[ https://issues.apache.org/jira/browse/SSHD-506?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16952670#comment-16952670 ]
Lyor Goldstein commented on SSHD-506: ------------------------------------- {code:java|title=Naive attempt of possible code} @Test public void testGCMCiphers() throws Exception { SecureRandom random = new SecureRandom(); byte[] iv = new byte[12]; random.nextBytes(iv); GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(16 * 8, iv); KeyGenerator keyGenerator = KeyGenerator.getInstance("AES"); keyGenerator.init(256); SecretKey key = keyGenerator.generateKey(); SecretKeySpec keySpec = new SecretKeySpec(key.getEncoded(), key.getAlgorithm()); Cipher encryptor = Cipher.getInstance("AES/GCM/NoPadding"); encryptor.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec); Cipher decryptor = Cipher.getInstance("AES/GCM/NoPadding"); decryptor.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec); byte[] data = new byte[Byte.MAX_VALUE]; byte[] aad = new byte[Integer.BYTES]; for (int index = 1; index <= Byte.SIZE; index++) { String expected = getCurrentTestName() + "#" + index; byte[] plainText = expected.getBytes(StandardCharsets.UTF_8); int len = plainText.length; int padLen = len % 8; if (padLen > 0) { len += (8 - padLen); } aad[0] = (byte) (len >>> 24); aad[1] = (byte) (len >>> 16); aad[2] = (byte) (len >>> 8); aad[2] = (byte) len; encryptor.updateAAD(aad); // <<<==== throws IllegalStateException: AAD must be supplied before encryption/decryption starts Arrays.fill(data, (byte) 0); System.arraycopy(plainText, 0, data, 0, plainText.length); byte[] cipherText = encryptor.update(data, 0, len); assertNotNull("No encrypted data created at attempt #" + index, cipherText); decryptor.updateAAD(aad); byte[] recoveredText = decryptor.update(data, 0, len); assertNotNull("No data decrypted at attempt #" + index, recoveredText); String actual = new String(data, 0, plainText.length, StandardCharsets.UTF_8); if (!Objects.equals(expected, actual)) { fail("Mismatched results at attempt #" + index); } } } {code} > Add support for aes128/256-gcm ciphers > -------------------------------------- > > Key: SSHD-506 > URL: https://issues.apache.org/jira/browse/SSHD-506 > Project: MINA SSHD > Issue Type: Improvement > Reporter: Lyor Goldstein > Priority: Minor > > See: > * [rfc5647|https://tools.ietf.org/html/rfc5647] > * > [draft-igoe-secsh-aes-gcm-01|https://tools.ietf.org/html/draft-igoe-secsh-aes-gcm-01] > * [OpenSSH v6.2|http://www.openssh.com/txt/release-6.2] > * [JAVA AES 256 GCM encrypt/decrypt > example|https://javainterviewpoint.com/java-aes-256-gcm-encryption-and-decryption/] > - especially the usage of {{GCMParameterSpec}} to initialize the cipher > * [OpenJDK 8 AESCipher.java source > code|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/AESCipher.java] > ** See also > [CipherCore.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/CipherCore.java], > > [FeedbackCipher.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/FeedbackCipher.java], > > [GaloisCounterMode.java|https://github.com/frohoff/jdk8u-dev-jdk/blob/master/src/share/classes/com/sun/crypto/provider/GaloisCounterMode.java] -- This message was sent by Atlassian Jira (v8.3.4#803005) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@mina.apache.org For additional commands, e-mail: dev-h...@mina.apache.org