Open CEiderEVIDENT opened 1 week ago
same
@CEiderEVIDENT make sure you are incrementing/setting the correct request counter. I forgot it and was sending another request with counter 0 which led to the mismatch error.
@CEiderEVIDENT make sure you are incrementing/setting the correct request counter. I forgot it and was sending another request with counter 0 which led to the mismatch error.
@KillerCodeMonkey Do I have to increment the requestcounter manually?
yes.
it is not necessary for the handshake requests, but if you want to get the nonce and so on in the next step you need to do it.
I just used the provided code here as a base to work on and created my own VauClient. There i can set and pass the current request count.
My Vau-CLient is more or less stateless, so i pass all necessary information (vaucid, encryption, decryption keys, keyid, request counter) between software parts, because we are forced to mix programming languages -> using c# for all those encryption stuff and nodejs/electron for our main application.
@CEiderEVIDENT If you need more help or just some idea/information exchange you can contact me per mail bengt@codaline.io
But to be honest... i am far away from a dotnet/c# expert... and i never will/wanted to be it. :P
After making some changes to ste the request-counter to a value!=0, the message is being succesfully decrypted
2024-10-09 09:57:21 07:57:21.857 VPS INFO VauServerController: Received request for VAU-CID: /1728460637227
2024-10-09 09:57:21 07:57:21.857 VPS TRACE EncryptedVauMessage: trying to decrypt:
2024-10-09 09:57:21 Complete message : 0200010000000000000001e5bb9d5fc4932a24b7ea98db99981c6c0bccc3d7cb780bb3658de0cae941f25b493f20e200000000000000016d349873aa1067c84291e13ec82be9dda5555fa0a9e929fe472878654048b3972cf3dc2bbff4e235ceef36dc26f44309bddb9a4c7723ab9407f0f5ad481b3344dfe9c5a8d1b7df388468f53a70866f2f9b2b5d7c55b67f4c72786874a878e513b72b33116e
2024-10-09 09:57:21 Message size (Bytes) : 156
2024-10-09 09:57:21 Complete header : 0200010000000000000001e5bb9d5fc4932a24b7ea98db99981c6c0bccc3d7cb780bb3658de0cae941f25b
2024-10-09 09:57:21 Key to decrypt (K2_c2s_app_data): 6e904dc0d4d91b7ebc7759cd7f7a447666e8fe20a78d6a48321902fbb6878f15
2024-10-09 09:57:21 -------------------------------
2024-10-09 09:57:21 Version (1 Byte): 02
2024-10-09 09:57:21 PU (1 Byte): 00
2024-10-09 09:57:21 Request (1 Byte): 01
2024-10-09 09:57:21 Counter (8 Byte): 0000000000000001
2024-10-09 09:57:21 KeyId (32 Byte): e5bb9d5fc4932a24b7ea98db99981c6c0bccc3d7cb780bb3658de0cae941f25b
2024-10-09 09:57:21 IV (12 Byte): 493f20e20000000000000001
2024-10-09 09:57:21 CT + GMAC : 6d349873aa1067c84291e13ec82be9dda5555fa0a9e929fe472878654048b3972cf3dc2bbff4e235ceef36dc26f44309bddb9a4c7723ab9407f0f5ad481b3344dfe9c5a8d1b7df388468f53a70866f2f9b2b5d7c55b67f4c72786874a878e513b72b33116e
2024-10-09 09:57:21
2024-10-09 09:57:21 07:57:21.858 VPS TRACE AbstractVauStateMachine: Successful decrypted ct as:
2024-10-09 09:57:21 GET /VAU-Status HTTP/1.1
And the decrypted resutl looks the same as that what has been encrypted
After making some changes to ste the request-counter to a value!=0, the message is being succesfully decrypted Only works for first request with counter=1. On Counter =2 the same error as before occurs
@CEiderEVIDENT make sure you are sending maybe another request. I am doing the handshake, after that getting the nonce with counter 1 and after that the VAU-Status with counter 2 and it is working.
@gematik1 i tried it again. And it is the case, that when the "epa-vau-proxy-server" receives a request counter >1 results in a tag mismatch.
e.g. first handshake, then get nonce with counter 1 (as bytes 00000001) and after that try to start authentication process or just get the vau-status with counter 2 (00000002) leads to a "tag mismatch error".
Just sending 1 all the time is a workaround for development.
But i guess this is then more an issue with the vau-proxy image?
i already tried latest image 1.0.11. Same problem there.
Request with counter 1
vau-proxy-server | 06:59:30.318 VPS INFO VauServerController: Received request for VAU-CID: /1728543569434
....
vau-proxy-server | Message size (Bytes) : 188
vau-proxy-server | Complete header : 020001000000000000000157fdea7f694801cec9a43711f4b73f431ec884864d5e60d66934a0364250f3bd
vau-proxy-server | Key to decrypt (K2_c2s_app_data): 2a1ae0426c9f27b422fd1273586753f5c2a773118147e4fa5fd58cad5b6dc18b
vau-proxy-server | -------------------------------
vau-proxy-server | Version (1 Byte): 02
vau-proxy-server | PU (1 Byte): 00
vau-proxy-server | Request (1 Byte): 01
vau-proxy-server | Counter (8 Byte): 0000000000000001
vau-proxy-server | KeyId (32 Byte): 57fdea7f694801cec9a43711f4b73f431ec884864d5e60d66934a0364250f3bd
vau-proxy-server | IV (12 Byte): 1e051a640000000000000001
vau-proxy-server | CT + GMAC : 41340a500abd47c072c95299919bc46b2f747b726eba8edf0ed01b4bb8918d5bd86475b1563d3d9a42b6fdda69560ec0175fa18ec628e197d9217454af889b7362ad2aa8ee2f757212e45c122b44f8b688409b75df10e140e875165c1f71faf17fcc2c1d3d7e37e39bc869e51095c82d8e6f2c85ae578b5c21823fa61c39ff299cd14a6c5b
vau-proxy-server |
vau-proxy-server | 06:59:30.321 VPS TRACE AbstractVauStateMachine: Successful
Request with counter 2
vau-proxy-server | 06:59:31.096 VPS INFO VauServerController: Received request for VAU-CID: /1728543569434
vau-proxy-server | 06:59:31.096 VPS TRACE EncryptedVauMessage: trying to decrypt:
vau-proxy-server | Complete message : 020001000000000000000257fdea7f694801cec9a43711f4b73f431ec884864d5e60d66934a0364250f3bd0cf094b90000000000000002dabbecb5195ea0383a2b0d767469b07666b1900931b7af2ff68a62a903f3af27fc185bad4aefad3c2d1b272bce3cdb3cc122f8863aa19d84362a81faa70272436830ea01531a44b89df41c1a3c5c365f2d4cc67d19e5d501fe342ac4a0b3fe5ee9e1eb6cdf53da6b4326804180cbfe80b7efdb40e8cd33d6684e98bba74ae342e733cdd928c26d2cfe305fb0d9fcaf
vau-proxy-server | Message size (Bytes) : 198
vau-proxy-server | Complete header : 020001000000000000000257fdea7f694801cec9a43711f4b73f431ec884864d5e60d66934a0364250f3bd
vau-proxy-server | Key to decrypt (K2_c2s_app_data): 2a1ae0426c9f27b422fd1273586753f5c2a773118147e4fa5fd58cad5b6dc18b
vau-proxy-server | -------------------------------
vau-proxy-server | Version (1 Byte): 02
vau-proxy-server | PU (1 Byte): 00
vau-proxy-server | Request (1 Byte): 01
vau-proxy-server | Counter (8 Byte): 0000000000000002
vau-proxy-server | KeyId (32 Byte): 57fdea7f694801cec9a43711f4b73f431ec884864d5e60d66934a0364250f3bd
vau-proxy-server | IV (12 Byte): 0cf094b90000000000000002
vau-proxy-server | CT + GMAC : dabbecb5195ea0383a2b0d767469b07666b1900931b7af2ff68a62a903f3af27fc185bad4aefad3c2d1b272bce3cdb3cc122f8863aa19d84362a81faa70272436830ea01531a44b89df41c1a3c5c365f2d4cc67d19e5d501fe342ac4a0b3fe5ee9e1eb6cdf53da6b4326804180cbfe80b7efdb40e8cd33d6684e98bba74ae342e733cdd928c26d2cfe305fb0d9fcaf
vau-proxy-server |
vau-proxy-server | 06:59:31.097 VPS ERROR VauException: Transcript Error: Exception thrown whilst trying to decrypt VAU message: Tag mismatch
vau-proxy-server | de.gematik.vau.lib.exceptions.VauDecryptionException: Exception thrown whilst trying to decrypt VAU message: Tag mismatch
vau-proxy-server | at de.gematik.vau.lib.AbstractVauStateMachine.decryptVauMessage(AbstractVauStateMachine.java:181)
vau-proxy-server | at de.gematik.vau.server.VauServerController.decryptAndForwardRequest(VauServerController.java:126)
We have found the Problem and we will provide an update. The Problem is that the library AesGcm changes the initialization vector in function initializeIV() before it's used for encryption.
@MikeKurtze i am not a crypto expert, but just for your information - if i remember it correctly an iv should not be reused especially when used with AesGCM.
So please make sure it will not introduce an attack opportunity or weakening the whole procedure.
Yes, this it's correct and the AesGCM creates an IV via random value. The Bug here is, that our impementation extends/change the IV accordingly to spezification, but in the header value of the encrypted message is placed the random value, not the used IV. Thats the reason, the decryption fails.
ah okay. thanks for clarification :)
@MikeKurtze in the latest release only the EncryptMessage method was changed, but i guess the DecryptMessage needs to be changed as well.
EDIT: Decryption seems to work when the request counter is correctly passed in AESGcm
And in /crypto/AesGcm.cs
initializeAes
the lcounter parameter to initialize the iv is set to 1 as fixed value. so it seems the changes are not doing much?
In the AbstractState-Class the request counter as byte[] is concatenated to the random byte part... and in the initializiation it is sliced back to just the random byte part and the counter part is not used?
AbstractStateClass:
byte[] a = new byte[4];
new SecureRandom().NextBytes(a);
byte[] random = a.Concat(requestCounterBytes).ToArray();
AesGcm aesGcm = new AesGcm(random, header, encryptionVauKey);
AES Class
ivValue = initializeIV(random.Take(random.Length - 8).ToArray(), 1);
i guess the random part and the request counter part should be used as parameters for the initializeIV method call?
So instead of 1 pass the real counter, because those 8 byte would match the 64 Bit part of the iv :)
Something like this should work
ivValue = initializeIV(random.Take(random.Length - 8).ToArray(), BitConverter.ToInt64(random.Skip(random.Length - 8).Reverse().ToArray(), 0));
Version 1.0.2 still has the error, fix does not work
@CEiderEVIDENT check the PR i created. Adapt the changes and it should work
@KillerCodeMonkey : Your fix in PR#1 fiexs the error succesfully. Great job
After establishing a connection to the VAU-server within latest docker-image dc-mocks we try to send a request to /VAU-Status. Building the required inner request on using this c# implementation results in an exception:
From my point of view the vau-server recieves the inner message, can detect the structural header information but anything is wron how the message was encrypted