KCCMBlockCipher returns the wrong value for getUpdateOutputSize(len). It returns len rather than the correct value of zero (as per KGCM). Since data is only cached on an update call, the correct return value is always zero.
This causes a problem on decryption when using the JCA interface, since the underlying code on an update call uses getUpdateOutputSize() to determine the minimum size of the output buffer, and will insist on a buffer as long as the input data (which includes the Mac).
Sample code to reproduce as follows
/**
* KalynaTest.
*/
private void kalynaTest() {
try {
final SecureRandom myRandom = new SecureRandom();
final BouncyCastleProvider myProvider = new BouncyCastleProvider();
/* Create a Kalyna key */
final KeyGenerator myGenerator = KeyGenerator.getInstance("DSTU7624", myProvider);
myGenerator.init(256, myRandom);
final SecretKey myKey = myGenerator.generateKey();
final byte[] myIV = new byte[12];
myRandom.nextBytes(myIV);
/* Create cipher and encrypt/decrypt data */
final Cipher myCipher = Cipher.getInstance("DSTU7624-128/CCM/NoPadding", myProvider);
final IvParameterSpec myParms = new IvParameterSpec(myIV);
myCipher.init(Cipher.ENCRYPT_MODE, myKey, myParms);
final byte[] myData = new byte[128];
myRandom.nextBytes(myData);
final byte[] myEncrypted = myCipher.doFinal(myData);
myCipher.init(Cipher.DECRYPT_MODE, myKey, myParms);
final int myLen = myCipher.getOutputSize(myEncrypted.length);
final byte[] myOutput = new byte[myLen];
myCipher.update(myEncrypted, 0, myEncrypted.length, myOutput, 0);
myCipher.doFinal(myOutput, 0);
} catch (final Exception e) {
e.printStackTrace();
}
}
This fails with error "javax.crypto.ShortBufferException: output buffer too short for input.", but works if GCM is used rather than CCM.
KCCMBlockCipher returns the wrong value for getUpdateOutputSize(len). It returns len rather than the correct value of zero (as per KGCM). Since data is only cached on an update call, the correct return value is always zero.
This causes a problem on decryption when using the JCA interface, since the underlying code on an update call uses getUpdateOutputSize() to determine the minimum size of the output buffer, and will insist on a buffer as long as the input data (which includes the Mac).
Sample code to reproduce as follows
This fails with error "javax.crypto.ShortBufferException: output buffer too short for input.", but works if GCM is used rather than CCM.