You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@ws.apache.org by "Namrata Jaiswal (JIRA)" <ji...@apache.org> on 2015/10/05 07:53:27 UTC

[jira] [Commented] (WSS-555) AES-GCM does not work with IBM JCE 1.7

    [ https://issues.apache.org/jira/browse/WSS-555?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14942951#comment-14942951 ] 

Namrata Jaiswal commented on WSS-555:
-------------------------------------

Thanks colm for your response! The above error I was getting while using wss4j dom api to encrypt/decrypt message using AES-GCM. But I got it working by upgrading JVM 1.7 SR3 to JVM SR9, looks like JCE issue.

But when try to use stax api to encrypt/decrypt messages with AES-GCM then I get following error
javax.xml.stream.XMLStreamException: org.apache.xml.security.exceptions.XMLSecurityException: Wrong parameter type: GCM expected
Original Exception was java.security.InvalidAlgorithmParameterException: Wrong parameter type: GCM expected
at org.apache.xml.security.stax.impl.XMLSecurityStreamWriter.chainProcessEvent(XMLSecurityStreamWriter.java:64)
at org.apache.xml.security.stax.impl.XMLSecurityStreamWriter.outputOpenStartElement(XMLSecurityStreamWriter.java:83)
at org.apache.xml.security.stax.impl.XMLSecurityStreamWriter.writeEndElement(XMLSecurityStreamWriter.java:215)
at org.apache.axiom.om.impl.MTOMXMLStreamWriter.writeEndElement(MTOMXMLStreamWriter.java:157)
at org.apache.axiom.om.impl.util.OMSerializerUtil.serializeEndpart(OMSerializerUtil.java:57)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:973)
at org.apache.axiom.om.impl.llom.OMElementImpl.internalSerialize(OMElementImpl.java:965)
at org.apache.axiom.om.impl.llom.OMSerializableImpl.serialize(OMSerializableImpl.java:125)
at org.apache.axiom.om.impl.llom.OMSerializableImpl.serializeAndConsume(OMSerializableImpl.java:117)
at org.apache.axiom.om.util.CopyUtils.reader2writer(CopyUtils.java:151)
at com.ibm.b2b.enc.EncryptionTest.testEncryptionDecryptionAESGCMWithSTAX(EncryptionTest.java:138)
at com.ibm.b2b.enc.EncryptionTest.main(EncryptionTest.java:200)
Caused by: org.apache.xml.security.exceptions.XMLSecurityException: Wrong parameter type: GCM expected
Original Exception was java.security.InvalidAlgorithmParameterException: Wrong parameter type: GCM expected
at org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor$AbstractInternalEncryptionOutputProcessor.init(AbstractEncryptOutputProcessor.java:190)
at org.apache.wss4j.stax.impl.processor.output.EncryptOutputProcessor.processEvent(EncryptOutputProcessor.java:125)
at org.apache.xml.security.stax.ext.AbstractOutputProcessor.processNextEvent(AbstractOutputProcessor.java:135)
at org.apache.xml.security.stax.impl.OutputProcessorChainImpl.processEvent(OutputProcessorChainImpl.java:217)
at org.apache.xml.security.stax.impl.XMLSecurityStreamWriter.chainProcessEvent(XMLSecurityStreamWriter.java:62)
... 11 more
Caused by: java.security.InvalidAlgorithmParameterException: Wrong parameter type: GCM expected
at com.ibm.crypto.provider.AESGCMCipher.engineInit(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.a(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at javax.crypto.Cipher.init(Unknown Source)
at org.apache.xml.security.stax.impl.processor.output.AbstractEncryptOutputProcessor$AbstractInternalEncryptionOutputProcessor.init(AbstractEncryptOutputProcessor.java:160)
... 15 more

I think this is due to incorrect (IvParameterSpec) parameter used in AbstractEncryptOutputProcessor.java for GCM.
Reply

> AES-GCM does not work with IBM JCE 1.7
> --------------------------------------
>
>                 Key: WSS-555
>                 URL: https://issues.apache.org/jira/browse/WSS-555
>             Project: WSS4J
>          Issue Type: Bug
>          Components: WSS4J Core
>    Affects Versions: 2.0.1
>         Environment: any
>            Reporter: Namrata Jaiswal
>            Assignee: Colm O hEigeartaigh
>            Priority: Critical
>             Fix For: 2.0.1
>
>
> When using AES 128 GCM for encryption and decryption with IBM JCE,  decryption fails with following error:
> org.apache.wss4j.common.ext.WSSecurityException: null
> Original Exception was org.apache.xml.security.encryption.XMLEncryptionException: null
> Original Exception was javax.crypto.AEADBadTagException
> 	at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:437)
> 	at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRef(EncryptedKeyProcessor.java:487)
> 	at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.decryptDataRefs(EncryptedKeyProcessor.java:422)
> 	at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:211)
> 	at org.apache.wss4j.dom.processor.EncryptedKeyProcessor.handleToken(EncryptedKeyProcessor.java:66)
> 	at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:427)
> 	at org.apache.wss4j.dom.WSSecurityEngine.processSecurityHeader(WSSecurityEngine.java:341)
> 	at com.ibm.b2b.enc.EncryptionTest.testEncryptionDecryptionAESGCM(EncryptionTest.java:70)
> 	at com.ibm.b2b.enc.EncryptionTest.main(EncryptionTest.java:117)
> Caused by: org.apache.xml.security.encryption.XMLEncryptionException: null
> Original Exception was javax.crypto.AEADBadTagException
> 	at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1851)
> 	at org.apache.xml.security.encryption.XMLCipher.decryptElement(XMLCipher.java:1706)
> 	at org.apache.xml.security.encryption.XMLCipher.decryptElementContent(XMLCipher.java:1744)
> 	at org.apache.xml.security.encryption.XMLCipher.doFinal(XMLCipher.java:1031)
> 	at org.apache.wss4j.dom.processor.ReferenceListProcessor.decryptEncryptedData(ReferenceListProcessor.java:435)
> 	... 8 more
> Caused by: javax.crypto.AEADBadTagException
> 	at com.ibm.crypto.provider.GCTR.gcm_ad(Unknown Source)
> 	at com.ibm.crypto.provider.AESGCMCrypt.c(Unknown Source)
> 	at com.ibm.crypto.provider.AESGCMCipher.engineDoFinal(Unknown Source)
> 	at com.ibm.crypto.provider.AESGCMCipher.engineDoFinal(Unknown Source)
> 	at javax.crypto.Cipher.doFinal(Unknown Source)
> 	at org.apache.xml.security.encryption.XMLCipher.decryptToByteArray(XMLCipher.java:1847)
> 	... 12 more



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@ws.apache.org
For additional commands, e-mail: dev-help@ws.apache.org