You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@commons.apache.org by "Hendrik Saly (Jira)" <ji...@apache.org> on 2021/02/15 21:26:00 UTC
[jira] [Created] (CRYPTO-157) Authentication tag length cannot be
specified for CryptoInputStream.java
Hendrik Saly created CRYPTO-157:
-----------------------------------
Summary: Authentication tag length cannot be specified for CryptoInputStream.java
Key: CRYPTO-157
URL: https://issues.apache.org/jira/browse/CRYPTO-157
Project: Commons Crypto
Issue Type: Bug
Components: Stream
Reporter: Hendrik Saly
CryptoInputStream and CryptoOutputStream are not allowing other AlgorithmParameterSpec than IvParameterSpec. B they both claim to support any mode of operations, but without submitting a GCMParameterSpec its not possible to define a authentication tag length in GCM mode. Despite of that I am not sure if cipher in GCM is ever properly initialized without a GCMParameterSpec (if there is a default for tLen and its not 128 than the cipher is IMHO not properly initialized).
The other thing is that modes which do not need an AlgorithmParameterSpec (like ECB) are also maybe not peroperly initialized. Not sure if ECB just ignores the given IvParameterSpec. I suggest to just allow null here and if null is given call the cipher.init(mode, key) method without AlgorithmParameterSpec.
[https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoInputStream.java#L198]
[https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoOutputStream.java#L184]
Happy to create a PR if bug is confirmed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)