Fix #485: Crypto 3.2: Prevent replay attacks #486

romanstrobl · 2023-05-31T15:28:07Z

No description provided.

…, parameterize presence of timestamp instead

banterCZ

Looks good, just minor comments to consider.

...ain/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/model/EciesCryptogram.java

...rauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/ByteUtils.java

...auth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java

hvge

I found some minor issues and one flaw in my specification that has to be addressed.

...rauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/ByteUtils.java

...ain/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/model/EciesCryptogram.java

...auth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java

petrdvorak

While the intentions of the change are well reasoned and prevent the issue on a system level, I would not write the code 1:1 according to the specification because the resulting protocol seems to diverge from formal ECIES description too much. Instead, I would adjust the code so that:

core ECIES is unchanged
additional values (additional data, timestamp, ...) are mapped to SharedInfo1 and SharedInfo2
EciesCryptogram object is split to "body" (encrypted payload, ephemeral public key, mac) and "headers" (timestamp, nonce, context values such as additional data, etc.)

...rauth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/ByteUtils.java

...auth-java-crypto/src/main/java/io/getlime/security/powerauth/crypto/lib/util/EciesUtils.java

...o/src/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/EciesEncryptor.java

…ation with ECIES specification

…e usage, update tests, migrate to protocol V3.2 parameters

… vectors from mobile SDK are available

hvge

Looks OK

romanstrobl · 2023-07-20T04:30:25Z

The updated ECIES implementation is ready for review.

banterCZ

Looks good.

...c/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/model/EciesPayload.java

…s' into issues/485-prevent-replay-attacks

hvge

Look OK (change about moving deriveAssociatedData() to this library)

romanstrobl · 2023-07-29T22:11:33Z

Alright, I will merge this pull request and I will publish the updated powerauth-crypto library after merge

Already implemented

Fix #485: Crypto 3.2: Prevent replay attacks

ddb6357

romanstrobl added enhancement crypto labels May 31, 2023

romanstrobl requested review from banterCZ and hvge May 31, 2023 15:28

romanstrobl self-assigned this May 31, 2023

romanstrobl added 4 commits May 31, 2023 19:19

Use timestamp for deciding protocol version instead of associated data

393ac63

Do not rely on associated data for crypto protocol version resolution…

9f5d774

…, parameterize presence of timestamp instead

Clean up test outputs

d247bf6

Add final modifier

5cd1b70

banterCZ approved these changes Jun 1, 2023

View reviewed changes

hvge requested changes Jun 1, 2023

View reviewed changes

romanstrobl requested review from hvge and banterCZ June 2, 2023 12:49

Fix issues found in pull request review

c146b4f

petrdvorak previously requested changes Jun 2, 2023

View reviewed changes

romanstrobl added 5 commits June 2, 2023 18:30

Fix import

a98b17c

Fix issues found in the ByteUtils class

b1c4d8f

Fix typo

5dc8705

Fix typo

3fd2469

Split EciesCryptogram into multiple classes, align SharedInfo2 calcul…

813a3d6

…ation with ECIES specification

romanstrobl requested a review from petrdvorak June 25, 2023 15:23

romanstrobl added 8 commits June 25, 2023 17:34

Update JavaDoc

6667331

Merge branch 'develop' into issues/485-prevent-replay-attacks

82f584c

Simlify EciesEncryptor and EciesDecryptor classes, allow only one-tim…

28d23c7

…e usage, update tests, migrate to protocol V3.2 parameters

Add a test vector for protocol V3.2, generated by server, before test…

3fa8f4b

… vectors from mobile SDK are available

Additional test assertions

04e2f40

Use envelope key from client in test

4b75b27

Hide details of sharedInfo2 calculation

ca6d5a3

Code cleanup

d137d2a

romanstrobl added 4 commits June 27, 2023 14:40

Update JavaDoc

edef031

Readd envelope key initialization

4c3e612

Remove duplicate public key parameter

2cbb55d

Fix incorrect ephemeral public key handling in regard to SharedInfo2

14b8da1

hvge approved these changes Jun 28, 2023

View reviewed changes

romanstrobl added 3 commits July 11, 2023 16:49

Add envelope key initialization

16cdb59

Do not check public key presence, fix derivation of envelope key

5726875

Simplify code

533cda7

romanstrobl requested a review from hvge July 20, 2023 04:30

banterCZ approved these changes Jul 20, 2023

View reviewed changes

...c/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/model/EciesPayload.java Show resolved Hide resolved

...c/main/java/io/getlime/security/powerauth/crypto/lib/encryptor/ecies/model/EciesPayload.java Outdated Show resolved Hide resolved

Fix copyright

7269a35

romanstrobl mentioned this pull request Jul 20, 2023

Crypto 3.2: ECIES updates wultra/powerauth-server#908

Closed

hvge and others added 4 commits July 26, 2023 18:19

Added test vectors generated by mobile SDK

d73fd27

Move the deriveAssociatedData method to powerauth-crypto

5e223fc

Merge remote-tracking branch 'origin/issues/485-prevent-replay-attack…

3c75ddc

…s' into issues/485-prevent-replay-attacks

Use EciesUtils.deriveAssociatedData() in tests

303d3ee

hvge approved these changes Jul 28, 2023

View reviewed changes

romanstrobl merged commit 0eba4f8 into develop Jul 29, 2023
4 checks passed

romanstrobl deleted the issues/485-prevent-replay-attacks branch July 29, 2023 22:12

romanstrobl mentioned this pull request Aug 23, 2023

Simplified End-2-End Encryption #497

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix #485: Crypto 3.2: Prevent replay attacks #486

Fix #485: Crypto 3.2: Prevent replay attacks #486

romanstrobl commented May 31, 2023

banterCZ left a comment

hvge left a comment •

edited

Loading

petrdvorak left a comment

hvge left a comment

romanstrobl commented Jul 20, 2023

banterCZ left a comment

hvge left a comment

romanstrobl commented Jul 29, 2023

Fix #485: Crypto 3.2: Prevent replay attacks #486

Fix #485: Crypto 3.2: Prevent replay attacks #486

Conversation

romanstrobl commented May 31, 2023

banterCZ left a comment

Choose a reason for hiding this comment

hvge left a comment • edited Loading

Choose a reason for hiding this comment

petrdvorak left a comment

Choose a reason for hiding this comment

hvge left a comment

Choose a reason for hiding this comment

romanstrobl commented Jul 20, 2023

banterCZ left a comment

Choose a reason for hiding this comment

hvge left a comment

Choose a reason for hiding this comment

romanstrobl commented Jul 29, 2023

hvge left a comment •

edited

Loading