handle OpenSSL::Cipher.new('aes-128-gcm') with IV under JRuby

... so that it works ~ more compatibly with C OpenSSL (iv_length == 12)

Author: kares

src/main/java/org/jruby/ext/openssl/Cipher.java

@@ -38,19 +38,22 @@
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.Provider;
+import java.security.spec.AlgorithmParameterSpec;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
 import static javax.crypto.Cipher.DECRYPT_MODE;
 import static javax.crypto.Cipher.ENCRYPT_MODE;
 import javax.crypto.NoSuchPaddingException;
+import javax.crypto.spec.GCMParameterSpec;
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.RC2ParameterSpec;
 
 import org.jruby.Ruby;
 import org.jruby.RubyArray;
 import org.jruby.RubyClass;
+import org.jruby.RubyInteger;
 import org.jruby.RubyModule;
 import org.jruby.RubyNumeric;
 import org.jruby.RubyObject;
@@ -611,7 +614,9 @@ public int getIvLength() {
 
             if ( ivLength == -1 ) {
                 if ( "AES".equals(base) ) {
-                    ivLength = 16;
+                    ivLength = 16; // OpenSSL defaults to 12
+                    // NOTE: we can NOT handle 12 for non GCM mode
+                    if ( "GCM".equals(mode) ) ivLength = 12;
                 }
                 //else if ( "DES".equals(base) ) {
                 //    ivLength = 8;
@@ -790,22 +795,22 @@ public IRubyObject initialize_copy(final IRubyObject obj) {
     }
 
     @JRubyMethod
-    public IRubyObject name() {
+    public final RubyString name() {
         return getRuntime().newString(name);
     }
 
     @JRubyMethod
-    public IRubyObject key_len() {
+    public final RubyInteger key_len() {
         return getRuntime().newFixnum(keyLength);
     }
 
     @JRubyMethod
-    public IRubyObject iv_len() {
+    public final RubyInteger iv_len() {
         return getRuntime().newFixnum(ivLength);
     }
 
     @JRubyMethod(name = "key_len=", required = 1)
-    public IRubyObject set_key_len(IRubyObject len) {
+    public final IRubyObject set_key_len(IRubyObject len) {
         this.keyLength = RubyNumeric.fix2int(len);
         return len;
     }
@@ -959,7 +964,7 @@ private void updateCipher(final String name, final String padding) {
         cipher = getCipherInstance();
     }
 
-    javax.crypto.Cipher getCipherInstance() {
+    final javax.crypto.Cipher getCipherInstance() {
         try {
             return getCipherInstance(realName, false);
         }
@@ -1040,15 +1045,22 @@ else if ( "RC4".equalsIgnoreCase(cryptoBase) ) {
                     );
                 }
                 else {
+                    final AlgorithmParameterSpec ivSpec;
+                    if ( "GCM".equalsIgnoreCase(cryptoMode) ) { // e.g. 'aes-128-gcm'
+                        ivSpec = new GCMParameterSpec(this.ivLength * 8, this.realIV);
+                    }
+                    else {
+                        ivSpec = new IvParameterSpec(this.realIV);
+                    }
                     cipher.init(encryptMode ? ENCRYPT_MODE : DECRYPT_MODE,
                         new SimpleSecretKey(getCipherAlgorithm(), this.key),
-                        new IvParameterSpec(this.realIV)
+                        ivSpec
                     );
                 }
             }
         }
         catch (InvalidKeyException e) {
-            throw newCipherError(runtime, e + ": possibly you need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JRE");
+            throw newCipherError(runtime, e + "\n possibly you need to install Java Cryptography Extension (JCE) Unlimited Strength Jurisdiction Policy Files for your JRE");
         }
         catch (Exception e) {
             debugStackTrace(runtime, e);

src/test/ruby/test_cipher.rb

@@ -312,6 +312,43 @@ def test_encrypt_aes_cfb_4_incompatibility
     end
   end
 
+  def test_aes_128_gcm
+    cipher = OpenSSL::Cipher.new('aes-128-gcm')
+    assert_equal cipher, cipher.encrypt
+    cipher.key = '01' * 8
+    cipher.iv = '0' * 16
+
+    bytes = '0000' * 4
+    expected = "\xAC\xC8\x0E\xEDbX,\xB4\xCD\x02\x06O(p\xF8u" # from MRI
+    actual = cipher.update(bytes)
+    assert_equal expected, actual
+    assert_equal "", cipher.final unless defined? JRUBY_VERSION
+
+    cipher = OpenSSL::Cipher.new('aes-128-gcm')
+    assert_equal cipher, cipher.encrypt
+    cipher.key = '01' * 8
+    cipher.iv = '012345678' * 2
+
+    bytes = '0000' * 4
+    expected = "\xF3\xEF\xE6K\xBAJ\xAB=7m'\b\xE0\x06U\x9B" # from MRI
+    actual = cipher.update(bytes)
+    assert_equal expected, actual
+    #assert_equal "", cipher.final unless defined? JRUBY_VERSION
+
+    cipher = OpenSSL::Cipher.new('aes-128-gcm')
+    assert_equal cipher, cipher.encrypt
+    assert_equal 16, cipher.key_len
+    assert_equal 12, cipher.iv_len
+    cipher.key = '01' * 8
+    cipher.iv = '0' * 12
+
+    bytes = '0000' * 4
+    expected = "\xAC\xC8\x0E\xEDbX,\xB4\xCD\x02\x06O(p\xF8u" # from MRI
+    actual = cipher.update(bytes)
+    assert_equal expected, actual
+    #assert_equal "", cipher.final
+  end
+
   def test_encrypt_aes_cfb_16_incompatibility
     cipher = OpenSSL::Cipher.new 'AES-128-CFB'
     assert_equal cipher, cipher.encrypt