Skip to content

Commit 3307403

Browse files
cconloncconlon
committed
JCE: fix expected pad size for decrypt operations, output size should not increase
1 parent cb8594e commit 3307403

File tree

2 files changed

+62
-2
lines changed

2 files changed

+62
-2
lines changed

src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java

Lines changed: 13 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -415,7 +415,12 @@ else if (paddingType == PaddingType.WC_PKCS5) {
415415
if (buffered != null && buffered.length > 0) {
416416
outSize += buffered.length;
417417
}
418-
outSize += Aes.getPKCS7PadSize(outSize, Aes.BLOCK_SIZE);
418+
/* Only add padding size when encrypting. When decrypting,
419+
* the output size should not include padding bytes since
420+
* they will be stripped off during decryption. */
421+
if (this.direction == OpMode.WC_ENCRYPT) {
422+
outSize += Aes.getPKCS7PadSize(outSize, Aes.BLOCK_SIZE);
423+
}
419424
}
420425
else {
421426
throw new IllegalStateException(
@@ -435,7 +440,13 @@ else if (paddingType == PaddingType.WC_PKCS5) {
435440
if (buffered != null && buffered.length > 0) {
436441
outSize += buffered.length;
437442
}
438-
outSize += Des3.getPKCS7PadSize(outSize, Des3.BLOCK_SIZE);
443+
/* Only add padding size when encrypting. When decrypting,
444+
* the output size should not include padding bytes since
445+
* they will be stripped off during decryption. */
446+
if (this.direction == OpMode.WC_ENCRYPT) {
447+
outSize += Des3.getPKCS7PadSize(outSize,
448+
Des3.BLOCK_SIZE);
449+
}
439450
}
440451
else {
441452
throw new IllegalStateException(

src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -2421,6 +2421,55 @@ public void testAesGcmGetOutputSize() throws Exception {
24212421
}
24222422
}
24232423

2424+
/**
2425+
* Verify that getOutputSize() in DECRYPT mode does not add pad bytes.
2426+
*/
2427+
@Test
2428+
public void testAesEcbPkcs5GetOutputSizeRegression() throws Exception {
2429+
2430+
if (!enabledJCEAlgos.contains("AES/ECB/PKCS5Padding")) {
2431+
/* skip if AES-ECB-PKCS5 is not enabled */
2432+
return;
2433+
}
2434+
2435+
/* 16-byte AES key */
2436+
byte[] key = new byte[] {
2437+
(byte)0x30, (byte)0x31, (byte)0x32, (byte)0x33,
2438+
(byte)0x34, (byte)0x35, (byte)0x36, (byte)0x37,
2439+
(byte)0x38, (byte)0x39, (byte)0x61, (byte)0x62,
2440+
(byte)0x63, (byte)0x64, (byte)0x65, (byte)0x66
2441+
};
2442+
2443+
SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
2444+
Cipher cipher = Cipher.getInstance("AES/ECB/PKCS5Padding", jceProvider);
2445+
2446+
/* Test ENCRYPT mode - should add padding bytes to output size */
2447+
cipher.init(Cipher.ENCRYPT_MODE, keySpec);
2448+
2449+
/* For 16-byte input with PKCS5 padding, output should be 32 bytes
2450+
* (16 bytes input + 16 bytes padding) */
2451+
assertEquals("ENCRYPT mode output size should include padding bytes",
2452+
32, cipher.getOutputSize(16));
2453+
2454+
/* For 17-byte input with PKCS5 padding, output should be 32 bytes
2455+
* (17 bytes input + 15 bytes padding) */
2456+
assertEquals("ENCRYPT mode output size should include padding bytes",
2457+
32, cipher.getOutputSize(17));
2458+
2459+
/* Test DECRYPT mode - should NOT add padding bytes to output size */
2460+
cipher.init(Cipher.DECRYPT_MODE, keySpec);
2461+
2462+
/* For 16-byte input in DECRYPT mode, output should be 16 bytes
2463+
* (padding will be stripped off) */
2464+
assertEquals("DECRYPT mode output size shouldn't include padding bytes",
2465+
16, cipher.getOutputSize(16));
2466+
2467+
/* For 32-byte input in DECRYPT mode, output should be 32 bytes
2468+
* (padding will be stripped off) */
2469+
assertEquals("DECRYPT mode output size shouldn't include padding bytes",
2470+
32, cipher.getOutputSize(32));
2471+
}
2472+
24242473
/**
24252474
* AES-GCM decrypt failure should throw AEADBadTagException instead
24262475
* of generic exception.

0 commit comments

Comments
 (0)