Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Indirectly violates RFC5869 Section 2.3 #2

Open
tignear opened this issue Oct 5, 2024 · 0 comments
Open

Indirectly violates RFC5869 Section 2.3 #2

tignear opened this issue Oct 5, 2024 · 0 comments

Comments

@tignear
Copy link

tignear commented Oct 5, 2024
edited
Loading

This specification creates a situation that indirectly violates RFC5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) Section 2.3.

In Sender Key Derivation, the KeyRatchet is created based on a 16byte value, but when advancing the generation, a 32byte output is required to calculate the next internal state of the KeyRatchet. This violates the PRK requirements of RFC5869 HMAC-based Extract-and-Expand Key Derivation Function (HKDF) Section 2.3.

PRK a pseudorandom key of at least HashLen octets

It's probably not a problem security-wise in this case, but some libraries check for this requirement and it's a pure inconvenience.
@tignear tignear changed the title Indirectly violates RFC5869 Section 2.2 Indirectly violates RFC5869 Section 2.3 Oct 5, 2024
birarda added a commit that referenced this issue Oct 7, 2024
@birarda
[v1.1.1] correct endianness for sender ratchet base secret (#2)
fc916f4 
Corrected endianness of user ID in per-sender key ratchet base secret
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@tignear