[jose] Preventing invalid curve attacks at EC JWK construction / parse time
Vladimir Dzhuvinov <vladimir@connect2id.com> Wed, 19 April 2017 09:44 UTC
Return-Path: <vladimir@connect2id.com>
X-Original-To: jose@ietfa.amsl.com
Delivered-To: jose@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 560AE12947D for <jose@ietfa.amsl.com>; Wed, 19 Apr 2017 02:44:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.8
X-Spam-Level:
X-Spam-Status: No, score=0.8 tagged_above=-999 required=5 tests=[BAYES_50=0.8, RCVD_IN_DNSWL_NONE=-0.0001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rSUQrpfCJRB1 for <jose@ietfa.amsl.com>; Wed, 19 Apr 2017 02:44:31 -0700 (PDT)
Received: from p3plsmtpa06-03.prod.phx3.secureserver.net (p3plsmtpa06-03.prod.phx3.secureserver.net [173.201.192.104]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 54EC612943B for <jose@ietf.org>; Wed, 19 Apr 2017 02:44:31 -0700 (PDT)
Received: from [10.3.46.2] ([80.120.160.35]) by :SMTPAUTH: with SMTP id 0m9VdWvwLMWFD0m9Wd2gp4; Wed, 19 Apr 2017 02:44:00 -0700
To: "jose@ietf.org" <jose@ietf.org>
From: Vladimir Dzhuvinov <vladimir@connect2id.com>
Organization: Connect2id Ltd.
Message-ID: <ad430c4f-a0f0-1d20-fafa-bdb4ca573193@connect2id.com>
Date: Wed, 19 Apr 2017 12:43:57 +0300
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Thunderbird/45.8.0
MIME-Version: 1.0
Content-Type: multipart/signed; protocol="application/pkcs7-signature"; micalg="sha-256"; boundary="------------ms010507060807090604020707"
X-CMAE-Envelope: MS4wfPPaZTp3EaaXqBENF9TOlBNxAoZQO/Zzuh3WcwnSVwGy+LBHpoMCInWSsmdaVVHbxqu1mEKUnwPMnFKzHXnsoG6FyTZCGBVxb2c3rbjHFsxx2Z9k29bO TAWqUEZdI15xcBPSfAlhDXawMqXEJM/PvJJUmKEmUiYvLMfu9AnOi8XR
Archived-At: <https://mailarchive.ietf.org/arch/msg/jose/alETLVHX9FcQbyl6N_vSzv-c-h8>
Subject: [jose] Preventing invalid curve attacks at EC JWK construction / parse time
X-BeenThere: jose@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: Javascript Object Signing and Encryption <jose.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jose>, <mailto:jose-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jose/>
List-Post: <mailto:jose@ietf.org>
List-Help: <mailto:jose-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jose>, <mailto:jose-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 19 Apr 2017 09:44:32 -0000
JOSE lib maintainers could consider adding a curve check at EC JWK construction / parse time. This will stop an invalid curve attack early in its tracks, when the JWE message is being parsed, so the invalid EC JWK will not even reach the ECDH-ES decryption phase. This extra validation is now included in Nimbus JOSE+JWT v4.36. I suppose it could also prevent other issues with having invalid EC JWK around an app. Cheers, Vladimir
- [jose] Preventing invalid curve attacks at EC JWK… Vladimir Dzhuvinov
- Re: [jose] Preventing invalid curve attacks at EC… Nathaniel McCallum