oscerd opened a new pull request, #24348:
URL: https://github.com/apache/camel/pull/24348

   ## CAMEL-23842
   
   The `pqc` data format encrypted payloads with a bare cipher name (e.g. 
`AES`), which resolves to `AES/ECB/PKCS5Padding`. ECB leaks plaintext block 
structure and there is no IV or integrity protection, so the ciphertext is 
malleable and the DEM layer of the KEM-DEM construction is not IND-CCA2 secure.
   
   ### Changes
   - The symmetric (data-encapsulation) layer now uses **authenticated 
encryption**: 128-bit block ciphers use **GCM**, and the ChaCha20 stream cipher 
uses **ChaCha20-Poly1305**.
   - A random 12-byte nonce is written to the wire format; decryption verifies 
the authentication tag via `Cipher.doFinal` — **not** `CipherInputStream`, 
which can silently swallow an AEAD tag failure and return truncated plaintext. 
Tampered or corrupted messages are now rejected.
   - Only AEAD-capable symmetric algorithms are accepted: `AES`, `ARIA`, 
`CAMELLIA`, `CAST6`, `DSTU7624`, `GOST3412-2015`, `SEED`, `SM4` (GCM) and 
`CHACHA7539` (ChaCha20-Poly1305). The non-AEAD legacy/stream ciphers (`RC2`, 
`RC5`, `CAST5`, `GOST28147`, `DESEDE`, `GRAIN128`, `HC128`, `HC256`, `SALSA20`) 
are rejected at startup.
   - A malformed-input guard bounds the encapsulation length read from 
untrusted data.
   - Updated the DSL model enum and regenerated metadata (module + catalog 
dataformat JSON, catalog model JSON, YAML DSL schema and deserializers), 
refreshed the component docs, and added the 4.22 upgrade guide.
   
   ### Wire format
   ```
   [4 bytes: encapsulation length] [N: encapsulation] [12 bytes: nonce] [M: 
ciphertext + auth tag]
   ```
   
   ### ⚠️ Breaking change
   Data encrypted by Camel 4.21 or earlier (unauthenticated ECB, no nonce) 
**cannot be decrypted** by this version — it must be re-encrypted. This is 
documented in the new `camel-4x-upgrade-guide-4_22` entry.
   
   ### Tests
   Added `PQCDataFormatAeadTest` covering AES-GCM, ARIA-GCM and 
ChaCha20-Poly1305 round-trips, tamper detection, and rejection of non-AEAD 
algorithms (at start and at marshal). Existing dataformat tests are unchanged 
and pass; the full `camel-pqc` module build is green.
   
   ---
   _Claude Code on behalf of Andrea Cosentino_
   
   🤖 Generated with [Claude Code](https://claude.com/claude-code)
   


-- 
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

To unsubscribe, e-mail: [email protected]

For queries about this service, please contact Infrastructure at:
[email protected]

Reply via email to