[
https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16952670#comment-16952670
]
Lyor Goldstein edited comment on SSHD-506 at 10/17/19 6:25 AM:
---------------------------------------------------------------
{code:java|title=Naive attempt of possible code}
@Test
public void testGCMCiphersBehavior() throws Exception {
SecureRandom random = new SecureRandom();
// byte[] iv = new byte[12];
byte[] iv = new byte[16];
random.nextBytes(iv);
// AlgorithmParameterSpec gcmParameterSpec = new GCMParameterSpec(16 *
8, iv);
AlgorithmParameterSpec gcmParameterSpec = new IvParameterSpec(iv);
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(256); SecretKey key =
keyGenerator.generateKey();
SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(),
key.getAlgorithm());// String xformer = "AES/GCM/NoPadding";
String xformer = "AES/CTR/NoPadding";
Cipher encryptor = Cipher.getInstance(xformer);
encryptor.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);
Cipher decryptor = Cipher.getInstance(xformer);
decryptor.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);
byte[] data = new byte[Byte.MAX_VALUE];
byte[] cipherText = new byte[data.length];
byte[] recoveredText = new byte[data.length];
byte[] aad = new byte[Integer.BYTES];
for (int index = 1; index <= Byte.SIZE; index++) {
String expected = getCurrentTestName() + "#" + (Byte.MAX_VALUE +
index);
byte[] plainText = expected.getBytes(StandardCharsets.UTF_8);
int len = plainText.length;
int padLen = len % 8;
len += (8 - padLen); aad[0] = (byte) (len >>> 24);
aad[1] = (byte) (len >>> 16);
aad[2] = (byte) (len >>> 8);
aad[2] = (byte) len;
// <<<==== throws IllegalStateException: AAD must be supplied
before encryption/decryption starts
// encryptor.updateAAD(aad); Arrays.fill(data, (byte) 0);
System.arraycopy(plainText, 0, data, 0, plainText.length);
Arrays.fill(cipherText, (byte) 0);
int encLen = encryptor.update(data, 0, len, cipherText, 0);
// <<<==== throws IllegalStateException: AAD must be supplied before
encryption/decryption starts
// decryptor.updateAAD(aad); Arrays.fill(recoveredText,
(byte) 0);
// <<<===== returns 0 when used with GCM
int decLen = decryptor.update(cipherText, 0, encLen, recoveredText,
0);
assertEquals("Mismatched decrypted length", len, decLen);
String actual = new String(recoveredText, 0, plainText.length,
StandardCharsets.UTF_8);
if (!Objects.equals(expected, actual)) {
fail("Mismatched results at attempt #" + index);
}
}
}
{code}
was (Author: lgoldstein):
{code:java|title=Naive attempt of possible code}
@Test
public void testGCMCiphers() throws Exception {
SecureRandom random = new SecureRandom();
byte[] iv = new byte[12];
random.nextBytes(iv);
GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(16 * 8, iv);
KeyGenerator keyGenerator = KeyGenerator.getInstance("AES");
keyGenerator.init(256);
SecretKey key = keyGenerator.generateKey();
SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(),
key.getAlgorithm());
Cipher encryptor = Cipher.getInstance("AES/GCM/NoPadding");
encryptor.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec);
Cipher decryptor = Cipher.getInstance("AES/GCM/NoPadding");
decryptor.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);
byte[] data = new byte[Byte.MAX_VALUE];
byte[] aad = new byte[Integer.BYTES];
for (int index = 1; index <= Byte.SIZE; index++) {
String expected = getCurrentTestName() + "#" + index;
byte[] plainText = expected.getBytes(StandardCharsets.UTF_8);
int len = plainText.length;
int padLen = len % 8;
if (padLen > 0) {
len += (8 - padLen);
}
aad[0] = (byte) (len >>> 24);
aad[1] = (byte) (len >>> 16);
aad[2] = (byte) (len >>> 8);
aad[2] = (byte) len;
encryptor.updateAAD(aad); // <<<==== throws
IllegalStateException: AAD must be supplied before encryption/decryption starts
Arrays.fill(data, (byte) 0);
System.arraycopy(plainText, 0, data, 0, plainText.length);
byte[] cipherText = encryptor.update(data, 0, len);
assertNotNull("No encrypted data created at attempt #" + index,
cipherText);
decryptor.updateAAD(aad);
byte[] recoveredText = decryptor.update(data, 0, len);
assertNotNull("No data decrypted at attempt #" + index,
recoveredText);
String actual = new String(data, 0, plainText.length,
StandardCharsets.UTF_8);
if (!Objects.equals(expected, actual)) {
fail("Mismatched results at attempt #" + index);
}
}
}
{code}
> Add support for aes128/256-gcm ciphers
> --------------------------------------
>
> Key: SSHD-506
> URL: https://issues.apache.org/jira/browse/SSHD-506
> Project: MINA SSHD
> Issue Type: Improvement
> Reporter: Lyor Goldstein
> Priority: Major
>
> See:
> * [rfc5647|https://tools.ietf.org/html/rfc5647]
> *
> [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01]
> * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2]
> * [JAVA AES 256 GCM encrypt/decrypt
> example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/]
> - especially the usage of {{GCMParameterSpec}} to initialize the cipher
> * [OpenJDK 8 AESCipher.java source
> code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java]
> ** See also
> [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java],
>
> [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java],
>
> [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java]
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
