diff options
| author | Arthur de Jong <arthur@arthurdejong.org> | 2016-12-20 20:36:15 +0100 |
|---|---|---|
| committer | Arthur de Jong <arthur@arthurdejong.org> | 2016-12-20 21:12:53 +0100 |
| commit | 047a2a9f904e587128102d450d7ae30874edeb24 (patch) | |
| tree | 9f1ce90b9ac2ba215ecf5d0fea9dbe82967a7a80 /tests/encryption/mac-over-plaintext.pskcxml | |
| parent | bae70840d42c7d371c3e2499181dc57a0df4401d (diff) | |
Allow MAC over plaintext or ciphertext
RFC 6030 implies that the MAC should be performed over the ciphertext
but some earlier drafts implied that the MAC should be performed on the
plaintext. This change accpets the MAC if either the plaintext or
ciphertext match.
Note that this change allows for a padding oracle attack when CBC
encryption modes are used because decryption (and unpadding) needs to be
done before MAC checking. However, this module is not expected to be
available to users to process arbitrary PSKC files repeatedly.
This removes the tests for a missing MAC key (and replaces it for tests
of missing EncryptionMethod) because falling back to using the
encryption key (implemented in a444f78) in combination with this change
means that decryption is performed before MAC checking and is no longer
possible to trigger a missing MAC key error.
Diffstat (limited to 'tests/encryption/mac-over-plaintext.pskcxml')
| -rw-r--r-- | tests/encryption/mac-over-plaintext.pskcxml | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/tests/encryption/mac-over-plaintext.pskcxml b/tests/encryption/mac-over-plaintext.pskcxml new file mode 100644 index 0000000..5f12e91 --- /dev/null +++ b/tests/encryption/mac-over-plaintext.pskcxml @@ -0,0 +1,39 @@ +<?xml version="1.0" encoding="UTF-8"?> + +<!-- + Test that holds an aes128-cbc encrypted value. Key is + 12345678901234567890123456789012. The ValueMAC is a MAC over the plaintext + secret instead of the ciphertext. +--> + +<KeyContainer Version="1.0" + xmlns="urn:ietf:params:xml:ns:keyprov:pskc" + xmlns:ds="http://www.w3.org/2000/09/xmldsig#" + xmlns:xenc="http://www.w3.org/2001/04/xmlenc#"> + <EncryptionKey> + <ds:KeyName>Pre-shared-key</ds:KeyName> + </EncryptionKey> + <MACMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#hmac-sha224"> + <MACKey> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>SVZJVklWSVZJVklWSVZJViZS3d+rzbWqD74OQPuyiwrD+XlDXK7ef602mwOebfTR</xenc:CipherValue> + </xenc:CipherData> + </MACKey> + </MACMethod> + <KeyPackage> + <Key> + <Data> + <Secret> + <EncryptedValue> + <xenc:EncryptionMethod Algorithm="http://www.w3.org/2001/04/xmlenc#aes128-cbc"/> + <xenc:CipherData> + <xenc:CipherValue>AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv</xenc:CipherValue> + </xenc:CipherData> + </EncryptedValue> + <ValueMAC>RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg==</ValueMAC> + </Secret> + </Data> + </Key> + </KeyPackage> +</KeyContainer> |