48 lines
1.2 KiB
Plaintext
48 lines
1.2 KiB
Plaintext
|
include::../description.adoc[]
|
||
|
|
|
||
|
|
== Noncompliant Code Example
|
||
|
|
|
||
|
|
[source,kotlin]
|
||
|
|
----
|
||
|
|
fun encrypt(key: ByteArray, ptxt: ByteArray) {
|
||
|
|
val nonce: ByteArray = "7cVgr5cbdCZV".toByteArray() // The initialization vector is a static value
|
||
|
|
|
||
|
|
val gcmSpec = GCMParameterSpec(128, nonce) // The initialization vector is configured here
|
||
|
|
val skeySpec = SecretKeySpec(key, "AES")
|
||
|
|
|
||
|
|
val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
|
||
|
|
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, gcmSpec) // Noncompliant
|
||
|
|
}
|
||
|
|
----
|
||
|
|
|
||
|
|
== Compliant Solution
|
||
|
|
|
||
|
|
[source,kotlin]
|
||
|
|
----
|
||
|
|
fun encrypt(key: ByteArray, ptxt: ByteArray) {
|
||
|
|
val random: SecureRandom = SecureRandom()
|
||
|
|
val nonce: ByteArray = ByteArray(12)
|
||
|
|
random.nextBytes(nonce) // Random 96 bit IV
|
||
|
|
|
||
|
|
val gcmSpec = GCMParameterSpec(128, nonce)
|
||
|
|
val skeySpec = SecretKeySpec(key, "AES")
|
||
|
|
|
||
|
|
val cipher: Cipher = Cipher.getInstance("AES/GCM/NoPadding")
|
||
|
|
cipher.init(Cipher.ENCRYPT_MODE, skeySpec, gcmSpec)
|
||
|
|
}
|
||
|
|
----
|
||
|
|
|
||
|
|
include::../see.adoc[]
|
||
|
|
|
||
|
|
|
||
|
|
ifdef::env-github,rspecator-view[]
|
||
|
|
|
||
|
|
'''
|
||
|
|
== Implementation Specification
|
||
|
|
(visible only on this page)
|
||
|
|
|
||
|
|
include::../message.adoc[]
|
||
|
|
|
||
|
|
include::./highlighting.adoc[]
|
||
|
|
|
||
|
|
endif::env-github,rspecator-view[]
|