Login/Register
Which provider is responsible for AES/CTR/NoPadding?
Asked Answered
Solved javacryptographyaesjcectr-mode
U

1

7

Information about my implementation

The code snippet below highlights my current implementation of a crypto object, using both the AES cipher and CTR mode of operation.

import javax.crypto.Cipher;

public abstract class Crypto {

    private static final String CIPHER_ALGORITHM = "AES/CTR/NoPadding";
    private String AesKeyString = "ByWelFHCgFqivFZrWs89LQ==";

    private void setKey() throws NoSuchAlgorithmException{
        byte[] keyBytes;
        keyBytes = Base64.getDecoder().decode(AesKeyString);
        aesKey = new SecretKeySpec(keyBytes, "AES");
    }

    protected byte[] execute(int mode, byte[] target, byte[] iv) 
            throws Exception{
        Cipher cipher = Cipher.getInstance(CIPHER_ALGORITHM);
        IvParameterSpec ivSpec = new IvParameterSpec(iv);
        cipher.init(mode, aesKey, ivSpec);
        return cipher.doFinal(target);
    }

}

As far as I'm concerned, the getInstance() method returns a Cipher object that implements the requested transformation, from the first Provider that supports this transformation.

Following, there is a list containing all of my available providers:

    SUN
    Alg.Alias.Signature.SHA1/DSA    SHA1withDSA
    Alg.Alias.Signature.1.2.840.10040.4.3   SHA1withDSA
    Alg.Alias.Signature.DSS SHA1withDSA
    SecureRandom.SHA1PRNG ImplementedIn Software
    KeyStore.JKS    sun.security.provider.JavaKeyStore$DualFormatJKS
    Alg.Alias.MessageDigest.SHA-1   SHA
    MessageDigest.SHA   sun.security.provider.SHA
    KeyStore.CaseExactJKS   sun.security.provider.JavaKeyStore$CaseExactJKS
    CertStore.com.sun.security.IndexedCollection ImplementedIn  Software
    Signature.SHA256withDSA sun.security.provider.DSA$SHA256withDSA
    Alg.Alias.MessageDigest.OID.1.3.14.3.2.26   SHA
    Alg.Alias.Signature.DSA SHA1withDSA
    KeyFactory.DSA ImplementedIn    Software
    KeyStore.JKS ImplementedIn  Software
    AlgorithmParameters.DSA ImplementedIn   Software
    Signature.NONEwithDSA   sun.security.provider.DSA$RawDSA
    Alg.Alias.CertificateFactory.X509   X.509
    Signature.SHA256withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
    CertStore.com.sun.security.IndexedCollection    sun.security.provider.certpath.IndexedCollectionCertStore
    Provider.id className   sun.security.provider.Sun
    Alg.Alias.MessageDigest.1.3.14.3.2.26   SHA
    Alg.Alias.Signature.SHA-1/DSA   SHA1withDSA
    KeyStore.DKS    sun.security.provider.DomainKeyStore$DKS
    Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.2  SHA256withDSA
    CertificateFactory.X.509 ImplementedIn  Software
    Alg.Alias.Signature.OID.2.16.840.1.101.3.4.3.1  SHA224withDSA
    Signature.SHA1withDSA KeySize   1024
    Signature.NONEwithDSA KeySize   1024
    KeyFactory.DSA  sun.security.provider.DSAKeyFactory
    CertPathValidator.PKIX ImplementedIn    Software
    Configuration.JavaLoginConfig   sun.security.provider.ConfigFile$Spi
    Alg.Alias.Signature.OID.1.2.840.10040.4.3   SHA1withDSA
    Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.4  SHA-224
    Alg.Alias.KeyFactory.1.2.840.10040.4.1  DSA
    MessageDigest.MD5 ImplementedIn Software
    Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.3  SHA-512
    Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.2  SHA-384
    Alg.Alias.MessageDigest.OID.2.16.840.1.101.3.4.2.1  SHA-256
    Alg.Alias.Signature.RawDSA  NONEwithDSA
    Provider.id name    SUN
    Alg.Alias.AlgorithmParameters.1.2.840.10040.4.1 DSA
    CertPathBuilder.PKIX ValidationAlgorithm    RFC3280
    Policy.JavaPolicy   sun.security.provider.PolicySpiFile
    Alg.Alias.AlgorithmParameters.OID.1.2.840.10040.4.1 DSA
    Signature.SHA224withDSA KeySize 2048
    Alg.Alias.AlgorithmParameters.1.3.14.3.2.12 DSA
    Alg.Alias.Signature.SHA/DSA SHA1withDSA
    Alg.Alias.KeyPairGenerator.1.3.14.3.2.12    DSA
    MessageDigest.SHA-384   sun.security.provider.SHA5$SHA384
    MessageDigest.SHA-224   sun.security.provider.SHA2$SHA224
    Signature.SHA1withDSA ImplementedIn Software
    AlgorithmParameterGenerator.DSA sun.security.provider.DSAParameterGenerator
    Signature.NONEwithDSA SupportedKeyClasses   java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
    MessageDigest.SHA-512   sun.security.provider.SHA5$SHA512
    Alg.Alias.KeyFactory.OID.1.2.840.10040.4.1  DSA
    CertPathBuilder.PKIX    sun.security.provider.certpath.SunCertPathBuilder
    Alg.Alias.Signature.1.3.14.3.2.27   SHA1withDSA
    Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.4  SHA-224
    CertPathBuilder.PKIX ImplementedIn  Software
    Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.3  SHA-512
    Provider.id version 1.8
    Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.2  SHA-384
    Alg.Alias.MessageDigest.2.16.840.1.101.3.4.2.1  SHA-256
    Signature.SHA256withDSA KeySize 2048
    AlgorithmParameters.DSA sun.security.provider.DSAParameters
    Signature.SHA1withDSA SupportedKeyClasses   java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
    CertStore.Collection    sun.security.provider.certpath.CollectionCertStore
    AlgorithmParameterGenerator.DSA ImplementedIn   Software
    KeyPairGenerator.DSA KeySize    2048
    CertStore.LDAP  sun.security.provider.certpath.ldap.LDAPCertStore
    Alg.Alias.Signature.2.16.840.1.101.3.4.3.2  SHA256withDSA
    CertificateFactory.X.509    sun.security.provider.X509Factory
    Alg.Alias.Signature.2.16.840.1.101.3.4.3.1  SHA224withDSA
    CertStore.LDAP LDAPSchema   RFC2587
    KeyPairGenerator.DSA ImplementedIn  Software
    CertStore.LDAP ImplementedIn    Software
    CertPathValidator.PKIX ValidationAlgorithm  RFC3280
    Signature.SHA224withDSA sun.security.provider.DSA$SHA224withDSA
    CertStore.Collection ImplementedIn  Software
    Alg.Alias.Signature.1.3.14.3.2.13   SHA1withDSA
    CertPathValidator.PKIX  sun.security.provider.certpath.PKIXCertPathValidator
    Alg.Alias.MessageDigest.SHA1    SHA
    AlgorithmParameterGenerator.DSA KeySize 2048
    SecureRandom.SHA1PRNG   sun.security.provider.SecureRandom
    Signature.SHA1withDSA   sun.security.provider.DSA$SHA1withDSA
    Alg.Alias.KeyFactory.1.3.14.3.2.12  DSA
    KeyPairGenerator.DSA    sun.security.provider.DSAKeyPairGenerator
    MessageDigest.SHA ImplementedIn Software
    Provider.id info    SUN (DSA key/parameter generation; DSA signing; SHA-1, MD5 digests; SecureRandom; X.509 certificates; JKS & DKS keystores; PKIX CertPathValidator; PKIX CertPathBuilder; LDAP, Collection CertStores, JavaPolicy Policy; JavaLoginConfig Configuration)
    Alg.Alias.KeyPairGenerator.1.2.840.10040.4.1    DSA
    MessageDigest.SHA-256   sun.security.provider.SHA2$SHA256
    Alg.Alias.Signature.DSAWithSHA1 SHA1withDSA
    MessageDigest.MD5   sun.security.provider.MD5
    Alg.Alias.Signature.SHAwithDSA  SHA1withDSA
    Alg.Alias.KeyPairGenerator.OID.1.2.840.10040.4.1    DSA
    Signature.SHA224withDSA SupportedKeyClasses java.security.interfaces.DSAPublicKey|java.security.interfaces.DSAPrivateKey
    MessageDigest.MD2   sun.security.provider.MD2
SunRsaSign
    Signature.SHA224withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.2    MD2withRSA
    Provider.id name    SunRsaSign
    Signature.SHA224withRSA sun.security.rsa.RSASignature$SHA224withRSA
    Signature.SHA512withRSA sun.security.rsa.RSASignature$SHA512withRSA
    Signature.MD5withRSA SupportedKeyClasses    java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Signature.MD2withRSA    sun.security.rsa.RSASignature$MD2withRSA
    Signature.MD2withRSA SupportedKeyClasses    java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1   RSA
    Provider.id version 1.8
    KeyFactory.RSA  sun.security.rsa.RSAKeyFactory
    Signature.SHA512withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Signature.MD5withRSA    sun.security.rsa.RSASignature$MD5withRSA
    Signature.SHA256withRSA sun.security.rsa.RSASignature$SHA256withRSA
    Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1 RSA
    Signature.SHA1withRSA SupportedKeyClasses   java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.14   SHA224withRSA
    Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1   RSA
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.13   SHA512withRSA
    Signature.SHA256withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.12   SHA384withRSA
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.11   SHA256withRSA
    Provider.id info    Sun RSA signature provider
    Signature.SHA1withRSA   sun.security.rsa.RSASignature$SHA1withRSA
    Signature.SHA384withRSA sun.security.rsa.RSASignature$SHA384withRSA
    Alg.Alias.Signature.1.3.14.3.2.29   SHA1withRSA
    Alg.Alias.Signature.1.2.840.113549.1.1.14   SHA224withRSA
    Alg.Alias.Signature.1.2.840.113549.1.1.13   SHA512withRSA
    Alg.Alias.Signature.1.2.840.113549.1.1.5    SHA1withRSA
    Alg.Alias.Signature.1.2.840.113549.1.1.12   SHA384withRSA
    Provider.id className   sun.security.rsa.SunRsaSign
    Alg.Alias.Signature.1.2.840.113549.1.1.4    MD5withRSA
    Alg.Alias.Signature.1.2.840.113549.1.1.11   SHA256withRSA
    Alg.Alias.KeyFactory.1.2.840.113549.1.1 RSA
    KeyPairGenerator.RSA    sun.security.rsa.RSAKeyPairGenerator
    Alg.Alias.Signature.1.2.840.113549.1.1.2    MD2withRSA
    Signature.SHA384withRSA SupportedKeyClasses java.security.interfaces.RSAPublicKey|java.security.interfaces.RSAPrivateKey
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.5    SHA1withRSA
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.4    MD5withRSA
SunEC
    AlgorithmParameters.EC  sun.security.ec.ECParameters
    KeyAgreement.ECDH SupportedKeyClasses   java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    Signature.SHA256withECDSA ImplementedIn Software
    Provider.id name    SunEC
    Signature.NONEwithECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    Signature.SHA224withECDSA ImplementedIn Software
    Signature.SHA1withECDSA sun.security.ec.ECDSASignature$SHA1
    Alg.Alias.Signature.OID.1.2.840.10045.4.1   SHA1withECDSA
    Signature.SHA256withECDSA SupportedKeyClasses   java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    Signature.SHA224withECDSA SupportedKeyClasses   java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    KeyPairGenerator.EC KeySize 256
    KeyFactory.EC ImplementedIn Software
    Provider.id version 1.8
    AlgorithmParameters.EC KeySize  256
    Signature.NONEwithECDSA sun.security.ec.ECDSASignature$Raw
    Signature.SHA512withECDSA ImplementedIn Software
    Alg.Alias.KeyFactory.EllipticCurve  EC
    Signature.SHA256withECDSA   sun.security.ec.ECDSASignature$SHA256
    Alg.Alias.KeyPairGenerator.EllipticCurve    EC
    Signature.SHA512withECDSA   sun.security.ec.ECDSASignature$SHA512
    Signature.SHA1withECDSA KeySize 256
    Signature.SHA1withECDSA SupportedKeyClasses java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    Signature.SHA384withECDSA SupportedKeyClasses   java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    Alg.Alias.AlgorithmParameters.EllipticCurve EC
    Alg.Alias.AlgorithmParameters.1.2.840.10045.2.1 EC
    Alg.Alias.Signature.1.2.840.10045.4.1   SHA1withECDSA
    Signature.SHA224withECDSA   sun.security.ec.ECDSASignature$SHA224
    Signature.SHA384withECDSA ImplementedIn Software
    AlgorithmParameters.EC ImplementedIn    Software
    Provider.id info    Sun Elliptic Curve provider (EC, ECDSA, ECDH)
    Signature.SHA512withECDSA SupportedKeyClasses   java.security.interfaces.ECPublicKey|java.security.interfaces.ECPrivateKey
    KeyPairGenerator.EC sun.security.ec.ECKeyPairGenerator
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.4 SHA512withECDSA
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.3 SHA384withECDSA
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.2 SHA256withECDSA
    KeyAgreement.ECDH   sun.security.ec.ECDHKeyAgreement
    Alg.Alias.Signature.OID.1.2.840.10045.4.3.1 SHA224withECDSA
    Alg.Alias.Signature.1.2.840.10045.4.3.4 SHA512withECDSA
    Alg.Alias.Signature.1.2.840.10045.4.3.3 SHA384withECDSA
    Signature.SHA384withECDSA   sun.security.ec.ECDSASignature$SHA384
    Alg.Alias.Signature.1.2.840.10045.4.3.2 SHA256withECDSA
    Alg.Alias.Signature.1.2.840.10045.4.3.1 SHA224withECDSA
    AlgorithmParameters.EC SupportedCurves  [secp112r1,1.3.132.0.6]|[secp112r2,1.3.132.0.7]|[secp128r1,1.3.132.0.28]|[secp128r2,1.3.132.0.29]|[secp160k1,1.3.132.0.9]|[secp160r1,1.3.132.0.8]|[secp160r2,1.3.132.0.30]|[secp192k1,1.3.132.0.31]|[secp192r1,NIST P-192,X9.62 prime192v1,1.2.840.10045.3.1.1]|[secp224k1,1.3.132.0.32]|[secp224r1,NIST P-224,1.3.132.0.33]|[secp256k1,1.3.132.0.10]|[secp256r1,NIST P-256,X9.62 prime256v1,1.2.840.10045.3.1.7]|[secp384r1,NIST P-384,1.3.132.0.34]|[secp521r1,NIST P-521,1.3.132.0.35]|[X9.62 prime192v2,1.2.840.10045.3.1.2]|[X9.62 prime192v3,1.2.840.10045.3.1.3]|[X9.62 prime239v1,1.2.840.10045.3.1.4]|[X9.62 prime239v2,1.2.840.10045.3.1.5]|[X9.62 prime239v3,1.2.840.10045.3.1.6]|[sect113r1,1.3.132.0.4]|[sect113r2,1.3.132.0.5]|[sect131r1,1.3.132.0.22]|[sect131r2,1.3.132.0.23]|[sect163k1,NIST K-163,1.3.132.0.1]|[sect163r1,1.3.132.0.2]|[sect163r2,NIST B-163,1.3.132.0.15]|[sect193r1,1.3.132.0.24]|[sect193r2,1.3.132.0.25]|[sect233k1,NIST K-233,1.3.132.0.26]|[sect233r1,NIST B-233,1.3.132.0.27]|[sect239k1,1.3.132.0.3]|[sect283k1,NIST K-283,1.3.132.0.16]|[sect283r1,NIST B-283,1.3.132.0.17]|[sect409k1,NIST K-409,1.3.132.0.36]|[sect409r1,NIST B-409,1.3.132.0.37]|[sect571k1,NIST K-571,1.3.132.0.38]|[sect571r1,NIST B-571,1.3.132.0.39]|[X9.62 c2tnb191v1,1.2.840.10045.3.0.5]|[X9.62 c2tnb191v2,1.2.840.10045.3.0.6]|[X9.62 c2tnb191v3,1.2.840.10045.3.0.7]|[X9.62 c2tnb239v1,1.2.840.10045.3.0.11]|[X9.62 c2tnb239v2,1.2.840.10045.3.0.12]|[X9.62 c2tnb239v3,1.2.840.10045.3.0.13]|[X9.62 c2tnb359v1,1.2.840.10045.3.0.18]|[X9.62 c2tnb431r1,1.2.840.10045.3.0.20]|[brainpoolP160r1,1.3.36.3.3.2.8.1.1.1]|[brainpoolP192r1,1.3.36.3.3.2.8.1.1.3]|[brainpoolP224r1,1.3.36.3.3.2.8.1.1.5]|[brainpoolP256r1,1.3.36.3.3.2.8.1.1.7]|[brainpoolP320r1,1.3.36.3.3.2.8.1.1.9]|[brainpoolP384r1,1.3.36.3.3.2.8.1.1.11]|[brainpoolP512r1,1.3.36.3.3.2.8.1.1.13]
    Provider.id className   sun.security.ec.SunEC
    Signature.NONEwithECDSA ImplementedIn   Software
    Signature.SHA1withECDSA ImplementedIn   Software
    KeyPairGenerator.EC ImplementedIn   Software
    KeyFactory.EC   sun.security.ec.ECKeyFactory
    KeyAgreement.ECDH ImplementedIn Software
SunJSSE
    Signature.MD5andSHA1withRSA sun.security.ssl.RSASignature
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.2    MD2withRSA
    Alg.Alias.KeyManagerFactory.PKIX    NewSunX509
    Provider.id name    SunJSSE
    KeyManagerFactory.NewSunX509    sun.security.ssl.KeyManagerFactoryImpl$X509
    Alg.Alias.Signature.OID.1.3.14.3.2.29   SHA1withRSA
    Signature.MD2withRSA    sun.security.rsa.RSASignature$MD2withRSA
    Alg.Alias.KeyPairGenerator.OID.1.2.840.113549.1.1   RSA
    Provider.id version 1.8
    KeyManagerFactory.SunX509   sun.security.ssl.KeyManagerFactoryImpl$SunX509
    KeyFactory.RSA  sun.security.rsa.RSAKeyFactory
    TrustManagerFactory.SunX509 sun.security.ssl.TrustManagerFactoryImpl$SimpleFactory
    Alg.Alias.TrustManagerFactory.X.509 PKIX
    SSLContext.TLSv1.2  sun.security.ssl.SSLContextImpl$TLS12Context
    SSLContext.TLSv1.1  sun.security.ssl.SSLContextImpl$TLS11Context
    Signature.MD5withRSA    sun.security.rsa.RSASignature$MD5withRSA
    Alg.Alias.SSLContext.SSLv3  TLSv1
    Alg.Alias.SSLContext.SSL    TLS
    KeyStore.PKCS12 sun.security.pkcs12.PKCS12KeyStore
    Alg.Alias.TrustManagerFactory.SunPKIX   PKIX
    Alg.Alias.KeyFactory.OID.1.2.840.113549.1.1 RSA
    SSLContext.Default  sun.security.ssl.SSLContextImpl$DefaultSSLContext
    Alg.Alias.KeyPairGenerator.1.2.840.113549.1.1   RSA
    Provider.id info    Sun JSSE provider(PKCS12, SunX509/PKIX key/trust factories, SSLv3/TLSv1/TLSv1.1/TLSv1.2)
    Signature.SHA1withRSA   sun.security.rsa.RSASignature$SHA1withRSA
    TrustManagerFactory.PKIX    sun.security.ssl.TrustManagerFactoryImpl$PKIXFactory
    SSLContext.TLS  sun.security.ssl.SSLContextImpl$TLSContext
    SSLContext.TLSv1    sun.security.ssl.SSLContextImpl$TLS10Context
    Alg.Alias.Signature.1.3.14.3.2.29   SHA1withRSA
    Alg.Alias.Signature.1.2.840.113549.1.1.5    SHA1withRSA
    Alg.Alias.TrustManagerFactory.X509  PKIX
    Provider.id className   com.sun.net.ssl.internal.ssl.Provider
    Alg.Alias.Signature.1.2.840.113549.1.1.4    MD5withRSA
    Alg.Alias.KeyFactory.1.2.840.113549.1.1 RSA
    KeyPairGenerator.RSA    sun.security.rsa.RSAKeyPairGenerator
    Alg.Alias.Signature.1.2.840.113549.1.1.2    MD2withRSA
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.5    SHA1withRSA
    Alg.Alias.Signature.OID.1.2.840.113549.1.1.4    MD5withRSA

Even though I don't see any provider supporting the "AES/CTR/NoPadding" algorithm, there is no NoSuchAlgorithmException thrown by the execute() method, thus I suppose this algorithm is supported by one of the previous providers.

Question

  • Which of the previous providers is being called to get the envisaged cipher object that supports the "AES/CTR/NoPadding" algorithm?

Note

The list of providers was too long to fit into this post, if you need any information regarding a not mentioned specific provider, please let me know.

Upwards answered 13/3, 2017 at 13:1 Comment(11)
1. CTR mode does not use padding. 2. The counter value must never be reused with the same key. 3. Software documentation is generally an after thought along the lines of "Damn, I have to write documentation? OK, OK, here is some, not especially designed for those who do not already know it and just want to use the code." And, surprise, turns out that way–it is just not as much fun as writing the code. Default values are among the worst for being documented, especially for code with so many variables as this crypto library. The answer is to read the code.Insentient
@Insentient I've read the javax.crypto.Cipher source code and I still couldn't find the answer I'm looking for.Upwards
Can you help me to find the code that explicitly deals with the initial counter block for the CTR mode?Upwards
My guess is you can add any garbage options to the string with impunity, that it only checks for supported options. Ex: String CIPHER_ALGORITHM = "AES/CTR/NoPadding/garbage"; might work fine. But if one is using CTR mode it should know that there is no padding.Insentient
I was at least wrong about garbage and that is a good thing!Insentient
I've tried what you suggested and the following exception occurred: java.security.NoSuchAlgorithmException: Invalid transformation format:AES/CTR/NoPadding/garbage. I know CTR does not require padding, but I think you can also choose to use some padding algorithm of your choice so that the resulting ciphertext's length is a multiple of the block size, providing that the decryption process also takes that into account. My question, though, lies on the format of the initial counter block given as input to the AES block cipher for this specific Java object and not on the overall CTR mode.Upwards
The AESCipher class is a first stop, because it is a CipherSpi therefore part of a provider. I still haven't figured out how it is loaded into a thread.Sibelius
About your additional question ... I haven't seen "128-bit nonce XORed with an m-bit counter value (usually 32 bits)" actually implemented anywhere. The nonce and the counter are usually simply concatenated. Some implementations only count in the counter portion. Others, regard the whole thing as a counter and the nonce part might change if the plaintext gets sufficiently long.Sibelius
The easiest answer to your first question is to call .getProvider() on the Cipher instance, and probably .getName() on the resulting Provider. But that doesn't tell you much about the use of IV, which is the same regardless of provider; for example you can use the BouncyCastle provider instead of SunJCE and it still takes AES-CTR IV as an arbitrary 16-byte value.Masoretic
Hi Ricardo and welcome to StackOverflow! As you can see your question was pretty well received here. There is however one issue with it: it consists of two rather separate questions: 1: how to determine the provider used and 2: how to handle the IV / Nonce / Counter for AES CTR for this implementation of AES/CTR. Next time please ask two separate questions. If you split this question in two then please comment below using @MaartenBodewes so I can split my answer in two as well.Gunther
@Maarten You can split it: https://mcmap.net/q/1621081/-how-to-handle-the-iv-nonce-counter-for-aes-ctrSibelius
G
9

You can just call getProvider() on any Cipher (or MessageDigest, etc.). If you do that for a Cipher using "AES/GCM/NoPadding" you would get the SunJCE provider. You would not get the additional service information, of course.

To get the service information about the AES cipher, try this code:

public static void main(String[] args) {
    Provider[] provs = Security.getProviders();
    for (Provider provider : provs) {
        Service service = provider.getService("Cipher", "AES");
        if (service == null) {
            continue;
        }

        String modes = service.getAttribute("SupportedModes");
        if (modes != null && modes.matches("(?i).*CTR.*")) {
            System.out.println(service);
        }
    }
}

which will output:

SunJCE: Cipher.AES -> com.sun.crypto.provider.AESCipher$General
  aliases: [Rijndael]
  attributes: {SupportedPaddings=NOPADDING|PKCS5PADDING|ISO10126PADDING, SupportedKeyFormats=RAW, SupportedModes=ECB|CBC|PCBC|CTR|CTS|CFB|OFB|CFB8|CFB16|CFB24|CFB32|CFB40|CFB48|CFB56|CFB64|OFB8|OFB16|OFB24|OFB32|OFB40|OFB48|OFB56|OFB64|GCM|CFB72|CFB80|CFB88|CFB96|CFB104|CFB112|CFB120|CFB128|OFB72|OFB80|OFB88|OFB96|OFB104|OFB112|OFB120|OFB128}

So there you have it: AES, CTR and NoPadding.

Admittedly, the Service interface of Provider is not that well described so it takes a bit of puzzling to get to this information.

Gunther answered 14/3, 2017 at 0:12 Comment(1)
Great answer, complete and pragmatic! Thank you very much Maarten, you clarified my doubts.Upwards

© 2022 - 2024 — McMap. All rights reserved.