bc-csharp icon indicating copy to clipboard operation
bc-csharp copied to clipboard
verified publisher icon bcgit

Error getting Content from CmsEnvelopedData with AES128-GCM

Open Nintai opened this issue 3 years ago • 3 comments

I got a problem with decrypting CmsEnvelopedData that was encrypted with the bouncy castle library in JAVA.

The error occurs when calling var decryptedData = recipient.GetContent(privKey); where recipient is of type KeyTransRecipientInformation.

From what I could find out, the C# library is getting the IV Length from this line in ParameterUtilities.cs in the method GetCipherParameters: int basicIVKeySize = FindBasicIVSize(canonical);

In the case of canonical being "AES128" it will return 16.

As long as basicIVKeySize is not -1 it will try to convert the parameter to an octetstring assuming that you only get the IV and not the IV Size:

if (basicIVKeySize != -1 || canonical == "RIJNDAEL" || canonical == "SKIPJACK" || canonical == "TWOFISH")
{
    iv = ((Asn1OctetString) asn1Params).GetOctets();
}

The Parameter inside of the CmsEnvelopedData, which was generated with the java library, seems to be: {[#1234567890abcdef12345678, 16]} which obviously causes an exception when trying to convert it to Asn1OctetString, because its a DerSequence instead.

So in my opinion there are 2 things that could be the case: Either the java library shouldnt add the IV length when it can be derived from the algorithm or the c# library should check if it gets a DerSequence and convert it to IV & IV length if thats the case

Should also note that decrypting in java itself works just fine, but thats not what we want to use for decrypting.

We used: Portable.BouncyCastle 1.9.0

Nintai avatar Apr 04 '22 07:04 Nintai

Hi!

We are having exactly the same problem here. There is a clear difference with Java version and we are not sure about how to proceed here. Is there anyone who has fixed this issue without modifying the code?

In the meanwhile, we are using this "fix" but we are not sure if this can have collateral effects in other parts of the library, so it would be nice if this could be discussed further and find a final solution for this bug.

// /crypto/src/security/ParameterUtilities.cs

if (basicIVKeySize != -1 || canonical == "RIJNDAEL" || canonical == "SKIPJACK" || canonical == "TWOFISH")
{
    var sequence = asn1Params as DerSequence;
    iv = sequence != null ? ((DerOctetString) sequence[0]).GetOctets() : ((Asn1OctetString) asn1Params).GetOctets();
}

EDIT: I added a PR with this fix. Maybe this could be fixed that way? #402

PPeMg avatar Nov 29 '22 13:11 PPeMg

This should now be fixed and will be in the 2.1.0 release, expected shortly.

peterdettman avatar Feb 16 '23 07:02 peterdettman

Hello! After the update it seems that the encryption now throws the same error as did the decryption. Is there a correlation?? #475

jumajeric avatar Jul 18 '23 14:07 jumajeric