cjose icon indicating copy to clipboard operation
cjose copied to clipboard

Published 20 hours ago verified publisher icon cisco

Unusual IV for AES_CBC

Open rnapier opened this issue 5 years ago • 2 comments

In jwe.c, _cjose_jwe_set_iv_aes_cbc creates different sized IVs depending on the key size. This doesn't seem correct; the CBC IV is based on the block size, which is always 16 bytes for AES, not the key size. I can't find a specific example in RFC7516 of AES256 to confirm my understanding; have I misunderstood something about the spec?

rnapier avatar Jun 26 '19 20:06 rnapier

We had an issue with the Qt Cryptographic library due to the varying size of the IV for different key sizes.

This pull request uses a fixed size of 16 Byte: https://github.com/cisco/cjose/pull/112

securedimensions avatar Jul 30 '20 16:07 securedimensions

this was merged here: https://github.com/zmartzone/cjose/pull/11 and part of the maintenance fork here: https://github.com/OpenIDC/cjose/tree/version-0.6.2.x

zandbelt avatar Apr 05 '22 18:04 zandbelt