Skip to content

Commit 790719e

Browse files
SailRealSailReal
authored
Merge pull request #36 from cryptomator/feature/fix-gcm-on-android-pre29-again
Fix decrypting the file content on Android API level pre 29 using GCM
2 parents 9097dc3 + 4e31711 commit 790719e

File tree

3 files changed

+12
-2
lines changed

3 files changed

+12
-2
lines changed

src/main/java/org/cryptomator/cryptolib/v2/FileContentCryptorImpl.java

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -75,7 +75,8 @@ public void encryptChunk(ByteBuffer cleartextChunk, ByteBuffer ciphertextChunk,
7575

7676
@Override
7777
public ByteBuffer decryptChunk(ByteBuffer ciphertextChunk, long chunkNumber, FileHeader header, boolean authenticate) throws AuthenticationFailedException {
78-
ByteBuffer cleartextChunk = ByteBuffer.allocate(PAYLOAD_SIZE);
78+
// FileHeaderImpl.Payload.SIZE + GCM_TAG_SIZE is required to fix a bug in Android API level pre 29, see https://issuetracker.google.com/issues/197534888 and #35
79+
ByteBuffer cleartextChunk = ByteBuffer.allocate(PAYLOAD_SIZE + GCM_TAG_SIZE);
7980
decryptChunk(ciphertextChunk, cleartextChunk, chunkNumber, header, authenticate);
8081
cleartextChunk.flip();
8182
return cleartextChunk;

src/main/java/org/cryptomator/cryptolib/v2/FileHeaderCryptorImpl.java

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -90,7 +90,7 @@ public FileHeader decryptHeader(ByteBuffer ciphertextHeaderBuf) throws Authentic
9090
buf.position(FileHeaderImpl.PAYLOAD_POS);
9191
buf.get(ciphertextAndTag);
9292

93-
// FileHeaderImpl.Payload.SIZE + GCM_TAG_SIZE is required to fix a bug in Android API level pre 29, see https://issuetracker.google.com/issues/197534888
93+
// FileHeaderImpl.Payload.SIZE + GCM_TAG_SIZE is required to fix a bug in Android API level pre 29, see https://issuetracker.google.com/issues/197534888 and #24
9494
ByteBuffer payloadCleartextBuf = ByteBuffer.allocate(FileHeaderImpl.Payload.SIZE + GCM_TAG_SIZE);
9595
try (DestroyableSecretKey ek = masterkey.getEncKey()) {
9696
// decrypt payload:

suppression.xml

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -9,4 +9,13 @@
99
<cpe>cpe:/a:cryptomator:cryptomator</cpe>
1010
<cve>CVE-2022-25366</cve>
1111
</suppress>
12+
13+
<suppress>
14+
<notes><![CDATA[
15+
Suppress false positive, because com.google.common.io.Files.getTempDir() is not used
16+
]]></notes>
17+
<packageUrl regex="true">^pkg:maven/com\.google\.guava/guava@.*$</packageUrl>
18+
<vulnerabilityName>CVE-2020-8908</vulnerabilityName>
19+
<cve>CVE-2020-8908</cve>
20+
</suppress>
1221
</suppressions>

0 commit comments

Comments
 (0)