TechQA.

aes-gcm throws no error when message, tag, or key is changed

877 views Asked by At

I am using AES/GCM/NoPadding encryption in java and (I am fairly new to it). If I understand it right GCM should recognize if encrypted message was manipulated, if so it should not decrypt it. As stated in this anwser:

The authentication TAG is an input to the decryption, if someone tampered with your associated data or with your encrypted data, GCM decryption will notice this and will not output any data (or return an error and you should discard the received data without processing it)

However, in my code, if I modify encrypted message (the message part or the tag part), I do not get any errors and the message will be decrypted (It will be different of course). I do not get any errors even when I provide different key, though message will be decrypted incorrectly...

What am I doing wrong? See the code below:

The util class:

public class CryptoUtils {

public static byte[] encrypt(byte[] key, byte[] iv, byte[] input) throws GeneralSecurityException {
    try {
        SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");

        IvParameterSpec ivspec = new IvParameterSpec(iv);

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivspec);

        int outputLength = cipher.getOutputSize(input.length);
        byte[] output = new byte[outputLength];
        int outputOffset = cipher.update(input, 0, input.length, output, 0);
        cipher.doFinal(output, outputOffset);

        return output;
    } catch (NoSuchAlgorithmException e) {
        Timber.wtf(e);
    }
    return null;
}

public static byte[] decrypt(byte[] key, byte[] iv, byte[] encrypted) throws GeneralSecurityException {
    try {
        SecretKeySpec skeySpec = new SecretKeySpec(key, "AES");
        IvParameterSpec ivspec = new IvParameterSpec(iv);

        Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
        cipher.init(Cipher.ENCRYPT_MODE, skeySpec, ivspec);

        return cipher.doFinal(encrypted);
    } catch (NoSuchAlgorithmException e) {
        Timber.wtf(e);
    }
    return null;
}
}

The code that throws no errors:

    byte[] key = getKey();
    byte[] iv = generateIv();
    byte[] message = "hello".getBytes();

    byte[] encrypted = CryptoUtils.encrypt(key, iv, message);

    //Split decrypted message into parts. 
    byte[] encryptedMessage = new byte[message.length];
    System.arraycopy(encrypted, 0, encryptedMessage, 0, message.length);
    byte[] tag = new byte[encrypted.length - message.length];
    System.arraycopy(encrypted, message.length, tag, 0, tag.length);

    //I am modifying the message here.
    encryptedMessage[0] = 0;
    // I am also modifying the key.
    key[2] = 0;

    //Put message and tag together.
    byte[] toDecrypt = new byte[encrypted.length];
    System.arraycopy(encryptedMessage, 0, toDecrypt, 0, encryptedMessage.length);
    System.arraycopy(tag, 0, toDecrypt, encryptedMessage.length, tag.length);

    //Still not getting any errors here.
    byte[] decrypted = CryptoUtils.decrypt(key, iv, encryptedMessage);

    byte[] decryptedMessage = new byte[message.length];
    System.arraycopy(decrypted, 0, decryptedMessage, 0, message.length);

    //Decrypted message is different than original.
    Timber.d("Decrypted message: %s", new String(decryptedMessage));
java security encryption cryptography aes-gcm
Original Q&A
0

There are 0 answers

Related Questions in JAVA

Related Questions in SECURITY

Related Questions in ENCRYPTION

Related Questions in CRYPTOGRAPHY

Related Questions in AES-GCM

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions