From dev-return-195095-archive-asf-public=cust-asf.ponee.io@tomcat.apache.org Tue Nov 27 01:40:17 2018 Return-Path: X-Original-To: archive-asf-public@cust-asf.ponee.io Delivered-To: archive-asf-public@cust-asf.ponee.io Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by mx-eu-01.ponee.io (Postfix) with SMTP id 89BB1180647 for ; Tue, 27 Nov 2018 01:40:16 +0100 (CET) Received: (qmail 6762 invoked by uid 500); 27 Nov 2018 00:40:15 -0000 Mailing-List: contact dev-help@tomcat.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: "Tomcat Developers List" Delivered-To: mailing list dev@tomcat.apache.org Received: (qmail 6751 invoked by uid 99); 27 Nov 2018 00:40:15 -0000 Received: from Unknown (HELO svn01-us-west.apache.org) (209.188.14.144) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 27 Nov 2018 00:40:15 +0000 Received: from svn01-us-west.apache.org (localhost [127.0.0.1]) by svn01-us-west.apache.org (ASF Mail Server at svn01-us-west.apache.org) with ESMTP id BDFD13A05B6 for ; Tue, 27 Nov 2018 00:40:14 +0000 (UTC) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r1847504 - in /tomcat/trunk: java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java Date: Tue, 27 Nov 2018 00:40:14 -0000 To: dev@tomcat.apache.org From: schultz@apache.org X-Mailer: svnmailer-1.0.9 Message-Id: <20181127004014.BDFD13A05B6@svn01-us-west.apache.org> Author: schultz Date: Tue Nov 27 00:40:14 2018 New Revision: 1847504 URL: http://svn.apache.org/viewvc?rev=1847504&view=rev Log: Simplify createEncryptionManager method. Document magic numbers in GCMEncryptionManager. Add (disabled) ECB implementation, for completeness. Add unit-test to ensure that ECB mode is not supported. Modified: tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java Modified: tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java?rev=1847504&r1=1847503&r2=1847504&view=diff ============================================================================== --- tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java (original) +++ tomcat/trunk/java/org/apache/catalina/tribes/group/interceptors/EncryptInterceptor.java Tue Nov 27 00:40:14 2018 @@ -328,20 +328,19 @@ public class EncryptInterceptor extends algorithmMode = "CBC"; } - // Note: ECB is not an appropriate mode for secure communications. if("GCM".equalsIgnoreCase(algorithmMode)) return new GCMEncryptionManager(algorithm, new SecretKeySpec(encryptionKey, algorithmName), providerName); - - if(!("CBC".equalsIgnoreCase(algorithmMode) + else if("CBC".equalsIgnoreCase(algorithmMode) || "OFB".equalsIgnoreCase(algorithmMode) - || "CFB".equalsIgnoreCase(algorithmMode))) + || "CFB".equalsIgnoreCase(algorithmMode)) + return new BaseEncryptionManager(algorithm, + new SecretKeySpec(encryptionKey, algorithmName), + providerName); +// else if("ECB".equalsIgnoreCase(algorithmMode)) { + // Note: ECB is not an appropriate mode for secure communications. +// return new ECBEncryptionManager(algorithm, new SecretKeySpec(encryptionKey, algorithmName), providerName); + else throw new IllegalArgumentException(sm.getString("encryptInterceptor.algorithm.unsupported-mode", algorithmMode)); - - BaseEncryptionManager mgr = new BaseEncryptionManager(algorithm, - new SecretKeySpec(encryptionKey, algorithmName), - providerName); - - return mgr; } private static class BaseEncryptionManager { @@ -406,8 +405,9 @@ public class EncryptInterceptor extends } /** - * Gets the size of the initialization vector for the cipher being used. - * The IV size is often, but not always, the block size for the cipher. + * Gets the size, in bytes, of the initialization vector for the + * cipher being used. The IV size is often, but not always, the block + * size for the cipher. * * @return The size of the initialization vector for this algorithm. */ @@ -550,6 +550,25 @@ public class EncryptInterceptor extends } } + /** + * Implements an EncryptionManager for using GCM block cipher modes. + * + * GCM works a little differently than some of the other block cipher modes + * supported by EncryptInterceptor. First of all, it requires a different + * kind of AlgorithmParameterSpec object to be used, and second, it + * requires a slightly different initialization vector and something called + * an "authentication tag". + * + * The choice of IV length can be somewhat arbitrary, but there is consensus + * that 96-bit (12-byte) IVs for GCM are the best trade-off between security + * and performance. For other block cipher modes, IV length is the same as + * the block size. + * + * The "authentication tag" is a computed authentication value based upon + * the message and the encryption process. GCM defines these tags as the + * number of bits to use for the authentication tag, and it's clear that + * the highest number of bits supported 128-bit provide the best security. + */ private static class GCMEncryptionManager extends BaseEncryptionManager { public GCMEncryptionManager(String algorithm, SecretKeySpec secretKey, String providerName) @@ -559,12 +578,39 @@ public class EncryptInterceptor extends @Override protected int getIVSize() { - return 12; + return 12; // See class javadoc for explanation of this magic number (12) } @Override protected AlgorithmParameterSpec generateIV(byte[] bytes, int offset, int length) { + // See class javadoc for explanation of this magic number (128) return new GCMParameterSpec(128, bytes, offset, length); } } + + @SuppressWarnings("unused") + private static class ECBEncryptionManager extends BaseEncryptionManager + { + public ECBEncryptionManager(String algorithm, SecretKeySpec secretKey, String providerName) + throws NoSuchAlgorithmException, NoSuchPaddingException, NoSuchProviderException { + super(algorithm, secretKey, providerName); + } + + private static final byte[] EMPTY_IV = new byte[0]; + + @Override + protected int getIVSize() { + return 0; + } + + @Override + protected byte[] generateIVBytes() { + return EMPTY_IV; + } + + @Override + protected AlgorithmParameterSpec generateIV(byte[] bytes, int offset, int length) { + return null; + } + } } Modified: tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java URL: http://svn.apache.org/viewvc/tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java?rev=1847504&r1=1847503&r2=1847504&view=diff ============================================================================== --- tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java (original) +++ tomcat/trunk/test/org/apache/catalina/tribes/group/interceptors/TestEncryptInterceptor.java Tue Nov 27 00:40:14 2018 @@ -269,6 +269,19 @@ public class TestEncryptInterceptor { } @Test + public void testIllegalECB() throws Exception { + try { + src.setEncryptionAlgorithm("AES/ECB/PKCS5Padding"); + src.start(Channel.SND_TX_SEQ); + + // start() should trigger IllegalArgumentException + Assert.fail("ECB mode is not being refused"); + } catch (IllegalArgumentException iae) { + // Expected + } + } + + @Test public void testViaFile() throws Exception { src.start(Channel.SND_TX_SEQ); src.setNext(new ValueCaptureInterceptor()); --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org For additional commands, e-mail: dev-help@tomcat.apache.org