[ 
https://issues.apache.org/jira/browse/CAMEL-23842?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]

Andrea Cosentino updated CAMEL-23842:
-------------------------------------
    Fix Version/s: 4.22.0

> Camel-PQC: PQCDataFormat uses ECB mode without integrity protection (use 
> authenticated encryption)
> --------------------------------------------------------------------------------------------------
>
>                 Key: CAMEL-23842
>                 URL: https://issues.apache.org/jira/browse/CAMEL-23842
>             Project: Camel
>          Issue Type: Bug
>          Components: camel-pqc
>            Reporter: Andrea Cosentino
>            Assignee: Andrea Cosentino
>            Priority: Major
>             Fix For: 4.22.0
>
>
> The PQC DataFormat performs the symmetric (DEM) layer of its KEM-DEM 
> construction with {{Cipher.getInstance(symAlg)}} where {{symAlg}} is a bare 
> algorithm name such as "AES" (PQCDataFormat#marshal / #unmarshal). With most 
> JCE providers this resolves to {{AES/ECB/PKCS5Padding}}:
> * ECB leaks plaintext block structure (identical plaintext blocks => 
> identical ciphertext blocks) within a message.
> * There is no IV/nonce and no integrity/authentication (no GCM tag, no HMAC), 
> so the ciphertext is malleable and the DEM layer is not IND-CCA2 secure.
> For a data format whose purpose is quantum-resistant confidentiality, 
> shipping ECB without integrity is a meaningful weakness.
> h3. Proposal
> * Default to an authenticated mode (e.g. {{AES/GCM/NoPadding}}) with a 
> freshly generated random nonce, written to the output stream alongside the 
> existing {{[encapsulation length][encapsulation]}} framing.
> * Optionally bind associated data (AAD).
> * Consider backward compatibility for payloads encrypted with the current 
> format and document it in the upgrade guide.
> Affected: {{components/camel-pqc}} PQCDataFormat (marshal/unmarshal).
> ----
> _Filed by Claude Code on behalf of Andrea Cosentino._



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to