[
https://issues.apache.org/jira/browse/SSHD-987?focusedWorklogId=428744&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-428744
]
ASF GitHub Bot logged work on SSHD-987:
---------------------------------------
Author: ASF GitHub Bot
Created on: 29/Apr/20 21:02
Start Date: 29/Apr/20 21:02
Worklog Time Spent: 10m
Work Description: tomaswolf commented on a change in pull request #127:
URL: https://github.com/apache/mina-sshd/pull/127#discussion_r417607664
##########
File path:
sshd-common/src/main/java/org/apache/sshd/common/config/keys/loader/AESPrivateKeyObfuscator.java
##########
@@ -56,6 +61,28 @@ public AESPrivateKeyObfuscator() {
return applyPrivateKeyCipher(bytes, encContext, keyLength, keyValue,
encryptIt);
}
+ @Override
+ protected int
resolveInitializationVectorLength(PrivateKeyEncryptionContext encContext)
throws GeneralSecurityException {
+ int keyLength = resolveKeyLength(encContext);
+ String cipherMode = encContext.getCipherMode();
+ String xformMode = "/" + cipherMode.toUpperCase() + "/";
+ List<CipherInformation> matches = BuiltinCiphers.VALUES.stream()
+ .filter(c -> CIPHER_NAME.equalsIgnoreCase(c.getAlgorithm())
+ && (keyLength == c.getKeySize())
+ && c.getTransformation().contains(xformMode))
+ .collect(Collectors.toList());
+ int numMatches = GenericUtils.size(matches);
+ if (numMatches <= 0) {
+ throw new NoSuchAlgorithmException("No match found for " +
encContext);
+ }
+ if (numMatches > 1) {
Review comment:
The code works, but I don't understand why you even check this. It would
indicate a coding error in BuiltinCiphers. If that enum has duplicate
algorithm/keySize values, it would we a bug in the source. It's the kind of
test that I'd do in a unit test, not at runtime. I'd just take the first match
on key size to determine the IV size.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
Issue Time Tracking
-------------------
Worklog Id: (was: 428744)
Time Spent: 20m (was: 10m)
> AESPrivateKeyObfuscator generates wrong IV length
> -------------------------------------------------
>
> Key: SSHD-987
> URL: https://issues.apache.org/jira/browse/SSHD-987
> Project: MINA SSHD
> Issue Type: Bug
> Affects Versions: 2.4.0
> Reporter: Thomas Wolf
> Assignee: Lyor Goldstein
> Priority: Major
> Time Spent: 20m
> Remaining Estimate: 0h
>
> {{AESPrivateKeyObfuscator.generateInitializationVector()}} inherited from
> {{AbstractPrivateKeyObfuscator}} produces IVs of length {{keyLength /
> Byte.SIZE}}.
> This works only for AES 128, but not for AES 192 or AES 256. The IV length
> for AES is 16.
> Compare also SSHD-873.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
