mirror of
https://github.com/fergalmoran/ladybird.git
synced 2025-12-26 11:20:03 +00:00
0428308420
...for handlers of revision 6. The spec for this algorithm has several quirks: 1. It describes how to authenticate a password as an owner password, but it redundantly inlines the description of algorithm 12 instead of referring to it. We just call that algorithm here. 2. It does _not_ describe how to authenticate a password as a user password before using the password to compute the file encryption key using an intermediate user key, despite the latter step that computes the file encryption key refers to the password as "user password". I added a call to algorithm 11 to check if the password is the user password that isn't in the spec. Maybe I'm misunderstanding the spec, but this looks like a spec bug to me. 3. It says "using AES-256 in ECB mode with an initialization vector of zero". ECB mode has no initialization vector. CBC mode with initialization vector of zero for message length 16 is the same as ECB mode though, so maybe that's meant? (In addition to the spec being a bit wobbly, using EBC in new software isn't recommended, but too late for that.) SASLprep / stringprep still aren't implemented. For ASCII passwords (including the important empty password), this is good enough.
3.0 KiB
3.0 KiB