fix(CMS): Downgrade AES cipher mode from GCM to CBC

Fixes relaycorp/awala-gateway-internet#204 See also: relaycorp/relayverse#16
relaycorp · Nov 25, 2020 · ddc554a · ddc554a
1 parent e26669f
commit ddc554a
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 9 deletions.
diff --git a/src/main/kotlin/tech/relaycorp/relaynet/wrappers/cms/EnvelopedData.kt b/src/main/kotlin/tech/relaycorp/relaynet/wrappers/cms/EnvelopedData.kt
@@ -22,11 +22,11 @@ import java.security.spec.MGF1ParameterSpec
 import javax.crypto.spec.OAEPParameterSpec
 import javax.crypto.spec.PSource
 
-// Use GCM mode to encrypt payloads per RS-018
+// CBC mode is temporary. See: https://github.com/relaycorp/relayverse/issues/16
 private val cmsContentEncryptionAlgorithm = mapOf(
-    SymmetricEncryption.AES_128 to CMSAlgorithm.AES128_GCM,
-    SymmetricEncryption.AES_192 to CMSAlgorithm.AES192_GCM,
-    SymmetricEncryption.AES_256 to CMSAlgorithm.AES256_GCM
+    SymmetricEncryption.AES_128 to CMSAlgorithm.AES128_CBC,
+    SymmetricEncryption.AES_192 to CMSAlgorithm.AES192_CBC,
+    SymmetricEncryption.AES_256 to CMSAlgorithm.AES256_CBC
 )
 
 internal sealed class EnvelopedData(val bcEnvelopedData: CMSEnvelopedData) {

diff --git a/src/test/kotlin/tech/relaycorp/relaynet/wrappers/cms/CMSUtils.kt b/src/test/kotlin/tech/relaycorp/relaynet/wrappers/cms/CMSUtils.kt
@@ -21,7 +21,7 @@ val HASHING_ALGORITHM_OIDS = mapOf(
 )
 
 val PAYLOAD_SYMMETRIC_ENC_ALGO_OIDS = mapOf(
-    SymmetricEncryption.AES_128 to "2.16.840.1.101.3.4.1.6",
-    SymmetricEncryption.AES_192 to "2.16.840.1.101.3.4.1.26",
-    SymmetricEncryption.AES_256 to "2.16.840.1.101.3.4.1.46"
+    SymmetricEncryption.AES_128 to "2.16.840.1.101.3.4.1.2",
+    SymmetricEncryption.AES_192 to "2.16.840.1.101.3.4.1.22",
+    SymmetricEncryption.AES_256 to "2.16.840.1.101.3.4.1.42"
 )
diff --git a/src/test/kotlin/tech/relaycorp/relaynet/wrappers/cms/EnvelopedDataTest.kt b/src/test/kotlin/tech/relaycorp/relaynet/wrappers/cms/EnvelopedDataTest.kt
@@ -251,7 +251,7 @@ class SessionlessEnvelopedDataTest {
             }
 
             @Test
-            fun `AES-GCM-128 should be used by default`() {
+            fun `AES-CBC-128 should be used by default`() {
                 val envelopedData = SessionlessEnvelopedData.encrypt(PLAINTEXT, CERTIFICATE)
 
                 assertEquals(
@@ -364,6 +364,6 @@ private fun generateBcEnvelopedData(
 ): CMSEnvelopedData {
     val msg = CMSProcessableByteArray(PLAINTEXT)
     val encryptorBuilder =
-        JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_GCM).setProvider(BC_PROVIDER)
+        JceCMSContentEncryptorBuilder(CMSAlgorithm.AES128_CBC).setProvider(BC_PROVIDER)
     return cmsEnvelopedDataGenerator.generate(msg, encryptorBuilder.build())
 }