Uploaded image for project: 'Libmongocrypt'
  1. Libmongocrypt
  2. MONGOCRYPT-1

libmongocrypt is using the wrong encryption key for AEAD encryption with 96 byte keys

    XMLWordPrintableJSON

Details

    • Icon: Bug Bug
    • Resolution: Fixed
    • Icon: Critical - P2 Critical - P2
    • None
    • None
    • None
    • None

    Description

      Per https://tools.ietf.org/html/draft-mcgrew-aead-aes-cbc-hmac-sha2-05, the ENC_KEY is bytes [32..63] of the key. libmongocrypt is using the last 32 bytes of the key. This is incorrect.

      Bug is here:
      https://github.com/mongodb/libmongocrypt/blob/3596d57cfb0a8837b1338af15cfd7e7f9dcc838f/src/mongocrypt-crypto.c#L373

      shreyas.kalyan

      Attachments

        Activity

          People

            kevin.albertson@mongodb.com Kevin Albertson
            mark.benvenuto@mongodb.com Mark Benvenuto
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: