View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000816610000-006: MappingsSpecpublic2022-07-28 11:382023-01-17 17:08
ReporterBernd Edlinger Assigned ToRandy Armstrong  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Fixed in Version1.05.03 RC1 
Summary0008166: Unclear and/or misleading wording in the ECC Amendment - Masking of InitializationVector as specified does not match Code
Description

I refer to this document:

https://reference.opcfoundation.org/src/v104/Core/docs/Amendment4/readme.htm

In Chapter "6.8.2 Secure Channel Handshake", this is written:

"In addition, a unique InitializationVector is needed for each Message. This value contructed
from the ClientInitializationVector or ServerInitializationVector where the first 8 bytes are
replaced by the values in Table 49c."

Note the missing verb in the sentence, and the typo in "contructed".
But I am writing this e-mail mostly because I found this apparently deviating
implementation in the .NET Standard stack:

    private static void ApplyChaCha20Poly1305Mask(ChannelToken token, uint lastSequenceNumber, byte[] iv)
    {
        iv[0] ^= (byte)((token.TokenId & 0x000000FF));
        iv[1] ^= (byte)((token.TokenId & 0x0000FF00) >> 8);
        iv[2] ^= (byte)((token.TokenId & 0x00FF0000) >> 16);
        iv[3] ^= (byte)((token.TokenId & 0xFF000000) >> 24);
        iv[4] ^= (byte)((lastSequenceNumber & 0x000000FF));
        iv[5] ^= (byte)((lastSequenceNumber & 0x0000FF00) >> 8);
        iv[6] ^= (byte)((lastSequenceNumber & 0x00FF0000) >> 16);
        iv[7] ^= (byte)((lastSequenceNumber & 0xFF000000) >> 24);
    }

To make that clear, I think implementing this algorithm as it is written in the
amendment would be okay too, but using XOR is certainly a better solution.

Suggested fix: change the spec, or add an errata,
specify that the masking is done by using XOR on the first 8 bytes of the
key value with the mask value.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Randy Armstrong

2022-08-03 15:57

administrator   ~0017224

Table 62 – Creating a Mask for the Initialization Vector

Should use an XOR instead of replace (which matches what the .NET is already doing).

Randy Armstrong

2022-12-29 08:06

administrator   ~0018370

Now require XOR instead of replacing 8 bytes of the InitializationVection in 6.8.2.

Jim Luth

2023-01-17 17:08

administrator   ~0018529

Agreed to changes in web meeting,

Issue History

Date Modified Username Field Change
2022-07-28 11:38 Bernd Edlinger New Issue
2022-07-28 11:38 Bernd Edlinger Status new => assigned
2022-07-28 11:38 Bernd Edlinger Assigned To => Randy Armstrong
2022-07-28 12:05 Randy Armstrong Project Specifications => 10000-006: Mappings
2022-07-28 12:30 Randy Armstrong Status assigned => new
2022-08-03 15:57 Randy Armstrong Note Added: 0017224
2022-08-03 15:57 Randy Armstrong Status new => assigned
2022-12-29 08:06 Randy Armstrong Status assigned => resolved
2022-12-29 08:06 Randy Armstrong Resolution open => fixed
2022-12-29 08:06 Randy Armstrong Fixed in Version => 1.05.03 RC1
2022-12-29 08:06 Randy Armstrong Note Added: 0018370
2023-01-17 17:08 Jim Luth Status resolved => closed
2023-01-17 17:08 Jim Luth Note Added: 0018529