From: Eric Messick <eric@communities.com>
Date: Wed, 13 Aug 1997 13:49:38 -0700
Message-Id: <199708132049.NAA20310@com.communities.com>
To: java-security@web2.javasoft.com
Subject: jce-1.1 problems with CipherInputStream and padding
The class included below demonstrates two problems with jce-1.1. It
copies stdin to stdout via an encrypted temporary file, using a
randomly generated key.
First, padding at end of file is handled incorrectly. As was pointed
out in an earlier java-security message, the padding uses the digits
1-8 as opposed to the byte values 1-8. This is a minor
incompatability issue. However, the padding is not being removed
correctly. When run on a short file, the following output is
produced:
------------stdin-------------
ferd is a ferd
------------------------------
------------stdout------------
ferd is a ferd
1a ferd
------------------------------
Second, CipherInputStream appears to be dropping a large amount of
data at read() boundries. When run on a copy of the termcap file
(135816 bytes on my system), the temporary file is 135840 bytes long,
and the output file is only 45864 bytes! This is clearly a serious
problem.
-eric messick eric@communities.com
Start of CryptBug.java:
-------->8-------->8-------->8-------->8-------->8-------->8------
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.security.Cipher;
import java.security.CipherInputStream;
import java.security.CipherOutputStream;
import java.security.Key;
import java.security.KeyGenerator;
import java.security.SecureRandom;
public class CryptBug
{
public static void main(String args[]) throws Throwable {
File tmp = new File("ferd");
Cipher cipher = Cipher.getInstance("DES/ECB/PKCS#5");
SecureRandom random = new SecureRandom();
KeyGenerator keygen = KeyGenerator.getInstance("DES");
keygen.initialize(random);
Key key = keygen.generateKey();
FileOutputStream tmpout = new FileOutputStream(tmp);
cipher.initEncrypt(key);
OutputStream os = new CipherOutputStream(tmpout, cipher);
copystream(System.in, os);
FileInputStream tmpin = new FileInputStream(tmp);
cipher.initDecrypt(key);
InputStream is = new CipherInputStream(tmpin, cipher);
copystream(is, System.out);
}
static public int BUFLEN = 1024;
static public void copystream(InputStream is, OutputStream os) throws IOException {
byte buf[] = new byte[BUFLEN];
int len;
while ((len=is.read(buf, 0, BUFLEN)) > 0) {
os.write(buf, 0, len);
}
os.flush();
os.close();
is.close();
}
}
-------->8-------->8-------->8-------->8-------->8-------->8------
End of CryptBug.java