Skip to content

Commit

Permalink
KSM-486 Fixed missing PKCS7Padding with SUN provider in Java (#556)
Browse files Browse the repository at this point in the history
  • Loading branch information
@idimov-keeper
idimov-keeper authored Jan 23, 2024
1 parent 9b19035 commit e2b611a
Showing 1 changed file with 7 additions and 3 deletions.
10 changes: 7 additions & 3 deletions sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,13 +94,17 @@ internal fun hash(data: ByteArray, tag: String): ByteArray {
}

internal fun getCipher(mode: Int, iv: ByteArray, key: ByteArray, useCBC: Boolean = false): Cipher {
val transformation = if (useCBC) "AES/CBC/PKCS7Padding" else "AES/GCM/NoPadding"
// Some cryptographic libraries such as the SUN provider in Java indicate PKCS#5 where PKCS#7 should be used
val paddingProvider = if (KeeperCryptoParameters.provider == null) "AES/CBC/PKCS5Padding" else "AES/CBC/PKCS7Padding"
val transformation = if (useCBC) paddingProvider else "AES/GCM/NoPadding"
val cipher = if (KeeperCryptoParameters.provider == null)
Cipher.getInstance(transformation) else
Cipher.getInstance(transformation, KeeperCryptoParameters.provider)

val keySpec = SecretKeySpec(key, "AES")
val gcmParameterSpec = GCMParameterSpec(16 * 8, iv)
cipher.init(mode, keySpec, gcmParameterSpec)
val parameterSpec = if (useCBC) IvParameterSpec(iv) else GCMParameterSpec(16 * 8, iv)
cipher.init(mode, keySpec, parameterSpec)

return cipher
}

Expand Down

0 comments on commit e2b611a

Please sign in to comment.