From e2b611a01be3c3bd54aafd8b09dc0b0cce07c3dd Mon Sep 17 00:00:00 2001
From: idimov-keeper <78815270+idimov-keeper@users.noreply.github.com>
Date: Mon, 22 Jan 2024 18:50:54 -0600
Subject: [PATCH] KSM-486 Fixed missing PKCS7Padding with SUN provider in Java
 (#556)

---
 .../keepersecurity/secretsManager/core/CryptoUtils.kt  | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt b/sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt
index a08cbfff..b7cdbf2d 100644
--- a/sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt
+++ b/sdk/java/core/src/main/kotlin/com/keepersecurity/secretsManager/core/CryptoUtils.kt
@@ -94,13 +94,17 @@ internal fun hash(data: ByteArray, tag: String): ByteArray {
 }
 
 internal fun getCipher(mode: Int, iv: ByteArray, key: ByteArray, useCBC: Boolean = false): Cipher {
-    val transformation = if (useCBC) "AES/CBC/PKCS7Padding" else "AES/GCM/NoPadding"
+    // Some cryptographic libraries such as the SUN provider in Java indicate PKCS#5 where PKCS#7 should be used
+    val paddingProvider = if (KeeperCryptoParameters.provider == null) "AES/CBC/PKCS5Padding" else "AES/CBC/PKCS7Padding"
+    val transformation = if (useCBC) paddingProvider else "AES/GCM/NoPadding"
     val cipher = if (KeeperCryptoParameters.provider == null)
         Cipher.getInstance(transformation) else
         Cipher.getInstance(transformation, KeeperCryptoParameters.provider)
+
     val keySpec = SecretKeySpec(key, "AES")
-    val gcmParameterSpec = GCMParameterSpec(16 * 8, iv)
-    cipher.init(mode, keySpec, gcmParameterSpec)
+    val parameterSpec = if (useCBC) IvParameterSpec(iv) else GCMParameterSpec(16 * 8, iv)
+    cipher.init(mode, keySpec, parameterSpec)
+
     return cipher
 }