OFFICIAL COMMENT: FlexAEAD

[MEGE, Alexandre]

Dear All,

 

It seems flexaead is vulnerable against length extension attack in the Associated Data.

This comes from the Associated Data padding being only padding with ‘0’, so the same tag can be generated by adding ‘00’ to the Associated Data.

This can be solved by using a resistant padding such as pad10*.

 

 

 

for flexaead 28b064v1, here is an example:

Key=0x000102030405060708090a0b0c0d0e0f, Nonce=0x000102030405060708090a0b0c0d0e0f,

Pt=0x,

Ad=0x00,

Ct=0xd052a99fd6826a4d

 

Key=0x000102030405060708090a0b0c0d0e0f, Nonce=0x000102030405060708090a0b0c0d0e0f,

Pt=0x,

Ad=0x0000,

Ct=0xd052a99fd6826a4d

 

And with non-empty PT:

 

Key = 000102030405060708090A0B0C0D0E0F

Nonce = 0001020304050607

PT = 000000000000

AD = 0000

CT = FEED07DFEB57CC9992C168BE746865E0

 

Key = 000102030405060708090A0B0C0D0E0F

Nonce = 0001020304050607

PT = 000000000000

AD = 000000

CT = FEED07DFEB57CC9992C168BE746865E0

 

Best regards,

Alexandre Mège

The information in this e-mail is confidential. The contents may not be disclosed or used by anyone other than the addressee. Access to this e-mail by anyone else is unauthorised.
If you are not the intended recipient, please notify Airbus immediately and delete this e-mail.
Airbus cannot accept any responsibility for the accuracy or completeness of this e-mail as it has been sent over public networks. If you have any concerns over the content of this message or its Accuracy or Integrity, please contact Airbus immediately.
All outgoing e-mails from Airbus are checked using regularly updated virus scanning software but you should take whatever measures you deem to be appropriate to ensure that this message and any attachments are virus free.