Support 12 byte IV for OMEMO and aesgcm:// #1171
Comments
|
Thanks for the heads up! Can you link to the spec / docs for that change? I don't see any mentions of the 12 vs 16 byte IV issue or aesgcm uri scheme here: https://xmpp.org/extensions/xep-0384.html |
|
The story goes that |
|
The OMEMO spec doesn’t specify the length of the initialization vector. We originally started using 16 because that is a common size for other AES standards. However at some point we discovered that AES-GCM recommends and uses internally 12 bytes. If you put in something other than 12 it will first be converted to 12. However not all crypto libraries support that initial conversion step and allow only inputs for 12. (Apparently new libraries from Apple that natively support GCM) I guess we originally filed this in the wrong repository: ChatSecure/OTRKit#40 The aesgcm:// spec that exists (and that @licaon-kter linked) has always specified 12; Just the example is wrong. |
|
I did some testing with a ChatSecure user and it seems to me that ChatSecure can read 12 byte OMEMO messages but not download 12 byte HTTP uploads (aesgcm uri scheme). To me it sounds somewhat plausible that ChatSecure would just pipe the contents of the IV element directly into the crypto library (without sanity checking it first); but for aesgcm:// one probably needs to do a little more. In any case this sounds like an easy enough fix. |
|
@chrisballinger: It will be nice to sent directly with 12 byte IV. |
|
@chrisballinger: iOS 13 only? |
Conversations (and others) will very soon start sending 12 byte IVs for both OMEMO messages as well as the aesgcm:// uri scheme in order to better support libraries on other plattforms that only accept 12 bytes.
The text was updated successfully, but these errors were encountered: