You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by bd...@apache.org on 2020/01/30 20:02:12 UTC
[shiro] branch master updated: [SHIRO-736] default to
PaddingScheme.NONE when using the stream cipher GCM
This is an automated email from the ASF dual-hosted git repository.
bdemers pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shiro.git
The following commit(s) were added to refs/heads/master by this push:
new 1c2b3ff [SHIRO-736] default to PaddingScheme.NONE when using the stream cipher GCM
new 9786f90 Merge pull request #194 from bmhm/SHIRO-736
1c2b3ff is described below
commit 1c2b3ff2e9d06765bfcb0353e62139cb119c9d4e
Author: Benjamin Marwell <bm...@gmail.com>
AuthorDate: Tue Jan 14 16:03:20 2020 +0100
[SHIRO-736] default to PaddingScheme.NONE when using the stream cipher GCM
---
.../src/main/java/org/apache/shiro/crypto/AesCipherService.java | 7 ++++++-
1 file changed, 6 insertions(+), 1 deletion(-)
diff --git a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
index 13863ec..435b998 100644
--- a/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
+++ b/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java
@@ -66,7 +66,7 @@ public class AesCipherService extends DefaultBlockCipherService {
* </tr>
* <tr>
* <td>{@link #setPaddingScheme paddingScheme}</td>
- * <td>{@link PaddingScheme#PKCS5 PKCS5}</td>
+ * <td>{@link PaddingScheme#NONE NoPadding}***</td>
* </tr>
* <tr>
* <td>{@link #setInitializationVectorSize(int) initializationVectorSize}</td>
@@ -85,11 +85,16 @@ public class AesCipherService extends DefaultBlockCipherService {
* <p/>
* <b>**</b>In conjunction with the default {@code GCM} operation mode, initialization vectors are generated by
* default to ensure strong encryption. See the {@link JcaCipherService JcaCipherService} class JavaDoc for more.
+ * <p/>
+ * <b>**</b>Since {@code GCM} is a stream cipher, padding is implemented in the operation mode and an external padding scheme
+ * cannot be used in conjunction with {@code GCM}. In fact, {@code AES/GCM/PKCS5Padding} is just an alias in most JVM for
+ * {@code AES/GCM/NoPadding}.
*/
public AesCipherService() {
super(ALGORITHM_NAME);
setMode(OperationMode.GCM);
setStreamingMode(OperationMode.GCM);
+ setPaddingScheme(PaddingScheme.NONE);
}
@Override