Skip to content

Commit 81421f8

Browse files
danny-gallagherdanny-gallagher
committed
* Removing un-neccessary SecretKeySpec for AESCBC and AESGCM classes
* Adding code comment outlining the reason for using the 2nd 16 bytes of the secret key for CBC decryption
1 parent 3819e2f commit 81421f8

File tree

2 files changed

+3
-5
lines changed

2 files changed

+3
-5
lines changed

src/main/java/com/mastercard/developer/encryption/aes/AESCBC.java

Lines changed: 2 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -19,13 +19,12 @@ private AESCBC() {
1919

2020
@java.lang.SuppressWarnings("squid:S3329")
2121
public static byte[] decrypt(Key secretKey, JweObject object) throws GeneralSecurityException {
22+
// First 16 bytes are the MAC key, so we only use the second 16 bytes
2223
SecretKeySpec aesKey = new SecretKeySpec(secretKey.getEncoded(), 16, 16, "AES");
23-
2424
byte[] cipherText = EncodingUtils.base64Decode(object.getCipherText());
2525
byte[] iv = EncodingUtils.base64Decode(object.getIv());
26-
SecretKeySpec keyspec = new SecretKeySpec(aesKey.getEncoded(), "AES");
2726

28-
return cipher(keyspec, new IvParameterSpec(iv), cipherText, Cipher.DECRYPT_MODE);
27+
return cipher(aesKey, new IvParameterSpec(iv), cipherText, Cipher.DECRYPT_MODE);
2928
}
3029

3130
public static byte[] cipher(Key key, AlgorithmParameterSpec iv, byte[] bytes, int mode) throws GeneralSecurityException {

src/main/java/com/mastercard/developer/encryption/aes/AESGCM.java

Lines changed: 1 addition & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -22,10 +22,9 @@ private AESGCM() {
2222

2323
public static byte[] decrypt(Key cek, JweObject object) throws GeneralSecurityException {
2424
byte[] aad = object.getRawHeader().getBytes(StandardCharsets.US_ASCII);
25-
SecretKey aesKey = new SecretKeySpec(cek.getEncoded(), "AES");
2625
GCMParameterSpec gcmSpec = new GCMParameterSpec(128, EncodingUtils.base64Decode(object.getIv()));
2726
byte[] bytes = ByteUtils.concat(EncodingUtils.base64Decode(object.getCipherText()), EncodingUtils.base64Decode(object.getAuthTag()));
28-
return cipher(aesKey, gcmSpec, bytes, aad, Cipher.DECRYPT_MODE);
27+
return cipher(cek, gcmSpec, bytes, aad, Cipher.DECRYPT_MODE);
2928
}
3029

3130
public static byte[] cipher(Key key, GCMParameterSpec gcpSpec, byte[] bytes, byte[] aad, int mode) throws GeneralSecurityException {

0 commit comments

Comments
 (0)