Details
-
Type:
Bug
-
Status: Closed
-
Priority:
P3
-
Resolution: Fixed
-
Affects Version/s: 8
-
Fix Version/s: 8
-
Component/s: security-libs
-
Subcomponent:
-
Resolved In Build:b113
-
Verification:Verified
Backports
| Issue | Fix Version | Assignee | Priority | Status | Resolution | Resolved In Build |
|---|---|---|---|---|---|---|
| JDK-8193969 | openjdk7u | Valerie Peng | P3 | Resolved | Fixed | master |
| JDK-8199333 | 7u201 | Prasadarao Koppula | P3 | Resolved | Fixed | master |
| JDK-8200686 | 7u191 | Prasadarao Koppula | P3 | Resolved | Fixed | b01 |
Description
CipherInputStream (and probably CipherOutputStream) don't take into account additional authenticated data in GCM mode.
Issue Links
- relates to
-
JDK-8029148
Fix C2 intrinsics for new signature of CipherBlockChaining methods
-
Activity
URL: http://hg.openjdk.java.net/jdk8/jdk8/jdk/rev/3da8be8d13bf
User: lana
Date: 2013-10-22 17:23:08 +0000
User: lana
Date: 2013-10-22 17:23:08 +0000
The affected testcases still failed in aurora nightly:
RULE jce/Cipher/AEAD/JDK_8012900 Exception java.lang.Exception: A decryption has been perfomed successfully in spite of the decrypt Cipher has been initialized with fake AAD
Batch link:
http://aurora.ru.oracle.com/functional/faces/RunDetails.xhtml?names=312446.CORELIBS-JDK8-NIGHTLY-SQE-4
Log:
http://aurora-ds.us.oracle.com:9500/runs%2F312446.CORELIBS-JDK8-NIGHTLY-SQE-4/results/ResultDir/JDK_8012900/JDK_8012900.log
RULE jce/Cipher/AEAD/JDK_8012900 Exception java.lang.Exception: A decryption has been perfomed successfully in spite of the decrypt Cipher has been initialized with fake AAD
Batch link:
http://aurora.ru.oracle.com/functional/faces/RunDetails.xhtml?names=312446.CORELIBS-JDK8-NIGHTLY-SQE-4
Log:
http://aurora-ds.us.oracle.com:9500/runs%2F312446.CORELIBS-JDK8-NIGHTLY-SQE-4/results/ResultDir/JDK_8012900/JDK_8012900.log
Bug was re-opened by mistake. This bug is pending verification.
Can you please attach the failed SQE test, i.e. jce/Cipher/AEAD/JDK_8012900? When I tried to access the aurora report on the src of the failed test, it gives me a HTTP 500 file not found error http://aurora-ds.us.oracle.com:9502/core-libs-testbase-local/8_int/src/jce/Cipher/AEAD/JDK_8012900
The underlying Cipher object should throw AEADBadTagException when fake AAD is supplied. However, CipherInput/OutputStream classes would swallow all non-IOException as its javadoc has been specified. Thus, you won't observe any exception. The only indication of a decryption failure is that the recovered text is empty.
Personally, I find this only-IOException-are-passed-through behavior potentially confusing. But that's what the javadoc has. Note that this also means that when decrypting data with corrupted padding bytes, partial data are returned. Not sure about the reason for the current spec. But that's how it is unless we change the spec.
Personally, I find this only-IOException-are-passed-through behavior potentially confusing. But that's what the javadoc has. Note that this also means that when decrypting data with corrupted padding bytes, partial data are returned. Not sure about the reason for the current spec. But that's how it is unless we change the spec.
The attachment contains the test to verify if the CICO works properly in AEAD/GCM mode. The test used different additional authenticated data for encryption and decryption Ciphers (lines 42 and 46). But in spite of that it passes. Original and restored data are the same.
It seems CipherInputStream ignores additional authenticated data at all.
product tested: jdk8 b85
steps to reproduce: compile and execute attachment. It pass. I guess it should fail.