GCM encryption and decryption in xws-security (webservices-rt)

Question

I've successfully implemented support for GCM encryption in xws-security (EncryptionProcessor.java) using JDK8 as tested against other systems. However I have a problem with decryption. The first problem was as follows java.security.InvalidAlgorithmParameterException: Unsupported parameter: javax.crypto.spec.IvParameterSpec. I solved the problem by changing the initialisation vector (iv) from IvParameterSpec() to GCMParameterSpec() as follows (code snippet from DecryptionProcessor.java)

          try {
        String dataAlgorithm =  JCEMapper.translateURItoJCEID(tmp);
        decryptor = Cipher.getInstance(dataAlgorithm);

        //decryptor = Cipher.getInstance("DESede/CBC/ISO10126Padding");

        int ivLen = decryptor.getBlockSize();
        byte[] ivBytes = new byte[ivLen];

        System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
        if (dataAlgorithm.matches(".*[gG][cC][mM].*$")) { // TK 03/09/2015 - probably needs more places for decrypting body stuff
          GCMParameterSpec iv = new GCMParameterSpec(ivLen * Byte.SIZE, ivBytes);
          decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
        }
        else {
          IvParameterSpec iv = new IvParameterSpec(ivBytes);
          decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv); <===== old line 761
        }

        cipherOutput = decryptor.doFinal(cipherInput, ivLen, cipherInput.length-ivLen);
      } catch (Exception e) {
        log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", e);
        throw new XWSSecurityException(e);
      }

I now end up with the following error on calling doFinal()

    javax.crypto.AEADBadTagException: Tag mismatch!
    at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterMode.java:524)
    at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:1023)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:960)
    at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:824)
    at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:436)
    at javax.crypto.Cipher.doFinal(Cipher.java:2223)
    at com.sun.xml.wss.impl.apachecrypto.DecryptionProcessor.decryptAttachment(DecryptionProcessor.java:775)

Any advice/recommendations on this would be much appreciated

Answer 1

Fixed for decrypting SWA attachments - thanks to dave_thompson_085 for the hint. Code adjusted as follows

        try {
        String dataAlgorithm =  JCEMapper.translateURItoJCEID(tmp);
        decryptor = Cipher.getInstance(dataAlgorithm);

        //decryptor = Cipher.getInstance("DESede/CBC/ISO10126Padding");

        int ivLen = decryptor.getBlockSize();
        byte[] ivBytes = null; // = new byte[ivLen];

        if (dataAlgorithm.matches(".*[gG][cC][mM].*$")) { // TK 03/09/2015 - probably needs more places for decrypting body stuff
          ivLen = 12; // 12 for GCM - also see wss4j-2.1.2/ws-security-common/src/main/java/org/apache/wss4j/common/util/AttachmentUtils.java
          ivBytes = new byte[ivLen];
          System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
          GCMParameterSpec iv = new GCMParameterSpec(16 * Byte.SIZE, ivBytes);
          decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
        }
        else {
          ivBytes = new byte[ivLen];
          System.arraycopy(cipherInput, 0, ivBytes, 0, ivLen);
          IvParameterSpec iv = new IvParameterSpec(ivBytes);
          decryptor.init(Cipher.DECRYPT_MODE, symmetricKey, iv);
        }

        cipherOutput = decryptor.doFinal(cipherInput, ivLen, cipherInput.length-ivLen);
    } catch (Exception e) {
        log.log(Level.SEVERE, "WSS1232.failedto.decrypt.attachment", e);
        throw new XWSSecurityException(e);
    }

Now have a similar problem with GCM XML element decryption. Will follow up on that later.