RE: ConcatKDF in xmlenc-core1: ambiguous concatenation from Manger, James H on 2013-06-19 (public-xmlsec@w3.org from June 2013)

From: Manger, James H <James.H.Manger@team.telstra.com>
Date: Wed, 19 Jun 2013 18:07:20 +1000
To: "public-xmlsec@w3.org" <public-xmlsec@w3.org>
CC: "public-xmlsec-discuss@w3.org" <public-xmlsec-discuss@w3.org>, "frederick.hirsch@nokia.com" <frederick.hirsch@nokia.com>
Message-ID: <255B9BB34FB7D647A506DC292726F6E1151BA6AD77@WSMSG3153V.srv.dir.telstra.com>

Correction: I can get the DRV.3 interop test to work. It has the same lack of padding problem as DRV.1.

--
James Manger

From: Manger, James H
Sent: Wednesday, 19 June 2013 6:03 PM
To: 'public-xmlsec@w3.org'
Cc: 'public-xmlsec-discuss@w3.org'; 'frederick.hirsch@nokia.com'
Subject: ConcatKDF in xmlenc-core1: ambiguous concatenation

...

On a related note, I think there is a mistake in the interop test DRV.1 for ConcatKDF at http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/Overview.html. The plaintext is not padded before it is encrypted (or the plaintext is 312 bytes, not the stated 320 bytes).
320 bytes of plaintext -> 1 block for IV + 20 blocks of plaintext + 1 block padding -> 352 bytes of ciphertext -> 470 base64 chars
However the <xenc:CipherValue> element has only 448 base64 chars.
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/files/microsoft/dkey-example-ConcatKDF-crypto.xml

I cannot get the interop test DRV.3 to work either. Is the shared secret key really supposed to be 2176 bits long?
http://www.w3.org/2008/xmlsec/Drafts/xmlenc-core1-interop/files/ibm/secret.concat.kdf

--
James Manger (Telstra)

Received on Wednesday, 19 June 2013 08:07:56 UTC