Re: [key4.db] IV size for aes256-CBC

Mon, 30 Mar 2020 09:29:21 -0700 

On 03/27/2020 12:21 PM, Louis Abraham wrote:

Hi Matthew,

Awesome, thanks and sorry for contacting the wrong list!
Since then, I found the answer to the 14 bytes question: https://hg.mozilla.org/projects/nss/rev/fc636973ad06392d11597620b602779b4af312f6#l6.49 Basically the DER encoding is used instead for compatibility with a bugged implementation.
I tried prepending |b'\x04\x0e'| to DER-encode the IV. However, the value I get makes no sense (and even has an incorrect padding according to pkcs7 <https://tools.ietf.org/html/rfc2315>). 


Best,

Louis
The IV length is still 16 bytes, but only 14 are randomly generated. It's because the decoding code had a bug in it that requires the IV to look like der encoded data, so the header needed to be added, but the whole IV was used (including the 2 byte header) when encrypting/decrypting.
The goal of the AES-256 bit code was  to encode AES-256 while allowing older versions of NSS to still decrypt the new keys, since versions of NSS may share their databases with other NSS applications running on other machines. 

bob
Le ven. 27 mars 2020 à 19:57, Matthew N. <ma...@mozilla.com <mailto:ma...@mozilla.com>> a écrit : 

    Hi Louis,

    The dev-tech-crypto mailing list I'm redirecting this to should be
    able to get you an answer.

    Thanks,
    MattN


    On Fri, Mar 27, 2020 at 8:51 AM Louis Abraham
    <louis.abra...@yahoo.fr <mailto:louis.abra...@yahoo.fr>> wrote:

        Hi,

        I'm the main developer of https://github.com/louisabraham/ffpass
        We are currently trying to accommodate the (not so) recent
        cryptographic changes in key4.db.

        If I understand correctly, key4.db contains a table metadata.
        The value item2 defines a cryptographic algorithm in the DER
        format.

        In the latest version of Firefox, this algorithm is PBES2,
        using aes256-CBC as the encryption algorithm.

        I'm facing a little problem when trying to execute aes256-CBC
        because the IV size is only 14 bytes (56 bits) instead of the
        64 bits defined in the spec.

        Could you please help me to understand?

        Best,
        Louis



--
dev-tech-crypto mailing list
dev-tech-crypto@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-tech-crypto

Reply via email to