5.4.2: fix auth tag size calculation (#222)

--------- Co-authored-by: Michael Dietrich <[email protected]>
a-sit-plus · Feb 19, 2025 · 264f02d · 264f02d
1 parent e818e5d
commit 264f02d
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Changelog
 
+Release 5.4.2:
+- Fix auth tag size calculation
+
 Release 5.4.1:
  - Fix encoding `dcql_query` in authentication request, it is now a string
  - Provide default values for RQES data classes

diff --git a/gradle.properties b/gradle.properties
@@ -12,7 +12,7 @@ kotlin.mpp.enableCInteropCommonization=true
 kotlin.mpp.stability.nowarn=true
 kotlin.native.ignoreDisabledTargets=true
 
-artifactVersion = 5.4.1
+artifactVersion = 5.4.2
 jdk.version=17
 
 
diff --git a/vck/src/androidMain/kotlin/at/asitplus/wallet/lib/agent/CryptoService.android.kt b/vck/src/androidMain/kotlin/at/asitplus/wallet/lib/agent/CryptoService.android.kt
@@ -33,8 +33,9 @@ actual open class PlatformCryptoShim actual constructor(actual val keyMaterial:
             }
         }.doFinal(input)
         if (algorithm.isAuthenticatedEncryption) {
-            val ciphertext = jcaCiphertext.dropLast(algorithm.ivLengthBits / 8).toByteArray()
-            val authtag = jcaCiphertext.takeLast(algorithm.ivLengthBits / 8).toByteArray()
+            //FOR AES AEAD it is always block size
+            val ciphertext = jcaCiphertext.dropLast(128/ 8).toByteArray()
+            val authtag = jcaCiphertext.takeLast(128 / 8).toByteArray()
             AuthenticatedCiphertext(ciphertext, authtag)
         } else {
             AuthenticatedCiphertext(jcaCiphertext, byteArrayOf())

diff --git a/vck/src/jvmMain/kotlin/at/asitplus/wallet/lib/agent/DefaultCryptoService.kt b/vck/src/jvmMain/kotlin/at/asitplus/wallet/lib/agent/DefaultCryptoService.kt
@@ -41,8 +41,9 @@ actual open class PlatformCryptoShim actual constructor(actual val keyMaterial:
             }
         }.doFinal(input)
         if (algorithm.isAuthenticatedEncryption) {
-            val ciphertext = jcaCiphertext.dropLast(algorithm.ivLengthBits / 8).toByteArray()
-            val authtag = jcaCiphertext.takeLast(algorithm.ivLengthBits / 8).toByteArray()
+            //FOR AES AEAD it is always block size
+            val ciphertext = jcaCiphertext.dropLast(128/ 8).toByteArray()
+            val authtag = jcaCiphertext.takeLast(128 / 8).toByteArray()
             AuthenticatedCiphertext(ciphertext, authtag)
         } else {
             AuthenticatedCiphertext(jcaCiphertext, byteArrayOf())