Skip to content

Fixes for AEAD output size calculations and use in cipher streams #63

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 6 commits into from
Closed

Fixes for AEAD output size calculations and use in cipher streams #63

wants to merge 6 commits into from

Conversation

timw
Copy link
Contributor

@timw timw commented Mar 10, 2014

  • More testing of lightweight and JCE CipherInputStream/CipherOutputStream
  • Fixed a buffer underflow when using packet mode (i.e. CCM) AEAD ciphers in streams
  • Another buffer underflow in CipherOuputStream (David already fixed the input stream version) is also fixed by the packet mode fix
  • Added tests and fixes for consistent checking of input and output buffers (with use of DataLengthException and OutputLengthException) in all AEAD modes
  • Fixed a minor miscalculation of output size in PaddedBufferedBlockCipher
  • Added some documentation clarifications to AEADBlockCipher describing valid assumptions for output size calculations and when ciphertext authentication may occur.

timw added 6 commits March 10, 2014 21:27
@timw
Add notes about accuracy of output size calculations of AEADBlockCiph…
7b2a25f 
…er and appropriate handling of plaintext output during decryption prior to authentication.
@timw
Add tests for output and update-output size calculation for AEAD ciph…
089aec1 
…ers and make all implementations consistent.

Modified buffering in EAXBlockCipher to blockSize + macLength (instead of blockSize * 2) to align it with the OCB/GCM/CCM implementations and its own update-output size calculations (which often overestimated by a block size).
As a side-effect this reduces data copying a bit.
@timw
Implement and test consistent use of DataLengthException and OutputLe…
8eca220 
…ngthException in AEAD ciphers.
@timw
Fix buffer underflows in cipher light weight API input/output streams…
f521235 
… and beef up testing.

Buffer underflows could occur when:
- decrypting data > internal buffer size in output stream (input stream was fixed in prior commit)
- packet mode AE cipher (e.g. CCM) is used with a data size > internal buffer size (since all output is buffered)

Buffer is now sized appropriately to every cipher operation immediately prior to it (using getUpdateOutputSize/getOutputSize as appropriate) in both streams.

Tests now run over boundaries of various block/buffer sizes to try to expose issues (0, 64 bit block, 128 bit block, 1K, 2K, 4K).
@timw
Fix invalid update output size calculation for 0 byte input to padded…
eb5f5e7 
… buffered block cipher.
@timw
Cover more stream sizes in testing of JCE CipherInputStream/CipherOut…
23955bb 
…putStream.
@bcgit
Copy link
Collaborator

bcgit commented Mar 10, 2014

Merged. Thanks!

@bcgit bcgit closed this Mar 10, 2014
@timw timw deleted the feature/update-size-testing branch March 11, 2014 19:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@timw @bcgit