-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? # to your account
EAX without a header #3
Comments
Thanks for the report and sorry for the inconvenience. It looks like CMAC and CMAC-used-by-EAX differ in this case: CMAC treats an empty message as not needing padding, CMAC-used-by-EAX treats it as needing padding. That's a massive pain. |
In fact, that's not what's happening at all. The CMAC calculation isn't finalised properly if the last block is empty. I'm going to make that misuse fail at runtime, as well as fixing EAX. |
This was caused by the CMAC update function with len=0 and isfinal=1 doing nothing (because the work it needed to do already happened with the last message). Now: - CMAC defends against and documents this case. - EAX makes the correct CMAC calls.
Wow, thanks, that was quick! |
Hi,
The Cifra library produces an different TAG when AES-EAX encoding is used when no Header is set (length is 0 bytes) then other two souces: online tool and Bouncy Castle impl in Java. If Header is set to any non 0 data they all give the same result. See details below.
I'm encrypting a message using AES-EAX with the following data (all in HEX):
Plain data:
0x00001C400000004800000073
Key:
0x589417B0324B1B71D7A6751852867AE8
Nonce:
0x00010000F683
Header:
0 bytes
I get a correct cipher and, in my opinion, not correct TAG.
Cipher:
0xD5D89979AE79EBEE4E385FA5
Tag:
0x46A9F4BE8F4C92659DA6CD12368D8127
Listing from the app:
When I use the same input data and encrypt them using this: http://artjomb.github.io/cryptojs-extension/ website, or in Java:
I get a different Tag (the same in both cases):
0x0EFB21FAD714A25B44145F79221A2C9A
However, if I set the Header to any(?) non-null data all 3 libraries give the same result:
Plain text, key and nonce as above
Header:
0x0123
Cipher (same as above)
Tag:
0xCCDA2E4E0698E24E0377E3CD3ED61391
Online tool:
The text was updated successfully, but these errors were encountered: