Home » Java » java – AEADBadTagException: Input too short – need tag. How to pass a tag?-Exceptionshub

java – AEADBadTagException: Input too short – need tag. How to pass a tag?-Exceptionshub

Posted by: admin February 25, 2020 Leave a comment

Questions:

I have a method to decrypt data:

private byte[] decrypt(byte[] sessionKey, byte[] initialisationVector, byte[] associatedData, byte[] cipherText, byte[] tag) {
    Key secret = new SecretKeySpec(sessionKey, "AES");

    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    cipher.init(Cipher.DECRYPT_MODE, secret,
                new GCMParameterSpec((GCM_AUTHENTICATION_TAG_SIZE) * Byte.SIZE, initialisationVector));
    cipher.updateAAD(associatedData);

    return cipher.doFinal(concatByteArrays(cipherText, tag));
}

concatByteArrays is a simple method with Bytebuffer.allocate.put methods.
UPD: input –

    byte[] TEST_AES_KEY = new byte[]{1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16};
    int INITIALISATION_VECTOR_LENGTH = 12;
    int GCM_AUTHENTICATION_TAG_SIZE = 16;
    byte[] initialisationVector = Arrays.copyOfRange(receivedPacket, 0, INITIALISATION_VECTOR_LENGTH - 1);
    byte[] tag = Arrays.copyOfRange(receivedPacket, INITIALISATION_VECTOR_LENGTH, INITIALISATION_VECTOR_LENGTH + GCM_AUTHENTICATION_TAG_SIZE - 1);
    byte[] associatedData = Arrays.copyOfRange(receivedPacket, INITIALISATION_VECTOR_LENGTH + GCM_AUTHENTICATION_TAG_SIZE, receivedPacket.length - 1);
    byte[] cipherText = new byte[]{};


byte[] plainText = decrypt(key, initialisationVector, associatedData, cipherText, tag);

But get error:

javax.crypto.AEADBadTagException: Input too short - need tag
        at com.sun.crypto.provider.GaloisCounterMode.decryptFinal(GaloisCounterM
ode.java:524)
        at com.sun.crypto.provider.CipherCore.finalNoPadding(CipherCore.java:104
8)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:985)
        at com.sun.crypto.provider.CipherCore.doFinal(CipherCore.java:847)
        at com.sun.crypto.provider.AESCipher.engineDoFinal(AESCipher.java:446)
        at javax.crypto.Cipher.doFinal(Cipher.java:2164)

I can’t understand how I can pass tag.
I have a python code, which works:

decryptor = Cipher(algorithms.AES(key), modes.GCM(iv, tag), backend).decryptor()

decryptor.authenticate_additional_data(aad)

return decryptor.update(ciphertext) + decryptor.finalize()
How to&Answers:

Stupid mistake. I forgot that in arrays.copyof last parameter is exclusive and got wrong byte arrays from receivedPacket.

    byte[] initialisationVector = Arrays.copyOfRange(receivedPacket, 0, INITIALISATION_VECTOR_LENGTH);
    byte[] tag = Arrays.copyOfRange(receivedPacket, INITIALISATION_VECTOR_LENGTH, INITIALISATION_VECTOR_LENGTH + GCM_AUTHENTICATION_TAG_SIZE);
    byte[] associatedData = Arrays.copyOfRange(receivedPacket, INITIALISATION_VECTOR_LENGTH + GCM_AUTHENTICATION_TAG_SIZE, receivedPacket.length);