Jerry Chen created HADOOP-11343:
-----------------------------------
Summary: Overflow is not properly handled in caclulating final iv
for AES CTR
Key: HADOOP-11343
URL: https://issues.apache.org/jira/browse/HADOOP-11343
Project: Hadoop Common
Issue Type: Bug
Components: security
Affects Versions: trunk-win
Reporter: Jerry Chen
In the AesCtrCryptoCodec calculateIV, as the init IV is a random generated 16
bytes,
final byte[] iv = new byte[cc.getCipherSuite().getAlgorithmBlockSize()];
cc.generateSecureRandom(iv);
Then the following calculation of iv and counter on 8 bytes (64bit) space would
easily cause overflow and this overflow gets lost. The result would be the 128
bit data block was encrypted with a wrong counter and cannot be decrypted by
standard aes-ctr.
/**
* The IV is produced by adding the initial IV to the counter. IV length
* should be the same as {@link #AES_BLOCK_SIZE}
*/
@Override
public void calculateIV(byte[] initIV, long counter, byte[] IV) {
Preconditions.checkArgument(initIV.length == AES_BLOCK_SIZE);
Preconditions.checkArgument(IV.length == AES_BLOCK_SIZE);
System.arraycopy(initIV, 0, IV, 0, CTR_OFFSET);
long l = 0;
for (int i = 0; i < 8; i++) {
l = ((l << 8) | (initIV[CTR_OFFSET + i] & 0xff));
}
l += counter;
IV[CTR_OFFSET + 0] = (byte) (l >>> 56);
IV[CTR_OFFSET + 1] = (byte) (l >>> 48);
IV[CTR_OFFSET + 2] = (byte) (l >>> 40);
IV[CTR_OFFSET + 3] = (byte) (l >>> 32);
IV[CTR_OFFSET + 4] = (byte) (l >>> 24);
IV[CTR_OFFSET + 5] = (byte) (l >>> 16);
IV[CTR_OFFSET + 6] = (byte) (l >>> 8);
IV[CTR_OFFSET + 7] = (byte) (l);
}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
