Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Error getting Content from CmsEnvelopedData with AES128-GCM #354

Open
Nintai opened this issue Apr 4, 2022 · 3 comments
Open

Error getting Content from CmsEnvelopedData with AES128-GCM #354

Nintai opened this issue Apr 4, 2022 · 3 comments

Comments

@Nintai
Copy link

Nintai commented Apr 4, 2022
edited
Loading

I got a problem with decrypting CmsEnvelopedData that was encrypted with the bouncy castle library in JAVA.

The error occurs when calling var decryptedData = recipient.GetContent(privKey); where recipient is of type KeyTransRecipientInformation.

From what I could find out, the C# library is getting the IV Length from this line in ParameterUtilities.cs in the method GetCipherParameters:
int basicIVKeySize = FindBasicIVSize(canonical);

In the case of canonical being "AES128" it will return 16.

As long as basicIVKeySize is not -1 it will try to convert the parameter to an octetstring assuming that you only get the IV and not the IV Size:

if (basicIVKeySize != -1 || canonical == "RIJNDAEL" || canonical == "SKIPJACK" || canonical == "TWOFISH")
{
    iv = ((Asn1OctetString) asn1Params).GetOctets();
}

The Parameter inside of the CmsEnvelopedData, which was generated with the java library, seems to be:
{[#1234567890abcdef12345678, 16]}
which obviously causes an exception when trying to convert it to Asn1OctetString, because its a DerSequence instead.

So in my opinion there are 2 things that could be the case:
Either
the java library shouldnt add the IV length when it can be derived from the algorithm
or
the c# library should check if it gets a DerSequence and convert it to IV & IV length if thats the case

Should also note that decrypting in java itself works just fine, but thats not what we want to use for decrypting.

We used:
Portable.BouncyCastle 1.9.0
@PPeMg
Copy link

PPeMg commented Nov 29, 2022
edited
Loading

Hi!

We are having exactly the same problem here. There is a clear difference with Java version and we are not sure about how to proceed here. Is there anyone who has fixed this issue without modifying the code?

In the meanwhile, we are using this "fix" but we are not sure if this can have collateral effects in other parts of the library, so it would be nice if this could be discussed further and find a final solution for this bug.

// /crypto/src/security/ParameterUtilities.cs

if (basicIVKeySize != -1 || canonical == "RIJNDAEL" || canonical == "SKIPJACK" || canonical == "TWOFISH")
{
    var sequence = asn1Params as DerSequence;
    iv = sequence != null ? ((DerOctetString) sequence[0]).GetOctets() : ((Asn1OctetString) asn1Params).GetOctets();
}

EDIT: I added a PR with this fix. Maybe this could be fixed that way? #402

PPeMg added a commit to PPeMg/bc-csharp that referenced this issue Nov 29, 2022
@PPeMg
Fix for Issue bcgit#354. "Error getting Content from CmsEnvelopedData…
2376036 
… with AES128-GCM "
@PPeMg PPeMg mentioned this issue Nov 29, 2022
Closed
@peterdettman
Copy link
Collaborator

This should now be fixed and will be in the 2.1.0 release, expected shortly.

pull bot pushed a commit to Mu-L/bc-csharp that referenced this issue Feb 16, 2023
@peterdettman
ParameterUtilities support for CCM, GCM parameters
a4f8804 
- see bcgit#354
@jumajeric
Copy link

Hello!
After the update it seems that the encryption now throws the same error as did the decryption. Is there a correlation?? #475

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@peterdettman @Nintai @PPeMg @jumajeric