https://github.com/sdrapkin/securitydriven.aesgcmstrict
Wraps AesGcm and enforces Tag to be exactly 16 bytes. AesGcm allows truncated tags to decrypt.
https://github.com/sdrapkin/securitydriven.aesgcmstrict
aes-gcm aesgcm
Last synced: 6 months ago
JSON representation
Wraps AesGcm and enforces Tag to be exactly 16 bytes. AesGcm allows truncated tags to decrypt.
- Host: GitHub
- URL: https://github.com/sdrapkin/securitydriven.aesgcmstrict
- Owner: sdrapkin
- License: mit
- Created: 2022-06-30T16:37:12.000Z (over 3 years ago)
- Default Branch: master
- Last Pushed: 2022-06-30T18:52:06.000Z (over 3 years ago)
- Last Synced: 2025-03-27T03:35:17.993Z (6 months ago)
- Topics: aes-gcm, aesgcm
- Language: C#
- Homepage:
- Size: 12.7 KB
- Stars: 4
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE.md
- Security: SecurityDriven.AesGcmStrict.csproj
Awesome Lists containing this project
README
# **AesGcmStrict (.NET)** [](https://www.nuget.org/packages/AesGcmStrict/)
### by [Stan Drapkin](https://github.com/sdrapkin/)
## `AesGcmStrict` class:
* Wraps [AesGcm](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm) and enforces [AesGcm](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm) Tag to be exactly `16` bytes. Use `AesGcmStrict` instead of [AesGcm](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm).
* [AesGcm](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm) allows truncated Tags: any [AesGcm](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm)-provided Tag truncated to ex. 12 bytes will successfully decrypt.
## Example of the problem:
```csharp
Span plaintext = Encoding.UTF8.GetBytes("Hello World!");
Span key = new byte[32];
Span nonce = new byte[12];
Span ciphertext = new byte[plaintext.Length];
Span tag = new byte[16]; // generating a 16-byte Tag!
using var gcm = new AesGcm(key);
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
gcm.Encrypt(nonce, plaintext, ciphertext, tag);
plaintext.Clear();
tag = tag.Slice(0, 12); // truncating the Tag to ex. 12 bytes
gcm.Decrypt(nonce, ciphertext, tag, plaintext); // decrypts successfully (PROBLEM)
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
```
Most users of [AesGcm](https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.aesgcm) might expect ~128 bits of Tag-security, but effectively get only ~96 bits at best.
## How to fix with `AesGcmStrict`:
1. Add the namespace: `using SecurityDriven;`
2. Replace `AesGcm` with `AesGcmStrict`
## Same example with `AesGcmStrict`:
```csharp
// using SecurityDriven;
Span plaintext = Encoding.UTF8.GetBytes("Hello World!");
Span key = new byte[32];
Span nonce = new byte[12];
Span ciphertext = new byte[plaintext.Length];
Span tag = new byte[16]; // generating a 16-byte Tag!
using var gcm = new AesGcmStrict(key); // switching to AesGcmStrict
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
gcm.Encrypt(nonce, plaintext, ciphertext, tag);
plaintext.Clear();
tag = tag.Slice(0, 12); // truncating the Tag to ex. 12 bytes
gcm.Decrypt(nonce, ciphertext, tag, plaintext); // throws ArgumentException (tag must be 16 bytes)
Console.WriteLine(Encoding.UTF8.GetString(plaintext));
```