.html
>
> We would also like to thank holders of Crypto Workshop support contracts as we were again able to fund extra work on this release through time available from those.
>
> For the actual release and other details go to our latest releases page:
>
> https://www.bouncycastle.org/latest_releases.html
>
> And for those who like living on the bleeding edge, the betas for future releases can be downloaded from:
>
> https://www.bouncycastle.org/betas/
>
> and changes to the code base can be tracked via:
>
> https://github.com/bcgit
>
> In other news, the first nine chapters of the new book, "Java
> Cryptography: Tools and Techniques", are now completed as well as some material for chapter 12 (certification requests) and chapter 15 (post quantum crypto). The book is available at:
>
> https://leanpub.com/javacryptotoolsandtech
>
> If you download it, please be sure to sign up for updates. We are issuing an updated version about once a month.
>
> On the FIPS front, the Java FIPS 1.0.2 release is now available under early access. The road map for this release can be found at:
>
> https://www.bouncycastle.org/fips_java_roadmap.html
>
> If you are interested helping support the Bouncy Castle project through donation, you can find the details on how to donate via PayPal or Bitcoin, at:
>
> https://www.bouncycastle.org/donate
>
> The Legion of the Bouncy Castle Inc is a registered Australian charity based in the State of Victoria, Australia.
>
> If you wish to sponsor specific work on Bouncy Castle, get early access to the FIPS APIs under development, or get a commercial support contract for the APIs please contact us at Crypto Workshop (https://www.cryptoworkshop.com )
>
> Remember, you can also follow this project on Facebook ( https://www.facebook.com/legionofthebouncycastle ), Google+ ( https://plus.google.com/+BouncycastleOrgAPIs/posts ) and/or Twitter ( https://twitter.com/bccrypto ).
>
> Finally, for users of the maven repositories, 1.60 should be appearing shortly on maven central. The GitHub repository has been updated as well.
>
>
>
>
>
>
>
>
>
> SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
> Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
> Edisonstr. 1
> D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
> Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
> Fax: 07252 / 96 - 2222
> Internet: http://www.seeburger.de               Registergericht/Commercial Register:
> e-mail: [hidden email]               HRB 240708 Mannheim
>
>
> Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.
>
>
> This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.
>


Reply | Threaded
Open this post in threaded view
|

AW: [dev-crypto] Re: [BJA-694] really only for low level? (was: Bouncy Castle Crypto Provider Package version 1.60 now available)

Eckenfels. Bernd
Hello,

the 7 came from the initial comment, but yes I missread it. 5 seems to be correct. Sorry for the confusion.

Gruss
Bernd

-----Ursprüngliche Nachricht-----
Von: David Hook <[hidden email]>
Gesendet: Dienstag, 3. Juli 2018 18:20
An: [hidden email]
Betreff: Re: [dev-crypto] Re: [BJA-694] really only for low level? (was: Bouncy Castle Crypto Provider Package version 1.60 now available)


Can you tell me where the 7 comes from? Table C.2 of FIPS PUB 186-4 give the M-R count for 1024 bit p and q (required for the below) as 5, not 7.
4 + the extra M-R test done in BigInteger gets the count to 5.

Regards,

David

On 03/07/18 23:21, Eckenfels. Bernd wrote:

> Hallo,
>
> in BJA-694 David commented that only the low level api with custom parameters is affected. However when I inspect the kpg from following code:
>
>     Security.addProvider(new BouncyCastleProvider());
>     KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA","BC");
>     kpg.initialize(2048);
>     KeyPair kp = kpg.generateKeyPair();
>
> I see kpg.param as o.b.c.p.RSAKeyPairGenerator#iterations=4 (not 7). Not sure if that is ignored or normal tests are done in addition, but it is the lower value, right?
>
> Gruss
> Bernd
>
> BJA-694 http://www.bouncycastle.org/jira/browse/BJA-694
>
> -----Ursprüngliche Nachricht-----
> Von: Jon Eaves <[hidden email]>
> Gesendet: Dienstag, 3. Juli 2018 11:43
> An: [hidden email]; [hidden email]
> Betreff: [dev-crypto] Bouncy Castle Crypto Provider Package version
> 1.60 now available
>
> Release 1.60 is now out.
>
> This release deals with two CVEs: one affecting RSA key pair generation where the certainty value is being tweaked in the light-weight API, and the other on properly validating an XMSS/XMSS^MT private key on reload.
> In terms of improvements, the BCJSSE now supports SNI, CMS now
> supports
> SHA-3 signatures, the Unified Model is now fully supported for Diffie-Hellman with ephemeral keys, and PGP EC operations can support a wider range of curves. Issues have also been fixed in EST, CRMF request generation, and low-level support has been added for EdDSA.
>
> Further details on other additions and bug fixes can be found in the release notes at:
>
> https://www.bouncycastle.org/releasenotes.html
>
> Thanks also goes to other people and organisations who have
> contributed/donated to the project and you can find the updated list
> at
>
> https://www.bouncycastle.org/contributors.html
>
> We would also like to thank holders of Crypto Workshop support contracts as we were again able to fund extra work on this release through time available from those.
>
> For the actual release and other details go to our latest releases page:
>
> https://www.bouncycastle.org/latest_releases.html
>
> And for those who like living on the bleeding edge, the betas for future releases can be downloaded from:
>
> https://www.bouncycastle.org/betas/
>
> and changes to the code base can be tracked via:
>
> https://github.com/bcgit
>
> In other news, the first nine chapters of the new book, "Java
> Cryptography: Tools and Techniques", are now completed as well as some material for chapter 12 (certification requests) and chapter 15 (post quantum crypto). The book is available at:
>
> https://leanpub.com/javacryptotoolsandtech
>
> If you download it, please be sure to sign up for updates. We are issuing an updated version about once a month.
>
> On the FIPS front, the Java FIPS 1.0.2 release is now available under early access. The road map for this release can be found at:
>
> https://www.bouncycastle.org/fips_java_roadmap.html
>
> If you are interested helping support the Bouncy Castle project through donation, you can find the details on how to donate via PayPal or Bitcoin, at:
>
> https://www.bouncycastle.org/donate
>
> The Legion of the Bouncy Castle Inc is a registered Australian charity based in the State of Victoria, Australia.
>
> If you wish to sponsor specific work on Bouncy Castle, get early
> access to the FIPS APIs under development, or get a commercial support
> contract for the APIs please contact us at Crypto Workshop
> (https://www.cryptoworkshop.com )
>
> Remember, you can also follow this project on Facebook ( https://www.facebook.com/legionofthebouncycastle ), Google+ ( https://plus.google.com/+BouncycastleOrgAPIs/posts ) and/or Twitter ( https://twitter.com/bccrypto ).
>
> Finally, for users of the maven repositories, 1.60 should be appearing shortly on maven central. The GitHub repository has been updated as well.
>
>
>
>
>
>
>
>
>
> SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
> Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
> Edisonstr. 1
> D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
> Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
> Fax: 07252 / 96 - 2222
> Internet: http://www.seeburger.de               Registergericht/Commercial Register:
> e-mail: [hidden email]               HRB 240708 Mannheim
>
>
> Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.
>
>
> This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.
>










SEEBURGER AG            Vorstand/SEEBURGER Executive Board:
Sitz der Gesellschaft/Registered Office:                Axel Haas, Michael Kleeberg, Friedemann Heinz, Dr. Martin Kuntz, Matthias Feßenbecker
Edisonstr. 1
D-75015 Bretten         Vorsitzende des Aufsichtsrats/Chairperson of the SEEBURGER Supervisory Board:
Tel.: 07252 / 96 - 0            Prof. Dr. Simone Zeuchner
Fax: 07252 / 96 - 2222
Internet: http://www.seeburger.de               Registergericht/Commercial Register:
e-mail: [hidden email]               HRB 240708 Mannheim


Dieses E-Mail ist nur für den Empfänger bestimmt, an den es gerichtet ist und kann vertrauliches bzw. unter das Berufsgeheimnis fallendes Material enthalten. Jegliche darin enthaltene Ansicht oder Meinungsäußerung ist die des Autors und stellt nicht notwendigerweise die Ansicht oder Meinung der SEEBURGER AG dar. Sind Sie nicht der Empfänger, so haben Sie diese E-Mail irrtümlich erhalten und jegliche Verwendung, Veröffentlichung, Weiterleitung, Abschrift oder jeglicher Druck dieser E-Mail ist strengstens untersagt. Weder die SEEBURGER AG noch der Absender (Eckenfels. Bernd) übernehmen die Haftung für Viren; es obliegt Ihrer Verantwortung, die E-Mail und deren Anhänge auf Viren zu prüfen.


This email is intended only for the recipient(s) to whom it is addressed. This email may contain confidential material that may be protected by professional secrecy. Any fact or opinion contained, or expression of the material herein, does not necessarily reflect that of SEEBURGER AG. If you are not the addressee or if you have received this email in error, any use, publication or distribution including forwarding, copying or printing is strictly prohibited. Neither SEEBURGER AG, nor the sender (Eckenfels. Bernd) accept liability for viruses; it is your responsibility to check this email and its attachments for viruses.