You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Hendrik Saly (Jira)" <ji...@apache.org> on 2021/02/15 21:26:00 UTC

[jira] [Created] (CRYPTO-157) Authentication tag length cannot be specified for CryptoInputStream.java

Hendrik Saly created CRYPTO-157:
-----------------------------------

             Summary: Authentication tag length cannot be specified for CryptoInputStream.java
                 Key: CRYPTO-157
                 URL: https://issues.apache.org/jira/browse/CRYPTO-157
             Project: Commons Crypto
          Issue Type: Bug
          Components: Stream
            Reporter: Hendrik Saly


CryptoInputStream and CryptoOutputStream are not allowing other AlgorithmParameterSpec than IvParameterSpec. B they both claim to support any mode of operations, but without submitting a GCMParameterSpec its not possible to define a authentication tag length in GCM mode. Despite of that I am not sure if cipher in GCM is ever properly initialized without a GCMParameterSpec (if there is a default for tLen and its not 128 than the cipher is IMHO not properly initialized).


The other thing is that modes which do not need an AlgorithmParameterSpec (like ECB) are also maybe not peroperly initialized. Not sure if ECB just ignores the given IvParameterSpec.  I suggest to just allow null here and if null is given call the cipher.init(mode, key) method without AlgorithmParameterSpec.

[https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoInputStream.java#L198]

 

[https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoOutputStream.java#L184]

 

Happy to create a PR if bug is confirmed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)