-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Ensure IV and Partial IV are not both present #66
Conversation
I guess I could have raised it myself -- see https://www.rfc-editor.org/errata/eid6909 :-) I will add a GlueCOSE test vector for this. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
It is weird to check IVs as we never use them but we should do it since it is |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have a general question here.
In RFC 8152 3.1, it states
The IV can be placed in the unprotected header as
modifying the IV will cause the decryption to yield plaintext that
is readily detectable as garbled.
and also
The 'Initialization Vector' and 'Partial
Initialization Vector' parameters MUST NOT both be present in the
same security layer.
What does the "security layer" refer to?
To me, it refers to the "protected" layer and "unprotected" layer, which means we also need to check the unprotected header.
"security layer" is not defined in the spec, but what I understood is that every layer is a security layer, but the spec is just using a fancy adjective. And yes, we also have to check the unprotected header, as it is part of the same layer the protected header is in. |
In principle one can nest COSE messages. See https://www.rfc-editor.org/authors/rfc9052.html#appendix-B for an example. Sibling header buckets (protected and unprotected) -- i.e., found in the same COSE message -- are considered to be at the same layer. |
Thanks @thomas-fossati for pointing me to the right place. From the above appendix, a security layer means one COSE structure. In our case, that's Therefore, the IV and Partial IV cannot exists in the same header set. For example, it's not allowed if there is an |
@shizhMSFT I've implemented this check, please take another look. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
Signed-off-by: qmuntal <qmuntaldiaz@microsoft.com>
The NCC Group found this issue:
To meet this requirement, we should ensure that the IV and Partial IV are not both present in the protected header when marshaling and unmarshaling it. This PR does that.