Uploaded image for project: 'WSS4J'
  1. WSS4J
  2. WSS-555

AES-GCM does not work with IBM JCE 1.7

VotersWatch issueWatchersLinkCloneUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Critical
    • Resolution: Duplicate
    • 2.0.1
    • 2.0.1
    • WSS4J Core
    • None
    • any

    Description

      When using AES 128 GCM for encryption and decryption with IBM JCE, decryption fails with following error:

      org.apache.wss4j.common.ext.WSSecurityException: null
      Original Exception was org.apache.xml.security.encryption.XMLEncryptionException: null
      Original Exception was javax.crypto.AEADBadTagException
      at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:437)
      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:487)
      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:422)
      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:211)
      at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:66)
      at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
      at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:341)
      at com.ibm.b2b.enc.EncryptionTest.testEncryptionDecryptionAESGCM(EncryptionTest.java:70)
      at com.ibm.b2b.enc.EncryptionTest.main(EncryptionTest.java:117)
      Caused by: org.apache.xml.security.encryption.XMLEncryptionException: null
      Original Exception was javax.crypto.AEADBadTagException
      at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1851)
      at org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1706)
      at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1744)
      at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:1031)
      at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:435)
      ... 8 more
      Caused by: javax.crypto.AEADBadTagException
      at com.ibm.crypto.provider.GCTR.gcm_ad(Unknown Source)
      at com.ibm.crypto.provider.AESGCMCrypt.c(Unknown Source)
      at com.ibm.crypto.provider.AESGCMCipher.engineDoFinal(Unknown Source)
      at com.ibm.crypto.provider.AESGCMCipher.engineDoFinal(Unknown Source)
      at javax.crypto.Cipher.doFinal(Unknown Source)
      at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1847)
      ... 12 more

      Attachments

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            coheigea Colm O hEigeartaigh
            namrata Namrata Jaiswal
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment