Add support for CBC without padding #210
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@swift-server-bot test this please |
Lukasa
requested changes
Nov 17, 2023
|
@swift-server-bot test this please |
Lukasa
reviewed
Nov 27, 2023
Sure, I've added a few more with 2-16x block sizes |
|
Anything left for me to do @Lukasa? |
|
Hi @lovetodream, sorry about the delay, I've been swamped. I'll take a look now. |
|
@swift-server-bot test this please |
Lukasa
approved these changes
Dec 5, 2023
|
Nice change, thanks for your hard work! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR adds support for CBC de- and encryption without padding, as discussed in #209
Checklist
If you've made changes to
gybfiles.script/generate_boilerplate_files_with_gyband included updated generated files in a commit of this pull requestMotivation:
As described in #209, I personally need this to migrate an oracle driver from a third party crypto lib to swift-crypto. I think other users might benefit from this addition too.
Modifications:
I've added an overload to the
encryptanddecryptmethods ofAES._CBC, allowing the user to configure if padding should be added or not. WithnoPaddingset totrue, an error will be thrown if theplaintextisn't a multiple of the block size. I've added the corresponding inline documentation.I've also added tests to ensure both encrypting and decrypting without padding work as expected. Although those tests might not be sufficient enough, because I couldn't find good resources online. I've created a bunch of random hex strings and encrypted/decrypted them using another implementation of paddingless CBC and checked if I receive the expected results. To further validate the feature, I've tested it as part of the authentication in oracle-nio, which worked in all test scenarios I've been running.
Result:
After merging this, it will be possible to use CBC without padding. This closes #209