[jira] [Comment Edited] (SHIRO-730) Updates the default Cipher mode to GCM in AesCipherService

Peter Rebholz (Jira) Thu, 09 Jan 2020 12:20:20 -0800


    [ 
https://issues.apache.org/jira/browse/SHIRO-730?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17012194#comment-17012194
 ]


Peter Rebholz edited comment on SHIRO-730 at 1/9/20 8:12 PM:
-------------------------------------------------------------

Not sure if posting here is the right protocol, but should this change be 
considered a breaking change? Or is AesCipherService considered an internal API?

 

If someone uses this service to encrypt and decrypt values that are persisted 
then existing values will be unreadable (when using the defaults) after 
upgrading to Shiro 1.4.2. I'm attaching a small program 
([^ShiroUpgradeTest.java]) that demonstrates this and produces the following 
output:
{code:java}
$ SHIRO_VERSION=1.4.1
$ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest encrypt
$ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest decrypt
Plain Text: Hello World$ SHIRO_VERSION=1.4.2
$ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest decrypt
Exception in thread "main" org.apache.shiro.crypto.CryptoException: Unable to 
execute 'doFinal' with cipher instance [javax.crypto.Cipher@5a2e4553].
        at 
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
        at 
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
        at 
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
        at 
org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
        at ShiroUpgradeTest.decrypt(ShiroUpgradeTest.java:49)
        at ShiroUpgradeTest.main(ShiroUpgradeTest.java:63)
Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
        at 
com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:592)
        at 
com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
        at 
com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
        at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
        at javax.crypto.Cipher.doFinal(Cipher.java:2164)
        at 
org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
        ... 5 more
{code}
 


was (Author: prebholz):
Not sure if posting here is the right protocol, but should this change be 
considered a breaking change? Or is AesCipherService considered an internal API?

 

If someone uses this service to encrypt and decrypt values that are persisted 
then existing values will be unreadable (when using the defaults) after 
upgrading to Shiro 1.4.2. I'm attaching a small program 
([^ShiroUpgradeTest.java]) that demonstrates this and produces the following 
output:

$ SHIRO_VERSION=1.4.1
 $ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest encrypt
 $ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest decrypt
 Plain Text: Hello World

$ SHIRO_VERSION=1.4.2
 $ java -cp 
shiro-core-$SHIRO_VERSION.jar:shiro-crypto-cipher-$SHIRO_VERSION.jar:slf4j-api-1.7.22.jar:slf4j-nop-1.7.22.jar:.
 ShiroUpgradeTest decrypt
 Exception in thread "main" org.apache.shiro.crypto.CryptoException: Unable to 
execute 'doFinal' with cipher instance [javax.crypto.Cipher@5a2e4553].
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:462)
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:445)
 at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:390)
 at org.apache.shiro.crypto.JcaCipherService.decrypt(JcaCipherService.java:382)
 at ShiroUpgradeTest.decrypt(ShiroUpgradeTest.java:49)
 at ShiroUpgradeTest.main(ShiroUpgradeTest.java:63)
 Caused by: javax.crypto.AEADBadTagException: Tag mismatch!
 at 
com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:592)
 at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1116)
 at com.sun.crypto.provider.CipherCore.fillOutputBuffer(CipherCore.java:1053)
 at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:853)
 at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
 at javax.crypto.Cipher.doFinal(Cipher.java:2164)
 at org.apache.shiro.crypto.JcaCipherService.crypt(JcaCipherService.java:459)
 ... 5 more

 

 

> Updates the default Cipher mode to GCM in AesCipherService
> ----------------------------------------------------------
>
>                 Key: SHIRO-730
>                 URL: https://issues.apache.org/jira/browse/SHIRO-730
>             Project: Shiro
>          Issue Type: Improvement
>            Reporter: Francois Papon
>            Priority: Major
>             Fix For: 1.4.2, 1.5.0
>
>         Attachments: ShiroUpgradeTest.java
>
>




--
This message was sent by Atlassian Jira
(v8.3.4#803005)

[jira] [Comment Edited] (SHIRO-730) Updates the default Cipher mode to GCM in AesCipherService

Reply via email to