• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

GCM & CCM example for BouncyCastle

 
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi
can you give me an example for using GCM and/or CCM modes with AES in BouncyCastle?
My code is this:


but it throws this exception when decrypting in GCM mode:

And this Exception when encrypting in CCM mode:


 
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
JDK1.7.04 with BC 147 on Ubuntu 11.4 . Running your code I get a different but seemingly related exception -

Suspecting that it was a problem caused by using NoPadding I tried PKCS5Padding but I was informed that NoPadding is the only possibility. Ignoring the exception and comparing the input and output files I find that they are identical even when the file size is not a multiple of 16 so some form of padding is implicit when using GCM.

I don't normally jump in and assume a bug but I suspect you have found a bug in the BC library. In your position I would post it to the BC 'dev-crypto' mailing list. I would turn the code into an SSCCE ( http://sscce.org/ ) and remove the redundant code (the buffered streams do nothing for you) before posting.
 
john roney
Greenhorn
Posts: 13
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I found that this line makes the exception (closing CipherInputStream for decryption phase):

Without it there is no exception and decryption output is correct. but as I know removing this line should make CipherInputStream don't call doFinal on the Cipher!
I don't know is it safe to remove it?
 
Richard Tookey
Bartender
Posts: 1166
17
Netbeans IDE Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

john roney wrote:I found that this line makes the exception (closing CipherInputStream for decryption phase):


That is what the stack trace tells you!


Without it there is no exception and decryption output is correct. but as I know removing this line should make CipherInputStream don't call doFinal on the Cipher!
I don't know is it safe to remove it?


You might get away with not calling the close() but I'm quite uncomfortable with the concept since in general one does not know what else is being done by the close(). I would still present this to the BC mailing list for comment since closing a stream should not throw an exception if there is nothing wrong.


Edit:
By changing the decrypt to use a CipherOutputStream I don't get any exception :-


There still looks to be a bug in BC .
 
reply
    Bookmark Topic Watch Topic
  • New Topic