Using GCM decrypting the file content fails for files >32kB on Android API level pre 29 (version 9 and below)

[SailReal]

Please agree to the following

• I have searched existing issues for duplicates
• I agree to follow this project's Code of Conduct

Summary

In cryptomator/cryptolib#24 we fixed this problem for the file header encryption. File content is still a problem if we exceed the PAYLOAD_SIZE.

System Setup

- Android: pre 10 or API level pre 29
- Cryptomator: 1.7.x, 1.8.0-beta1

Cloud Type

No response

Steps to Reproduce

1. Create a vault using the desktop app in v 1.7.x
2. Unlock this vault using Android pre 10
3. Put a file >=32kB into the vault
4. Decrypt this file

Expected Behavior

File gets decrypted as normal.

Actual Behavior

Decryption fails with an error toast.

Reproducibility

Always

Relevant Log Output

java.lang.IllegalStateException: Buffer allocated for reported output size apparently not big enough.
	at org.cryptomator.cryptolib.v2.FileContentCryptorImpl.decryptChunk(FileContentCryptorImpl.java:146)
	at org.cryptomator.cryptolib.v2.FileContentCryptorImpl.decryptChunk(FileContentCryptorImpl.java:95)
	at org.cryptomator.cryptolib.v2.FileContentCryptorImpl.decryptChunk(FileContentCryptorImpl.java:78)
	at org.cryptomator.cryptolib.common.DecryptingReadableByteChannel.loadNextCleartextChunk(DecryptingReadableByteChannel.java:119)
	at org.cryptomator.cryptolib.common.DecryptingReadableByteChannel.readInternal(DecryptingReadableByteChannel.java:90)
	at org.cryptomator.cryptolib.common.DecryptingReadableByteChannel.read(DecryptingReadableByteChannel.java:78)
	at org.cryptomator.data.cloud.crypto.CryptoImplDecorator.read(CryptoImplDecorator.kt:322)
	at org.cryptomator.data.cloud.crypto.CryptoCloudContentRepository.read(CryptoCloudContentRepository.kt:95)
	at org.cryptomator.data.cloud.crypto.CryptoCloudContentRepository.read(CryptoCloudContentRepository.kt:21)
	at org.cryptomator.data.repository.DispatchingCloudContentRepository.read(DispatchingCloudContentRepository.kt:160)
	at org.cryptomator.domain.usecases.cloud.DownloadFiles.execute(DownloadFiles.java:32)
	at org.cryptomator.domain.usecases.cloud.DownloadFilesUseCase$Launcher$2.subscribe(DownloadFilesUseCase.java:99)
	at io.reactivex.internal.operators.flowable.FlowableFromPublisher.subscribeActual(FlowableFromPublisher.java:29)
	at io.reactivex.Flowable.subscribe(Flowable.java:14935)
	at io.reactivex.Flowable.subscribe(Flowable.java:14882)
	at io.reactivex.internal.operators.flowable.FlowableSubscribeOn$SubscribeOnSubscriber.run(FlowableSubscribeOn.java:82)
	at io.reactivex.internal.schedulers.ExecutorScheduler$ExecutorWorker$BooleanRunnable.run(ExecutorScheduler.java:288)
	at io.reactivex.internal.schedulers.ExecutorScheduler$ExecutorWorker.run(ExecutorScheduler.java:253)
	at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1167)
	at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:641)
	at java.lang.Thread.run(Thread.java:764)
Caused by: javax.crypto.ShortBufferException: Need at least 32784 bytes of space in output buffer
	at javax.crypto.CipherSpi.bufferCrypt(CipherSpi.java:759)
	at javax.crypto.CipherSpi.engineDoFinal(CipherSpi.java:730)
	at javax.crypto.Cipher.doFinal(Cipher.java:2350)
	at org.cryptomator.cryptolib.v2.FileContentCryptorImpl.decryptChunk(FileContentCryptorImpl.java:142)
	... 20 more

ErrorCode: 5DH8:1KBG

Anything else?

Google made it clear in the bug report that they will not fix it, see https://issuetracker.google.com/issues/197534888.

Workaround

• Create the vault using the Android app as with all current released Android version, we still create vaults using the SIV_CTRMAC cipher combo.
• Update Android to >= 10 (note that Android 9 is EOL and got its last security update in January 2022, see https://endoflife.date/android)

[SailReal]

Fixed in dfa3021