Agile Decryption Spec Compliance Question

[Jack0O7]

In ecma376_agile.py, the tool defines the DataIntegrity generation as the following.

@staticmethod
    def generate_integrity_parameter(
        encrypted_data, params: ECMA376AgileCipherParams, secret_key, salt_value
    ):
        """
        Returns the encrypted HmacKey and HmacValue.
        """
        salt = _random_buffer(params.hashSize) # <------- NOTE THIS

        iv1 = _generate_iv(params, blkKey_dataIntegrity1, salt_value)
        iv2 = _generate_iv(params, blkKey_dataIntegrity2, salt_value)

        encryptedHmacKey = _encrypt_aes_cbc(salt, secret_key, iv1)

        msg_hmac = hmac.new(salt, encrypted_data, _get_hash_func(params.hashName))
        hmacValue = msg_hmac.digest()

        encryptedHmacValue = _encrypt_aes_cbc(hmacValue, secret_key, iv2)

        return encryptedHmacKey, encryptedHmacValue

In the spec (section 2.3.4.14 step 2), it says that the random array of bytes should be the same length as the KeyData.saltSize attribute.

I have played around with Microsoft Official Products and it looks like they don't use saltSize either. I would appreciate if someone could explain whether the spec is wrong.

I have accidentally closed the previous issue - that is why I am raising this one.
Thanks!

[nolze]

Thanks for the careful catch. I checked the spec, and as you pointed out, it looks like we should fix this. I’ll try to fix it soon, but a pull request from you would also be very welcome.

By the way, it seems other similar libraries have the same issue:

• https://github.com/apache/poi/blob/559485a0fe2735c1ecab7d343a45f5d0bd1877e1/poi/src/main/java/org/apache/poi/poifs/crypt/agile/AgileEncryptor.java#L94C58-L94C66
• https://github.com/herumi/msoffice/blob/c3cdb1ea0a5285a2a1718fee2dc893fd884bdad0/include/encode.hpp#L62C1-L62C35