Need to be able to specify a custom IV for A128GCM

[pavlo]

Hey guys, I have a requirement that prescribes to set a certain IV (initialization vector) while A128GCM is used.

Reading the sources I narrowed to https://github.com/square/go-jose/blob/v2/symmetric.go#L236 which generates a random IV and it looks like there's no "official" way setting a custom one there.

What approach would you recommend to follow? Is there any hint you would give to help me with the requirement?

Thanks a lot! Pavlo

[csstaub]

Can you expand on this use-case? You want to set a custom IV, presumably in DIRECT mode where you also control the key that is used for the content cipher? I'm not sure that's something we'd want to add, it sounds like it would be a sharp edge and I can't think of a good reason one would want to do this. JOSE already has lots of sharp edges just from the way the standard is written, I'd like to avoid adding any more.

[danielchatfield]

@csstaub It's required for EMV 3D Secure V2 which is soon going to be a spec that every merchant in Europe will have to (indirectly) implement.

Would you recommend we fork?

[csstaub]

@danielchatfield If there's a real usecase for it I'm happy to merge support for it, we just have to be careful about the API design. If you have a mock API / proposal I'd love see it!

[rptrus]

Hello,

We are facing exactly the same issue as pavlo. We are also implementing 3DSecure 2.0 and a google search for A128GCM Initialization vector bought us here.

Our EMV specification asks for the following: "if the algorithm is A128GCM use the leftmost 128 bits of CEKS-A with SDKCounterStoA (padded to the left with ‘00’ bytes) as the IV"

Wondering has there been any development towards this? It would be very handy for us. Thanks!

[csstaub]

There's no support for it at the moment @rptrus, but pull requests are welcome.

[burhan]

A custom IV is also a requirement for VTS (Visa Token Services).