This is an automated email from the ASF dual-hosted git repository.
lgoldstein pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/mina-sshd.git
commit c110ff837e1fcb638d76b38349216ab67fb2160e
Author: Jeremy Norris <jeremy.nor...@localbackhaul.com>
AuthorDate: Mon Oct 12 15:34:32 2020 -0500
[SSHD-506] Guard against GCM IV reuse.
---
.../main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java | 8 +++++++-
1 file changed, 7 insertions(+), 1 deletion(-)
diff --git
a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
index 5e43336..d1b3191 100644
--- a/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
+++ b/sshd-common/src/main/java/org/apache/sshd/common/cipher/BaseGCMCipher.java
@@ -78,6 +78,7 @@ public class BaseGCMCipher extends BaseCipher {
*/
protected static class CounterGCMParameterSpec extends GCMParameterSpec {
protected final byte[] iv;
+ protected final long initialCounter;
protected CounterGCMParameterSpec(int tLen, byte[] src) {
super(tLen, src);
@@ -85,12 +86,17 @@ public class BaseGCMCipher extends BaseCipher {
throw new IllegalArgumentException("GCM nonce must be 12
bytes, but given len=" + src.length);
}
iv = src.clone();
+ initialCounter = BufferUtils.getLong(iv, iv.length - Long.BYTES,
Long.BYTES);
}
protected void incrementCounter() {
int off = iv.length - Long.BYTES;
long counter = BufferUtils.getLong(iv, off, Long.BYTES);
- BufferUtils.putLong(counter + 1L, iv, off, Long.BYTES);
+ long newCounter = counter + 1L;
+ if (newCounter == initialCounter) {
+ throw new IllegalStateException("GCM IV would be reused");
+ }
+ BufferUtils.putLong(newCounter, iv, off, Long.BYTES);
}
@Override
