Android crash on retrieving the actual IV
I have this weird crash on Android 21 Lollipop. All the required algorithms are present, but it fails on retrieving the actual IV. Is this a known issue?
com.nimbusds.jose.JOSEException: no constructor found!
at com.nimbusds.jose.crypto.impl.AESGCM.actualParamsOf(AESGCM.java:242)
at com.nimbusds.jose.crypto.impl.AESGCM.actualIVOf(AESGCM.java:175)
at com.nimbusds.jose.crypto.impl.AESGCM.encrypt(AESGCM.java:151)
at com.nimbusds.jose.crypto.impl.ContentCryptoProvider.encrypt(ContentCryptoProvider.java:192)
at com.nimbusds.jose.crypto.RSAEncrypter.encrypt(RSAEncrypter.java:198)
at com.nimbusds.jose.JWEObject.encrypt(JWEObject.java:370)
at com.nedap.healthcare.audits.utils.JWEEncryptor.encrypt(JWEEncryptor.kt:30)
at com.nedap.healthcare.audits.utils.JWEEncryptorTest.encodeTest(JWEEncryptorTest.kt:53)
at java.lang.reflect.Method.invoke(Native Method)
at java.lang.reflect.Method.invoke(Method.java:372)
at org.junit.runners.model.FrameworkMethod$1.runReflectiveCall(FrameworkMethod.java:50)
at org.junit.internal.runners.model.ReflectiveCallable.run(ReflectiveCallable.java:12)
at org.junit.runners.model.FrameworkMethod.invokeExplosively(FrameworkMethod.java:47)
at org.junit.internal.runners.statements.InvokeMethod.evaluate(InvokeMethod.java:17)
at org.junit.runners.ParentRunner.runLeaf(ParentRunner.java:325)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:78)
at org.junit.runners.BlockJUnit4ClassRunner.runChild(BlockJUnit4ClassRunner.java:57)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runners.Suite.runChild(Suite.java:128)
at org.junit.runners.Suite.runChild(Suite.java:27)
at org.junit.runners.ParentRunner$3.run(ParentRunner.java:290)
at org.junit.runners.ParentRunner$1.schedule(ParentRunner.java:71)
at org.junit.runners.ParentRunner.runChildren(ParentRunner.java:288)
at org.junit.runners.ParentRunner.access$000(ParentRunner.java:58)
at org.junit.runners.ParentRunner$2.evaluate(ParentRunner.java:268)
at org.junit.runners.ParentRunner.run(ParentRunner.java:363)
at org.junit.runner.JUnitCore.run(JUnitCore.java:137)
at org.junit.runner.JUnitCore.run(JUnitCore.java:115)
at androidx.test.internal.runner.TestExecutor.execute(TestExecutor.java:56)
at androidx.test.runner.AndroidJUnitRunner.onStart(AndroidJUnitRunner.java:392)
at android.app.Instrumentation$InstrumentationThread.run(Instrumentation.java:1837)
Caused by: java.security.spec.InvalidParameterSpecException: no constructor found!
at com.android.org.bouncycastle.jcajce.provider.symmetric.AES$AlgParamsGCM.localEngineGetParameterSpec(AES.java:462)
at com.android.org.bouncycastle.jcajce.provider.symmetric.util.BaseAlgorithmParameters.engineGetParameterSpec(BaseAlgorithmParameters.java:24)
at java.security.AlgorithmParameters.getParameterSpec(AlgorithmParameters.java:257)
at com.nimbusds.jose.crypto.impl.AESGCM.actualParamsOf(AESGCM.java:240)
I use this code for encryption:
val jweHeader = JWEHeader(JWEAlgorithm.RSA_OAEP, EncryptionMethod.A128GCM)
val jweObject = JWEObject(jweHeader, Payload(message))
jweObject.encrypt(RSAEncrypter(pubKey))
Comments (7)
-
-
reporter It’s on the latest 8.3
Yes, I have tried it on Android 10 and it works flawlessly. This is very strange as all required algorithms are present on older Android v21
-
It looks like an issue with a BC implementation of the JCA API. Because it’s shadowed it’s not immediately obvious which version the BC is.
You could try plugging in a more recent version of BC by yourself:
https://connect2id.com/products/nimbus-jose-jwt/jca-algorithm-support#bc
But you’ll need the Spongy Castle derivative of BC:
https://rtyley.github.io/spongycastle/
If you try this let us know how it works.
-
It looks like Spongy Castle has not been updated in a while, so check this instead:
-
reporter I have tried by adding the bouncy castle directly and it works.
To install the provider:
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME) Security.addProvider(BouncyCastleProvider())
Dependency:
implementation 'org.bouncycastle:bcpkix-jdk15on:1.65'
Thanks for the help
-
reporter - changed status to resolved
-
Thanks for the feedback, we added your recipe to the suggestions: https://connect2id.com/products/nimbus-jose-jwt/jca-algorithm-support#bc-android
- Log in to comment
It looks like the underlying BouncyCastle crypto provider is not compatible or has something missing.
Which version of the Nimbus lib is that?
Did you try with a more recent Android release?