You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by "Hendrik Saly (Jira)" <ji...@apache.org> on 2021/02/15 21:26:00 UTC

[jira] [Updated] (CRYPTO-157) Authentication tag length cannot be specified for CryptoInputStream

     [ https://issues.apache.org/jira/browse/CRYPTO-157?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Hendrik Saly updated CRYPTO-157:
--------------------------------
    Summary: Authentication tag length cannot be specified for CryptoInputStream  (was: Authentication tag length cannot be specified for CryptoInputStream.java)

> Authentication tag length cannot be specified for CryptoInputStream
> -------------------------------------------------------------------
>
>                 Key: CRYPTO-157
>                 URL: https://issues.apache.org/jira/browse/CRYPTO-157
>             Project: Commons Crypto
>          Issue Type: Bug
>          Components: Stream
>            Reporter: Hendrik Saly
>            Priority: Major
>
> CryptoInputStream and CryptoOutputStream are not allowing other AlgorithmParameterSpec than IvParameterSpec. B they both claim to support any mode of operations, but without submitting a GCMParameterSpec its not possible to define a authentication tag length in GCM mode. Despite of that I am not sure if cipher in GCM is ever properly initialized without a GCMParameterSpec (if there is a default for tLen and its not 128 than the cipher is IMHO not properly initialized).
> The other thing is that modes which do not need an AlgorithmParameterSpec (like ECB) are also maybe not peroperly initialized. Not sure if ECB just ignores the given IvParameterSpec.  I suggest to just allow null here and if null is given call the cipher.init(mode, key) method without AlgorithmParameterSpec.
> [https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoInputStream.java#L198]
>  
> [https://github.com/apache/commons-crypto/blob/6b1a6968c68930e970ab4a9c21885e4872318bab/src/main/java/org/apache/commons/crypto/stream/CryptoOutputStream.java#L184]
>  
> Happy to create a PR if bug is confirmed.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)