search

spreedly / gala

Ruby library for decrypting Apple Pay payment tokens
MIT License
41 stars 24 forks source link

ArgumentError: ciphertext failed authentication step #12

Open tibbon opened 6 years ago

tibbon commented 6 years ago

In Ruby 2.3.7 I'm hitting some significant problems.

First, simply running bundle install from this repo doesn't seem to install aead, since when I run the tests or pull open a pry/irb console and try to require 'aead' it says file not found. I had to check out that repo manually, do a gem build and install it from there globally.

Once that's done, I'm getting a ArgumentError: ciphertext failed authentication step error, which is also happening in my application when the decrypt operation is attempted. See below:

~/c/gala ❯❯❯ rake test                                                                                                                                                                                                                                               master ✱ ◼
~/Code/gala/lib/gala/payment_token.rb:59: warning: assigned but unused variable - certificate
Loaded suite ~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/rake-12.3.1/lib/rake/rake_test_loader
Started
E
================================================================================================================================================================================================================================================================================
Error: test_decrypt(Gala::PaymentTokenTest): ArgumentError: ciphertext failed authentication step
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher/aes_gcm.rb:49:in `rescue in _decrypt'
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher/aes_gcm.rb:38:in `_decrypt'
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher.rb:133:in `decrypt'
~/Code/gala/lib/gala/payment_token.rb:118:in `decrypt'
~/Code/gala/lib/gala/payment_token.rb:40:in `decrypt'
~/Code/gala/test/payment_token_test.rb:43:in `test_decrypt'
     40:   end
     41:
     42:   def test_decrypt
  => 43:     payment_data = JSON.parse(@payment_token.decrypt(@certificate, @private_key))
     44:     assert_equal "4109370251004320", payment_data["applicationPrimaryAccountNumber"]
     45:     assert_equal "200731", payment_data["applicationExpirationDate"]
     46:     assert_equal "840", payment_data["currencyCode"]
================================================================================================================================================================================================================================================================================
.....

Finished in 0.019383 seconds.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
6 tests, 11 assertions, 0 failures, 1 errors, 0 pendings, 0 omissions, 0 notifications
83.3333% passed
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
309.55 tests/s, 567.51 assertions/s
rake aborted!
Command failed with status (1)

Tasks: TOP => test
(See full trace by running task with --trace)
~/c/gala ❯❯❯

My Ruby and System OpenSSL install are using the same version: 

 ruby -ropenssl -e 'puts OpenSSL::OPENSSL_VERSION'                                                                                                                                                                                                       
OpenSSL 1.0.2o  27 Mar 2018
openssl version                                                                                                                                                                                                                                         
OpenSSL 1.0.2o  27 Mar 2018

I've tried commenting out the rescue from ~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher/aes_gcm.rb:49 and then get a slightly different error of OpenSSL::Cipher::CipherError: CTRL_NOT_IMPLEMENTED:

~/Code/gala/lib/gala/payment_token.rb:59: warning: assigned but unused variable - certificate
Loaded suite ~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/rake-12.3.1/lib/rake/rake_test_loader
Started
E
================================================================================================================================================================================================================================================================================
Error: test_decrypt(Gala::PaymentTokenTest): OpenSSL::Cipher::CipherError: CTRL_NOT_IMPLEMENTED
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher/aes_gcm.rb:40:in `gcm_iv_len='
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher/aes_gcm.rb:40:in `block in _decrypt'
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher.rb:175:in `cipher'
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher/aes_gcm.rb:39:in `_decrypt'
~/.rbenv/versions/2.3.7/lib/ruby/gems/2.3.0/gems/aead-1.8.2/lib/aead/cipher.rb:133:in `decrypt'
~/Code/gala/lib/gala/payment_token.rb:118:in `decrypt'
~/Code/gala/lib/gala/payment_token.rb:40:in `decrypt'
~/Code/gala/test/payment_token_test.rb:43:in `test_decrypt'
     40:   end
     41:
     42:   def test_decrypt
  => 43:     payment_data = JSON.parse(@payment_token.decrypt(@certificate, @private_key))
     44:     assert_equal "4109370251004320", payment_data["applicationPrimaryAccountNumber"]
     45:     assert_equal "200731", payment_data["applicationExpirationDate"]
     46:     assert_equal "840", payment_data["currencyCode"]
================================================================================================================================================================================================================================================================================
.....

Finished in 0.019248 seconds.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
6 tests, 11 assertions, 0 failures, 1 errors, 0 pendings, 0 omissions, 0 notifications
83.3333% passed
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
311.72 tests/s, 571.49 assertions/s
rake aborted!
Command failed with status (1)

Tasks: TOP => test
(See full trace by running task with --trace)

Any ideas?

tibbon commented 6 years ago

Everything works fine under Ruby 2.3.1.

tibbon commented 6 years ago

These are about the only things I've been able to find about CTRL_NOT_IMPLEMENTED

https://github.com/sfackler/rust-openssl/issues/556 https://github.com/grpc/grpc/blob/master/src/boringssl/err_data.c#L864

rwdaigle commented 6 years ago

@tibbon I've made some changes around Ruby support. If you're pegged to Ruby 2.3, can you retry with gala v0.3.2?

If you're not pegged to Ruby v2.3, can you upgrade to gala v0.4 which support Ruby 2.4 and above?

Thank you!