Adjust AES-CTS to allow for single block operation #173
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
There was a problem hiding this comment.
Pull Request Overview
This PR adds AES-CTS support for exactly 16-byte (single block) inputs and corrects the buffering behavior to ensure CTS processes the entire message at finalization rather than streaming incrementally.
- Updates minimum input length requirement from
> 16 bytesto>= 16 bytesper RFC 3962/8009 - Changes CTS buffering to match GCM/CCM: buffer all data until
doFinal()call - Implements single-block edge case in JNI using plain CBC encryption/decryption
- Adds comprehensive test coverage for 16-byte inputs using both byte arrays and ByteBuffers
Reviewed Changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| src/main/java/com/wolfssl/wolfcrypt/AesCts.java | Updated validation logic from <= BLOCK_SIZE to < BLOCK_SIZE and revised documentation to reflect that CTS now accepts exactly 16 bytes |
| src/main/java/com/wolfssl/provider/jce/WolfCryptCipher.java | Added CTS to non-streaming modes (with GCM/CCM) in isNoOpUpdate(), removed CTS from streaming cipher list, updated minimum length validation, and added explanatory comments |
| src/test/java/com/wolfssl/wolfcrypt/test/AesCtsTest.java | Updated test to verify 15-byte rejection and 16-byte acceptance, replaced hard-coded values with Aes.BLOCK_SIZE constant |
| src/test/java/com/wolfssl/provider/jce/test/WolfCryptCipherTest.java | Added 16 to test data sizes, updated minimum length test to verify 15-byte rejection and 16-byte acceptance, added two new comprehensive tests for single-block edge case (byte array and ByteBuffer paths) |
| jni/jni_aescts.c | Updated validation from <= AES_BLOCK_SIZE to < AES_BLOCK_SIZE, added special case handling for exactly 16 bytes using plain CBC (applies to both byte array and ByteBuffer JNI methods) |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
rlm2002
approved these changes
Nov 14, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds AES-CTS support for one block (16-byte) input, and fixes buffering behavior.
doFinal()instead of streamingThis fixes SunJCE
KerberosAesSha2test failures when using AES-CTS encryption with exactly one block of input.