16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
67 lines
1.6 KiB
Plaintext
67 lines
1.6 KiB
Plaintext
== Why is this an issue?
|
|
|
|
include::../description.adoc[]
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
public void encrypt(byte[] key, byte[] ptxt) {
|
|
byte[] bytesIV = "7cVgr5cbdCZV".getBytes("UTF-8"); // The initialization vector is a static value
|
|
|
|
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce); // The initialization vector is configured here
|
|
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
|
|
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
|
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv); // Noncompliant
|
|
}
|
|
----
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
public void encrypt(byte[] key, byte[] ptxt) {
|
|
SecureRandom random = new SecureRandom();
|
|
byte[] bytesIV = new byte[12];
|
|
random.nextBytes(bytesIV); // Random 96 bit IV
|
|
|
|
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, nonce);
|
|
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
|
|
|
|
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
|
|
cipher.init(Cipher.ENCRYPT_MODE, keySpec, iv);
|
|
}
|
|
----
|
|
|
|
include::../see.adoc[]
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
include::../message.adoc[]
|
|
|
|
=== Highlighting
|
|
|
|
==== *Java Cryptographic Arquitecture*
|
|
* Primary location
|
|
** javax.crypto.Cipher.init call
|
|
|
|
* Secondary locations
|
|
** javax.crypto.spec.GCMParameterSpec constructor
|
|
** nonce variable declaration
|
|
|
|
==== *BouncyCastle*
|
|
* Primary location
|
|
** javax.crypto.Cipher.init
|
|
|
|
* Secondary locations
|
|
** org.bouncycastle.crypto.params.AEADParameters constructor
|
|
** nonce variable declaration
|
|
|
|
|
|
endif::env-github,rspecator-view[] |