You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@shiro.apache.org by bd...@apache.org on 2020/01/30 20:02:12 UTC

[shiro] branch master updated: [SHIRO-736] default to PaddingScheme.NONE when using the stream cipher GCM

This is an automated email from the ASF dual-hosted git repository.

bdemers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git


The following commit(s) were added to refs/heads/master by this push:
     new 1c2b3ff  [SHIRO-736] default to PaddingScheme.NONE when using the stream cipher GCM
     new 9786f90  Merge pull request #194 from bmhm/SHIRO-736
1c2b3ff is described below

commit 1c2b3ff2e9d06765bfcb0353e62139cb119c9d4e
Author: Benjamin Marwell <bm...@gmail.com>
AuthorDate: Tue Jan 14 16:03:20 2020 +0100

    [SHIRO-736] default to PaddingScheme.NONE when using the stream cipher GCM
---
 .../src/main/java/org/apache/shiro/crypto/AesCipherService.java    | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
index 13863ec..435b998 100644
--- a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
+++ b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
@@ -66,7 +66,7 @@ public class AesCipherService extends DefaultBlockCipherService {
      * </tr>
      * <tr>
      * <td>{@link #setPaddingScheme paddingScheme}</td>
-     * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
+     * <td>{@link PaddingScheme#NONE NoPadding}***</td>
      * </tr>
      * <tr>
      * <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
@@ -85,11 +85,16 @@ public class AesCipherService extends DefaultBlockCipherService {
      * <p/>
      * <b>**</b>In conjunction with the default {@code GCM} operation mode, initialization vectors are generated by
      * default to ensure strong encryption.  See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
+     * <p/>
+     * <b>**</b>Since {@code GCM} is a stream cipher, padding is implemented in the operation mode and an external padding scheme
+     * cannot be used in conjunction with {@code GCM}. In fact, {@code AES/GCM/PKCS5Padding} is just an alias in most JVM for
+     * {@code AES/GCM/NoPadding}.
      */
     public AesCipherService() {
         super(ALGORITHM_NAME);
         setMode(OperationMode.GCM);
         setStreamingMode(OperationMode.GCM);
+        setPaddingScheme(PaddingScheme.NONE);
     }
 
     @Override