gcm_decrypt_verify() no longer verifies the provided tag

gbegen commented 6 years ago

I can pass anything as the tag into gcm_decrypt_verify() and it will return decrypted plaintext. It looks like this might have been lost with the conversion to XS in recent versions.

#!/usr/bin/env perl
use 5.14.0;
use strictures 2;

use Crypt::AuthEnc::GCM qw(gcm_decrypt_verify gcm_encrypt_authenticate);
use MIME::Base64 qw(decode_base64);

my ($ct, $tag) = gcm_encrypt_authenticate(
  'AES',
  decode_base64('QG1vT29ke5maBZRtdqaEcC8BjDxPGOILyylheMSkyM4='),
  decode_base64('tWWWVmRvthlL0d6iFNJtHOIWkFSpf7p7hCoE+l+Pszo='),
  undef,
  'Hello Crypto',
);

# this should not work because I am not providing the correct tag value
my $pt = gcm_decrypt_verify(
  'AES',
  decode_base64('QG1vT29ke5maBZRtdqaEcC8BjDxPGOILyylheMSkyM4='),
  decode_base64('tWWWVmRvthlL0d6iFNJtHOIWkFSpf7p7hCoE+l+Pszo='),
  undef,
  $ct,
  "anything",
);

say $pt;

karel-m commented 6 years ago

Unfortunately the same bug in chacha20poly1305_decrypt_verify.

Should be fixed in CryptX-0.061_002

karel-m commented 6 years ago

CryptX-0.062 released

DCIT / perl-CryptX

gcm_decrypt_verify() no longer verifies the provided tag #47