Andrea Cosentino created CAMEL-23842:
----------------------------------------
Summary: Camel-PQC: PQCDataFormat uses ECB mode without integrity
protection (use authenticated encryption)
Key: CAMEL-23842
URL: https://issues.apache.org/jira/browse/CAMEL-23842
Project: Camel
Issue Type: Bug
Components: camel-pqc
Reporter: Andrea Cosentino
Assignee: Andrea Cosentino
The PQC DataFormat performs the symmetric (DEM) layer of its KEM-DEM
construction with {{Cipher.getInstance(symAlg)}} where {{symAlg}} is a bare
algorithm name such as "AES" (PQCDataFormat#marshal / #unmarshal). With most
JCE providers this resolves to {{AES/ECB/PKCS5Padding}}:
* ECB leaks plaintext block structure (identical plaintext blocks => identical
ciphertext blocks) within a message.
* There is no IV/nonce and no integrity/authentication (no GCM tag, no HMAC),
so the ciphertext is malleable and the DEM layer is not IND-CCA2 secure.
For a data format whose purpose is quantum-resistant confidentiality, shipping
ECB without integrity is a meaningful weakness.
h3. Proposal
* Default to an authenticated mode (e.g. {{AES/GCM/NoPadding}}) with a freshly
generated random nonce, written to the output stream alongside the existing
{{[encapsulation length][encapsulation]}} framing.
* Optionally bind associated data (AAD).
* Consider backward compatibility for payloads encrypted with the current
format and document it in the upgrade guide.
Affected: {{components/camel-pqc}} PQCDataFormat (marshal/unmarshal).
----
_Filed by Claude Code on behalf of Andrea Cosentino._
--
This message was sent by Atlassian Jira
(v8.20.10#820010)