Status/Resolution/Reason: To Test//Fixed
Reporter/Name(from Bugbase): / Denard Springle ()
Created: 06/28/2016
Components: Security
Versions: 2016
Failure Type: Enhancement Request
Found In Build/Fixed In Build: CF2016_Update2 /
Priority/Frequency: Normal / Unknown
Locale/System: English / Linux All
Vote Count: 1
Problem Description:
GCM cipher block mode (in v7/v8 of Java) nor CCM cipher block mode (v8 of Java) seem to be implemented (or instructions on it's use are not well defined). Since most other chain-block ciphers are susceptible to the oracle padding attack, I'd very much like to see the strong GCM and CCM cipher block modes implemented for use in encrypt() and decrypt().
Steps to Reproduce:
encrypt( 'test', generateSecretKey('AES'), 'AES/GCM/NoPadding', 'HEX' );
encrypt( 'test', generateSecretKey('AES'), 'AES/GCM/NoPadding', 'HEX', binaryDecode( left( hash( 'initvector'), 16 ), 'HEX' ) );
encrypt( 'test', generateSecretKey('AES'), 'AES/CCM/NoPadding', 'HEX' );
encrypt( 'test', generateSecretKey('AES'), 'AES/CCM/NoPadding', 'HEX', binaryDecode( left( hash( 'initvector'), 30 ), 'HEX' ) );
Actual Result:
GCM: An error occurred while trying to encrypt or decrypt your input string: Invalid IV input.: Allowable authentication tag length is 4, 8 or between 12 and 16.
CCM An error occurred while trying to encrypt or decrypt your input string: Invalid IV: Expected between 24 and 30 bytes of IV..
Expected Result::
An encrypted string
Any Workarounds:
None known.
----------------------------- Additional Watson Details -----------------------------
Watson Bug ID: 4168837
External Customer Info:
External Company:
External Customer Name: Denard Springle
External Customer Email: denard.springle@gmail.comAttachments:
Comments: