From 047a2a9f904e587128102d450d7ae30874edeb24 Mon Sep 17 00:00:00 2001 From: Arthur de Jong Date: Tue, 20 Dec 2016 20:36:15 +0100 Subject: Allow MAC over plaintext or ciphertext RFC 6030 implies that the MAC should be performed over the ciphertext but some earlier drafts implied that the MAC should be performed on the plaintext. This change accpets the MAC if either the plaintext or ciphertext match. Note that this change allows for a padding oracle attack when CBC encryption modes are used because decryption (and unpadding) needs to be done before MAC checking. However, this module is not expected to be available to users to process arbitrary PSKC files repeatedly. This removes the tests for a missing MAC key (and replaces it for tests of missing EncryptionMethod) because falling back to using the encryption key (implemented in a444f78) in combination with this change means that decryption is performed before MAC checking and is no longer possible to trigger a missing MAC key error. --- tests/encryption/mac-over-plaintext.pskcxml | 39 +++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 tests/encryption/mac-over-plaintext.pskcxml (limited to 'tests/encryption/mac-over-plaintext.pskcxml') diff --git a/tests/encryption/mac-over-plaintext.pskcxml b/tests/encryption/mac-over-plaintext.pskcxml new file mode 100644 index 0000000..5f12e91 --- /dev/null +++ b/tests/encryption/mac-over-plaintext.pskcxml @@ -0,0 +1,39 @@ + + + + + + + Pre-shared-key + + + + + + SVZJVklWSVZJVklWSVZJViZS3d+rzbWqD74OQPuyiwrD+XlDXK7ef602mwOebfTR + + + + + + + + + + + AAECAwQFBgcICQoLDA0OD+cIHItlB3Wra1DUpxVvOx2lef1VmNPCMl8jwZqIUqGv + + + RDATcSJh3n8TAvMDoPzKqobgOCPZSluA7Gmvpg== + + + + + -- cgit v1.2.3