search

Sahamati / rahasya

The project aims to simplify the usage of ECC curve (curve25519) with Diffie-Hellman Key exchange. The work is inline with the Account Aggregator Specification.
Apache License 2.0
13 stars 20 forks source link

Getting Exception in decryption code #1

Closed gaganjain9319 closed 4 years ago

gaganjain9319 commented 4 years ago

Getting below exception:- javax.crypto.AEADBadTagException: mac check in GCM failed

Encryption Code:- public String encrypt(PrivateKey ourPrivatekey, PublicKey remotePublicKey, String base64YourNonce, String base64RemoteNonce, String data) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException { //derive the secret key byte[] cipherData = null; try { System.out.println("base 64 data "+data); byte[] srcBytes = data.getBytes(StandardCharsets.US_ASCII); String sharedSecret = dheService.getSharedSecret(ourPrivatekey, remotePublicKey); //Xor the nonce byte[] xoredNonce = xor(Base64.getDecoder().decode(base64YourNonce), Base64.getDecoder().decode(base64RemoteNonce)); //create a session key with the derived secret String key = getSessionKey(Base64.getDecoder().decode(sharedSecret), xoredNonce); // Crease the cipher instance with the neessary encryption algorithm KeyAgreement ka = KeyAgreement.getInstance("ECDH"); System.out.println(ka.getProvider().getName()); Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding", provider); //Create the spec with the given session key SecretKeySpec keySpec = new SecretKeySpec(Base64.getDecoder().decode(key), "AES"); byte[] iv = generateIVBytes(cipher); System.out.println(iv.length+" --lenght"); //Copy only the last 12 bytes System.arraycopy(xoredNonce, saltIVOffset, iv, 0, iv.length); GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(gcmTagLength * 8, iv); cipher.init(Cipher.ENCRYPT_MODE, keySpec, gcmParameterSpec); cipherData = cipher.doFinal(srcBytes); System.out.println("cipher bytes "+cipherData); } catch (Exception e){ e.printStackTrace(); } return Base64.getEncoder().encodeToString(cipherData); }

Decryption Code:- public String decrypt(PrivateKey ourPrivatekey, PublicKey remotePublicKey, String base64YourNonce, String base64RemoteNonce, String base64EncodedData) throws InvalidKeyException, NoSuchAlgorithmException, NoSuchProviderException, NoSuchPaddingException, InvalidAlgorithmParameterException, IllegalBlockSizeException, BadPaddingException {

    String sharedSecret = dheService.getSharedSecret(ourPrivatekey, remotePublicKey);
    byte[] xoredNonce = xor(Base64.getDecoder().decode(base64YourNonce), Base64.getDecoder().decode(base64RemoteNonce));
    String key = getSessionKey(Base64.getDecoder().decode(sharedSecret), xoredNonce);
    Cipher cipher = Cipher.getInstance(algorithm, provider);
    SecretKeySpec keySpec = new SecretKeySpec(Base64.getDecoder().decode(key), "AES");
    byte[] iv = new byte[12];
    System.arraycopy(xoredNonce, saltIVOffset, iv, 0, ivLength);
    GCMParameterSpec gcmParameterSpec = new GCMParameterSpec(gcmTagLength * 8, iv);
    cipher.init(Cipher.DECRYPT_MODE, keySpec, gcmParameterSpec);
    byte[] cipherData = cipher.doFinal(Base64.getDecoder().decode(base64EncodedData));

    return Base64.getEncoder().encodeToString(cipherData);
}

StackTrace:- javax.crypto.AEADBadTagException: mac check in GCM failed at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method) at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:62) at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45) at java.lang.reflect.Constructor.newInstance(Constructor.java:423) at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher$AEADGenericBlockCipher.doFinal(Unknown Source) at org.bouncycastle.jcajce.provider.symmetric.util.BaseBlockCipher.engineDoFinal(Unknown Source) at javax.crypto.Cipher.doFinal(Cipher.java:2222) at com.finbit.aa.fiu.service.impl.CipherServiceImpl.decrypt(CipherServiceImpl.java:94) at com.finbit.aa.fiu.service.impl.DecryptFIServiceImpl.decryptFI(DecryptFIServiceImpl.java:47) at com.finbit.aa.fiu.service.impl.FIFetchRequestServiceImpl.fetchFIData(FIFetchRequestServiceImpl.java:59) at com.finbit.aa.fiu.controller.ConsentNotificationController.fiNotification(ConsentNotificationController.java:27) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:498) at org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:190) at org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:138) at org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:106) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:888) at org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:793) at org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:87) at org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:1040) at org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:943) at org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:1006) at org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:909) at javax.servlet.http.HttpServlet.service(HttpServlet.java:660) at org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:883) at javax.servlet.http.HttpServlet.service(HttpServlet.java:741) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:231) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.RequestContextFilter.doFilterInternal(RequestContextFilter.java:100) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.FormContentFilter.doFilterInternal(FormContentFilter.java:93) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.boot.actuate.metrics.web.servlet.WebMvcMetricsFilter.doFilterInternal(WebMvcMetricsFilter.java:108) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:201) at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:119) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:193) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:166) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:202) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:96) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:541) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:139) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:92) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:74) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:343) at org.apache.coyote.http11.Http11Processor.service(Http11Processor.java:367) at org.apache.coyote.AbstractProcessorLight.process(AbstractProcessorLight.java:65) at org.apache.coyote.AbstractProtocol$ConnectionHandler.process(AbstractProtocol.java:860) at org.apache.tomcat.util.net.NioEndpoint$SocketProcessor.doRun(NioEndpoint.java:1598) at org.apache.tomcat.util.net.SocketProcessorBase.run(SocketProcessorBase.java:49) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624) at org.apache.tomcat.util.threads.TaskThread$WrappingRunnable.run(TaskThread.java:61) at java.lang.Thread.run(Thread.java:748) 2020-03-19 12:57:52.575 ERROR 5772 --- [nio-8096-exec-1] o.a.c.c.C.[.[.[/].[dispatcherServlet] : Servlet.service() for servlet [dispatcherServlet] in context with path [] threw exception [Request processing failed; nested exception is java.lang.NullPointerException] with root cause

gsasikumar commented 4 years ago

Looks like your encryption key and decryption keys are different. Can you check?

gsasikumar commented 4 years ago

There is a new test case I received. I just merged the test case. Hope that helps you.

gsasikumar commented 4 years ago

As there is no response on this issue and I am unable to reproduce the error. I am closing it. Please open a new issue in case the issue persists.