OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

kmip message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: kmip-cs-profile-v1.0-wd02-review: CBC Mode Test Cases

kmip-cs-profile-v1.0-wd02-review

Continuing review of the base crypto test cases (Section 4)...

4.1.10 CS-BC-M-10-12 - Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC

CBC mode is used, an IV is not specified, and the Cryptographic Parameters do not indicate that the server shall generate an IV.

CBC mode requires an IV - see NIST SP800-38a, section 6.2:

"The CBC mode requires an IV to combine with the first plaintext block."
"In CBC encryption, the first input block is formed by exclusive-ORing the first block of the plaintext with the IV."
"In CBC decryption, the inverse cipher function is applied to the first ciphertext block, and the resulting output block is exclusive-ORed with the initialization vector to recover the first plaintext block."

4.1.11 CS-BC-M-11-12 - Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV

The TIME 2 request does not specify an IV for the CBC mode Decrypt request. Strange comment in the test case: "Decrypt without the IV being specified will result in the first block being the input without the XOR of the IV".

It looks like the implementation is using an IV value of all zeroes when an IV is not provided. This is implementation-dependent behaviour, and arguably, erroneous behaviour. CBC mode is not specified to work this way in NIST SP800-38a ("The IV need not be secret, but it must be unpredictable").

If an IV is not provided, or meant to be generated by the server, the Encrypt and Decrypt operations should return an error when used with a mode requiring and IV.

4.1.12 CS-BC-M-12-12 - Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and IV

Again, at TIME 2, an IV is not specified for the CBC mode Decrypt request.

4.1.13 CS-BC-M-13-12 - Encrypt and Decrypt with Known Symmetric Key and PKCS5 Padding and CBC and Random IV

Again, at TIME 2, an IV is not specified for the CBC mode Decrypt request.

John

----------------------------------------------------------------------
John Leiseboer                          QuintessenceLabs Pty Ltd
Chief technology Officer                Suite 23, Physics Building #38
Phone:  +61 7 5494 9291 (Qld)           Science Road
Phone:  +61 2 6125 9498 (ACT)           Australian National University
Mobile: +61 409 487 510                 Acton ACT 0200
Fax:    +61 2 6125 7180                 AUSTRALIA
Email:  JL@quintessencelabs.com         www.quintessencelabs.com
----------------------------------------------------------------------

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]