You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shiro.apache.org by "Brian Demers (Jira)" <ji...@apache.org> on 2020/08/24 16:23:00 UTC
[jira] [Commented] (SHIRO-783) AES 256 encryption yeilds
unsupported Tlen error on all shiro versions above 1.4.1
[ https://issues.apache.org/jira/browse/SHIRO-783?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17183419#comment-17183419 ]
Brian Demers commented on SHIRO-783:
------------------------------------
It should be something like (from memory, forgive any typos):
{code:java}
AesCipherService cipherService = new AesCipherService();
cipherService.setMode(CBC);
cipherService.setStreamingMode(CBC);
cipherService.setPaddingScheme(PKCS5);{code}
This would have been the default form: [https://github.com/apache/shiro/blob/shiro-root-1.4.1/crypto/cipher/src/main/java/org/apache/shiro/crypto/DefaultBlockCipherService.java#L167-L173]
by way of: [https://github.com/apache/shiro/blob/shiro-root-1.4.1/crypto/cipher/src/main/java/org/apache/shiro/crypto/AesCipherService.java]
> AES 256 encryption yeilds unsupported Tlen error on all shiro versions above 1.4.1
> ----------------------------------------------------------------------------------
>
> Key: SHIRO-783
> URL: https://issues.apache.org/jira/browse/SHIRO-783
> Project: Shiro
> Issue Type: Bug
> Components: Cryptography & Hashing
> Affects Versions: 1.4.2
> Environment: windows 10, intelliJ, spring boot, java 11
> Reporter: Philip Harder
> Priority: Major
> Labels: AES256, spring-boot
>
> When trying to encrypt using AesCipherService, using a 256 bit key, on the latest verison of shiro, using java11, this error always appears:
>
> java.security.InvalidAlgorithmParameterException: Unsupported TLen value; must be one of \{128, 120, 112, 104, 96}
>
> This is puzzling because we are never setting the TLen value to anything, and this encyrption scheme was working just fine in another project. After some investigating, we noticed that setting our shiro dependency to an earlier version of 1.4.1 (or below) fixes this issue. Setting the key size to be 128 also fixes the issue. This is again puzzling, could it be that setting a keysize of 256 is also touching the TLen value? Either way something seems buggy here, and to our best insight it isn't on our end. Although I'm not ruling out that possibility entirely. Below is the code we are using for our encryption (maybe we're setting up 256 encryption wrong for later versions of shiro). Were injecting this cryptkeeper class into a service to use that encrypt method.
>
> @Slf4j
> @Component
> public class CryptKeeper {
> private final byte[] key = new byte[32];
> private final AesCipherService cipherService = new AesCipherService();
> @Value("${encKey.path}")
> private String keyFileName;
> @PostConstruct
> private void init() throws IOException {
> cipherService.setKeySize(256);
> FileInputStream fileInputStream = new FileInputStream(keyFileName);
> int bytesRead = IOUtils.read(fileInputStream, key);
> log.info("{} bytes read from key file", bytesRead);
> log.info("key array has length {}", key.length);
> for (int i = 0; i < key.length; i++) {
> log.debug("index {}: {}", i, key[i]);
> }
> fileInputStream.close();
> }
> public byte[] encrypt(byte[] subject)
> { return cipherService.encrypt(subject, key).getBytes(); }
> }
>
>
--
This message was sent by Atlassian Jira
(v8.3.4#803005)